{"id":3120,"date":"2022-01-11T18:59:45","date_gmt":"2022-01-11T18:59:45","guid":{"rendered":"http:\/\/www.splitit.com\/?post_type=legal_resources&p=3120"},"modified":"2023-03-17T09:50:53","modified_gmt":"2023-03-17T09:50:53","slug":"data-protection-addendum","status":"publish","type":"legal_resources","link":"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/","title":{"rendered":"Data Protection Addendum & GDPR Compliance"},"content":{"rendered":"
\r\n
\r\n
\r\n
\r\n

Data Protection Addendum & GDPR Compliance<\/span><\/h1>\n

Last Updated: January 2022<\/span><\/i><\/p>\n

This Data Protection Addendum (\u201cDPA\u201d), governs the transfer, collection and processing of Personal Data (as defined below), pursuant to the SPLITIT Merchant Terms and Conditions applicable to you (\u201cTerms\u201d) governing the use of SPLITIT Services, Merchant Application and SPLITIT Platform, by any Merchant (\u201cMerchant\u201d). Each of SPLITIT and Merchant shall be referred to as a \u201cParty\u201d and collectively the \u201cParties\u201d. Any capitalized terms not defined herein shall have the meaning ascribed to such terms in the Terms.<\/span><\/p>\n

1. Definitions<\/strong><\/p>\n

1.1. The terms \u201cPersonal Data\u201d, \u201cProcessor\u201d, \u201cController\u201d, and \u201cprocessing\u201d, \u201cSpecial Categories of Personal Data\u201d, shall have the meaning ascribed to such terms in the GDPR.<\/span><\/p>\n

1.2. \u201cData\u201d means Personal Data and Non-Personal Data.<\/span><\/p>\n

1.3. \u201cData Subject(s)\u201d means natural-persons regarding whom Data is processed by Merchant in connection with the Splitit Services, or disclosed to Splitit by Merchant pursuant to this DPA and the Terms, including without limitation, Merchant\u2019s Customers and Merchant\u2019s Users.<\/span><\/p>\n

1.4. \u201cGDPR\u201d means Regulation (EU) 2016\/679, of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95\/46\/EC (General Data Protection Regulation).<\/span><\/p>\n

1.5. \u201cMerchant\u2019s Customers\u201d means customers, clients, end-users, and\/or consumers of the Merchant\u2019s products and\/or services, which may use the Splitit installments services in connection with the purchase of Merchant\u2019s products and\/or services.<\/span><\/p>\n

1.6. \u201cMerchant\u2019s Users\u201d means any natural persons using the Splitit Services, Splitit Application and Splitit Platform on behalf or under authorization of the Merchant, including employees, consultants, and service providers.<\/span><\/p>\n

1.7. \u201cNon-Personal Data\u201d means any data or information of any kind relating to Data Subjects, which is not Personal Data.<\/span><\/p>\n

\u201cSub-Processors\u201d shall have the meaning set forth in Section 8;<\/span><\/p>\n

1.8. \u201cSub-Processor Notice\u201d shall have the meaning set forth in Section 8.<\/span><\/p>\n

2. Data Procesing<\/strong><\/p>\n

2.1. In rendering the Splitit Services to Merchant, the following Personal Data may be processed by Splitit on behalf of Merchant:<\/span><\/p>\n

2.1.1. Personal Data disclosed from time to time by Merchant to SPLITIT, concerning Merchant, Merchant\u2019s Customers or Merchant\u2019s Users;<\/span><\/p>\n

2.1.2. Personal Data processed by Splitit on behalf of Merchant in connection with providing Splitit Services to Merchant, whether shared with Splitit by Merchant or collected independently by Splitit from Data Subjects or third parties.<\/span><\/p>\n

2.2. In connection with any and all processing of Personal Data in the framework of provision of the Splitit Services to Merchant, the Parties agree and acknowledge that Merchant shall be regarded as a Controller of such Personal Data, and Splitit shall be regarded as a Processor of such Personal Data.<\/span><\/p>\n

