Data Processing Agreement

1. PARTIES

This Data Processing Agreement (“DPA”) is entered into between:

  • PixSolution LLC, a company incorporated in the United States, operating the Happoin platform (“Processor”)

and

  • The customer using the Happoin platform (“Controller”).

This DPA forms part of the Terms of Service accepted upon registration.

2. PURPOSE

This DPA governs the processing of personal data carried out by the Processor on behalf of the Controller in connection with the use of the Happoin software.

3. NATURE OF PROCESSING

The Processor shall process personal data solely for the following purposes:

  • Appointment scheduling and management
  • Automated messaging (including WhatsApp communications)
  • Sending reminders and notifications
  • Customer management
  • Payment processing (if applicable)

4. TYPES OF PERSONAL DATA

The types of personal data processed may include:

  • Full name
  • Phone number (including WhatsApp)
  • Email address
  • Appointment details
  • Notes and comments associated with clients

5. CATEGORIES OF DATA SUBJECTS

  • Controller’s customers
  • Patients (for healthcare-related businesses)
  • End users of the Controller’s services

6. PROCESSOR OBLIGATIONS

The Processor agrees to:

  • Process personal data only on documented instructions from the Controller
  • Ensure confidentiality of authorized personnel
  • Implement appropriate technical and organizational security measures
  • Notify the Controller of any personal data breach without undue delay
  • Not use personal data for its own purposes

7. SECURITY MEASURES

The Processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit using HTTPS/TLS
  • Access control mechanisms to restrict access to authorized personnel only
  • Secure cloud-based infrastructure
  • System monitoring and detection of unauthorized access or anomalous activity
  • Daily data backups to ensure data availability and integrity

8. SUBPROCESSORS

The Controller authorizes the Processor to engage subprocessors necessary to provide the service, including:

  • Cloud hosting providers
  • Messaging providers (e.g., WhatsApp API providers)
  • Payment processors

The Processor shall ensure that such subprocessors are bound by data protection obligations equivalent to those set out in this DPA.

9. INTERNATIONAL DATA TRANSFERS

As the Processor is located outside the European Economic Area, the Controller acknowledges that personal data may be transferred internationally.

To the extent that such transfers are subject to applicable data protection laws, they shall be carried out in accordance with appropriate safeguards ensuring an adequate level of protection of personal data, including the Standard Contractual Clauses (SCCs) adopted by the European Commission.

The SCCs are hereby incorporated by reference into this DPA and form an integral part of it. The Controller shall act as the data exporter and the Processor shall act as the data importer under such clauses.

 

The SCCs can be accessed at the following official European Commission link:
https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

10. DATA SUBJECT RIGHTS

The Processor shall assist the Controller, to the extent reasonably possible, in fulfilling its obligations to respond to requests from data subjects, including:

  • Access
  • Rectification
  • Erasure
  • Portability
  • Objection

11. DATA BREACH NOTIFICATION

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach.

12. DATA RETURN OR DELETION

Upon termination of the service, the Processor shall:

  • Delete or return all personal data, unless retention is required by law

13. AUDITS

The Controller may request reasonable information to verify the Processor’s compliance with this DPA.

14. TERM

This DPA shall remain in effect for as long as the Processor processes personal data on behalf of the Controller.

15. ACCEPTANCE

This DPA shall be deemed accepted by the Controller through:

  • Acceptance of the Terms of Service
  • Use of the Happoin platform

The appointment scheduling solution for everyone

Whether you have a small business or a large enterprise, Happoin adapts to your needs

Automate your appointment schedule

We use cookies to analyze our traffic and create a smooth user experience.