GDPR Compliance
This statement explains how Zyrix complies with the EU and UK General Data Protection Regulation (GDPR) and reflects equivalent principles under Türkiye's KVKK and the Saudi PDPL. It complements our Privacy Policy and applies to personal data of individuals in the EEA, the UK, and other regions whose laws follow comparable standards.
1. Controller and Processor Roles
When Zyrix determines the purposes and means of processing—such as for our own accounts and websites—we act as a controller. When we process personal data on behalf of a merchant to deliver payment services, we act as a processor under a data-processing agreement.
2. Lawful Bases
We process personal data only where a lawful basis applies: performance of a contract, compliance with a legal obligation, legitimate interests, or consent. Our legitimate interests include operating a secure and reliable payments network and preventing fraud.
3. Data Subject Rights
Individuals may exercise the rights of access, rectification, erasure, restriction, objection, and data portability, and may withdraw consent where processing is based on it. We respond to verified requests within the timeframes required by law.
4. Data Processing Agreement
We offer merchants a Data Processing Agreement consistent with Article 28 GDPR, governing our role as processor, the security measures we maintain, and our use of sub-processors.
5. Sub-Processors
We engage vetted sub-processors under written contracts that impose obligations no less protective than those to which we are bound, and we maintain oversight of their compliance.
6. International Transfers
Where personal data leaves the EEA or UK, we rely on appropriate safeguards, including Standard Contractual Clauses and the UK International Data Transfer Addendum, together with supplementary measures where required.
7. Breach Notification
We maintain incident-response procedures and will notify the relevant supervisory authority and, where required, affected individuals, within the timeframes mandated by law.
8. Data Protection Officer and Authority
You may contact our data-protection function at dpo@zyrix.co. You also have the right to lodge a complaint with your local supervisory authority.