Data Processing Agreement for Renttix.com: Ensuring Your Data is Handled Safely and Responsibly
Data Processing Agreement (DPA)
This Data Processing Agreement (DPA) is a key part of the overall Agreement between Renttix.com (referred to as the “Processor”) and our valued customer (referred to as the “Controller”). Together, we’re known as the “Parties” and individually as “Party.”
This DPA clarifies how we’ll handle and protect personal data while providing you with our services.
Why We’re Here
You, the Controller, have access to personal data from various individuals (which we call “Data Subjects”).
To help you manage your data responsibly, we (Renttix) will carry out certain processing tasks for you, according to the terms of our Agreement.
In this DPA, terms like “personal data” and “processing” follow the definitions outlined by the General Data Protection Regulation (GDPR).
Our role as the Processor is to handle personal data on your behalf, as part of the services we provide under our Agreement with you. You, as the Controller, hold the primary responsibility for ensuring that data is processed securely and in line with GDPR standards.
1. Purpose of Processing
1.1. Renttix will process personal data strictly to fulfill our Agreement with you, whether that’s managing your rentals, invoicing, or other related services. Processing may also occur if legally required.
1.2. The types of data and categories of individuals involved are outlined in Appendix A.
2. Our Responsibilities as Processor
2.1. Renttix will only process personal data for the agreed-upon purposes outlined above.
2.2. We’ll always comply with GDPR requirements in everything we do regarding personal data.
2.3. If we believe that any instruction you provide conflicts with GDPR or is otherwise unreasonable, we’ll inform you promptly.
2.4. As the Processor, we’re committed to supporting you in fulfilling your GDPR obligations. This includes providing necessary assistance for tasks like data protection impact assessments and breach notifications (Articles 32–36 of the GDPR).
2.5. Our commitment to protecting personal data extends to any team members or third parties who process data on our behalf.
3. Keeping Data Confidential
3.1. Renttix will maintain the confidentiality of all personal data you share with us. We make sure that any team members handling data are under a strict obligation to keep it secure and private.
3.2. Confidentiality may only be waived if you explicitly authorize it, it’s necessary to provide our services, or if we’re legally required to disclose the data.
4. Data Breach Notifications
4.1. You’re responsible for notifying the relevant authorities and Data Subjects if there’s a personal data breach.
4.2. To help you fulfill this responsibility, Renttix will promptly notify you of any known breach within 48 hours of discovery. We’ll also take reasonable steps to limit any damage and prevent further issues.
4.3. Renttix will assist you, where necessary, with any follow-up actions related to the breach.
5. Supporting Data Subject Rights
5.1. If any Data Subject contacts us directly with a request about their data, we’ll forward it to you within three working days.
5.2. If needed, Renttix will help you address such requests, to the best of our ability.
6. Security Measures
6.1. Renttix will implement all appropriate technical and organizational measures to ensure the security of the data we process on your behalf, as outlined in GDPR Article 32.
6.2. You may request an up-to-date list of the security measures we have in place at any time.
7.Audits
7.1 If you need to verify our compliance, you can arrange for an independent third-party audit once per year. This audit can only happen if there’s a valid reason, which should be communicated in writing.
7.2 If an audit was conducted within the past year, we may share a relevant portion of that report instead of undergoing a new audit
7.3 Both Renttix and you will coordinate the timing and scope of the audit together.
7.4 We’ll support the audit process by providing any necessary information and access.
8.Use of Subprocessors
8.1 Renttix may work with subprocessors to help deliver our services, all of whom are listed in Appendix B. We ensure that any subprocessors we use are GDPR-compliant and uphold the same level of data protection that you expect from us.
8.2 You’ll be notified if we intend to add or change subprocessors, and you have the right to object within two weeks if there’s a reasonable concern.
8.3 Renttix takes full responsibility for any data processed by our subprocessors.
9.International Data Transfers
9.1 Renttix may process your data within the European Economic Area (EEA) or in countries that offer adequate data protection as recognized by the European Commission.
9.2 For data transferred outside the EEA, we’ll follow all GDPR requirements, including necessary safeguards to protect the data.
10.Liability
10.1 Any liability related to this DPA will follow the terms outlined in our general Agreement.
11. Duration and Termination
10.1 This DPA will last as long as our Agreement is active.
11.2 Any changes to this DPA must be agreed upon in writing.
11.3 When the DPA ends, Renttix will, at your choice, either return all personal data to you or securely delete it