Skip to the main content.
Login Request a Demo
Login Request a Demo

Cutting-Edge Solutions for Vacation Rental Marketing

Discover how BookingsCloud’s advanced property scoring, smart spend allocation, and data-driven advertising can optimize your marketing efforts and drive results.

Our Technology

Empowering Managers, Owners, and Marketers

BookingsCloud is designed to support vacation rental managers, owners, and marketers with tailored solutions to boost efficiency, control spend, and increase bookings.

Who We Help

Valuable Insights and Support at Your Fingertips

Access guides, case studies, and expert resources to help you maximize the potential of BookingsCloud and stay ahead in vacation rental marketing.

Our Resources

BOOKINGS CLOUD U.S. DATA PROTECTION EXHIBIT

This U.S. Data Protection Exhibit ("Data Protection Exhibit ") forms part of the Bookings Cloud SaaS Agreement made between Advance Local Media LLC d/b/a Bookings Cloud (“BC”) and its client (“Client”) (each a "Party" and together the "Parties") (together with the Data Protection Exhibit, the "Agreement"), under which BC agrees to provide the Client and/or its affiliates with certain services (the "Services").

For the purposes of providing the Services to Client, BC may have access to, or be provided with, Personal Data that is subject to Data Protection Laws and in relation to which the Client is subject to certain obligations.

In consideration of the mutual promises set out in this Data Protection Exhibit, the Client and BC agree as follows:

 

1. Definitions

For purposes of the Agreement, the following terms have the following meanings:

1.1 For the purposes of this Data Protection Exhibit:

Controller” means the entity that determines the purposes and means of processing Personal Data, or that otherwise acts as the “business,” “controller,” owner (vis-à-vis BC), or similar term under Data Protection Laws.

"Data Protection Laws" means all United States federal and state laws, rules, and regulations that apply to the processing of Personal Data under the Agreement as amended from time to time.

"Personal Data" means any information relating to an identified or identifiable natural person or household.

process” (and derivatives thereof) means, in connection with Personal Data, any operation or set of operations performed upon Personal Data, whether or not by automated means, such as access, collection, storage, recording, organization, structuring, adaption or alteration, retrieval, use, disclosure, dissemination or otherwise making available, alignment or combination, restriction, transmission, erasure, or destruction.

Processor” means the entity that acts as the “service provider,” “processor,” or similar term under Data Protection Laws, or that otherwise processes Personal Data on behalf of the Controller.

"subprocessor" means any third party engaged by or by any other subprocessor of BC, which agrees to receive from BC, or from any other subprocessor of BC, Personal Data to be processed on behalf of Client.

1.2 In this Data Protection Exhibit, unless the context otherwise requires, words in the singular shall include the plural and in the plural shall include the singular.

 

2. Details of the Processing Activities

2.1 BC agrees that:

  1. Client may provide Personal Data to BC for processing pursuant to this Agreement;
  2. In relation to the Personal Data, Client shall be the Controller and BC shall be the Processor of the Personal Data processed by BC under this Agreement; and
  3. Client is disclosing Personal Data in connection with the Agreement for the purposes of receiving the Services.

2.2 Client’s processing instructions, including the nature and purpose of processing Personal Data, the type of Personal Data subject to processing, and the duration of processing are as set forth in the Agreement.

 

