top of page
  • Instagram
  • Whatsapp

DATA PROCESSING AGREEMENT

1. Introduction This Data Processing Agreement ("DPA") is entered into between MERCHLUNA LTD ("Company," "we," or "us") and the User ("Processor," "you") to outline the terms and conditions regarding the processing of personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

​

2. Definitions

·         Personal Data: Any information relating to an identified or identifiable individual.

·         Controller: The entity determining the purposes and means of data processing (MERCHLUNA LTD).

·         Processor: The entity processing personal data on behalf of the Controller (User or service provider).

·         Processing: Any operation performed on personal data, such as collection, storage, use, or deletion.

​

3. Scope and Purpose of Processing The Processor agrees to process personal data only as necessary to provide services outlined in agreements with MERCHLUNA LTD. Personal data may include:

·         Customer contact details (name, email, phone, address, etc.).

·         Payment and transaction details.

·         Event registration and attendance information.

​

4. Obligations of the Processor The Processor shall:

·         Process personal data only on the documented instructions of the Controller.

·         Implement appropriate technical and organizational measures to protect personal data.

·         Ensure that any personnel handling personal data are bound by confidentiality obligations.

·         Assist the Controller in responding to data subject requests and ensuring compliance with applicable data protection laws.

​

5. Data Security Measures The Processor shall implement suitable security measures to prevent unauthorized access, loss, or alteration of personal data. These measures shall include encryption, secure storage, and access controls.

​

6. Subprocessors The Processor shall not engage any third-party subprocessors without prior written consent from the Controller. Any approved subprocessors must adhere to the same data protection obligations outlined in this DPA.

​

7. Data Transfers Personal data shall not be transferred outside the European Economic Area (EEA) unless appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or other legal mechanisms.

​

8. Data Retention and Deletion The Processor shall retain personal data only for the duration required to fulfill contractual obligations. Upon termination of services or upon request by the Controller, the Processor shall securely delete or return all personal data.

​

9. Data Breach Notification The Processor shall notify the Controller without undue delay upon becoming aware of a personal data breach, providing details of the breach, its impact, and any mitigation measures taken.

​

10. Compliance and Audits The Controller reserves the right to audit the Processor’s data processing activities to ensure compliance with this DPA. The Processor shall provide all necessary information to demonstrate compliance.

​

11. Governing Law and Jurisdiction This DPA shall be governed by the laws of the United Kingdom. Any disputes arising from this agreement shall be resolved in the competent courts of London, United Kingdom.

​

12. Contact Information For any inquiries regarding this Data Processing Agreement, please contact us:

​

Email: contact@merchluna.com
Phone: +90 (538) 084 33 47
Address: 71-75, Shelton Street, Covent Garden, London, WC2H 9JQ, UNITED KINGDOM​

​

bottom of page