Services: Scheduling employee office days (the "Services"). 

Services Fees: fees are calculated in accordance with the plan chosen by the Customer.

Initial Service Term: 1 month


The Order Form is a binding, legal agreement between you and HotelFlex Ltd (operating as Officely) (the “Company”).  This website and any other websites of Company, its affiliates or agents (collectively, the “Website”) and the information on it are controlled by Company.  These terms of use govern the use of the website and apply to all internet users visiting the Website by access or using the Website in any way, including using the services and resources available or enabled via the website (each a “Service” and collectively, the “Services”). By clicking on the “I Accept” button, checking the “yes, I understand and agree” box, completing the registration process, and/or browsing the website or adding Company’s Slack application (the “Application”) to your slack workspace, you represent that (1) you have read, understand, and agree to be bound by the terms of use, (2) you are of legal age to form a binding contract with company, and (3) you have the authority to enter into the terms of use personally or on behalf of company you have named as the user, and to bind that company to the terms of use. The term “You” refers to the individual or legal entity, as applicable, identified as the user when you registered on the website. If you do not agree to be bound by the terms of use, you may not access or use this website or the services.

If you subscribe to the services for a term (the “Initial Term”), then the terms will be automatically renewed for additional periods of the same duration as the Initial Term at Company’s then-current fee for such services unless you opt out of the auto-renewal.

SAAS SERVICES AGREEMENT

This SaaS Services Agreement (the "Agreement") is entered into on this day (the "Effective Date") between HotelFlex Limited, operating as Officely, whose registered office is at Colman House, Colman, Temple Guiting, Cheltenham, GL54 5RT, England (“Company”) and the Customer entering into this agreement (“Customer”). This Agreement includes and incorporates this Order Form, as well as the Terms of Service accessible during the sign up flow (as amended from time to time) and contains, among other things, warranty disclaimers, liability limitations and use limitations. The Customer has read and hereby accepts the terms and conditions of the Order Form and the Terms of Service. 


TERMS OF SERVICE

Last Updated 17/09/20


1.   SAAS SERVICES AND SUPPORT

1.1.    Subject to the terms of the Agreement (which comprises the order form entered into between Company and Customer for the provision of the Services (the "Order Form"), and these Terms of Service (including any Exhibits to it) as amended from time to time), Company will use commercially reasonable efforts to provide Customer the Services during the Term (as defined in Section 5.1 below). 

1.2.    As part of the registration process, Customer will identify an administrative user name and password for Customer’s Company account. Company reserves the right to refuse registration of, or cancel passwords it deems inappropriate.

1.3.    Customer recognises that Company is always innovating and finding ways to improve the Services with new features and services. Customer therefore agrees that the Services may change from time to time and no warranty, representation or other commitment is given in relation to the continuity of any functionality of the Service. 

1.4.    Subject to the terms hereof, Company will provide Customer with reasonable technical support services in accordance with the terms set forth in Exhibit A. 

2.   RESTRICTIONS AND RESPONSIBILITIES

2.1.    Company hereby grants to Customer a non-exclusive, non-transferable, non-sublicensable right to access and use the Services during the Term in accordance with the Agreement, solely for Customer's business purposes. Customer will not, directly or indirectly (except to the extent permitted by any applicable law which is incapable of exclusion by the agreement of the parties): reverse engineer, decompile, disassemble or otherwise attempt to discover the source code, object code or underlying structure, ideas, know-how or algorithms relevant to the Services or any software, documentation or data related to the Services (“Software”); modify, translate, or create derivative works based on the Services or any Software (except to the extent expressly permitted by Company or authorised within the Services); license, sell, rent, lease, transfer, assign, distribute, display, disclose or otherwise commercially exploit the Services and any Software (except to the extent expressly permitted by Company or authorised within the Services);  use the Services or any Software for timesharing or service bureau purposes or otherwise for the benefit of a third party; or remove any proprietary notices or labels. With respect to any Software that is distributed or provided to Customer for use on Customer premises or devices, Company hereby grants Customer a non-exclusive, non-transferable, non-sublicensable licence to use such Software during the Term only in connection with the Services. 

