Data Processing Addendum

Last updated · 4 July 2026

This Data Processing Addendum (“DPA”) forms part of the Terms between Flats Bratislava s. r. o. (“Processor”) and the customer (“Controller”) and applies where we process personal data on the Controller’s behalf (e.g. guest data) under GDPR Art. 28.

1. Roles

The Controller determines the purposes and means of processing guest and reservation personal data. relax.host acts as Processor, processing such data only on documented instructions.

2. Scope of processing

3. Processor obligations

We: process only on instructions; ensure confidentiality; implement appropriate technical and organisational measures; assist with data-subject requests and breach notification; and delete or return data at the end of the engagement.

4. Sub-processors

The Controller authorises the use of vetted sub-processors listed on request. We impose equivalent data-protection obligations on them and remain responsible for their performance. We give notice of intended changes so the Controller may object.

5. International transfers

Primary processing occurs in the EU. Any transfer outside the EEA relies on an adequacy decision or Standard Contractual Clauses.

6. Breach notification

We notify the Controller without undue delay after becoming aware of a personal-data breach affecting the Controller’s data, with information reasonably available to assist the Controller’s own obligations.

7. Audits

On reasonable request and confidentiality terms, we make available information necessary to demonstrate compliance with Art. 28 and allow for audits.

8. Signature

Business customers who require a countersigned DPA may request one from info@flatsbratislava.com. [operator: fill in] (legal entity details / signatory).

Questions about this document? Email info@flatsbratislava.com.