According to the General Data Protection Regulation (GDPR) there are certain situations in which parties are obligated to enter into a data processing agreement.
However, this situation only occurs when these parties process data on instruction of another party.
Global Merchant Payments is of the opinion that the processing of data in context of the contract with our merchants does not fall under this requirement. When it comes to the processing of data Global Merchant Payments and the merchant are not acting on instruction of each other.
The data Global Merchant Payments receives is processed under our own responsibility. Therefore Global Merchant Payments is not considered a processor, but a controller as mentioned in the GDPR.
This means that you are responsible for the safe and correct processing of the personal data you receive and you have to draft your own Privacy Statement. Therefore it’s not necessary to enter into a data processing agreement with Global Merchant Payments.
If you’d like to read more about the position of the controller and processor, please contact your national privacy authority for additional information.