Parties
Controller A: Operula, operated by Bluix Group LTD (UK Company 17097946), 41 Devonshire Street, Ground Floor, London W1G 7AJ.
Controller B: the Artisan account holder identified by their Operula account ID at the date of this DPA.
This document is a joint-controllership agreement (Article 26 GDPR) for the personal data processed in the Stripe Connect payment flow described below. Where joint controllership is not the appropriate construct under the law of a specific jurisdiction, the parties will treat this as a controller-to-controller agreement with reciprocal warranties.
1. Subject and purpose
The Artisan uses the Operula platform to sell goods/services to consumers. Payment for those sales is processed by Stripe Inc. (the Processor) acting under the Stripe Services Agreement and Stripe Connect terms. To enable the Artisan to receive payouts, Stripe Connect collects and processes personal data of the Artisan and the customers. Operula and the Artisan jointly determine the purposes of this processing for Operula's part of the flow (account creation, payout initiation, refund and dispute handling, chargeback recovery).
2. Data categories
Artisan data: identifying data (legal name, date of birth, nationality), address (residential/business), tax data (TIN, VAT), bank/payment-account identifier (IBAN), identity verification documents where Stripe requires KYC tier upgrades.
Customer data: cardholder name, billing address (where collected by Stripe), payment instrument data (Stripe issues a token; we never touch the card number), email, phone (only for receipt and dispute communication).
3. Roles
| Stage | Operula | Artisan | Stripe |
|---|---|---|---|
| Account onboarding | Joint controller | Joint controller | Processor |
| Payment authorization | Controller (commission) | Controller (price) | Processor |
| Refund initiation | Controller (validates) | Controller (initiates) | Processor |
| Chargeback handling | Controller (mediates) | Controller (evidence) | Processor |
| KYC document collection | Joint controller (policy) | Data subject | Processor (verifies) |
4. Each party's obligations
Both parties undertake to: process data only for the purposes stated; implement appropriate technical and organisational measures (clause 6); inform each other within 24 hours of any personal data breach; cooperate on data subject requests within 5 business days.
Operula specifically: maintain the Stripe Connect integration in compliance with the Stripe Services Agreement; provide a transparent in-dashboard view of all funds movements; apply role-based access control with audit logging.
The Artisan specifically: provide truthful and current data; notify Operula promptly of changes affecting Stripe KYC; not export or copy customer data for purposes outside order fulfilment as defined in the Artisan T&C.
5. Sub-processors
Operula uses these sub-processors for this flow:
- Stripe Inc., 354 Oyster Point Boulevard, South San Francisco, CA 94080, USA — payment processing, KYC, payouts
- AWS / Hetzner / Netcup — cloud hosting (logs, audit trail)
- SendGrid / Brevo — transactional email (receipts, payout notifications)
Operula will give the Artisan 30 days' notice of changes to its sub-processor list. The Artisan may object to a new sub-processor in writing; if reasonable, we will provide an alternative or allow termination without penalty.
6. Technical and organisational measures
Both parties commit to maintaining at least:
- Access control: role-based, audit logged
- Encryption: TLS 1.2+ in transit, AES-256 at rest for sensitive fields (TIN, IBAN, ID documents)
- Segregation: production and non-production environments isolated
- Backups: encrypted, tested quarterly, retained 30 days operational + 10 years cold storage where required by fiscal law
- Incident response: 24/7 monitoring, on-call rotation, breach notification within 24h
- Penetration testing: annual, third-party
- Staff training: annual GDPR refresher
7. Cross-border transfers
Operula → Stripe (US): covered by the EU-US Data Privacy Framework where Stripe is certified, or by Standard Contractual Clauses (Decision 2021/914) plus transfer impact assessment.
Operula → AWS / Hetzner / Netcup: EU regions where possible. Where US fallback is in scope, SCCs apply.
8. Term and termination
This DPA enters into force when the Artisan completes Stripe Connect onboarding and remains in force until the Artisan's account is terminated. On termination, each party either returns or deletes the personal data, except for data subject to mandatory retention obligations (DAC7, fiscal law, AML).
9. Liability
Each party is responsible for damages arising from its own breach of GDPR or this DPA, in accordance with Article 82 GDPR. Joint and several liability under Article 82(4) applies for damages caused jointly.
10. Audit
Each party may, on 30 days' written notice, audit the other's compliance with this DPA, no more than once per calendar year, at its own expense, conducted by an independent auditor under confidentiality.
This DPA is deemed accepted by the Artisan upon completion of Stripe Connect onboarding through the Operula platform, with electronic record (timestamp + IP). Operula's acceptance is established by publication of this DPA at this URL.