Nowość: Infrastruktura Generowana przez AI. Twoja Własność.

Last updated: October 30, 2025

Data Processing Agreement

Data Processing Agreement governing the processing of personal data by Timerise.

This Data Processing Agreement (“Agreement” or “DPA”) is an integral part of the Timerise Terms and Conditions, which govern the use of the Timerise Platform.

1. Definitions

The following terms have the meanings assigned below and as defined in applicable personal data protection laws, including the GDPR:

  • “Timerise” means Timerise Sp. z o.o., with its registered office in Wrocław, Poland, at ul. Księcia Witolda 49/15, 50-202 Wrocław, e-mail: hello@timerise.ai.
  • “Agreement” means this Data Processing Agreement.
  • “Main Agreement” means the agreement under which the Controller uses Timerise Services, as defined in the Timerise Terms and Conditions.
  • “Services” means the services provided by Timerise, including access to and use of the Timerise Platform.
  • “Platform” means Timerise’s online booking platform and API.
  • “Personal Data” means any information relating to an identified or identifiable natural person processed under this Agreement.
  • “Processing” means any operation performed on Personal Data.
  • “Data Controller” or “Controller” means the entity that determines the purposes and means of Processing Personal Data — that is, you as a Timerise customer.
  • “Data Processor” or “Processor” means Timerise, which processes Personal Data on behalf of the Controller.
  • “Sub-Processor” means any third-party entity engaged by Timerise to assist in providing the Services.
  • “GDPR” means Regulation (EU) 2016/679 (General Data Protection Regulation).

2. General Provisions

  • The Controller entrusts Timerise with the Processing of Personal Data solely for providing the Services under the Main Agreement.
  • Processing will be carried out in accordance with the GDPR and this Agreement.
  • Personal Data typically includes data of end-users using the Platform. The scope is detailed in Appendix No. 1.
  • Timerise will process Personal Data only for the duration of the Main Agreement and solely on documented instructions from the Controller.

3. Controller’s Statements

By entering into this Agreement, the Controller declares that:

  • Personal Data are processed in connection with its business or statutory activity;
  • It has a valid legal basis for Processing the Personal Data;
  • There are no legal obstacles preventing Timerise from Processing Personal Data as entrusted.

4. Technical and Organizational Measures

  • Timerise will implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
  • Only authorized persons bound by confidentiality will have access to Personal Data.

5. Processor’s Duties

Timerise shall:

  • Assist the Controller in responding to requests from data subjects (Chapter III GDPR);
  • Assist the Controller in ensuring compliance with security and breach notification obligations (Articles 32–36 GDPR);
  • Promptly inform the Controller of any proceedings or inspections by authorities;
  • Not delete or alter Personal Data without instructions from the Controller.

6. Audits

  • Timerise will make available information necessary to demonstrate compliance and allow audits.
  • The Controller must notify Timerise at least 14 business days in advance.
  • Audits must not unduly disrupt operations and may last up to 3 business days.

7. Sub-Processors

  • Timerise has a general authorization to engage Sub-Processors.
  • The list of current Sub-Processors is in Appendix No. 2.
  • Timerise shall notify the Controller in advance of any changes regarding Sub-Processors.

8. Personal Data Breaches

If Timerise becomes aware of a Personal Data breach, it shall notify the Controller within 48 hours and provide details on the nature of the breach and measures taken.

9. Liability

  • Timerise’s total liability for damages arising from Processing under this Agreement shall not exceed EUR 3,000 in aggregate.
  • Neither Party shall be liable for non-performance due to Force Majeure.

10. CCPA (California Consumer Privacy Act)

  • If the Controller processes Personal Data of California residents, Timerise shall not use such data for any purpose other than performing the Services.
  • Timerise will not sell or share California residents’ Personal Data.

11. Termination

  • Upon termination, Timerise shall, at the Controller’s choice, delete or return all Personal Data within 14 days, unless storage is required by law.

12. Final Provisions

  • Any amendments must be made in electronic form to be valid.
  • The Appendices form an integral part of this Agreement:
  • This Agreement is governed by Polish law.

© 2025 Timerise Sp. z o.o. – All rights reserved.

Data Processing Agreement | Timerise