Vissi LogoVissi
Home/Legal/Data Processing Agreement

Data Processing Agreement

Legal DocumentLast updated February 24, 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer" or "Controller") and Vissi ("Vissi" or "Processor"). This DPA applies to the extent that Vissi processes Personal Data on behalf of the Customer in the course of providing the Services.

2. Details of Processing

  • Subject Matter: The subject matter of the data processing is the performance of the Services.
  • Duration: The duration of the processing is the duration of the Agreement between the parties.
  • Nature and Purpose: To provide the Customer with the capability to create and manage digital wallet passes.
  • Categories of Data: Name, email address, loyalty card numbers, and other data fields included in wallet passes.

3. Obligations of Processor (Vissi)

Vissi agrees to:

  • Instructions: Process Personal Data only in accordance with the documented instructions of the Customer (compliance with the Terms constitutes such instructions).
  • Confidentiality: Ensure that persons authorized to process the Personal Data have committed themselves to confidentiality.
  • Security: Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Assistance: Assist the Customer, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the data subject's rights.

4. Personal Data Breach

Vissi shall notify the Customer without undue delay after becoming aware of a Personal Data Breach. Such notification shall describe the nature of the breach, the number of records affected, and the measures taken to address the breach.

5. Subprocessors

The Customer grants Vissi a general authorization to engage subprocessors (e.g., hosting providers like Vercel, database providers like Supabase/PostgreSQL) to assist in providing the Services. Vissi remains fully liable to the Customer for the performance of the subprocessor’s obligations.

6. Audit Rights

Upon reasonable request and subject to confidentiality obligations, Vissi shall make available to the Customer information necessary to demonstrate compliance with this DPA. Due to the scale of operations, audits may be satisfied by the provision of independent audit reports or security certifications held by Vissi.

Usamos cookies 🍪

Utilizamos cookies propias y de terceros para mejorar nuestros servicios y mostrarle publicidad relacionada con sus preferencias mediante el análisis de sus hábitos de navegación.

Leer política de cookies