DPA · GDPR ART. 28
Data processingaddendum.
For business customers who need a signed DPA covering GDPR, UK-GDPR, and comparable regimes.
Last updated · July 7, 2026
This page is a defensible template maintained by MettaPay. It is not legal advice — consult qualified counsel before relying on it for production use.
01
What's included
- Processor obligations under GDPR Article 28
- Standard Contractual Clauses (2021 EU SCCs + UK IDTA) for cross-border transfers
- Reference to our Subprocessors list
- Security measures schedule (Annex II)
- Data subject request assistance and breach notification commitments
02
How to request
Email legal@mettapays.com from your business email with your legal entity name, jurisdiction, and MettaPay account. We will send our standard DPA (DocuSign) within 3 business days.
03
Redlines
Enterprise customers may request redlines. Reasonable requests are accommodated; deviations from our standard security or breach-notification commitments are not.