2.3. SPLITIT will Process on behalf of Merchant Personal Data as specified in Appendix A attached hereto.<\/span><\/p>\n

2.4. SPLITIT will Process Personal Data for the following purposes:<\/span><\/p>\n

2.4.1. the provision of the Splitit Services to Merchant, including support and maintenance services;<\/span><\/p>\n

2.4.2. the provision of payment installments services to Merchant\u2019s Customers, under the written instruction of Merchant. For the avoidance of doubt, Merchant\u2019s acceptance of the Terms constitutes Merchant\u2019s explicit written instruction to Splitit to process Personal Data pursuant to this DPA;<\/span><\/p>\n

2.4.3. to contact Merchant in connection with the Splitit Services, notifications, programs or offerings;<\/span><\/p>\n

2.4.4. to send Merchant updates, promotional materials and newsletters. Merchant may choose to opt-out and to not receive these communications by sending SPLITIT a notice to: info@splitit.com.<\/span><\/p>\n

2.4.5. to identify and authenticate Merchant\u2019s or Merchant\u2019s Users\u2019 access to parts of the Services, Splitit Application or Splitit Platform, that Merchant or Merchant\u2019s Users\u2019 are authorized to access;<\/span><\/p>\n

2.4.6. to provide Merchant\u2019s Users and Merchant\u2019s Customers, with support in connection with the Splitit Services;<\/span><\/p>\n

2.4.7. to protect the security or integrity of SPLITIT\u2019s databases or the Splitit Services, to take precautions against legal liability, and to analyze and improve the Splitit Services;<\/span><\/p>\n

2.4.8. as necessary to help detect and prevent potentially illegal acts and fraud.<\/span><\/p>\n

2.4.9. as otherwise required and appropriate for the fulfilment of the Terms and exercising SPLITIT\u2019s rights and obligations thereunder, provided such processing is permitted under applicable laws.<\/span><\/p>\n

3. Representations and Undertakings of Splitit<\/strong><\/p>\n

3.1. Splitit shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks associated with accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.<\/span><\/p>\n

3.2. SPLITIT\u2019s employees, authorized by SPLITIT to process Personal Data on behalf of Merchant, are committed to customary confidentiality undertakings, or are otherwise under appropriate statutory obligations of confidentiality.<\/span><\/p>\n

3.3. SPLITIT shall only Process Personal Data on behalf of Merchant and pursuant to the instructions as set forth herein, pursuant to the Terms, or otherwise agreed to between the Parties in writing.<\/span><\/p>\n

3.4. At the choice of the Merchant, SPLITIT will delete or return to the Merchant Personal Data which is processed by SPLITIT on behalf of the Merchant under this DPA after the termination or expiration of the Terms and Merchant\u2019s engagement with Splitit, and shall delete any existing copies unless permitted to retain such data under applicable law.<\/span><\/p>\n

3.5. Merchant shall be liable to comply with obligations in connection with the rights and freedoms of Data Subjects, including Merchant\u2019s Users and Merchant\u2019s Customers, pursuant to applicable laws.<\/span><\/p>\n

3.6. Without derogating from the above SPLITIT shall notify Merchant upon receiving any request from a Data Subject, and shall make reasonable commercial efforts to assist the Merchant by appropriate technical and organizational measures, insofar as possible, for the fulfilment of the Merchant\u2019s obligations to respond to requests for exercising the Data Subjects\u2019 rights pursuant to applicable laws and the Terms.<\/span><\/p>\n

4. Representations and Undertakings of Merchant<\/strong><\/p>\n

4.1. Merchant undertakes that Merchant shall Process Personal Data only as lawful and compliant with applicable law, including if applicable the GDPR, and that Merchant shall be responsible to implement measures ensuring and demonstrating such compliance.<\/span><\/p>\n

4.2. Merchant\u2019s use of the Splitit Services must comply with all applicable laws, including laws relating to spam or unsolicited commercial emails, privacy, security, obscenity, defamation, child protection, and other applicable laws.<\/span><\/p>\n