2.2.    Customer shall comply with all applicable technology control and export laws and regulations.  

2.3.    Customer represents, covenants, and warrants that Customer will use the Services only in compliance with the terms and conditions of the Agreement, and all applicable laws and regulations. Customer hereby agrees to indemnify and hold harmless Company against any damages, losses, liabilities, settlements and expenses (including without limitation costs and attorneys’ fees) in connection with any claim or action that arises from any actual or alleged breach of the terms and conditions of the Agreement, and/or any applicable laws and regulations, or otherwise from Customer’s use of Services. Although Company has no obligation to monitor Customer’s use of the Services, Company may do so and may prohibit any use of the Services it believes may be (or alleged to be) in violation of the foregoing.

2.4.    Customer shall be responsible for obtaining and maintaining any equipment and ancillary services needed to connect to, access or otherwise use the Services, including, without limitation, modems, hardware, servers, software, operating systems, networking, web servers and the like (collectively, “Equipment”). Customer shall also be responsible for maintaining the security of the Equipment, Customer account, passwords (including but not limited to administrative and user passwords) and files, and for all uses of Customer account or the Equipment with or without Customer’s knowledge or consent.


3.     CONFIDENTIALITY; PROPRIETARY RIGHTS

3.1.    Each party (the “Receiving Party”) understands that the other party (the “Disclosing Party”) has disclosed or may disclose business, technical or financial information relating to the Disclosing Party’s business, or other information identified by the Disclosing Party as confidential or proprietary or by the nature of which is clearly confidential or proprietary, (hereinafter referred to as “Confidential Information” of the Disclosing Party). Confidential Information of Company includes non-public information regarding features, functionality and performance of the Service. Confidential Information of Customer includes nonpublic data provided by Customer to Company to enable the provision of the Services (“Customer Data”). The Receiving Party agrees: (i) to take reasonable precautions to protect such Confidential Information, and (ii) not to use (except in performance of the Services or as otherwise permitted herein) or divulge to any third person any such Confidential Information. The Disclosing Party agrees that the foregoing shall not apply with respect to any information after five (5) years following the disclosure thereof or any information that the Receiving Party can document is or becomes generally available to the public, or (a) was in its possession or known by it prior to receipt from the Disclosing Party, or (b) was rightfully disclosed to it without restriction by a third party, or (c) was independently developed without use of any Confidential Information of the Disclosing Party. The Receiving Party may disclose Confidential Information to the extent that it is required to be disclosed by law, any court of competent jurisdiction, or any regulatory or administrative body, provided that, to the extent it is legally permitted to do so, it gives the Disclosing Party as much prior notice of the disclosure as possible. 

3.2.    Customer shall own and retain all right, title and interest in and to the Customer Data, and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 

3.3.    Company shall own and retain all right, title and interest in and to (a) the Services and Software, all improvements, enhancements or modifications thereto, (b) any software, applications, inventions or other technology developed in connection with Services or support, and (c) all intellectual property rights related to any of the foregoing.

3.4.    Notwithstanding anything to the contrary, Company shall have the right to collect and analyse data and other information relating to the provision, use and performance of various aspects of the Services and related systems and technologies (including, without limitation, information concerning Customer Data and data derived therefrom), and Company will be free (during and after the Term) to (i) use such information for the purpose of providing the Services; (ii) use such information and data to improve and enhance the Services and for other development, diagnostic and corrective purposes in connection with the Services and other Company offerings, and (iii) disclose such data solely in aggregate or other de-identified form in connection with its business. No rights or licences are granted except as expressly set forth herein.


4.      PAYMENT OF FEES

4.1.    Customer will pay Company the then applicable fees described in the Order Form in accordance with the terms therein (the “Fees”). Company reserves the right to change the Fees or applicable charges and to institute new charges and Fees at the end of the Initial Service Term or then-current renewal term, upon thirty (30) days prior notice to Customer (which may be sent by email). If Customer believes that Company has billed Customer incorrectly, Customer must contact Company no later than 60 days after the closing date on the first billing statement in which the error or problem appeared, in order to receive an adjustment or credit. Inquiries should be directed to Company’s customer support department.

