DPA - Data Processing Agreement

Data Processing Agreement between Slotivo and its customers

Last updated: 02/25/2026

1. Scope and Definitions

This Data Processing Agreement (DPA) applies to the processing of personal data by Slotivo on behalf of the Customer (the business using Slotivo). The Customer is the Data Controller. Slotivo is the Data Processor. Personal data includes any information relating to identified or identifiable individuals, such as end customer names, email addresses, phone numbers, and booking details.

2. Processing Instructions

Slotivo processes personal data only as necessary to provide the platform services and in accordance with the Customer's instructions. Processing activities include hosting the Customer's website, managing bookings, sending confirmations and reminders, and providing analytics. Slotivo will not process personal data for any other purpose without the Customer's prior consent.

3. Security Measures

Slotivo implements appropriate technical and organizational measures to protect personal data, including TLS/SSL encryption in transit, logical tenant isolation, access controls, regular backups, and incident monitoring. These measures are designed to ensure the ongoing confidentiality, integrity, and availability of processing systems.

4. Subprocessors

Slotivo uses subprocessors to provide parts of the service. A current list is available on the Subprocessors page. Slotivo will notify the Customer of any new subprocessors at least 14 days before they begin processing data. The Customer may object to a new subprocessor by contacting Slotivo within 14 days of notification.

5. International Transfers

Where personal data is transferred outside the EEA, Slotivo ensures appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms approved by the European Commission.

6. Data Breach Notification

In the event of a personal data breach, Slotivo will notify the Customer without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include the nature of the breach, the categories and approximate number of individuals affected, and the measures taken to address the breach.

7. Data Subject Rights

Slotivo will assist the Customer in responding to requests from data subjects exercising their rights under GDPR, including access, rectification, erasure, and data portability requests.

8. Data Deletion

Upon termination of the service, Slotivo will delete all personal data processed on behalf of the Customer within 30 days, unless retention is required by law. The Customer may request a data export before deletion.

9. Audit Rights

The Customer has the right to request information about Slotivo's data processing activities and compliance with this DPA. Audit requests should be directed to slotivo.dev@gmail.com.