DATA PROCESSING AGREEMENT

This Data Processing Agreement ("DPA") supplements any online or other Privacy Policy, Terms of Use, Customer Agreement, and Member Agreement (together and individually, the "Agreement") with clients ("Client" or "you") insofar as they relate to processing of data subject to the European Union's General Data Protection Regulation ("GDPR"). To the extent this DPA conflicts with the Agreement, this DPA will control.

Travel Plug, LLC ("Company", "we", "us", or "our") is a software as a service provider. As such, we act as a "Processor" under the GDPR. As one of our clients, you control the means and purposes for the processing of the data you gather using the Services, and thus, you are a Controller under the GDPR.

We have incorporated this DPA into any Agreement to which the DPA is attached, and it is also binding as a stand-alone document. Therefore, it is binding on both parties without further action on your part. Each provision of the DPA is enforceable against the parties as if it had been separately signed.

We agree that, in order to assist you in your obligations as a Controller, we will implement the necessary technical and organizational measures to allow you to respond to any request by any individual to exercise his or her rights under the GDPR. If any such requests or correspondence is received directly by us, we will forward you the request and will wait for further direction from you before taking action.

We agree that we will not use or process any of Your Personal Data for any purpose other than the purpose set forth in the Agreement. In no event will we process, use, or transfer any of Your Personal Data for our own purposes or for the purposes of any third party. We will delete all Your Personal Data from our systems thirty (30) days after termination of the Agreement, except as required by applicable law.

To the extent your transfer of Your Personal Data to us involves a transfer out of the EU, we agree to comply with the Standard Contractual Clauses. We agree that we will not process or transfer any of Your Personal Data originating from the European Economic Area in any country or territory that has been determined to offer an inadequate level of data protection unless it has first obtained your consent or ensured that a valid transfer mechanism is in place.

We agree that we will keep Your Personal Data strictly confidential and that we will ensure that any of our employees, vendors, or other agents who have access to Your Personal Data are informed of and subject to this strict duty of confidentiality, and access and process only such data as is strictly necessary to perform our obligations under the Agreement.

At your request or at termination of the Agreement, whichever is sooner, we agree to delete or return to you all Your Personal Data, including any subcontracted to a third party for processing, except as required by applicable law.

We agree to notify you of any security incident in our systems that may affect Your Personal Data within 48 hours of becoming aware of the incident. We will cooperate with you and take reasonable commercial steps as are directed by you to assist in the investigation, mitigation, and remediation of each security incident.

We may engage third-party sub-processors to assist in providing the Services. We will ensure that any sub-processors are bound by data protection obligations at least as protective as those set out in this DPA.

We agree to make available to you all information reasonably necessary to demonstrate compliance with this DPA and to allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you, provided that you give us reasonable advance notice of such audit.

See also our Privacy Policy and Terms of Use.

Questions about this DPA? Contact us at [email protected] or:
Travel Plug, LLC · 30 N Gould St Ste R · Sheridan, WY 82801