Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) forms part of the Terms of Service (“Agreement”) between the customer (“Controller”, “you”) and Manomay Informatics LLC, operating as Let’s Wallet IT (“Processor”, “we”, “our”, or “us”). This DPA governs how we process personal data on your behalf when you use the Let’s Wallet IT platform and services.

1. Roles and Responsibilities

1.1 Controller: You determine the purposes and means of processing personal data, including what end-user data is uploaded to the Service.

1.2 Processor: We process personal data only on your instructions and solely for the purpose of providing the Service.

1.3 Sub-processors: We may engage third-party service providers (see Section 5) to support the Service.

2. Data Processing

2.1 Scope: Personal data may include names, email addresses, loyalty IDs, or other identifiers included in wallet passes by you.

2.2 Purpose: Processing is limited to generating, issuing, and delivering passes to Apple Wallet and Google Wallet, along with supporting functions such as hosting, analytics, payment, and communication.

2.3 Duration: Processing continues for as long as you maintain an account with us. End-user data is retained for 30 days after pass expiry, then archived or deleted.

3. Processor Obligations

  • Process personal data only on documented instructions from you.
  • Ensure confidentiality of personnel who process personal data.
  • Implement appropriate technical and organizational measures to protect data (encryption in transit and at rest, access controls, monitoring).
  • Assist you in responding to data subject rights requests, to the extent technically feasible.
  • Notify you without undue delay of any personal data breach.
  • At your choice, delete or return all personal data at the end of the Agreement, unless law requires storage.

4. Controller Obligations

  • Provide personal data in compliance with applicable laws (GDPR, CCPA, etc.).
  • Be solely responsible for end-user notifications, consents, and data subject rights requests.
  • Indemnify us against claims from end-users or regulators arising from your instructions or misuse of the Service.

5. Sub-Processors

5.1 Use of Sub-Processors: We may engage third-party service providers (“sub-processors”) to support the delivery of the Service, including hosting, payments, analytics, support, and marketing functions.

5.2 General Authorization: You provide us with a general authorization to engage sub-processors. A current list of sub-processors is maintained at www.letswalletit.com/sub-processors/. We may update this list from time to time as our business evolves.

5.3 Notice of Changes: We will not provide individualized notice for each sub-processor change. Your continued use of the Service after updates to the Sub-Processor List constitutes acceptance of those sub-processors.

6. International Transfers

Personal data may be transferred and processed in any country where we or our sub-processors operate. We ensure such transfers are protected by appropriate safeguards, including Standard Contractual Clauses where required.

7. Liability

Our liability under this DPA is subject to the limitations set forth in the Terms of Service.

8. Governing Law

This DPA is governed by and construed in accordance with the laws of the State of Delaware, USA.

9. Miscellaneous

This DPA supplements the Terms of Service. In the event of conflict between this DPA and the Agreement, the DPA shall prevail with respect to data protection obligations.

Contact Information

Manomay Informatics LLC
Trolly Square, Suite 20 C
Wilmington, DE 19806
USA