Data Processing Agreement
Last updated: July 15, 2026
This Data Processing Agreement ("DPA") forms part of our Terms and Conditions and governs the processing of personal data by Hazaaro when providing our QR code photo sharing services. This agreement ensures compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
1. Definitions
- "Data Controller": The entity that determines the purposes and means of processing personal data (typically, the event organizer using our service).
- "Data Processor": Hazaaro, which processes personal data on behalf of the Data Controller.
- "Personal Data": Any information relating to an identified or identifiable natural person.
- "Processing": Any operation performed on personal data, including collection, storage, use, and deletion.
2. Scope and Purpose
This DPA applies to all processing of personal data carried out by Hazaaro in connection with the provision of our photo sharing services. The purpose of processing includes:
- Creating and managing event pages
- Storing and displaying uploaded photos
- Providing access to event galleries
- Enabling photo downloads
- Providing customer support
3. Types of Personal Data Processed
We may process the following categories of personal data:
- Contact information (name, email address)
- Event information (event name, date, location)
- Photos and images uploaded by users
- Technical data (IP address, device information, browser type)
- Usage data (pages visited, features used, time spent)
4. Our Obligations as Data Processor
As a Data Processor, we agree to:
- Process personal data only in accordance with your instructions
- Implement appropriate technical and organizational measures to ensure data security
- Not engage another processor without your prior authorization
- Assist you in responding to data subject requests
- Notify you immediately of any data breach
- Delete or return personal data upon termination of services
- Make available all information necessary to demonstrate compliance
5. Security Measures
We implement comprehensive security measures to protect personal data, including:
- Encryption of data in transit and at rest
- Regular security assessments and audits
- Access controls and authentication mechanisms
- Regular backups and disaster recovery procedures
- Employee training on data protection
- Incident response procedures
6. Sub-Processors
We may engage sub-processors to assist in providing our services. We ensure that all sub-processors are bound by data protection obligations equivalent to those in this DPA. Current sub-processors include:
- Cloud storage providers for photo storage
- Hosting and infrastructure providers
- Analytics and monitoring services
- Customer support platforms
We will notify you of any intended changes to our sub-processors and give you the opportunity to object.
7. Data Subject Rights
We will assist you in responding to requests from data subjects to exercise their rights under applicable data protection laws, including:
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to restrict processing
- Right to data portability
- Right to object
8. Data Breach Notification
In the event of a personal data breach, we will notify you without undue delay after becoming aware of the breach. The notification will include:
- Description of the nature of the breach
- Categories and approximate number of data subjects affected
- Likely consequences of the breach
- Measures taken or proposed to address the breach
9. Data Retention and Deletion
We will retain personal data only for as long as necessary to provide our services or as required by law. Upon termination of services or upon your request, we will:
- Delete all personal data from our systems
- Ensure deletion by any sub-processors
- Provide confirmation of deletion upon request
10. International Data Transfers
If we transfer personal data outside the European Economic Area (EEA), we will ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission, to ensure an adequate level of data protection.
11. Audit Rights
You have the right to audit our compliance with this DPA. We will make available all information necessary to demonstrate compliance and will allow for and contribute to audits, including inspections, conducted by you or an auditor mandated by you.
12. Contact Information
For questions about data processing, please contact our Data Protection Officer:
Email: dpo@hazaaro.com
Address: [Your Company Address]