4.2.     Company may choose to bill through an invoice, in which case, full payment for invoices issued in any given month must be received by Company ten (10) days after the mailing date of the invoice. Unpaid amounts are subject to interest at an annual rate of 1.5% over the then-current base lending rate of Barclays Bank Plc from time to time on any outstanding balance, or the maximum permitted by law, whichever is lower, commencing on the due date for payment and continuing until payment is received in full by Company, plus all expenses of collection, and may result in immediate termination of the Service. Customer shall be responsible for all taxes associated with Services other than applicable taxes based on Company’s net income.

4.3.    For the purpose of calculating the Fees, the term "Additional Revenue" means any revenue generated by Customer arising from Customer's use of the Services (prior to the addition of taxes). 

5.     TERM AND TERMINATION

5.1.    Subject to earlier termination as provided below, the Agreement is for the Initial Service Term as specified in the Order Form, and shall be automatically renewed for additional periods of the same duration as the Initial Service Term (collectively, the “Term”), unless either party requests (in writing) termination at least ten (10) days prior to the end of the then-current term. A reason for this termination does not need to be given. 

5.2.    Without prejudice to any other rights or remedies available to it, Company may, without liability, immediately disable Customer's account for the Services or prevent access by Customer to the Services for any breach by Customer of Section 2.1. 

5.3.    In addition to any other remedies it may have, either party may also terminate the Agreement upon thirty (30) days’ written notice (or without notice in the case of nonpayment), if the other party (i) materially breaches any of the terms or conditions of the Agreement which breach is irremediable or (if such breach is remediable) fails to remedy the breach within ten (10) days of being notified in writing to do so, or (ii) is unable to pay its debts (within the meaning of section 123 of the Insolvency Act 1986) or becomes insolvent, or is subject to an order or a resolution for its liquidation, administration, winding-up or dissolution (otherwise than for the purposes of a solvent amalgamation or reconstruction), or has an administrative or other receiver, manager, trustee, liquidator, administrator or similar officer appointed over all or any substantial part of its assets, or enters into or proposes any composition or arrangement with its creditors generally, or is subject to any analogous event or proceeding in any applicable jurisdiction. Customer will pay in full for the Services up to and including the last day on which the Services are provided. Upon any termination (i) all licences granted under the Agreement shall immediately terminate and Customer's right to access and use the Services will end, and (ii) (subject to the terms and conditions of the DPA) Company will make all Customer Data available to Customer for electronic retrieval for a period of thirty (30) days, but thereafter, Company may, but is not obligated to, delete stored Customer Data. All sections of the Agreement which by their nature should survive termination will survive termination, including, without limitation, accrued rights to payment, confidentiality obligations, warranty disclaimers, and limitations of liability.


WARRANTY AND DISCLAIMER

Company shall use reasonable efforts consistent with prevailing industry standards to maintain the Services in a manner which minimises errors and interruptions in the Services and shall perform the Services in a professional and workmanlike manner. Services may be temporarily unavailable for scheduled maintenance or for unscheduled emergency maintenance, either by Company or by third-party providers, or because of other causes beyond Company’s reasonable control, but Company shall use reasonable efforts to provide advance notice in writing or by e-mail of any scheduled service disruption. However, Company does not warrant that the Services will be uninterrupted or error free; nor does it make any warranty as to the results that may be obtained from use of the Services. Except as expressly set forth in this section, the services are provided “AS IS” and Company disclaims and excludes from the Agreement to the fullest extent permitted by applicable law all warranties, representations, conditions and all other terms of any kind whatsoever, express or implied by statute or common law or otherwise, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose and non-infringement. Nothing in the Agreement excludes the liability of either party for death or personal injury caused by its negligence, or for fraud or fraudulent misrepresentation.

