Data Processing Agreement in Accordance with Art. 28 GDPR, CCPA, and PIPEDA
Agreement
Between
Business User of 2BookNow (hereinafter referred to as “Controller”)
And
GoGold Apps Inc (Provider of 2BookNow, hereinafter referred to as “Processor”)
1. Subject of this Agreement
This agreement outlines the terms under which the Processor provides an online application for appointment scheduling and management. The Processor will handle personal data on behalf of the Controller in compliance with the GDPR, CCPA, and PIPEDA.
2. Duration of this Agreement
The agreement is effective upon the Controller’s registration for the online application and remains in effect until terminated by either party. Termination terms include co-termination with the service agreement, a set notice period, or immediate termination for significant reasons like non-compliance with data protection laws.
3. International Data Compliance and Data Hosting
The Processor is committed to compliance with GDPR for EU clients, CCPA for clients in California, USA, and PIPEDA for Canadian clients. Data is hosted in US-based data centers, with adherence to lawful data transfer protocols for international transfers.
4. Jurisdiction and Applicable Law
Governed by the laws of the jurisdiction where the Controller operates, this Agreement adheres to GDPR, CCPA, or PIPEDA as applicable, alongside local regulations.
5. Data Transfer Across Borders
The Processor ensures legal compliance for international data transfers, respecting the privacy rights of data subjects under various jurisdictions.
6. Nature and Purpose of Processing, Data Categories
The processing involves storing and managing client data for appointment scheduling through the online application, including data categories like names, phone numbers, and email addresses of the Controller’s customers.
7. Rights and Obligations of the Controller
The Controller is responsible for the legality of data processing, compliance with GDPR, CCPA, or PIPEDA, and safeguarding the rights of data subjects.
8. Contact Points for Both Parties
For the Processor: https://2booknow.com/contact/
9. Obligations of the Processor
The Processor shall process data only as per this agreement and the Controller’s instructions, maintaining confidentiality and assisting in fulfilling data subject rights.
10. Processor’s Duty in Cases of Data Breaches
The Processor is required to promptly inform the Controller of any data breaches or processing irregularities and cooperate in fulfilling obligations under data protection laws.
11. Technical and Organizational Measures
Detailed information about technical and organizational security measures, including data hosting, encryption, and security protocols, is available in our Privacy Policy. These measures are designed to ensure a high level of security and data protection.
12. Control Rights of the Client
The Controller has the right to verify the Processor’s compliance with this agreement and data protection laws.
13. Obligations Post-Contract
Upon the termination of this Agreement, data handling procedures, including account closure and data deletion processes, will be conducted in accordance with the policies outlined in our Terms of Service. The Controller is advised to refer to the ‘Account Closure’ section in the ToS for detailed information regarding cancellation procedures and data handling post-account closure.
14. Liability
Liability is as per Art. 82 GDPR and relevant provisions in CCPA and PIPEDA, with responsibilities for damages due to non-compliance.