4.3. Merchant acknowledges that it is aware that SPLITIT may not have any direct interaction with the Data Subjects, and therefore, is unable to inform them of relevant information in connection with the processing of their Personal Data, or obtain Merchant\u2019s Customers consent to such processing by Splitit. In light of the above, Merchant agrees that it is responsible to inform Merchant\u2019s Users and Merchant\u2019s Customers, clearly and explicitly, of the processing of their Personal Data, including by SPLITIT, pursuant to and in accordance with Merchant\u2019s engagement with SPLITIT. Merchant further represents that Merchant has all required authorizations to disclose, share or provide otherwise Personal Data to SPLITIT pursuant to this DPA and the Terms. In the event consent is required under applicable law including the GDPR, the Merchant shall: (i) ensure that it obtains consent from Data Subjects and displays all necessary and applicable notices in accordance with the applicable law; (ii) maintain a record of all consents obtained from Data Subject; and (iii) maintain a record of the withdrawals of consent by Data Subjects.<\/span><\/p>\n

4.4. Each Party shall maintain a publicly-accessible privacy policy that is available via a prominent link that satisfies transparency disclosure requirements of the applicable law, and specifically that is in compliance with Article 13 and Article 14 of the GDPR.<\/span><\/p>\n

4.5. Merchant shall not upload, Process, transfer, disclose or otherwise make available to SPLITIT any Personal Data included in Special Categories of Personal Data. If Merchant, in contradiction to Merchant\u2019s undertaking herein, transfers or discloses to SPLITIT any Personal Data included in Special Categories of Personal Data, Merchant hereby represents that Merchant has any and all required authorizations, including Data Subjects\u2019 explicit consent, for the transfer of such data to SPLITIT.<\/span><\/p>\n

5. Merchant\u2019s Instructions<\/strong><\/p>\n

5.1. Merchant hereby instructs SPLITIT to Process, on behalf of Merchant, Personal Data, uploaded, transferred or disclosed to SPLITIT by Merchant or otherwise in connection with the Splitit Services to Merchant and Merchant\u2019s Customers, for the purposes and in accordance with the terms specified herein and in the Terms.<\/span><\/p>\n

5.2. In the event Merchant wishes to instruct SPLITIT to Process Personal Data other than as specified in this DPA and the Terms (\u201cNew Instructions\u201d), Merchant shall provide SPLITIT with prior written notification containing the New Instructions. New Instructions shall be in force after approved in writing by SPLITIT.<\/span><\/p>\n

5.3. Notwithstanding the above, SPLITIT will not be obligated to perform any instruction or Processing, which in SPLITIT\u2019s reasonable determination, is in violation of applicable law, and SPLITIT shall notify Merchant without delay regarding such determination.<\/span><\/p>\n

6. Audits and Reports<\/strong><\/p>\n

6.1. Upon Merchant\u2019s reasonable request, SPLITIT will provide Merchant with relevant documentation or records (which may redacted to remove confidential commercial information not relevant to this DPA) which will enable it to verify and monitor SPLITIT\u2019s compliance with its data protection and security obligations under the terms of this DPA, not less than thirty (30) days of receipt of such request.<\/span><\/p>\n

6.2. Where, in the reasonable opinion of Merchant, such documentation is not sufficient in order to meet the obligations of Article 28 of the GDPR (if applicable), Merchant may, upon reasonable prior written notice to SPLITIT and upon reasonable grounds, conduct, at Merchant\u2019s expense, an on-site audit of SPLITIT\u2019s premises only as used in connection with the services provided to Merchant, solely to confirm compliance with SPLITIT\u2019s data protection and security obligations under this DPA. Any audit carried out by Merchant will be conducted in a manner that does not disrupt, delay or interfere with SPLITIT\u2019s performance of its business. Merchant shall ensure that the individuals carrying out the audit are under appropriate confidentiality obligations acceptable to SPLITIT.<\/span><\/p>\n

6.3. SPLITIT shall notify Merchant in writing upon an event of data breach that affected Merchant\u2019s Personal Data, and\/or as otherwise required under applicable law.<\/span><\/p>\n

