DPA · GDPR ART. 28

Data processingaddendum.

For business customers who need a signed DPA covering GDPR, UK-GDPR, and comparable regimes.
Last updated · July 7, 2026
This page is a defensible template maintained by MettaPay. It is not legal advice — consult qualified counsel before relying on it for production use.
01

What's included

  • Processor obligations under GDPR Article 28
  • Standard Contractual Clauses (2021 EU SCCs + UK IDTA) for cross-border transfers
  • Reference to our Subprocessors list
  • Security measures schedule (Annex II)
  • Data subject request assistance and breach notification commitments
02

How to request

Email legal@mettapays.com from your business email with your legal entity name, jurisdiction, and MettaPay account. We will send our standard DPA (DocuSign) within 3 business days.

03

Redlines

Enterprise customers may request redlines. Reasonable requests are accommodated; deviations from our standard security or breach-notification commitments are not.

Questions? We reply.

Reach our legal, privacy, or compliance team.