Data Processing Agreement
1. Parties
Data Controller: the Subscriber (host, agency or company using Blastnes modules on their Lodgify account).
Data Processor: Blastnes Retail SAS, 12 rue de Rivoli, 75004 Paris (SIREN 928 471 653).
2. Object and duration
This DPA governs the processing of personal data carried out by Blastnes on behalf of the Subscriber in connection with the operation of one or more Blastnes modules. It applies for the entire duration of the Subscriber's subscription and for the 30-day post-cancellation retention period thereafter.
3. Nature and purpose of processing
Blastnes reads personal data of guests (name, email, phone, check-in/out dates, booking status) from the Subscriber's Lodgify account via the Lodgify Public API, exclusively to run the modules the Subscriber has enabled. No processing is carried out beyond what each specific module requires. The exhaustive list of endpoints touched per module is on each module's product page and on the integrations page.
4. Categories of data subjects and personal data
- Guests — name, email, phone (only for Cleaning Coordinator and Guest Message Templates), check-in/out dates, language preference, booking status. Special categories (Art. 9) are never processed.
- Cleaners and staff — name, phone (for Cleaning Coordinator only).
- Subscriber's own team members — name, email, role (for the account UI).
5. Subscriber obligations
The Subscriber warrants having a valid legal basis (Art. 6 RGPD) for the processing they instruct Blastnes to carry out — typically contract performance for guest data (the reservation contract) and legitimate interest for staff data. The Subscriber informs data subjects transparently through their own privacy notice, in line with Art. 13 & 14 RGPD.
6. Processor obligations
Blastnes commits, in application of Art. 28 §3 RGPD, to:
- Process personal data only on documented instructions from the Subscriber;
- Ensure confidentiality of authorised staff (contractual clause + background check);
- Apply appropriate technical and organisational security measures (see §8);
- Only engage sub-processors listed in §9 with prior general authorisation;
- Assist the Subscriber in fulfilling data subject rights requests within 15 days;
- Notify the Subscriber of any personal data breach within 24 hours;
- Return or delete all personal data at the end of the service, at the Subscriber's option;
- Make available all information necessary to demonstrate compliance and allow audit.
7. Data location
All personal data is processed and stored within the European Union — Scaleway data centres in Paris (fr-par) and Amsterdam (nl-ams). Two exceptions require the Subscriber's explicit setup: (a) Guest ID Verification uses Onfido (UK, subject to the UK adequacy decision) or Veriff (Estonia, EU); (b) Data Warehouse Bridge writes to the warehouse instance in the region the Subscriber configures.
8. Security measures
TLS 1.3 for all traffic in transit. AES-256 encryption at rest. Access limited to named engineers with 2FA + hardware key. Vault-managed secrets, rotated monthly. Monthly penetration testing by a third-party CERT-FR-registered provider. Annual external SOC 2-lite audit. Incident response plan with a 24-hour Subscriber-notification commitment (24 hours ≠ 72 hours: we deliberately commit to a stricter timeline than Art. 33's regulatory 72 hours).
9. Sub-processors
Current sub-processors, all EU-based unless flagged:
- Scaleway SAS (Paris, FR) — infrastructure.
- Stripe Payments Europe Ltd (Dublin, IE) — payment processing.
- Postmark (Wildbit, US — Standard Contractual Clauses in place) — transactional email.
- Twilio Ireland Ltd (Dublin, IE) — SMS/WhatsApp for Cleaning Coordinator.
- Onfido Ltd (UK — adequacy decision) or Veriff OÜ (EE) — Guest ID Verification, only if the Subscriber enables it.
10. Signature
This DPA is binding upon subscription without additional signature per Art. 28 §9 RGPD ("The contract [...] shall be in writing, including in electronic form"). A signed PDF version is available on request from dpo@blastnes.org for procurement processes that require one.