6.4. SPLITIT may disclose Data to law enforcement, regulatory or other government agencies, or third parties, if SPLITIT reasonably believes that such disclosure is necessary to comply with a judicial proceeding, court order, or a legal process applicable to SPLITIT, provided however that SPLITIT shall notify Merchant in writing regarding any legally binding request for disclosure of Personal Data by a law enforcement authority, unless otherwise prohibited by applicable law.<\/span><\/p>\n

7. Personal Data and non-Personal Data<\/strong><\/p>\n

7.1. SPLITIT only collects Personal Data regarding its Merchants and Merchant\u2019s Users which the Merchant has provided SPLITIT voluntarily, by engaging with SPLITIT for the provision of the Splitit Services. Merchant is not required by any law to provide SPLITIT with any Personal Data regarding Merchant\u2019s Users or other Data Subjects.<\/span><\/p>\n

7.2. SPLITIT logs domain and IP address automatically; this information identifies the device that is being used to access Splitit Services.<\/span><\/p>\n

7.3. SPLITIT also uses cookies, web beacons or similar technologies to gather Data. Merchant hereby explicitly authorizes SPLITIT to use cookies and similar technologies in connection with the provision of the Splitit Services, and represents that Merchant has all requisite rights to grant such authorization to SPLITIT.<\/span><\/p>\n

7.4. With respect of Non-Personal Data, Merchant agrees that SPLITIT has unlimited rights to such information and that SPLITIT may use such information without limitation. Such information shall be deemed non-confidential.<\/span><\/p>\n

7.5. Non-Personal Data is collected and processed mainly for analysis in order to constantly improve and maintain Splitit Services, including among others, for ensuring the technical functioning of the Splitit Services, to help prevent fraudulent use of the Splitit Services, Platform and Application, and for developing new services and applications.<\/span><\/p>\n

7.6. SPLITIT may share non-personal, aggregate data regarding Splitit Services usage with its affiliates, partners and advertisers. From time to time, SPLITIT may release Non-Personal Data in the aggregate, e.g., by publishing a report on trends in Splitit Services and products usage.<\/span><\/p>\n

7.7. Merchant is entitled to review its Personal Data, and may exercise such right by logging in its account on the SPLITIT Application and\/or Platform, or by sending SPLITIT a request to: support@splitit.com. In the event any Personal Data is incorrect or outdated, Merchant may update and correct such data by providing SPLITIT with the appropriate information.<\/span><\/p>\n

7.8. Merchant may also be entitled to request the erasure or the restriction of certain Personal Data, and SPLITIT will comply with such requests, to the extent required under applicable law.<\/span><\/p>\n

7.9. SPLITIT retains Personal Data for the duration necessary in order to: (i) fulfill the purposes of Processing as described herein, and (ii) defend or assert legal claims and liability, or as otherwise permitted under applicable law.<\/span><\/p>\n

8. Subprocessing<\/strong><\/p>\n

8.1. Merchant acknowledges that SPLITIT may transfer Personal Data to and otherwise interact with third party data processors (\u201cSub-Processor\u201d) with respect to the SPLITIT Services, including for the following purposes:<\/span><\/p>\n

8.1.1. Third parties which assist SPLITIT in operating the Services;<\/span><\/p>\n

8.1.2. Personalizing the experience of Merchant\u2019s Customers;<\/span><\/p>\n

8.1.3. As necessary to help detect and prevent potentially illegal acts and fraud, and to guide decisions about the products, services and communications;<\/span><\/p>\n

8.1.4. Credit bureaus and collection agencies to report account information, as permitted by law.<\/span><\/p>\n

8.2. Merchant hereby, authorizes the SPLITIT to engage and appoint such Sub-Processors to Process Personal Data, as well as permits each Sub-Processor to appoint a Sub- Processor on its behalf. SPLITIT may continue its engagement with its current Sub-Processors as of the date of this DPA as detailed in Appendix 2 attached hereto.<\/span><\/p>\n

