Legal Document

Data Processing Agreement (DPA)

This Data Processing Agreement governs the processing of personal data by Terminz on behalf of your business under Art. 28 GDPR.

Overview

When you use Terminz as booking software, Terminz processes personal data of your customers on your behalf. In this case, you are the controller under Art. 4(7) GDPR, and Terminz acts as the processor under Art. 4(8) GDPR.

Under Art. 28 GDPR, a written Data Processing Agreement between you and Terminz is required before customer data is processed. Terminz provides this DPA by default for all customers.

Parties

Data Processor

Bornwerk UG

Bornwerk UG (haftungsbeschränkt)

Bornwerk UG (haftungsbeschränkt), Dortmund, Germany

[email protected]

Data Controller

Your business as the operator using Terminz to process customer data for appointment booking.

Subject Matter

Terminz processes personal data solely for the purpose of providing the appointment booking and salon management platform. The processing covers the following categories:

Data categories

Name, contact details, appointment history, payment data, optionally health-related notes

Nature of processing

Storage, retrieval, modification, internal transmission, deletion

Data protection contact

[email protected]

Sub-Processors

Terminz uses the following vetted sub-processors. All providers are covered by a DPA under Art. 28 GDPR or appropriate safeguards under Chapter V GDPR.

ProviderPurposeLocationSafeguard
Amazon Web Services (AWS)Hosting, database, file storage (S3)Germany (eu-central-1)Art. 28 GDPR DPA
Sentry (Functional Software, Inc.)Error tracking and application monitoringUSAStandard Contractual Clauses (SCCs)
ResendTransactional emails (booking confirmations, notifications)USAStandard Contractual Clauses (SCCs)

Terminz's Key Obligations

As data processor, Terminz commits to the following obligations under Art. 28(3) GDPR:

  • Process personal data only on documented instructions from the controller
  • Ensure confidentiality by binding all persons authorized to process the data
  • Implement appropriate technical and organizational measures under Art. 32 GDPR
  • Inform the controller before adding or changing any sub-processor
  • Assist with fulfilling data subject rights (access, deletion, portability)
  • Delete or return all personal data upon termination of the contract

Data Protection Contact

For questions about the DPA, data protection matters, or to exercise data subject rights, contact:

[email protected]

This document is for informational purposes. The binding Data Processing Agreement is provided and signed upon entering a contract with Terminz. For legal inquiries, contact [email protected].