LIMITATION OF LIABILITY

Notwithstanding anything to the contrary, except for death or personal injury caused by company's negligence or for fraud or fraudulent misrepresentation, Company and its suppliers (including but not limited to all equipment and technology suppliers), officers, affiliates, representatives, contractors and employees shall not be responsible or liable with respect to any subject matter of the Agreement or terms and conditions related thereto under any contract,  tort (including negligence), for breach of statutory duty, or otherwise: (a) for error or interruption of use of the Services or for loss, alteration, or inaccuracy or corruption of data (including Customer Data) or cost of procurement of substitute goods, services or technology; (b) for any loss (whether direct or indirect) of profits, revenue, business, or goodwill; (c) for any indirect, exemplary, incidental, special or consequential loss, costs, damages, charges or expenses; (d) for any matter beyond Company’s reasonable control; or (e) for any amounts that, together with amounts associated with all other claims, exceed the fees paid by Customer to Company for the Services under the Agreement in the 12 months prior to the act that gave rise to the liability, in each case, whether or not Company has been advised of the possibility of such damages.

MISCELLANEOUS

Company may use Customer's name, logo, and related trade marks in any of Company's publicity or marketing materials for the purpose of highlighting that Customer uses the Services, and alongside any testimonials that Customer has agreed to give. Company shall have no liability to Customer under the Agreement if it is prevented from or delayed in performing its obligations under the Agreement by any act, event or omission beyond its control, including (without limitation): strikes, lock-outs or other industrial disputes; failure of a utility service or transport or telecommunications network; act of God, fire, flood, or storm; war, riot, or civil commotion; malicious damage; compliance with any law or governmental order, rule, regulation or direction; accident; breakdown of machinery; or default of suppliers or sub-contractors. Company shall notify Customer of any such event and (where possible) its expected duration. If any provision of the Agreement is found to be unenforceable or invalid, that provision will be limited or eliminated to the minimum extent necessary so that the Agreement will otherwise remain in full force and effect and enforceable. If there is an inconsistency between any of the provisions in the main body of the Agreement and the Exhibits, the provisions in the Exhibits shall prevail to the extent of the inconsistency. The Agreement is not assignable, transferable or sub-licensable by Customer except with Company’s prior written consent. Company may transfer and assign any of its rights and obligations under the Agreement without the consent of Customer. The Agreement (including the Exhibits and any documents referred to in it) constitutes the entire agreement between the parties and is the complete and exclusive statement of the mutual understanding of the parties and supersedes and cancels all previous written and oral agreements, communications and other understandings relating to the subject matter of the Agreement, and that all waivers and modifications must be in a writing signed by both parties, except as otherwise provided herein. No failure or delay by either party to exercise any right or remedy provided under the Agreement shall constitute a waiver of that or any other right or remedy, nor shall it prevent or restrict the further exercise of that or any other right or remedy. No agency, partnership, joint venture, or employment is created as a result of the Agreement and Customer does not have any authority of any kind to bind Company in any respect whatsoever. The Agreement does not confer any rights on any person or party (other than the parties to the Agreement), under the Contracts (Rights of Third Parties) Act 1999 or otherwise. Applicable laws may require that some of the information or communications Company sends to Customer should be in writing. When using the Services, Customer accepts that communication with Company will mainly be electronic and Company may provide information to Customer by posting notices on the Services. All notices under the Agreement will be in writing and will be deemed to have been duly given when received, if personally delivered; when receipt is electronically confirmed, if transmitted by facsimile or e-mail; the day after it is sent, if sent for next day delivery by recognised overnight delivery service; and upon receipt, if sent by certified or registered mail, return receipt requested, provided that Company may give notice to Customer at either the e-mail or postal address Customer provides to Company, or any other way Company deems appropriate. The foregoing notice provisions do not apply to the termination of the Agreement, or to the service of any proceedings or other documents in any legal action or dispute resolution. The Agreement and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the law of England and Wales. Each party irrevocably agrees that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with the Agreement or its subject matter or formation (including non-contractual disputes or claims). 

