This Annex sets out the data-protection commitments between Eaty City OÜ and the Merchant under GDPR, and describes the Settlement Logic that applies to all transactions on the Platform.
01Roles
- Merchant = Controller
- Company (Eaty City OÜ) = Processor
02Data types
- Customer data
- Orders
- Loyalty data
- Technical logs
03Purpose
- Order processing
- Loyalty program management
- Analytics
- Fraud prevention
04Subprocessors
- Hosting providers
- Email service providers
- Stripe, Inc.
05Security
- TLS encryption
- Access control
- Logging
- Monitoring
06Data breach
Notification shall be made without undue delay.
07Data transfers
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
08Liability
Liability is limited in accordance with the Master Service Agreement (MSA).
Settlement logic
1. Structure
- All payments are processed via Stripe Connect.
- The Company does not hold or store funds.
2. Waterfall
Example for a €100 transaction:
| Processing Fee (2.95%) | €2.95 |
|---|---|
| Marketing Fee (5.5%) | €5.50 |
| Merchant receives | €91.55 |
3. Ownership
- Fees → Company
- Remaining amount → Merchant
4. Loyalty netting
Example:
| Redeemed | €500 |
|---|---|
| Future Marketing Fees | €3,000 |
| Merchant receives | €2,500 |
5. Breakage
Treated as Company revenue.
6. Refunds
Fees are non-refundable.
7. Chargebacks
Responsibility lies with the Merchant.
8. Tax
- Gross amount = Merchant revenue
- Fees = Merchant expenses
9. PSD2 position
- Not e-money
- Not a Payment Service Provider (PSP)
- Operates under commercial agent model