GDPR Data Processing Addendum
Data Processing Addendum (DPA)
Between:
ItalianMenu Ltd (“Controller”)
and
Client / Customer (“Data Subject”)
1. Purpose
This DPA ensures compliance with UK GDPR in relation to personal data processed for booking and managing events.
2. Nature of Processing
We process:
-
Contact details
-
Event details
-
Payment details
For:
-
Managing bookings
-
Providing customer service
-
Legal and accounting requirements
3. Responsibilities
Controller (ItalianMenu Ltd):
-
Ensure lawful basis for processing
-
Provide privacy information
-
Respond to individual rights requests
Client:
-
Provide accurate data
-
Notify us of any changes
4. Data Security
We implement:
-
Encryption where appropriate
-
Secure storage
-
Access controls
5. Sub-Processors
We may use:
-
IT hosting
-
Analytics tools
-
Payment processors
We ensure all sub-processors follow GDPR guidelines.
6. International Transfers
If data leaves the UK, we use:
-
Standard Contractual Clauses
-
Adequacy decisions
-
Additional safeguards
7. Retention
Data is kept as required for business and legal records.
8. Termination
Upon request, personal data will be:
-
Returned, or
-
Securely deleted
unless required by law.