Data Processing Addendum (DPA)

Last updated: 14 August 2025

1. Subject matter & duration

Processing of Customer Personal Data for the term of the Agreement to provide the Services.

2. Nature & purpose

Provision of booking, coordination, and reporting functionality for airport Meet & Assist services.

3. Types of personal data

Account data (names, emails), operational data (booking references, timings), and optional guest initials or contact details where provided by Customer.

4. Categories of data subjects

Customer employees, contractors, clients, guests, and partners.

5. Processor obligations

• Process only on documented instructions from Customer;
• Ensure confidentiality and security measures appropriate to risk;
• Assist Customer with data subject requests and DPIAs where applicable;
• Delete or return personal data at end of Services;
• Maintain records of processing and allow audits subject to notice.

6. Sub‑processors

We engage vetted sub‑processors under written contracts with equivalent protections. Current list available on request.

7. International transfers

Where data is transferred outside the UK/EEA, we use appropriate safeguards (UK IDTA, EU SCCs) and supplementary measures.

8. Security measures

Encryption in transit and at rest, role‑based access, logging and monitoring, regular access reviews, and incident response procedures.

9. Incident notification

We will notify Customer without undue delay of any personal data breach affecting Customer Personal Data.

10. Contact

Data Protection: privacy@conciergewing.com

This template is provided for convenience and is not legal advice.