Company has the right to revise and amend these Terms of Service from time to time. Changes to these Terms of Service are effective when they are posted on this page, and Customer will be subject to the Terms of Service in force at the time that it makes use of the Services (unless otherwise agreed by the parties in writing). If Company makes material changes to these Terms of Service, Company will update the "Last Updated" date at the start of these Terms of Service 


EXHIBIT A

Support Terms

Company will provide Technical Support to Customer via both telephone and electronic mail on weekdays during the hours of 9:00 am UK time through to 5:00 pm, with the exclusion of Bank Holidays in the UK (“Support Hours”).

Company will use commercially reasonable efforts to respond to all Helpdesk tickets within one (1) business day.


EXHIBIT B

Data Processing Addendum

HOTELFLEX DATA PROCESSING ADDENDUM

  1. BACKGROUND
  1. The Customer and HotelFlex Limited ("HotelFlex", "the Company", "we", "us", or "our") entered into the Agreement (as defined below) for the provision of the Services (as defined in the Agreement) from HotelFlex to the Customer. 
  2. In the event that HotelFlex Processes personal data (each as defined below) contained in Customer Data of individuals located in the EEA (as defined below), or if the Customer is established in the EEA, this Data Processing Addendum (the "DPA") shall be supplemental to the Agreement and shall apply to the Processing of such personal data. In the event of a conflict between any of the provisions of this DPA and the provisions of the Agreement, the provisions of this DPA shall prevail.
  3. Both parties will comply with all applicable requirements of the Data Protection Laws (as defined below). This DPA is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Laws.


  1. DEFINITIONS
  1. Unless otherwise set out below, each capitalised term in this DPA shall have the meaning set out in the Agreement, and the following capitalised terms used in this DPA shall be defined as follows:
  1. "Agreement" means the agreement entered into between the Company and the Customer for the provision of the Service, comprising the Order Form and the Terms of Service (including the Exhibits to it);
  2. "Controller" has the meaning given in the GDPR; 
  3. "Customer Personal Data" means the personal data (as defined in the GDPR) described in ANNEX 1 and any other personal data that HotelFlex processes on behalf of the Customer in connection with HotelFlex's provision of the Service; 
  4. "Data Protection Laws" means the Directive and any applicable national implementing legislation, and in each case as amended, replaced or superseded from time to time, including without limitation by the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council ("GDPR") and all applicable legislation protecting the fundamental rights and freedoms of persons and their right to privacy with regard to the Processing of Customer Personal Data.
  5. "Data Subject" has the meaning given in the GDPR;
  6. "Directive" means Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data;
  7. "European Economic Area" or "EEA" means the Member States of the European Union together with Iceland, Norway, and Liechtenstein; 
  8. "Processing" has the meaning given in the GDPR, and "Process" shall be interpreted accordingly;
  9. "Processor" has the meaning given in the GDPR;
  10. "Security Incident" means any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, any Customer Personal Data;
  11. "Standard Contractual Clauses" means the Standard Contractual Clauses (processors) approved by European Commission Decision C(2010)593 or any subsequent version thereof released by the European Commission (which will automatically apply);
  12. "Subprocessor" means any Processor engaged by HotelFlex that agrees to receive from HotelFlex and Process any Customer Personal Data; and
  13. "Supervisory Authority" has the meaning given in the GDPR. 


  1. DATA PROCESSING
  1. Instructions for Data Processing. HotelFlex will only Process Customer Personal Data in accordance with the Customer's written instructions, unless Processing is required by European Union or Member State law to which HotelFlex is subject, in which case HotelFlex shall, to the extent permitted by European Union or Member State law, inform the Customer of that legal requirement before Processing that Customer Personal Data. The Agreement (subject to any changes to the Services agreed between the Parties), including this DPA, shall be the Customer's complete and final instructions to HotelFlex in relation to the processing of Customer Personal Data. 
  2. Processing outside the scope of this DPA or the Agreement will require prior written agreement between the Customer and HotelFlex on additional instructions for Processing.
  3. Required consents. Where required by applicable Data Protection Laws, the Customer will ensure that it has obtained/will obtain all necessary consents for the Processing of Customer Personal Data by HotelFlex in accordance with the Agreement.


