Data Processing Agreement (DPA)

Effective Date: January 1, 2024

1. Definitions

• Controller: You (the pet hotel business)
• Processor: PetHotelPro (the service provider)
• Personal Data: Customer and pet information

2. Scope of Processing

PetHotelPro processes personal data on your behalf for the purpose of providing booking and management services. We process:

• Customer names, emails, phone numbers
• Pet names, types, medical information
• Booking dates and details
• Payment information (via Stripe/PayPal, not stored by us)

3. Data Protection Measures

• Encryption at rest (AES-256)
• Encryption in transit (TLS 1.3)
• Regular security audits
• Access controls and role-based permissions
• EU data residency

4. International Data Transfer

All data is stored and processed exclusively within the European Union. No data transfers outside the EU without your explicit consent.

5. Sub-processors

We use only EU-based sub-processors:

• Postal (Email service) - EU hosted
• Cloudflare R2 (Photo storage) - EU region
• Hetzner (Infrastructure) - Germany

6. Your Rights as Controller

You retain full control of customer data. You can:

• Export all data at any time
• Delete customer records
• Update data processing instructions

7. Contact

For DPA questions, contact our Data Protection Officer:
[email protected]

© 2024 PetHotelPro. Based in Portugal. GDPR Compliant. All rights reserved.