Last updated: December 2024
This Data Processing Agreement ("DPA") governs the processing of personal data by Bookitsy on behalf of our customers in compliance with applicable data protection laws.
This Data Processing Agreement supplements our Terms of Service and outlines how Bookitsy processes personal data on behalf of our customers. When you use Bookitsy to manage bookings and customer interactions, you act as the Data Controller, and we act as the Data Processor.
This agreement ensures compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.
The customer (you) who determines the purposes and means of processing personal data through the Bookitsy platform.
Bookitsy, which processes personal data on behalf of the Data Controller in accordance with their instructions.
Any information relating to an identified or identifiable natural person processed through the Bookitsy platform.
Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Providing booking and scheduling services to your customers
Maintaining and operating the Bookitsy platform
Providing technical and customer support services
Protecting the platform and preventing fraudulent activities
We assist customers in responding to data subject requests within the required timeframes:
Provide access to personal data and processing information
Correct inaccurate or incomplete personal data
Delete personal data when legally required
Provide data in a structured, machine-readable format
Bookitsy may transfer personal data to countries outside the European Economic Area (EEA) only when appropriate safeguards are in place:
Current Infrastructure: Primary data processing occurs within the EEA. Any transfers to third countries are governed by appropriate transfer mechanisms.
Personal data is retained for the duration of the customer relationship and as required for service provision.
Upon termination, personal data is deleted within 90 days unless legal obligations require longer retention.
Some data may be retained longer to comply with legal, tax, or regulatory obligations.
Immediate identification and risk evaluation
Within 72 hours of becoming aware of the breach
Assistance with regulatory notifications and affected individuals
We provide detailed incident reports including the nature of the breach, affected data categories, potential consequences, and measures taken to address the breach.
Customers have the right to audit our data processing activities to ensure compliance with this DPA and applicable data protection laws.
On-site audits may be conducted with reasonable notice and at mutually agreed times, subject to confidentiality obligations.
Bookitsy may engage subprocessors to assist in providing services. All subprocessors are bound by data protection obligations equivalent to those in this DPA.
We will notify customers of any changes to our list of subprocessors and provide an opportunity to object to new appointments.
Each party's liability is limited to direct damages caused by their breach of this DPA. Neither party is liable for indirect, consequential, or punitive damages.
Customers indemnify Bookitsy against claims arising from processing instructions that violate applicable data protection laws.
Bookitsy indemnifies customers against claims arising from our failure to comply with this DPA's data protection obligations.
Upon termination of our services, we will assist with the secure return or deletion of personal data as instructed by the customer.
Standard data export functionality available during active service period
Complete data deletion within 90 days unless legally required to retain
Written confirmation of data deletion or return upon request
Email: dpo@bookitsy.com
Phone: +420 773039796
Email: legal@bookitsy.com
Phone: +420 773039796
Response Time: We respond to data protection inquiries within 2 business days and provide detailed responses within 10 business days.