8.3. Merchant hereby acknowledges and confirms that in the event that Merchant\u2019s use of the SPLITIT Services shall include a fraud detection feature, the Merchant will provide SPLITIT or any Sub-Processor on SPLITIT\u2019s behalf, with Personal Data concerning transactions made prior to the engagement between Merchant and SPLITIT, for the purpose of enabling the fraud detection services. Merchant represents and warrants that Merchant has all required authorizations to disclose, share or provide otherwise Personal Data regarding Data Subjects to SPLITIT pursuant to this DPA and the Terms.<\/span><\/p>\n

8.4. In the event that SPLITIT shall appoint a new Sub-Processor, it shall provide a written notice, whether by general or specific reference to such Sub-Processor (e.g., by name or type of service), including relevant details of the Processing to be undertaken by the new Sub-Processor (the \u201cSub-Processor Notice\u201d). SPLITIT will enter into separate contractual arrangements with such Sub-Processors binding them to comply with obligations in accordance with the GDPR and this DPA.<\/span><\/p>\n

8.5. Notwithstanding the above, Merchant may object to the appointment of the new Sub-Processor, as follows: (i) Merchant shall provide the SPLITIT with prior written notice no later than 7 days following the receipt of the Sub-Processor Notice, detailing its objection, based on reasonable grounds, to the appointment of the new Sub-Processor; (ii) SPLITIT shall take reasonable steps to address the objections raised by Merchant and shall report these steps in writing to the Merchant; and (iii) Within 3 days of receipt of the SPLITIT\u2019S notice regarding the steps taken, the Merchant may notify SPLITIT that it does not find such steps to be sufficient to settle its objections. In the event the Merchant did not provide such notification, it will constitute as its approval of the Sub- Processor. In the event the Merchant further objects, each party may terminate the relationship upon a written notification effective immediately, without liability.<\/span><\/p>\n

8.6. Merchant acknowledges that SPLITIT is an international corporation, and that Personal Data may be transferred to a country other than the country where Data Subjects are located in connection with the provision of SPLITIT\u2019s Services to Merchant and Merchant\u2019s users.<\/span><\/p>\n

8.7. In the event SPLITIT transfers Personal Data across international borders, SPLITIT will use appropriate safeguards to ensure a level of security appropriate to the risks from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to the Personal Data transferred.<\/span><\/p>\n

8.8. Unless Merchant notifies SPLITIT in writing that the transfer of Personal Data is prohibited, any such transfer shall be regarded as permitted explicitly by Merchant.<\/span><\/p>\n

9. Liability and Indemnification<\/strong><\/p>\n

The Merchant will defend, indemnify, and hold harmless SPLITIT, and its officers, directors, employees, successors, and agents, from all claims, damages, liabilities, assessments, losses, costs, administrative fines and other expenses (including, without limitation, reasonable attorneys\u2019 fees and legal expenses), arising out of or resulting from any claim, allegation, demand, suit, action, order or any other proceeding by a third party (including supervisory authorities) that arises out of or relates to a violation of the Merchant\u2019s representations and\/or obligations under this DPA and\/or the Terms.<\/span><\/p>\n

10. Term<\/strong><\/p>\n

The term of this Notice shall continue until termination or expiration of the Terms or Merchant\u2019s engagement with SPLITIT.<\/span><\/p>\n

11. General Terms<\/strong><\/p>\n

11.1. The above Sections required by the GDPR shall be in force only in the event the GDPR applies to the processing of Personal Data pursuant to this Notice.<\/span><\/p>\n

11.2. In the event of inconsistencies between the provisions of this Notice and the Terms, the provisions of this Notice shall prevail with regard to the Parties\u2019 data protection and privacy protection obligations.<\/span><\/p>\n

11.3. The waiver by either Party of a breach of any of the terms and conditions of this Notice must be in writing and will not be construed as a waiver of any subsequent breach of such term or condition or the waiver of the provision itself. A Party\u2019s performance after the other Party\u2019s breach shall not be construed as a waiver of that breach.<\/span><\/p>\n

