Contact us
Login

Data Processing Addendum

This Data Protection Addendum (“DPA”), as well as the provisions of the agreement between Tigapo and Customer (“Agreement”), govern the transfer and Processing of Personal Data between Tigapo and the Customer. Any capitalized terms that are used herein and not defined herein shall have the meaning ascribed to such terms in the Agreement. 

Please, review our Privacy Policy (“Privacy Policy”) in order to learn more regarding the precautions we take in order to ensure the protection of personal data as well as to comply with applicable privacy and data protection legislation.

  1. DEFINITIONS
    1. The terms “Personal Data,” “Processor,” “Controller,” and “Processing,” “Special Categories of Personal Data,” shall have the meaning ascribed to such terms in the GDPR. The terms “Business,” “Business Purpose,” “Consumer,” “California Consumer,” “Service Provider” and “Sell” or “Sale” shall have the meaning ascribed to them in the CCPA. The term “Personal Data” as used herein shall also mean and refer to “Personal Information” as such term is defined in the CCPA.
    2. Authorized User” means an individual who is authorized by Customer to use the Services, to whom Customer has provided a sub-account, and/or to whom Customer has provided user credentials – identification and password enabling access to the Customer Account. Authorized Users may include, for example, employees, consultants, contractors and agents of Customer and shall exclude Customer’s end-users.
    3. CCPA” means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. Seq.
    4. Customer’s End-Users” means Customer’s end-users and consumers.
    5. Data Protection Law” means any and all applicable privacy and data protection laws and regulations (including, where applicable, the GDPR and the CCPA) as may be amended or superseded from time to time.
    6. Data Subject” means a natural person regarding whom Personal Data or Personal Information is Processed and shall also mean and refer to a “Consumer” under the CCPA.
    7. End-User Data” means any and all Personal Data that is provided to the Customer by the Customer’s End-Users.
    8. GDPR” means EU General Data Protection Regulation (Regulation 2016/679).
    9. Services” and “Platform” shall have the meaning ascribed to such terms in the Agreement.
    10. Standard Contractual Clauses” mean the standard contractual clauses for the transfer of Personal Data to third countries pursuant to the GDPR and were adopted by the European Commission Decision 2021/914 on June 4, 2021, which are attached herein by linked reference: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32021D0914&from=EN
  2. DATA PROCESSING
    1. The parties acknowledge that in relation to all End-User Data, Customer shall be regarded as the Controller of End-User Data, and Tigapo shall be regarded and is acting as a Processor of the End-User Data on behalf of the Customer. For the purposes of the CCPA (and to the extent applicable), Customer is the Business and Tigapo is the Service Provider. Without derogating from the above, it is hereby clarified that in addition to Tigapo’s capacity as a Processor of the End-User Data, Tigapo is also a Controller of certain Personal Data related to the Customer. Any Personal Data Processed by Tigapo as a Controller shall be used and processed in accordance with Tigapo’s Privacy Policy and is not governed by this DPA.
    2. Notwithstanding the general processor role, there are certain circumstances within Tigapo’s App (the “App”) where Tigapo may act as an Independent Data Controller. This pertains to specific information within the App, as determined by Tigapo’s obligations or purposes that are distinct from those of the Customer.
    3. Tigapo will Process Personal Data on behalf of Customer as specified in ANNEX I attached hereto.
    4. Tigapo will Process Personal Data on behalf of Customer for the purposes included in its Privacy Policy.
  3. CUSTOMER ACCOUNT MANAGEMENT
    1. In order to use the Services, a designated Customer Account will be created by Tigapo for the use of the Customer and its Authorized Users. Customer will be required to select a username and password and use a 2 factor authentication application in order to use the Platform. Customer is solely responsible for setting-up applicable permissions and sub-accounts on the Platform for each of its Authorized Users.
    2. Customer acknowledges that under applicable laws access authorizations should only be granted on a need-to-know basis, may require ongoing monitoring of access authorizations and should be used by Authorized Users only. Customer may need to remove Authorized Users who no longer have a “need to know”.
    3. In order to create and use the Customer Account, Customer and any Authorized Users must be at least 18 years old. Customer undertakes that it and its Authorized Users will not use any access authorizations in deviation of the specific authorization granted or by anyone who is not the Authorized User.
    4. Customer represents and warrants that it: (i) is solely responsible for Authorized Users’ compliance with this DPA; (ii) is solely responsible for accuracy, quality and legality of information; (iii) is solely responsible for use of the Platform; (iv) will use appropriate efforts to prevent and detect unauthorized access.
    5. For the avoidance of doubt, Tigapo does not and cannot control or monitor the management of the Customer Account and use of the Platform by Customer and its Authorized Users.
    6. In the event Customer or its Authorized Users violate any of the terms of this DPA, Tigapo may suspend or terminate the Customer Account or access to the Platform.
  4. REPRESENTATIONS AND UNDERTAKINGS OF THE PARTIES
    1. The Parties shall each implement appropriate technical and organizational measures to ensure a level of security appropriate for the risks to Personal Data.
    2. The security measures implemented by Tigapo meet market standards and shall be shared with Customer upon request.
    3. Tigapo represents and warrants that Tigapo’s employees, authorized by Tigapo to Process Personal Data, are committed to customary confidentiality undertakings.
