IMPORTANT POINTS (Summary)
- This agreement governs how we process personal data on your behalf
- You (the Host) are the Data Controller; we are the Data Processor
- We process data only according to your instructions and this agreement
- We maintain appropriate security measures to protect personal data
1. Introduction
This Data Processing Agreement (“DPA”) forms part of the Terms & Conditions between New Logic Ltd (“Processor”, “we”, “us”) and you (“Controller”, “Host”) for the provision of Holiday Home Concierge services.
This DPA sets out the terms on which we process personal data on your behalf in accordance with UK GDPR.
2. Definitions
- “Personal Data” has the meaning given in UK GDPR
- “Processing” has the meaning given in UK GDPR
- “Data Subject” means the individual whose personal data is processed
- “Sub-processor” means any third party engaged by us to process personal data
3. Roles and Responsibilities
3.1 Controller Responsibilities
As the Controller, you are responsible for:
- Ensuring you have a lawful basis for processing
- Providing necessary notices to data subjects
- Responding to data subject requests
- Ensuring data accuracy
3.2 Processor Responsibilities
As the Processor, we will:
- Process personal data only on your documented instructions
- Ensure personnel are bound by confidentiality obligations
- Implement appropriate security measures
- Assist you in responding to data subject requests
- Delete or return personal data upon termination
4. Processing Details
4.1 Subject Matter
Processing of personal data to provide Holiday Home Concierge services, including property management, guest services, and AI-powered content generation.
4.2 Duration
For the duration of the service agreement plus any legally required retention period.
4.3 Categories of Data Subjects
- Property hosts and their staff
- Property guests
- End users of Alexa-enabled services
4.4 Types of Personal Data
- Contact information (names, emails, phone numbers)
- Property information
- Booking and stay information
- Usage data
- Voice interaction metadata (not recordings)
5. Security Measures
We implement appropriate technical and organizational measures including:
- Encryption of data in transit and at rest
- Access controls and authentication
- Regular security testing
- Incident response procedures
- Staff training
6. Sub-processors
6.1 Current Sub-processors
We use the following sub-processors:
| Sub-processor | Purpose | Location | |————–|———|———-| | Amazon Web Services | Cloud hosting | EU (Ireland) | | Amazon (Alexa) | Voice services | EU/US | | Stripe | Payment processing | EU/US | | Amazon Pay | Payment processing | EU/US | | Google | Analytics | EU/US | | OpenAI/Anthropic | AI processing | US |
6.2 Changes to Sub-processors
We will notify you of any intended changes to sub-processors, giving you the opportunity to object.
7. Data Subject Rights
We will assist you in responding to data subject requests including:
- Access requests
- Rectification requests
- Erasure requests
- Portability requests
8. Data Breach Notification
In the event of a personal data breach, we will:
- Notify you without undue delay (within 72 hours where feasible)
- Provide information about the nature and impact of the breach
- Assist with your notification obligations
9. Audits
You may audit our compliance with this DPA, subject to reasonable notice and confidentiality obligations.
10. International Transfers
You agree to indemnify and hold harmless New Logic Ltd from any claims arising from your use of the Service or breach of these Terms.
11. Termination
Upon termination of services:
- We will delete or return all personal data
- Deletion will be completed within 90 days
- We may retain data where required by law
12. Liability
Liability under this DPA is subject to the limitations in the main Terms & Conditions.
13. Contact Us
For DPA-related queries:
- Email: legal@holidayhomeconcierge.com