Skip to main content
Back to Home

Data Processing Agreement

Last updated: February 2026

1. Parties

This Data Processing Agreement ("DPA") is entered into between the business owner ("Controller") and QuickBookNow ("Processor"). The Controller determines the purposes and means of processing personal data. The Processor processes personal data on behalf of the Controller solely to provide the QuickBookNow booking platform services.

2. Subject Matter and Purpose

The Processor shall process personal data on behalf of the Controller for the purpose of providing online booking management services. This includes storing, organizing, and displaying booking information, managing customer appointments, and facilitating communication between the Controller and their customers.

3. Duration of Processing

The Processor shall process personal data for the duration of the service agreement between the Controller and QuickBookNow. Processing will cease upon termination of the agreement, subject to the data return and deletion provisions outlined in Section 10.

4. Categories of Data

The personal data processed includes: customer names, email addresses, phone numbers, booking dates and times, service preferences, booking notes, and payment references. For business owners, we additionally process business name, contact details, and account credentials.

5. Processing Operations

Processing operations include: collection and storage of booking data, organization and structuring of appointment records, retrieval and display of booking information in the dashboard, transmission of booking confirmations and reminders, and generation of anonymized analytics reports.

6. Sub-Processors

The Processor engages the following sub-processors: hosting infrastructure provider for data storage and application hosting; Stripe for secure payment processing (PCI-DSS compliant); and email service provider for transactional notifications. The Controller will be notified of any changes to sub-processors with 30 days advance notice.

7. Security Measures

The Processor implements appropriate technical and organizational measures including: encryption of data in transit (TLS 1.2+) and at rest, role-based access controls, regular security audits and vulnerability assessments, secure development practices, automated backup procedures, and incident response protocols.

8. Data Subject Rights

The Processor shall assist the Controller in fulfilling data subject requests under GDPR Articles 15-22, including rights of access, rectification, erasure, restriction, data portability, and objection. The Processor shall respond to such requests within 72 hours and provide the Controller with the necessary tools to manage data subject rights through the dashboard.

9. Data Breach Notification

In the event of a personal data breach, the Processor shall notify the Controller without undue delay and no later than 72 hours after becoming aware of the breach. The notification shall include the nature of the breach, categories of data affected, approximate number of data subjects concerned, and measures taken or proposed to address the breach.

10. Data Return and Deletion

Upon termination of the service agreement, the Processor shall, at the Controller's choice, return all personal data in a standard machine-readable format or securely delete all personal data within 30 days. The Controller may export their data at any time through the dashboard. Deletion is confirmed in writing upon completion. dpa@quickbooknow.com.