KorePOS
← Legal & Compliance

GetsMotives Ltd · Last updated 17 May 2026

Data Processing Agreement (DPA)

Last updated: 17 May 2026

This Data Processing Agreement forms part of the agreement between GetsMotives Ltd (“Processor”, “we”) and the business customer (“Controller”, “you”, “Merchant”) when we process personal data on your behalf through GetsMotives and KorePOS.

It supplements our Privacy Policy, Terms & Conditions, and Security Policy. UK GDPR and the Data Protection Act 2018 apply.

1. Definitions

Terms in Article 4 UK GDPR apply. Personal data, processing, controller, processor, sub-processor, and data subject have the meanings set out in law.

Services means the Platform features that store or process end-customer or staff data on your instructions.

2. Roles

PartyRoleTypical data
MerchantControllerEnd-customer bookings, orders, marketing lists, staff HR data you upload
GetsMotives LtdProcessorProcessing on documented instructions via the Platform
GetsMotives LtdControllerYour account billing, our website analytics, direct B2B marketing

3. Subject matter and duration

Subject matter: Provision of POS, payments integration, bookings, ticketing, QR ordering, analytics, and related SaaS.

Duration: For the term of your subscription and retention period thereafter as per the Privacy Policy.

Nature and purpose: Hosting, transmission, organisation, retrieval, and display of personal data as you configure the Services.

Categories of data subjects: Your customers, guests, attendees, and authorised users.

Types of personal data: Identity, contact, transaction, booking, device, and usage data as configured by you.

Special categories: Processed only if you enable features requiring such data; you warrant a lawful basis and appropriate safeguards.

4. Processor obligations

We shall:

  1. Process personal data only on documented instructions from you, including these terms and dashboard configurations, unless required by law (in which case we notify you unless prohibited).
  2. Ensure persons authorised to process data are bound by confidentiality.
  3. Implement appropriate technical and organisational measures per Security Policy.
  4. Assist with data subject requests, DPIAs, and consultations with supervisory authorities, considering the nature of processing and information available to us (reasonable fees may apply for manifestly excessive requests).
  5. Notify you without undue delay after becoming aware of a personal data breach.
  6. Delete or return personal data at termination, subject to legal retention, within 90 days unless you export sooner.
  7. Make available information necessary to demonstrate compliance and allow audits no more than once annually on reasonable notice, subject to confidentiality and security.

5. Sub-processors

You provide general authorisation for us to engage sub-processors (cloud hosting, email, SMS, analytics, payment routing, support tools). We maintain a sub-processor list available at support@korepos.co.uk.

We will notify material changes allowing you to object on reasonable grounds relating to data protection. If we cannot accommodate a justified objection, you may terminate affected Services.

Sub-processors are bound by written terms no less protective than this DPA.

Payment providers may act as independent controllers for payment data — see Payment Terms.

6. Controller obligations

You shall:

  • Provide lawful instructions and a valid lawful basis for processing
  • Publish privacy notices to data subjects
  • Obtain consents where required (e.g. marketing, non-essential cookies on your channels)
  • Ensure accuracy of data you upload
  • Not instruct us to process unlawful categories without safeguards
  • Comply with Acceptable Use Policy

7. International transfers

Where sub-processors transfer data outside the UK, we ensure appropriate transfer mechanisms (IDTA, SCCs, or adequacy) as required.

8. Liability

Liability for processing is subject to the caps and exclusions in our Terms & Conditions, without prejudice to each party’s liability under UK GDPR where it cannot be limited.

9. Governing law

the laws of England and Wales · Supervisory authority: UK ICO for UK-established Controllers.

10. Signature

This DPA is effective upon acceptance of the Terms or execution of an order form. For a countersigned copy, contact support@korepos.co.uk.

Annex — Technical measures: See Security Policy.

Related: Privacy Policy · Cookie Policy

GetsMotives Ltd · Flat 42 Regents Court, Stonegrove, Edgware, HA8 8AD, United Kingdom · Company no. 16846219 · VAT Not VAT registered in the United Kingdom
Legal: support@korepos.co.uk · Privacy: support@korepos.co.uk

Start Free