    4. Tigapo shall only Process Personal Data on behalf of Customer, pursuant to the instructions as set forth herein and in accordance with the Agreement.
    5. Customer undertakes that Customer shall Process Personal Data only as lawful and compliant with applicable law.
    6. Customer agrees that it is solely responsible to inform Customer’s End-Users of the Processing of End-User Data, including by Tigapo. Customer undertakes to include in such disclosure a link to Tigapo’ Privacy Policy.
    7. Customer represents that Customer has all required authorizations to disclose Personal Data to Tigapo, including procuring an affirmative act of consent from End-Users if required.
    8. Customer shall not disclose to Tigapo any Data that is considered Special Categories of Personal Data.
    9. Tigapo will delete or return to the Customer, any of Customer’s Personal Data and the End-User Data after the termination or expiration of the Agreement, unless required to retain it under applicable law. This does not apply to data for which Tigapo is an Independent Controller.
    10. Customer shall use reasonable monitoring deriving from on-site presence to ensure the authenticity of the age verification process of end-users.
  5. INSTRUCTIONS
    1. Customer hereby instructs Tigapo to Process, on behalf of Customer, Personal Data, in connection with the Services solely for the purposes and in accordance with the terms specified herein.
    2. Notwithstanding the above, Tigapo will not be obligated to perform any instruction which in Tigapo’s determination, is in violation of applicable law.
  6. AUDITS
    1. Upon Customer’s reasonable request, Tigapo will provide Customer with relevant documentation or records which will enable it to verify Tigapo’s compliance with its data protection and security obligations.
  7. DATA SUBJECTS’ RIGHTS AND AUTHORITY REQUESTS
    1. Customer shall have the sole liability to comply with its obligations in connection with the rights and freedoms of Data Subjects. Tigapo will direct the Data Subject or the applicable authority to the Customer in order to enable the Customer to respond directly.
    2. Tigapo shall make reasonable commercial efforts to assist the Customer in the fulfilment of the Customer’s obligations to respond to Data Subjects’ request.
  8. NO SALE OF PERSONAL DATA
    1. It is hereby agreed that any sharing of Personal Data between the parties is done solely in order to fulfill a Business Purpose and Tigapo does not receive or process any Personal Data in consideration for the Services. As such, the Processing shall not be considered a Sale under the CCPA.
  9. CUSTOMER’S PERSONNEL DATA RIGHTS
    1. Tigapo will Process certain Personal Data regarding Customer’s personnel interacting with Tigapo in accordance with Tigapo’s Privacy Policy.
    2. Customer’s personnel have certain rights as further explained in Tigapo’s Privacy Policy.
  10. SUBPROCESSING AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES
    1. Customer hereby grants Tigapo express authorization to engage with third party data Processor’s (“Sub-Processors”). A list can be found in Section 8 of the Privacy Policy (“Authorised Sub-processors”).
    2. Customer confirms that Tigapo will update the list of Authorised Sub-processors from time to time. Customer may provide written notification to Tigapo specifying grounds for objection to any third party.
    3. Customer acknowledges that certain third parties may be considered as a Controller or a Business. Tigapo will not be liable for such entities’ Processing activities.
    4. Tigapo may also share Personal Data with its affiliated companies in the Tigapo group as reasonably required.
  11. INTERNATIONAL TRANSFERS OF DATA
    1. The parties acknowledge and agree that Tigapo may access and Process Personal Data from territories different than those where the data was collected.
    2. A Restricted Transfer shall be subject to the terms and obligations of the Module II of the Standard Contractual Clauses. Tigapo shall be deemed as the Data Importer and the Customer as the Data Exporter.
    3. The purpose and description of the transfer are detailed in ANNEX I.
    4. Where Tigapo engages a Sub-Processor involving a transfer within the meaning of Chapter V of the GDPR, Tigapo and the Sub-Processor will enter into Module III of the Standard Contractual Clauses.
    5. To the extent that Tigapo acts as a Controller, any Restricted Transfer shall be governed by Module II.
    6. Customer agrees to submit itself to the jurisdiction of the competent supervisory authority Subject to Clause 13 of the Standard Contractual Clauses.
    7. The Standard Contractual Clauses shall be governed by the laws of Lithuania.
    8. Specifically for EU-US Transfers: Following Schrems II, supplemental measures may be needed. Tigapo will not provide access to Customer’s Personal Data to any US government agency except where necessary under law.
    9. Customer shall bear the sole responsibility of obtaining all necessary consents from Data Subjects for transferring Personal Data if required.
  12. NOTIFICATIONS
    1. Tigapo shall notify Customer in writing in the event that it becomes aware of a data breach that affected Customer’s Personal Data.
    2. Tigapo may disclose Data to law enforcement if Tigapo reasonably believes such disclosure is necessary to comply with legal process.
  13. LIABILITY AND INDEMNIFICATION
    1. Customer will indemnify and hold harmless Tigapo from all damages resulting from any third party claim arising out of a violation of Customer’s representations under this DPA.
  14. TERM
    1. The term of this DPA shall continue until the termination or expiration of the engagement between Tigapo and Customer.
  15. GENERAL TERMS
    1. Sections shall be in force only in the event the GDPR or the CCPA applies.
    2. In the event of inconsistencies, the provisions of this DPA shall prevail. Standard Contractual Clauses prevail over this DPA.
    3. TIGAPO may amend this DPA from time to time.
    4. In the event of discrepancies between the English version and translations, the English version shall prevail.