11.4. Neither party shall assign this Notice (or any part thereof) without the advance written consent of the other Party, except that SPLITIT may assign this Notice in connection with a merger, reorganization, acquisition or other transfer of all or substantially all of its assets or voting securities.<\/span><\/p>\n

11.5. If any provision of this Notice shall be adjudged by any court of competent jurisdiction to be unenforceable or invalid, that provision shall be limited to the minimum extent necessary so that this Notice shall otherwise remain in effect.<\/span><\/p>\n

11.6. This Notice shall be governed by and construed in accordance with the same laws the Terms. Any claim under this Notice may be solely brought to the competent courts as specified in the Terms.<\/span><\/p>\n

11.7. SPLITIT may amend this Notice from time to time, and make the amended Notice available to Merchant.<\/span><\/p>\n

Appendix A: Details of Processing of Personal Data<\/strong><\/p>\n

This Appendix A includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR.<\/span><\/p>\n

    \n
  1. Subject matter and duration of the Processing of Personal Data<\/span><\/li>\n<\/ol>\n

    The subject matter and duration of the Processing of the Personal Data are set out in the Terms and the DPA.<\/span><\/p>\n

      \n
    1. The nature and purpose of the Processing of Personal Data<\/span><\/li>\n<\/ol>\n

      SPLITIT is engaged to provide Merchant with services which involve the processing of Personal Data. The scope of the services is set out in the Terms, and the Personal Data will be processed by SPLITIT to deliver those Services to Merchant and to comply with the Terms and the DPA.<\/span><\/p>\n

        \n
      1. The types of Personal Data to be processed<\/span><\/li>\n<\/ol>\n
          \n
        • Merchant\u2019s Users contact information, such as name, email, phone number, etc.<\/span><\/li>\n
        • Merchant\u2019s Users IP addresses and device identifiers.<\/span><\/li>\n
        • Merchant\u2019s Customers\u2019:<\/span>\n
            \n
          • Personal Data, including full name, phone number, billing address and account details.<\/span><\/li>\n
          • Transactional data, including full Primary Account Number (PAN), expiration date, amount, currency, and number of installments.<\/span><\/li>\n
          • Supplemental transactional logging, including IP address, device identifier, order ID, and verification results.<\/span><\/li>\n<\/ul>\n<\/li>\n
          • Additional identifiers: merchant\u2019s Personal Data.<\/span><\/li>\n<\/ul>\n
              \n
            1. The categories of Data Subject to whom the Personal Data relates<\/span><\/li>\n<\/ol>\n
                \n
              • Merchant\u2019s Customers.<\/span><\/li>\n
              • Merchant\u2019s Users.<\/span><\/li>\n<\/ul>\n
                  \n
                1. The obligations and rights of SPLITIT<\/span><\/li>\n<\/ol>\n

                  The obligations and rights of SPLITIT are set out in the Terms and the DPA.<\/span><\/p>\n

                    \n
                  1. The processing operations carried out in relation to the Personal Data<\/span><\/li>\n<\/ol>\n

                    Collection, recording, hosting, organizing, adapting, analyzing, retrieving, sharing with Sub-Processors, structuring, storing, deleting, in each case for the purposes of providing services to Merchant and Merchant\u2019s Customers, the scope of which are set out in the Terms and the DPA.<\/span><\/p>\n

