SchedulingKit
Legal

Data Processing Addendum

Last updated: January 24, 2026

Definitions

Capitalized terms follow the meanings in our main agreement and applicable privacy law, including “Controller”, “Processor”, “Personal Data”, and “Processing”.

This Addendum supplements the agreement between you (Controller) and SchedulingKit (Processor) where Processing applies.

Subject Matter and Duration

Subject matter is the provision of scheduling, booking, notifications, and related cloud services described in your order or plan.

Processing lasts for the subscription term and reasonable wind-down, unless law requires earlier deletion or retention.

Nature and Purpose

Nature includes hosting, storage, transmission, analytics for service reliability, security monitoring, and support.

Purpose is to perform the services you configure and to comply with documented instructions and applicable law.

Types of Personal Data

Categories may include identifiers (name, email, phone), calendar metadata, booking details, payment references, and message content you route through the product.

Sensitive categories are processed only where you configure lawful features and provide appropriate instructions.

Categories of Data Subjects

Typical subjects include your administrators, staff, and your end customers or invitees who interact with booking flows.

You are responsible for notices and lawful bases toward your end users as their Controller.

Obligations of the Processor

We process Personal Data only on documented instructions unless law requires otherwise (in which case we inform you unless prohibited).

We ensure confidentiality, implement appropriate security measures, assist with DPIAs and breach notifications as contractually agreed, and delete or return data after service end.

Sub-processing

We may engage subprocessors listed on our sub-processor page, subject to equivalent data protection obligations.

You may object to new subprocessors on reasonable grounds related to privacy risk; remedies follow the main agreement.

Data Subject Requests

We assist you in responding to requests from individuals exercising GDPR or similar rights, to the extent technically feasible.

Direct requests received by us are forwarded to you unless we are legally required to respond directly.

Data Breach Notification

We notify you without undue delay after becoming aware of a Personal Data breach affecting your data, with information available at the time.

You remain responsible for regulatory notices to supervisory authorities and affected individuals as Controller.

Contact

DPA inquiries: privacy@schedulingkit.com.