Booker: Time & Space Rentals — Data Processing Agreement

Last updated: 30 June 2026

This Data Processing Agreement (“DPA”) governs the processing of personal data by the provider of Booker: Time & Space Rentals (“Processor”) on behalf of the merchant who installs the App (“Controller”). By installing or using the App, the Controller accepts this DPA. It forms part of the agreement between the parties and reflects GDPR Art. 28 and equivalent obligations.

1. Subject matter & duration

The Processor processes personal data only to provide the App’s booking functionality, for as long as the App is installed. On uninstall, data is deleted as described below.

2. Nature & purpose of processing

Creating, confirming, and managing time-based product bookings made through the Controller’s store, and surfacing them in the Shopify admin.

3. Types of personal data & data subjects

4. Processor obligations

5. Sub-processors

6. Security measures

Encryption in transit (TLS) and at rest (AES-256), including backups; least-privilege access with strong passwords and two-factor authentication; logging of access to and erasure of personal data; data minimisation (only name and email are stored); secrets held only in environment variables.

7. Deletion

On uninstall, the Controller’s stored data is erased on Shopify’s shop/redactrequest (~48 hours later). Individual customer data is erased on customers/redact. Data-access requests are served via customers/data_request.

8. International transfers

Any transfer outside the Controller’s region relies on appropriate safeguards (e.g. Standard Contractual Clauses) and the sub-processors’ compliance programmes.

9. Breach notification

The Processor will notify the Controller without undue delay after becoming aware of a personal-data breach and provide the information needed for the Controller to meet its notification duties.

Contact

Data protection contact: booker-app@protonmail.com.

← Privacy Policy