Data Processing Agreement
If you are a business customer (corporate travel manager, channel partner, or other entity) using GetMyHotels in a way that involves us processing personal data on your behalf, you can execute our standard DPA — incorporating the EU Standard Contractual Clauses and the UK International Data Transfer Addendum where required.
What the DPA covers
- Article 28 GDPR controller-to-processor terms
- EU SCCs (Commission Decision 2021/914) Module 2
- UK IDTA Addendum for transfers from the UK
- Approved sub-processor list with 30-day change notice
- Audit rights, breach notification SLA (72 hours), security obligations
- Return / deletion of personal data at end of term
How to execute
- Email privacy@getmyhotels.com with your legal entity name, signatory contact, and the contract this DPA will sit alongside.
- We'll send you the latest signed PDF + a counter-sign DocuSign link within 2 business days.
- On counter-signature we'll deposit the executed DPA in our vendor register and you'll receive a copy by email.
Need it now?
Most B2B customers can adopt our standard DPA without negotiation. For redlines or jurisdiction-specific addenda (e.g. India DPDPA, Brazil LGPD), expect 5–10 business days for legal review.