End user agreement
End User Data Privacy and Protection Agreement
1.1. As part of our operations, Peerstack Limited (“Thepeer” or “the Company”) will collect and process certain types of information (such as name, email address, etc.) of the end users for analytical purposes i.e. to understand the end users’ spending behavior. For the purpose of this agreement, the end users are the customers of businesses available on Thepeer.
1.2. Following the nature of the transaction, the legal basis of processing the Personal Data of the end users is predicated upon the requisite consent first had and obtained by businesses available on Thepeer from the end user or on the legal basis that the processing is necessary for the performance of a contract to which the end user is a party to.
1.3. Therefore, further to Clause 1.2. above and in line with the provisions of the NDPR, processing of the Personal Data by Thepeer shall be lawful if at least one of the following applies:
- a) The end user has given consent to any businesses available on Thepeer for the processing of his/her Personal Data for the purpose as stated in Clause 1.1. or
- b) the processing is necessary for the performance of a contract to which the end user is party.
1.4. Thepeer will collect and process the Personal Data of the end users only for the purposes identified in the appropriate Thepeer Privacy Notice available here. Such personal data cannot be reused for another purpose that is incompatible with the original purpose, except a new consent is obtained.
1.5. Thepeer shall maintain adequate physical, technical and administrative security measures to safeguard and ensure the protection and security of all personal data of the end users transferred and disclosed to it by any businesses available on Thepeer from loss, misuse, unauthorized access, alteration accidental or unlawful destruction, unauthorized disclosure or access. Such measures and safeguards may include but are not limited to the following:
- Developing organizational policy for handling Personal Data;
- Protecting systems from hackers;
- Setting up firewalls;
- Storing Personal Data securely with access only to specific authorized individuals;
- Employing data encryption technologies; and
- Ensuring that Personal Data cannot be read, copied, modified or deleted without a prior written consent of the businesses available on Thepeer
1.6. Thepeer shall limits Personal Data collection and usage to data that is relevant, adequate, and absolutely necessary for carrying out the purpose for which the data is processed.
1.7. Thepeer will evaluate whether and to what extent the processing of personal data is necessary and where the purpose allows, anonymized data must be used.
1.8. Thepeer shall establish adequate controls in order to protect the integrity and confidentiality of Personal Data, both in digital and physical format and to prevent personal data from being accidentally or deliberately compromised.
1.9. All personal information shall be retained, stored and destroyed by Thepeer in line with legislative and regulatory guidelines. For all Personal Data and records obtained, used and stored within the company, Thepeer shall perform periodical reviews of the data retained to confirm the accuracy, purpose, validity and requirement to retain.
1.10. Thepeer is firmly committed to complying with applicable data protection laws, regulations, rules and principles to ensure security of Personal Data handled by the company.
1.11. Businesses available on Thepeer shall indemnify Thepeer, its Directors, Employees, Officers and its affiliates harmless from all damages, penalties, claims, costs (including without limitation attorney’s costs) and any third party claims arising from or in connection with any breach of the provisions of this Agreement or the provisions of the NDPR on the part of the businesses available on Thepeer.
1.12. This end user data privacy and processing agreement forms the legal basis for the processing of end users’ personal data for peer to peer transactions.