  1. TRANSFER OF PERSONAL DATA
  1. Authorised Subprocessors. The Customer agrees that HotelFlex may use Amazon Web Services, Inc, Google LLC, Twilio Inc, Wildbit LLC, Log Rocket Inc, LogDNA, CloudAMQP as Subprocessors to Process Customer Personal Data.
  2. The Customer agrees that HotelFlex may use subcontractors to fulfil its contractual obligations under the Agreement. HotelFlex shall notify the Customer from time to time of the identity of any Subprocessor it engages. If the Customer (acting reasonably) does not approve of a new Subprocessor, then without prejudice to any right to terminate the Agreement, the Customer may request that HotelFlex moves the Customer Personal Data to another Subprocessor and HotelFlex shall, within a reasonable time following receipt of such request, use all reasonable endeavours to ensure that the Subprocessor does not Process any of the Customer Personal Data. 
  3. Save as set out in clauses 4.1 and 4.2, HotelFlex shall not permit, allow or otherwise facilitate Subprocessors to Process Customer Personal Data without the prior written consent of the Customer, and unless HotelFlex enters into a written agreement with the Subprocessor which imposes the same obligations on the Subprocessor with regards to their Processing of Customer Personal Data as are imposed on HotelFlex under this DPA. 
  4. Liability of Subprocessors. HotelFlex shall at all times remain responsible for compliance with its obligations under the DPA and will be liable to the Customer for the acts and omissions of any Subprocessor approved by the Customer as if they were the acts and omissions of HotelFlex.
  5. Transfers of Personal Data. To the extent that the Processing of Customer Personal Data by HotelFlex involves the export of such Customer Personal Data to a third party to a country or territory outside the EEA, other than (i) a country or territory ensuring an adequate level of protection for the rights and freedoms of Data Subjects in relation to the Processing of personal data as determined by the European Commission, or (ii) where the third party is a member of a compliance scheme recognised as offering adequate protection for the rights and freedoms of Data Subjects as determined by the European Commission, such export shall be governed by the Standard Contractual Clauses between the Customer as exporter and such third party as importer. For this purpose, the Customer appoints HotelFlex as its agent with the authority to complete and enter into the Standard Contractual Clauses as agent for the Customer on its behalf for this purpose.
  6. In the event of any conflict between any terms and conditions of the Standard Contractual Clauses and this DPA, the Standard Contractual Clauses shall prevail.


  1. DATA SECURITY, AUDITS AND SECURITY NOTIFICATIONS
  1. HotelFlex Security Obligations. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, HotelFlex shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including the measures set out in ANNEX 2.
  2. Security Audits. The Customer may, upon reasonable notice, audit (by itself or using independent third party auditors) HotelFlex’s compliance with the security measures set out in this DPA (including the technical and organisational measures as set out in ANNEX 2), including by conducting audits of HotelFlex’s data processing facilities. Upon request by the Customer, HotelFlex shall make available all information reasonably necessary to demonstrate compliance with this DPA.
  3. Security Incident Notification. If HotelFlex or any Subprocessor becomes aware of a Security Incident, HotelFlex will (a) notify the Customer of the Security Incident within 72 hours, (b) investigate the Security Incident and provide such reasonable assistance to the Customer (and any law enforcement or regulatory official) as required to investigate the Security Incident, and (c) take steps to remedy any non-compliance with this DPA.
  4. HotelFlex Employees and Personnel. HotelFlex shall treat the Customer Personal Data as the Confidential Information of the Customer, and shall ensure that any employees or other personnel have agreed in writing to protect the confidentiality and security of Customer Personal Data.


