Data Processing Agreement (DPA)

VeloxGuest Limited

Legal Document

Effective Date: 18 February 2026

This Data Processing Agreement ("Agreement") is entered into between VeloxGuest Limited ("Processor") and the Hotel / Client entity using the VeloxGuest platform ("Controller").

This Agreement is made in accordance with Regulation (EU) 2016/679 (GDPR) and the Irish Data Protection Act 2018.

1. Roles of the Parties

  • The Hotel acts as Data Controller.
  • VeloxGuest Limited acts as Data Processor.

2. Purpose and Nature of Processing

VeloxGuest provides a digital concierge and live chat platform enabling:

  • Real-time guest communication
  • Housekeeping requests
  • Room service requests
  • Taxi bookings
  • Complaint handling
  • Special requests and feedback
  • Duty manager operational logs (arrival/departure rates, F&B covers, AM/PM/Night shift logs)
  • Reporting functions

VeloxGuest does not process payment data, passport data, or phone numbers.

3. Categories of Personal Data

Guest Data
  • First name and surname
  • Room number
  • Email address
  • Guest messages
  • Special requests
  • Feedback content
Hotel Operational Data
  • Duty manager logs
  • Arrival and departure rate information
  • F&B covers information
  • Shift issue logs

4. Categories of Data Subjects

  • Hotel guests
  • Hotel staff (limited to operational logs)

5. Duration of Processing

Processing continues for the duration of the hotel's subscription. Guest personal data is deleted immediately upon guest check-out.

6. Processor Obligations

VeloxGuest shall:

  • Process personal data only on documented instructions from the Controller
  • Ensure confidentiality of authorised personnel
  • Implement appropriate technical and organisational measures
  • Assist the Controller in fulfilling data subject rights
  • Notify the Controller of any Personal Data Breach within 24 hours
  • Delete or return personal data upon termination of services

7. Security Measures

VeloxGuest implements:

SSL (HTTPS) encryption
Secure cloud hosting located in Ireland
Encrypted data storage
Password-protected administrative access
Role-based access controls
Backups stored within Ireland
System monitoring

8. Sub-Processors

VeloxGuest uses the following sub-processor:

Hostinger (Cloud Hosting Provider)

Hosting Location: Ireland

VeloxGuest ensures GDPR-compliant contractual safeguards with Hostinger and remains fully liable for its compliance.

9. International Transfers

All personal data is stored within Ireland. No transfers outside the European Union occur.

10. Assistance to Controller

VeloxGuest shall assist the Controller with:

  • Data subject requests
  • Data Protection Impact Assessments (if required)
  • Cooperation with supervisory authorities

11. Personal Data Breach

In the event of a Personal Data Breach, VeloxGuest shall:

  • Notify the Controller within 24 hours
  • Provide relevant details and mitigation steps
  • Cooperate fully in regulatory reporting obligations

12. Audit Rights

The Controller may request reasonable documentation demonstrating GDPR compliance. Audits shall be reasonable, during business hours, and not disrupt operations.

13. Liability

Each party remains responsible for its respective GDPR obligations.

14. Governing Law

This Agreement shall be governed by the laws of Ireland. Disputes shall be subject to the exclusive jurisdiction of Irish courts.

Electronic signatures are accepted and shall be legally binding.

This digital document represents the signed agreement between VeloxGuest Limited and the Client.

WhatsApp