ANNEX I: DETAILS OF PROCESSING AND TRANSFERRING OF PERSONAL DATA

This ANNEX I includes certain details of the Processing of Personal Data as required by Article 28(3) GDPR and the transferring Personal Data subject to the Standard Contractual Clauses.

  1. LIST OF PARTIES:
    • Data Exporter details (i.e., Customer):
      The identity and contact details of the Customer shall be the same as indicated in the Agreement. Activities relevant to the data transferred under these Clauses: Data Processing for the performance of the Agreement.Signature and date: Signature of the Agreement and the DPA incorporated therein, shall be deemed to constitute signature and acceptance of the Standard Contractual Clauses incorporated herein, including their Appendices. 

      Role (Controller/processor): Controller.

    • Data Exporter details (i.e., Tigapo): Tigapo’s contact details shall be the same as indicated in the Agreement. Activities relevant to the data transferred under these Clauses: Personal Data Processing for the performance of the Agreement.

      Signature and date: Signature of the Agreement and the DPA incorporated therein, shall be deemed to constitute signature and acceptance of the Standard Contractual Clauses incorporated herein, including their Appendices.

      Role (Controller/processor): Processor.

  2. DESCRIPTION OF TRANSFER
  1. Subject matter and duration of the Processing of Personal Data The subject matter and duration of the Processing of the Personal Data are set out in Section ‎2 of this DPA.
  2. The nature and purpose of the Processing of Personal Data Tigapo will be providing Customer with Services which involve the processing of Personal Data. The scope of the Services is set out in the Agreement, and the Personal Data will be processed by Tigapo in order to provide the Services to Customer and to comply with the terms of the Agreement and this DPA.   
  3. The types of Personal Data to be processed and transferred
    • Customer’s contact person’s full name and contact details;
    • Customer’s and/or Customers’ Authorized Users IP addresses, device identifiers.
    • Customer’s Authorized Users’ contact information, such as name, email, phone number, etc.
    • Customer’s End-Users’ personal data related to the provision of the Services to Customer, including name and contact details, date of birth, purchase history, email address, approximate and precise location, profile picture, phone number, gender, language preference, 4  last digits of credit card, ID and type of device used to enter the Platform, IP address and operating system.
  4. The categories of Data Subjects to whom the Personal Data relates
    • Customer (to the extent the Customer is an individual)
    • Customers’ shareholders;
    • Customers’ Authorized Users;
    • Customers’ End-Users
  5. Sensitive data processed or transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialized training), keeping a record of access to the data, restrictions for onward transfers or additional security measure:
    • N/A
  6. The obligations and rights of Customer The obligations and rights of Customer are set out in the Agreement and this DPA.
  7. The processing operations carried out in relation to the Personal Data Collection, recording, hosting, organizing, adapting, analyzing, retrieving, sharing with Sub-Processors, structuring, storing, deleting, in each case for the purposes of providing the Services to Customer, the scope of which are set out in the Agreement and this DPA. 
  8. The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis).
    • Continuous
  9. For transfers to sub- processors, also specify subject matter, nature and duration of the processing
    • See list of authorized sub-processors
  10. Competent Authority in accordance with Clause 13 of the Standard Contractual Clauses
    • The Competent Authority of the shall be in accordance with Clause 13 alternatives.
Tigapo Play System is certified by the kidSAFE Seal Program.
Menu
Products
Amusement Businesses
Resources
© 2026 All Rights reserved
Twitter Facebook Instagram
Twitter Facebook Instagram
Tigapo Play System is certified by the kidSAFE Seal Program.

© 2024 All Rights reserved

Contact us
Login