  1. ACCESS REQUESTS AND DATA SUBJECT RIGHTS
  1. Data Subject Requests. Save as required (or where prohibited) under applicable law, HotelFlex shall notify the Customer of any request received by HotelFlex or any Subprocessor from a Data Subject in respect of their personal data included in the Customer Personal Data, and shall not respond to the Data Subject. 
  2. HotelFlex shall provide the Customer with the ability to correct, delete, block, access, or copy the Customer Personal Data in accordance with the functionality of the Service. 
  3. Government Disclosure. HotelFlex shall notify the Customer of any request for the disclosure of Customer Personal Data by a governmental or regulatory body or law enforcement authority (including any data protection supervisory authority) unless otherwise prohibited by law or a legally binding order of such body or agency. 
  4. Data Subject Rights. Where applicable, and taking into account the nature of the Processing, HotelFlex shall use all reasonable endeavours to assist the Customer by implementing any other appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising Data Subject rights laid down in the GDPR.
  5. Data Protection Impact Assessment and Prior Consultation. To the extent required under applicable Data Protection Laws, HotelFlex shall provide reasonable assistance to the Customer with any data protection impact assessments and with any prior consultations to any Supervisory Authority of the Customer, in each case solely in relation to Processing of Customer Personal Data and taking into account the nature of the Processing and information available to HotelFlex.


  1. TERMINATION
  1. Deletion of data . Subject to clauses 7.2 and 7.3 below, HotelFlex shall, within ninety (90) days of the date of termination of the Agreement: 

1. return a complete copy of all Customer Personal Data by secure file transfer in such a format as notified by the Customer to HotelFlex; and  

2. delete and use all reasonable efforts to procure the deletion of all other copies of Customer Personal Data Processed by HotelFlex or any Subprocessors.

2. Subject to clause 7.3 below, the Customer may in its absolute discretion notify HotelFlex in writing within thirty (30) days of the date of termination of the Agreement to require HotelFlex to delete and procure the deletion of all copies of Customer Personal Data Processed by HotelFlex. HotelFlex shall, within ninety (90) days of the date of termination of the Agreement:

  1. comply with any such written request; and
  2. use all reasonable endeavours to procure that its Subprocessors delete all Customer Personal Data Processed by such Subprocessors,
  3. and, where this clause 7.2 applies, HotelFlex shall not be required to provide a copy of the Customer Personal Data to the Customer.

3. HotelFlex and its Subprocessors may retain Customer Personal Data to the extent required by applicable laws and only to the extent and for such period as required by applicable laws and always provided that HotelFlex shall ensure the confidentiality of all such Customer Personal Data and shall ensure that such Customer Personal Data is only Processed as necessary for the purpose(s) specified in the applicable laws requiring its storage and for no other purpose.


ANNEX 1

Details of the Processing of CUSTOMER Personal Data

This ANNEX 1 includes certain details of the processing of Customer Personal Data as required by Article 28(3) of the GDPR.

Subject matter and duration of the Processing of Customer Personal Data

The subject matter and the duration of the Processing of the Customer Personal Data are set out in the Agreement and this DPA.

The nature and purpose of the Processing of Customer Personal Data

The Customer Personal Data will be subject to the following basic Processing activities: transmitting, collecting, storing, and analysing data in order to provide the Services to the Customer, and any other activities related to the provision of the Services or as specified in the Agreement.  

The types of Customer Personal Data to be Processed

The types of Customer Personal Data to be Processed concern the following categories of data: names of Customer personnel; contact information (including email addresses and telephone numbers) of Customer personnel and of end users of services of the Customer; dates during which end users of services of the Customer are staying in the Customer’s hotel and the booking; online identifiers of end users of services of the Customer and of visitors to the Customer's websites and mobile applications.

The categories of Data Subject to whom the Customer Personal Data relates

The categories of Data Subject to whom the Customer Personal Data relates concern: employees and other personnel of the Customer; end users of the services of the Customer; visitors to the Customer's websites and mobile applications.

The obligations and rights of the Customer 

The obligations and rights of the Customer are as set out in the Agreement and this DPA.






ANNEX 2

Technical and Organisational Security Measures

HotelFlex maintains internal policies and procedures, or procures that its Subprocessors do so, which are designed to:

HotelFlex will, and will use reasonable efforts to procure that its Subprocessors will, conduct periodic reviews of the security of its network and the adequacy of its information security program as measured against industry security standards and its policies and procedures. 

HotelFlex will, and will use reasonable efforts to procure that its Subprocessors periodically will, evaluate the security of its network and associated services to determine whether additional or different security measures are required to respond to new security risks or findings generated by the periodic reviews.