Last updated: 25th April 2025
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Gateway APIs ("Processor", "we", "our") and the user or organisation ("Controller", "you", "your") using our Services. This DPA applies where we process personal data on your behalf in the course of providing our Services.
You are the Data Controller and Gateway APIs is the Data Processor. This DPA governs how we process personal data on your behalf.
We will process personal data only in accordance with your documented instructions, unless required to do otherwise by applicable law.
We ensure that all persons authorised to process personal data are under appropriate confidentiality obligations.
We implement appropriate technical and organisational measures to protect personal data, as described in our security policy.
We may engage subprocessors to assist in providing our Services. We ensure that subprocessors are subject to equivalent data protection obligations. A list of current subprocessors is available in our privacy policy.
We will assist you, where reasonably possible, in fulfilling your obligations to respond to requests from data subjects and to ensure compliance with data protection laws.
We will notify you without undue delay after becoming aware of a personal data breach affecting your data. We will provide information as required to help you meet your obligations under applicable law.
Upon termination of the Services, we will delete or return all personal data in our possession, unless retention is required by applicable law.
Upon reasonable request, we will provide you with information necessary to demonstrate compliance with this DPA. You may audit our data processing activities subject to reasonable advance notice and confidentiality obligations.
This DPA is governed by the laws of the United Kingdom.