data processing addendum
In this DPA the terms below shall have the meanings set out in this Section 1, unless expressly stated otherwise. Capitalized terms used, but not defined, in this DPA shall have the meaning given to them in the Agreement. References to “including” mean “including, without limitation”.
02. Scope of this Data Processing Addendum
03. Processing of Customer Personal Data
04. Vendor Personnel
06. Data Subject Requests
07. Personal Data Breaches
8.2 Information about Subprocessors, including their functions and locations, is available at: subprocessor page (as may be updated by Provider from time to time) or such other website address as Provider may provide to Customer from time to time (the “Subprocessor Site”).
09. Compliance Assistance; Audits
10. Return and Deletion
11. Customer Responsibilities
Annex 1 - Data Processing Details
Customer / ‘Data Exporter’ Details
Name: As set out in the Agreement or applicable ordering document
Contact details for data protection: As set out in the Agreement or applicable ordering document
Customer Activities: Provider of spa services and recreational services
Provider / ‘Data Importer’ Details
Name: Book4Time Inc.
Contact details for data protection: email@example.com
Customer Activities: Provider of online Spa and Recreation Management Software, including offline and mobile components.
Details of Processing
Categories of Data Subjects: Users of Customer’s websites or other online services
Categories of Personal Data: Personal Data pertaining to data subjects’ use of and interaction with Customer’s websites or other online services
Sensitive Categories of Data, and associated additional restrictions/safeguards: Not applicable
Frequency of transfer: For as long as necessary to fulfil the purpose(s) for which the information was collected, depending on the purpose(s) for which the information was collected, the nature of the information, any contractual relationship that may governs the retention of the data, and any legal or regulatory obligations.
Nature and purpose of the Processing: Provide online spa and recreation management services, as more particularly described in the Agreement and comply with Customer instructions thereunder
Duration of Processing / Retention Period: Concurrent with term of the Agreement and then thereafter pursuant to Section 10
Transfers to Subprocessors: Transfers to Subprocessors are as, and for the purposes, described from time to time in the Subprocessor List (as may be updated from time to time in accordance with the DPA).
Annex 2 – European Annex
1. Restricted Transfers
2. Operational Clarifications
3. Liability to Data Subjects
Attachment 1 to European Annex
Population of SCCs
Part 1: Population of EU SCCs
4. Signature of the SCCs; Modules
4.2 The following modules of the SCCs apply in the manner set out below (having regard to the role(s) of Customer set out in Annex 1 (Data Processing Details) to the DPA):
Module Two of the SCCs applies to any EU Restricted Transfer involving Processing of Customer Personal Data in respect of which Customer is a Controller in its own right.
5. Population of the Body of the SCCs
6. Population of Annexes to the Appendix to the SCCs
Part 2: UK Restricted Transfers
7. UK Transfer Addendum
Annex 3 - California Annex
Annex 4 – China Annex
1. International Transfer of Customer Personal Data.
Annex 5 – Canada Annex
Annex 6 – Security Measures
Back to Homepage