Data Processing Agreement (DPA)
Last Updated: 04/07/2025
This Data Processing Agreement ("DPA") forms part of the Terms & Conditions ("Agreement") between:
Client (referred to as "Controller"); and
BookedSolid Ltd, registered in the United Kingdom with company number 16019450, (referred to as "Processor").
1. Definitions
Capitalised terms used in this DPA have the meanings set out in the Agreement unless otherwise defined herein.
"Data Protection Laws" means the UK GDPR, the EU GDPR, and any applicable national data protection laws.
"Personal Data" means any information relating to an identified or identifiable natural person processed by the Processor on behalf of the Controller.
"Processing, Processor, Controller, Data Subject, and Supervisory Authority" have the meanings given in GDPR Article 4.
2. Subject Matter
This DPA governs BookedSolid's processing of Personal Data on behalf of the Client for the purpose of providing the services described in the Agreement.
3. Duration
This DPA remains in effect for as long as BookedSolid processes Personal Data on behalf of the Client under the Agreement.
4. Nature and Purpose of Processing
Purpose: To provide AI-powered booking and customer interaction tools via phone calls and text-based channels.
Nature: Storage, transmission, analysis, and organisation of customer interaction data.
Types of Data: Names, contact information, appointment data, messages, metadata.
Categories of Data Subjects: End customers of the Client.
5. Processor Obligations
BookedSolid shall:
Process Personal Data only on documented instructions from the Client.
Ensure persons authorised to process the data are under confidentiality obligations.
Implement appropriate technical and organisational measures to ensure data security.
Assist the Client in responding to data subject rights requests.
Notify the Client without undue delay of any personal data breach.
Upon termination of services, delete or return all personal data unless otherwise required by law.
6. Sub-processors
BookedSolid may engage sub-processors to support the delivery of services.
BookedSolid shall ensure sub-processors are bound by similar data protection obligations.
As of the date of this DPA, approved sub-processors include:
Twilio - SMS and phone communication
WhatsApp Business - Whatsapp communication
Render - Hosting infrastructure
Google - AI processing, storage, communications
OpenAI - AI processing
Anthropic - AI processing
Deepgram - AI processing
ElevenLabs - AI processing
Stripe - Payment processing
MongoDB - Data storage
Cloudinary - Data storage
7. Data Transfers
If personal data is transferred outside the UK or EEA, BookedSolid shall ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.
8. Data Subject Rights
BookedSolid will assist the Client in fulfilling its obligation to respond to data subjects' requests to exercise their rights under Data Protection Laws.
9. Audit
The Client may audit compliance with this DPA up to once annually, with reasonable notice and during business hours. BookedSolid will provide all necessary documentation to demonstrate compliance.
10. Liability
Liability arising under this DPA shall be subject to the limitations and exclusions of liability set out in the Agreement.
11. Governing Law
This DPA shall be governed by the laws of England and Wales.
12. Contact
For any data protection-related inquiries, please contact:
Email: contact@bookedsolid.co.uk
13. Protecting Data
Data processing will be minimised wherever possible. Data is encrypted with industry standard algorithms both in transit and at rest. Backups of important data are created every 24 hours and last a limited amount of time.
Agreement to Terms
By using BookedSolid's services, the Client agrees to the terms of this DPA.