← Back to Legal Hub

Data Processing Agreement

For Enterprise Customers

Enterprise Customers: This Data Processing Agreement (DPA) applies to customers who process personal data using our services and need GDPR compliance.

Purpose of this Agreement

This DPA supplements our Privacy Policy and Terms of Service, specifically addressing data processing requirements under GDPR and other privacy regulations when you act as a Data Controller and we act as a Data Processor.

Definitions

  • Data Controller: You, the customer, who determines the purposes and means of processing personal data
  • Data Processor: TOWN Platform, processing personal data on your behalf
  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data
  • Data Subject: The individual to whom the personal data relates

Scope of Processing

We process personal data only:

  • On your documented instructions
  • To provide the services described in our agreement
  • As required by applicable law

Subject matter: Providing gaming platform services
Duration: For the term of your subscription
Nature and purpose: Platform and API services
Type of personal data: Customer information, financial data, usage data
Categories of data subjects: Your customers and end-users

Your Obligations as Data Controller

  • Ensure you have lawful basis for processing
  • Provide necessary privacy notices to data subjects
  • Obtain required consents
  • Respond to data subject requests
  • Ensure data accuracy
  • Implement appropriate security measures

Our Obligations as Data Processor

  • Process data only on your instructions
  • Ensure confidentiality of personnel
  • Implement appropriate technical and organizational measures
  • Assist with data subject requests
  • Assist with data breach notifications
  • Delete or return data upon termination
  • Make available information necessary to demonstrate compliance

Sub-Processors

We may engage sub-processors to assist in providing services. Current sub-processors include:

  • Cloud hosting providers (AWS, Google Cloud)
  • Payment processors
  • Customer support tools
  • Analytics services

We will notify you of any changes to sub-processors with 30 days notice.

Data Security

We implement appropriate security measures including:

  • Encryption in transit and at rest
  • Access controls and authentication
  • Regular security audits and penetration testing
  • Incident response procedures
  • Business continuity and disaster recovery plans

International Data Transfers

For transfers of personal data from the EEA to countries without adequate protection, we implement Standard Contractual Clauses (SCCs) as approved by the European Commission.

Data Breach Notification

In the event of a personal data breach, we will notify you without undue delay and within 72 hours of becoming aware, providing information necessary for you to meet your own notification obligations.

Data Subject Rights

We will assist you in responding to data subject requests (access, rectification, erasure, portability, restriction, objection) by providing necessary tools and information within our platform.

Audit Rights

Upon reasonable notice, we will make available information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, by you or an authorized auditor.

Requesting the DPA

Enterprise Customers

To execute a formal Data Processing Agreement, please contact our legal team. We will provide a signed DPA tailored to your specific requirements.

Contact Information

Data Protection Officer: dpo@townplatform.com
Legal Team: legal@townplatform.com