                    Appendix B: Sub-Processors<\/strong><\/p>\n

                      \n
                    • Fraud Detection and Merchant Identification<\/span>: Forter Ltd. and Trulioo Information Services Inc.<\/span><\/li>\n
                    • Cloud Services<\/span>: AWS.<\/span><\/li>\n
                    • Splitit\u2019s Subsidiaries and Affiliates<\/span>: including Splitit Ltd., Splitit USA Inc., Splitit Operations CA Ltd., Splitit UK Ltd, and Splitit Australia Pty Ltd.<\/span><\/li>\n
                    • Clearing Service Providers<\/span><\/li>\n
                    • Card acquirers, card processors and card networks, including, but not limited to, Visa, Mastercard, Discover and American Express.<\/span><\/li>\n<\/ul>\n <\/div>\r\n <\/div>\r\n <\/div>\r\n <\/section>\r\n","protected":false},"parent":0,"menu_order":0,"template":"","acf":[],"yoast_head":"\nData Protection Addendum & GDPR Compliance | Splitit<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Protection Addendum & GDPR Compliance | Splitit\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/\" \/>\n<meta property=\"og:site_name\" content=\"Splitit\" \/>\n<meta property=\"article:modified_time\" content=\"2023-03-17T09:50:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.splitit.com\/wp-content\/uploads\/2021\/12\/Bradley-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"979\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/\",\"url\":\"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/\",\"name\":\"Data Protection Addendum & GDPR Compliance | Splitit\",\"isPartOf\":{\"@id\":\"https:\/\/www.splitit.com\/#website\"},\"datePublished\":\"2022-01-11T18:59:45+00:00\",\"dateModified\":\"2023-03-17T09:50:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.splitit.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data Protection Addendum & GDPR Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.splitit.com\/#website\",\"url\":\"https:\/\/www.splitit.com\/\",\"name\":\"Splitit\",\"description\":\"A completely new way to pay\",\"publisher\":{\"@id\":\"https:\/\/www.splitit.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.splitit.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.splitit.com\/#organization\",\"name\":\"Splitit\",\"url\":\"https:\/\/www.splitit.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.splitit.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.splitit.com\/wp-content\/uploads\/2021\/11\/logo.svg\",\"contentUrl\":\"https:\/\/www.splitit.com\/wp-content\/uploads\/2021\/11\/logo.svg\",\"width\":118,\"height\":35,\"caption\":\"Splitit\"},\"image\":{\"@id\":\"https:\/\/www.splitit.com\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Protection Addendum & GDPR Compliance | Splitit","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/","og_locale":"en_GB","og_type":"article","og_title":"Data Protection Addendum & GDPR Compliance | Splitit","og_url":"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/","og_site_name":"Splitit","article_modified_time":"2023-03-17T09:50:53+00:00","og_image":[{"width":2560,"height":979,"url":"https:\/\/www.splitit.com\/wp-content\/uploads\/2021\/12\/Bradley-scaled.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/","url":"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/","name":"Data Protection Addendum & GDPR Compliance | Splitit","isPartOf":{"@id":"https:\/\/www.splitit.com\/#website"},"datePublished":"2022-01-11T18:59:45+00:00","dateModified":"2023-03-17T09:50:53+00:00","breadcrumb":{"@id":"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.splitit.com\/legals\/data-protection-addendum\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.splitit.com\/legals\/data-protection-addendum\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.splitit.com\/"},{"@type":"ListItem","position":2,"name":"Data Protection Addendum & GDPR Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.splitit.com\/#website","url":"https:\/\/www.splitit.com\/","name":"Splitit","description":"A completely new way to pay","publisher":{"@id":"https:\/\/www.splitit.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.splitit.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.splitit.com\/#organization","name":"Splitit","url":"https:\/\/www.splitit.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.splitit.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.splitit.com\/wp-content\/uploads\/2021\/11\/logo.svg","contentUrl":"https:\/\/www.splitit.com\/wp-content\/uploads\/2021\/11\/logo.svg","width":118,"height":35,"caption":"Splitit"},"image":{"@id":"https:\/\/www.splitit.com\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.splitit.com\/wp-json\/wp\/v2\/legal_resources\/3120"}],"collection":[{"href":"https:\/\/www.splitit.com\/wp-json\/wp\/v2\/legal_resources"}],"about":[{"href":"https:\/\/www.splitit.com\/wp-json\/wp\/v2\/types\/legal_resources"}],"version-history":[{"count":4,"href":"https:\/\/www.splitit.com\/wp-json\/wp\/v2\/legal_resources\/3120\/revisions"}],"predecessor-version":[{"id":29681,"href":"https:\/\/www.splitit.com\/wp-json\/wp\/v2\/legal_resources\/3120\/revisions\/29681"}],"wp:attachment":[{"href":"https:\/\/www.splitit.com\/wp-json\/wp\/v2\/media?parent=3120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}