3. Obligations of BC

3.1 BC agrees and warrants:

  1. to process Personal Data only:
    1. on behalf of Client for the purpose of providing the Services or as otherwise required by applicable law, and not for BC’s own purposes;
    2. in accordance with Client’s documented instructions; and
    3. in compliance with Data Protection Laws and this Data Protection Exhibit.
  2. that it shall provide the same level of privacy protection as is required by Data Protection Laws.
  3. that it shall not:
    1. “sell” Personal Data, as “sell” (or a derivative thereof) is defined by Data Protection Laws;
    2. “share” Personal Data, as “share” (or a derivative thereof) is defined by Data Protection Laws;
    3. process Personal Data in a manner outside of the direct business relationship between Client and BC; or
    4. combine Personal Data with other information that BC receives from or on behalf of any other third party or its interactions with individuals, provided that BC may so combine Personal Data for a specified business purpose if directed to do so by Client or as otherwise permitted by Data Protection Laws.
  4. that if it is legally required to process Personal Data otherwise than as instructed by Client, it shall notify Client before such processing occurs, unless the law requiring such processing prohibits BC from providing such notification to Client, in which case it shall notify Client as soon as that law permits it to do so.
  5. not to assume any responsibility for determining the purposes for which and the manner in which Personal Data is processed.
  6. that it does not believe that any legislation applicable to it prevents it from fulfilling either the instructions received from Client or its obligations under this Data Protection Exhibit; provided, however, that BC shall promptly inform Client if BC believes that (i) an instruction of Client regarding the processing of Personal Data infringes on Data Protection Laws, or (ii) BC can no longer comply with Data Protection Laws with respect to its processing of Personal Data, in which case Client may take all reasonable and appropriate steps to prevent, stop, or remediate any unauthorized processing of Personal Data.
  7. that it has implemented and will maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk associated with the Processing activity as required by Data Protection Laws.
  8. that it will treat all Personal Data as confidential information and limit access to Personal Data to those of its personnel who need to know the confidential information in order to carry out the Services.
  9. to take reasonable steps to ensure that:
    1. its personnel who have access to the Personal Data:
      1. are reliable;
      2. are both informed of the confidential nature of the Personal Data and obliged to keep such Personal Data confidential; and
      3. are aware of and comply with BC’s duties and their personal duties and obligations under this Data Protection Exhibit.
    2. subprocessors that have access to Personal Data are under appropriate duties of confidentiality with respect to Personal Data, including as set forth in Clause 3.1(i)(i).
  10. that it will notify Client about:
    1. any instruction which, in its opinion, infringes Data Protection Laws;
    2. any complaint, communication or request received directly by BC or a subprocessor from a data subject and pertaining to their personal data, without responding to that request unless it has been otherwise authorised to do so by Client; and
    3. any change in legislation applicable to BC or a subprocessor that BC believes is likely to have a substantial adverse effect on the warranties and obligations in this Data Protection Exhibit.
  11. that it will notify Client without undue delay after BC becomes aware of any actual or suspected security breach, unauthorized access, misappropriation, loss, damage or other compromise of the security, confidentiality, or integrity of Personal Data processed by BC or a subprocessor ("Security Breach");
  12. to provide Client with all reasonable assistance needed to comply with Data Protection Law with regard to any complaint, communication or request received from a data subject.
  13. to audit the adequacy of its security measures used to Process Personal Data on behalf of Client, such audit will (i) be performed at least annually; (ii) be in accordance with SSAE 16 standards or such alternative standards that are substantially equivalent to SSAE 16; (iii) be performed by third party professionals at BC’s selection and expense; and (iv) result in the generation of an audit report (“Audit Report”), which will be BC’s confidential information.
  14. to contribute to audits by Client or an auditor designated by Client by providing a confidential summary of the Audit Report (“Summary Report”) so that Client can reasonably verify BC’s compliance with the obligations of the Data Protection Exhibit, which will be BC’s confidential information.
  15. that it shall not subcontract any of its processing operations under this Data Protection Exhibit unless:
    1. BC has provided Client with a list of subprocessors and informs Client in advance of BC’s intention to add or replace subprocessors, providing Client a reasonable opportunity to object to any changes; and
    2. the subprocessor is subject to a written agreement which imposes, in substance, the same obligations on that subprocessor as are imposed on BC under this Data Protection Exhibit. This does not preclude BC and the subprocessor from adding clauses on business related issues where required as long as they do not contradict the Agreement or this Data Protection Exhibit.
  16. that when de-identifying Personal Data, BC shall:
    1. ensure, through the implementation of reasonable measures, that de-identified data cannot reasonably be used to infer information about, or otherwise be linked to, a particular natural, human person or a household;
    2. publicly commit to continue to maintain and use de-identified information in a de-identified form and not to attempt to re-identify the de-identified data, except that BC may attempt to re-identify the information solely or the purpose of determining whether its de-identification processes satisfy the requirements of Data Protection Law;
    3. contractually obligate any recipients of the de-identified data, including all subprocessors, to comply with Data Protection Law; and
    4. remain fully liable any failure by BC or its subprocessors to comply with this Clause 3.1(p).

4. Liability      

4.1 BC shall remain fully liable to Client for any subprocessors' processing of Personal Data.

 

5. Allocation of Costs   

5.1 Each party shall perform its obligations under this Data Protection Exhibit at its own cost.

 

6. Governing Law

6.1 The governing law of this Data Protection Exhibit shall be the laws of the state of New York.

 

7. Miscellaneous

7.1 In the event of inconsistencies between the provisions of this Data Protection Exhibit and other agreements between the parties, the provisions of this Data Protection Exhibit shall prevail with regard to the parties' data protection obligations relating to Personal Data. In cases of doubt, this Data Protection Exhibit shall prevail, in particular, where it cannot be clearly established whether a clause relates to a party's data protection obligations.

7.2 Should any provision or condition of this Data Protection Exhibit be held or declared invalid, unlawful or unenforceable by a competent authority or court, then the remainder of this Data Protection Exhibit shall remain valid. Such an invalidity, unlawfulness or unenforceability shall have no effect on the other provisions and conditions of this Data Protection Exhibit to the maximum extent permitted by law. The provision or condition affected shall be construed either:

  1. to be amended in such a way that ensures its validity, lawfulness and enforceability while preserving the Parties' intentions; or if that is not possible
  2. as if the invalid, unlawful or unenforceable part had never been contained in this Data Protection Exhibit.

7.3 Any amendments to this Data Protection Exhibit shall be in writing duly signed by authorized representatives of the parties hereto.