Standard processor terms under which Digibeds processes personal data on behalf of its customers — GDPR Article 28 and India DPDP aligned.
Effective date: July 19, 2026
Company: Digibeds Technologies Private Limited (“Digibeds”, “we”, “us”), India
This Data Processing Agreement (“DPA”) forms part of the agreement between Digibeds and each customer of the Service. For personal data the customer submits to the platform (guest, booking and operational data), the customer is the controller (or a processor acting for another controller) and Digibeds is the processor. A countersigned copy of this DPA, including the EU Standard Contractual Clauses where required, is available on request.
Processing covers hosting, storage, transmission, display, backup and related technical operations needed to provide the Digibeds hospitality Service, for the duration of the customer agreement plus the post-expiry export and deletion window. Data subjects: guests, customer staff and contacts. Data categories: identification and contact details, stay and reservation details, billing records and operational notes. No special-category data is required by the Service.
Where personal data protected by the GDPR/UK GDPR is transferred to a country without an adequacy decision, the parties rely on the EU Standard Contractual Clauses (Module 2/3, with the UK Addendum where applicable) or other valid mechanisms. Transfers of data governed by India’s DPDP Act follow the transfer rules and any government notifications under that Act.
Digibeds makes available compliance information, summaries of security assessments and completed questionnaires. Where the customer requires an audit, it may be conducted no more than once annually (absent a regulator requirement or a material incident), on reasonable notice, during business hours, without disrupting operations, and subject to confidentiality.
Digibeds notifies the customer without undue delay after becoming aware of a personal data breach affecting the customer’s data, and provides information reasonably required for the customer’s own notification obligations, followed by remediation updates.
As a data processor under the DPDP Act, Digibeds processes personal data only under the customer’s valid contract, maintains reasonable security safeguards, deletes data as instructed or when the purpose is served, and supports the customer’s obligations to data principals and the Data Protection Board of India.
Liability under this DPA is subject to the limitations in the customer agreement and the Software as a Service Policy, except where applicable data-protection law does not permit such limitation. In case of conflict regarding personal data, this DPA prevails over other terms.
Questions about this document: email [email protected] or call 08040265786. This document is part of the Digibeds legal framework — see the Legal Center for all policies.