This Data Processing Agreement forms part of the Terms of Service between NkapFin SAS (Processor) and the Client (Controller) and governs the processing of personal data by NkapFin on behalf of the Client in connection with financial infrastructure services.
This DPA applies where NkapFin processes personal data as a data processor on behalf of the Client. Where NkapFin processes data as an independent controller (e.g., for AML/CFT compliance), such processing is governed by our Privacy Policy.
NkapFin shall process personal data only on documented instructions from the Controller, unless required by applicable law. The Client's instructions are defined by the Services selected and configured through the NkapFin dashboard and API.
NkapFin implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, pseudonymization, access controls, and regular security testing.
The Client provides general authorization for NkapFin to engage sub-processors. We maintain a list of current sub-processors updated at least 30 days before any new sub-processor begins processing. International transfers are protected by Standard Contractual Clauses and data residency options.