Last updated · 4 July 2026
This Data Processing Addendum (“DPA”) forms part of the Terms between Flats Bratislava s. r. o. (“Processor”) and the customer (“Controller”) and applies where we process personal data on the Controller’s behalf (e.g. guest data) under GDPR Art. 28.
The Controller determines the purposes and means of processing guest and reservation personal data. relax.host acts as Processor, processing such data only on documented instructions.
We: process only on instructions; ensure confidentiality; implement appropriate technical and organisational measures; assist with data-subject requests and breach notification; and delete or return data at the end of the engagement.
The Controller authorises the use of vetted sub-processors listed on request. We impose equivalent data-protection obligations on them and remain responsible for their performance. We give notice of intended changes so the Controller may object.
Primary processing occurs in the EU. Any transfer outside the EEA relies on an adequacy decision or Standard Contractual Clauses.
We notify the Controller without undue delay after becoming aware of a personal-data breach affecting the Controller’s data, with information reasonably available to assist the Controller’s own obligations.
On reasonable request and confidentiality terms, we make available information necessary to demonstrate compliance with Art. 28 and allow for audits.
Business customers who require a countersigned DPA may request one from info@flatsbratislava.com. [operator: fill in] (legal entity details / signatory).
Questions about this document? Email info@flatsbratislava.com.