SENTINEL

Data Processing AgreementGDPR Compliant

Our Data Processing Agreement ensures full GDPR compliance and defines how we process your personal data as a data processor.

This agreement outlines our responsibilities as a data processor and your rights as a data controller under GDPR and other applicable data protection laws.

Last updated: December 15, 2024

GDPR Compliant
Data Protected
Transparent

Data Processing

GDPR compliant agreement

Data Controller

Your rights defined

Data Processor

Our responsibilities

Protection

Security measures

1. Definitions

Key Terms

  • Data Controller: The entity that determines the purposes and means of processing personal data
  • Data Processor: Sentinel, which processes personal data on behalf of the Data Controller
  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data

2. Scope and Purpose

This Data Processing Agreement (DPA) applies to all processing of personal data by Sentinel on behalf of the Data Controller in connection with the provision of our hospitality intelligence services.

Processing Purposes

  • Providing hospitality intelligence and analytics services
  • Generating demand forecasts and operational insights
  • Delivering personalized dashboards and reports
  • Providing customer support and service improvement

3. Data Processing Obligations

Security Measures

Sentinel implements appropriate technical and organizational measures to ensure the security of personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and monitoring
  • Incident response and breach notification procedures

Confidentiality

All Sentinel personnel with access to personal data are bound by confidentiality obligations and receive appropriate training on data protection requirements.

4. Data Subject Rights

Supporting Data Subject Rights

Sentinel will assist the Data Controller in fulfilling data subject rights requests, including:

Right to access
Right to rectification
Right to erasure
Right to data portability
Right to restrict processing
Right to object

5. Data Retention

Sentinel will retain personal data only for as long as necessary to fulfill the purposes outlined in this DPA or as required by applicable law.

Retention Periods

  • • Account data: Until account termination + 30 days
  • • Operational data: As specified in service agreement
  • • Audit logs: 7 years for compliance purposes

6. Sub-processors

Sentinel may engage sub-processors to assist in providing our services. We ensure that all sub-processors are bound by the same data protection obligations.

Current Sub-processors

Cloud Infrastructure: AWS (EU regions)

Analytics: Google Analytics (anonymized)

Email Services: SendGrid (EU)

Monitoring: Datadog (EU)

7. Data Breach Notification

Breach Response

In the event of a personal data breach, Sentinel will notify the Data Controller without undue delay and in any case within 24 hours of becoming aware of the breach.

  • • Immediate notification to Data Controller
  • • Detailed breach report within 72 hours
  • • Cooperation in breach investigation
  • • Assistance with regulatory notifications

8. International Transfers

Personal data may be transferred outside the European Economic Area (EEA) only with appropriate safeguards in place, such as Standard Contractual Clauses (SCCs) or adequacy decisions.

Transfer Safeguards

  • • Standard Contractual Clauses (SCCs)
  • • Adequacy decisions by the European Commission
  • • Binding Corporate Rules (BCRs)
  • • Certification schemes and codes of conduct

9. Contact Information

For questions about this Data Processing Agreement or data protection matters, please contact us:

Data Protection Officer: dpo@sentinel.app

Legal Team: legal@sentinel.app

Address: Sentinel HQ, Ghent, Belgium

Phone: +32 9 XXX XX XX