Merchant Portal Agreement

Please note that by acting on behalf of the Merchant (e.g. as an employee or a subcontractor of the Merchant) parts of the Agreement apply to you as the individual accessing the Merchant Portal.

These obligations include:

  • abiding by the principle of data secrecy. This means that customer data is confidential and shall not be disclosed except where legally permitted. It also means that your login credentials shall be kept confidential.

  • verifying the customer’s identity before making any changes within the Merchant Portal. In particular, you must, in addition to requesting and verifying the customer’s full name, ask two control questions, e.g. the billing address, the purchase date, the customer’s date of birth, the exact amount of the order.

1. Background

Welcome to the Affitto Merchant Portal (“Merchant Portal”). The Merchant Portal is provided by Affitto Inc., with its principal place of business at 933 Seymour Street, Vancouver British Columbia V6B 6L6. (“Affitto”, “us”).

The Merchant Portal allows an Affitto merchant (“Merchant”) to manage, on behalf of Affitto, certain aspects of the Affitto customer relationship with regard to their order and the payment thereof.

This agreement (“Agreement”) sets out the terms and conditions surrounding the use of the Merchant Portal and is to be read in conjunction with the respective Merchant Services Agreement regarding Affitto's rental services, as entered into between the Merchant and Affitto (“Main Contract”).

This Agreement is between Affitto and the Merchant.

2. Merchant Portal Functionality and Purpose

Frequently, the Merchant will be the first point of contact for the customer. In order to provide a smooother customer experience, the Merchant shall be able to administer certain order-related aspects of the Affirro customer relationship directly, as permitted below and for the purpose of managing customer inquiries relating to their order and the payment thereof. Consequently, the Merchant Portal permits the Merchant to view and change order and payment related data. Examples may include being able to:


  • view the customer’s name, phone number, email address, billing address and shipping address;

  • view reference numbers for the transaction;

  • waive any late fees that might have accrued, as well as assume the cost of any waived late fees; and

  • resend the order statement.

3. Using the Merchant Portal


The Merchant can access the Merchant Portal by using the credentials provided by Affitto. The credentials provided by Affitto are for the Merchant’s use only and may not be provided to any third party, including separate legal entities within the Merchant’s own legal group and sub-processors, except as permitted herein. The Merchant is obliged to keep the credentials confidential.

Access to the Merchant Portal as well as all actions performed will be logged by Affitto for security reasons and for customer relationship purposes.

In case of a breach of this Agreement, Affitto reserves the right to restrict or revoke access to the Merchant Portal, in addition to the remedies to those stated in the Main Contract.


The Merchant is obligated to verify the customer’s identity before making any changes within the Merchant Portal. In particular, the Merchant must, in addition to requesting and verifying the customer’s full name, ask two control questions, e.g. the billing address, the purchase date, the customer’s date of birth, the exact amount of the order.


The Merchant is prohibited from using or trying to use the Merchant Portal in a way that is outside the scope and intentions of this Agreement and the Main Contract. In particular, the Merchant may not export any personal data from the Merchant Portal nor use the data accessible via the Merchant Portal for any other purpose than to administer the customer relationship as foreseen by this Agreement and the Main Contract.

4. Affitto-Merchant Relationship

The Affitto-Merchant relationship with regards to the Merchant Portal is defined by Affitto assuming the role of a data controller and the Merchant acting as a data processor.

A data controller is the party that determines the purposes and means of the processing of personal data, while a data processor is a party who processes personal data on behalf of a data controller.

Affitto determines both the purposes and means of the the processing of the personal data available on the Merchant Portal. Affitto not only sets the scope of the decisions that the Merchant may take towards the customer, Affitto also limits the type of processing of the customer’s personal data the Merchant may undertake. Any processing of customer data conducted by the Merchant is on behalf of and under instruction from Affitto, and shall be in compliance with the following requirements:


4.1.1 The Merchant will process personal data in accordance with this Agreement and Main Contract.

4.1.2 Personal data shall be processed by the Merchant in accordance with Affitto's instructions and subject to the data protection principle of data secrecy. Personal data may not in any way be processed for the Merchant’s own purposes or for purposes not set forth in this Agreement and the Main Contract.

4.1.3 The Merchant shall prevent unauthorized use of the access credentials to the Merchant Portal as well as maintain an access log of which Merchant employees have access to the Merchant Portal.

4.1.4 The Merchant shall ensure that any personnel entrusted with processing personal data comply with the principle of data secrecy and have been duly instructed their obligations under this Agreement and data protection legislation. The obligation to secrecy shall continue after the termination of the Main Contract.

4.1.5 In case of a serious interruption of operations, suspicion of breach of personal data including issues relating to the credentials, or any other irregularity in the processing of personal data, the Merchant shall, without undue delay, inform Affitto, by sending an email to



Affitto is entitled, upon reasonable notice, to audit whether the Merchant is complying with its obligations specified in this Agreement and applicable law. The audit shall not disrupt any day-to-day activities of the Merchant.


4.3.1 Affitto is obliged, based on applicable data protection legislation, to provide information to a data subject or supervisory authority about the processing of personal data. The Merchant is obliged to assist Affitto in making this information available when relevant, unless otherwise instructed. 

4.3.2 Unless otherwise instructed, the Merchant shall inform Affitto immediately upon receipt of a request of information by sending an email to


4.4.1 The Merchant is hereby given a limited power of attorney. The power of attorney permits the Merchant to conclude with its service providers accessing the Merchant Portal Data Processing Agreements on behalf of Affitto.

4.4.2 The Data Processing Agreement may not entail any financial obligations for Affitto.

4.4.3 The Data Processing Agreement may not be less strict than the Merchant’s obligations under this Agreement.

4.4.4 The Merchant must notify Affitto prior to the conclusion of the Data Processing Agreement. Affitto may veto any service provider within two weeks of the notification. Silence on behalf of Affitto means the Merchant may conclude the Data Processing Agreement.

4.4.5 Furthermore, the Merchant must incorporate into the Data Processing Agreement the European Commission’s standard contractual clauses (the so called Model Clauses) where there is a transfer of data to a third country (country outside the EU/EEA area).

4.4.6 The Data Processing Agreement concluded by the Merchant with the service provider must be uploaded to Affitto via the Merchant Portal.

5. Miscellaneous

5.1 No change to this Agreement nor any of its components, including any commitment issued by the Merchant, shall be valid and binding unless made in writing and unless they make express reference to being a change or amendment to this Agreement. The foregoing shall also apply to the waiver of this formal requirement.

5.2 The Merchant shall indentify and hold harmless Affitto from and against any loss and costs etc. arising from or relating to any breach of the Merchant’s obligations pursuant to this Agreement according to the respective clause in the Merchant Agreement.

5.3 This Agreement enters into force on the date it is accepted by the Merchant and shall apply until further notice. Upon termination of the Main Contract, the Agreement will stay in force as long as any personal data is being processed on behalf of Affitto.

5.4 This Agreement shall be governed by the laws of Canada. Any disputes shall be governed according to the Main Contract. 

Copyright © 2020-2035 Affitto Solutions. Headquarters: Vancouver, British Columbia. All rights reserved. Business number:730759271BC0001