Hotel Guests: This support center is created for hotel owners. Click here to contact us.

Hotel owners: New to Click here to find the best solution for your hotel.

FAQ: Data Processor Agreement (DPA) for GDPR

The frequently asked questions (FAQ) on the Data Processor Agreement (DPA) for GDPR are outlined below. If you have any additional questions, please contact our Support Team. Read more about this new regulation in the main article on the GDPR.



Why do I need to sign a Data Processor Agreement?

Part of the General Data Protection Regulation (GDPR) is the Data Processor Agreement (DPA). The Data Protection Authority describes it as follows:

"If you involve other parties to process personal data for you, you must enter into a Data Processor Agreement with these organisations. This agreement rules out that the other party may process personal data for their own purposes."


What are the most important topics?

The most important topics of the Data Processor Agreement are:

  • Personal data will not be not processed for any other purposes by us or by sub-processors.
  • Personal data can be managed by your guests.
  • Personal data will be sufficiently secured and kept secret.
  • Procedures are described for a possible data breach and the possibility of an audit.

When should it be signed?

The General Data Protection Regulation (GDPR) will be enforced from 25 May 2018. However, we ask you to digitally sign the Data Processor Agreement as soon as possible, so that we can process it for you in time.


I have not received it

If you have not yet received the Data Processor Agreement, it may be that it has ended up in the 'junk email' or 'unimportant email' folder or that we have sent it to another e-mail address within your organisation. We will be happy to send it to you again, please contact Support.


My hotel is part of a hotel chain

If your hotel is part of a hotel chain:

  • For a chain in where individual contracts have been signed for each hotel for the products or services of, each hotel must sign its own Data Processor Agreement with

  • For a chain where one contract for the entire chain is signed for the products or services of, only one Data Processor Agreement needs to be signed for the entire chain with


I do not want to sign it

If you do not sign a Data Processor Agreement with, you do not comply with the GDPR legislation and fines may follow.


Other booking sites do not have this

The hotel must have signed a written Data Processor Agreement with all partners in accordance with the GDPR law. The Data Protection Authority describes it as follows:

"If you use the services of a processing, once the General Data Protection Regulation (GDPR) applies, then you and the processor are obliged to record a number of topics in a written agreement (see article 28, paragraph 3 of the GDPR)."


Can I use this agreement for other partners?

This agreement was specifically created for your partnership with Therefore, you cannot copy this agreement one-on-one. However, you can use this agreement as inspiration for your agreement with other partners.

It is important that has no responsibility on your agreement with other parties and we recommend that you perform a check with your legal advisor or with the other partner whether the agreement is legally correct.


Do I have to set up an agreement with partners of

Partners of that process personal data are referred to as sub-processors in the GDPR. has created a separate Data Processor Agreement with all sub-processors, in which the sub-processors state that they comply to the same standards as

It is therefore not necessary for hotels to sign a Data Processor Agreement with partners of, unless the hotel has a direct cooperation with that party without the intervention of


Can I create a self-made agreement?

In order to help you to comply with the GDPR, we have created up a Data Processor Agreement for you which meets all requirements set by the Data Protection Authority. This agreement ensures that you require us to process personal data safely.

The Data Processor Agreement is a standardised agreement for all hotel partners. Therefore, we cannot sign a separate agreement per hotel.


Do I comply to the GDPR if I have signed it?

Once you have signed the Data Processor Agreement with, you comply with the GDPR for your partnership with In addition, the products and services of will become GDPR-proof before May 25, 2018.

You must ensure that your own organisation complies with the GDPR and that you conclude a Data Processor Agreement with other partners. More information can be found in main article on the GDPR, for full information we recommend consulting the website of your local Data Protection Authority.


Do products comply with the law?

All products will comply with the GDPR on 25 May 2018. Changes will be made in the coming weeks so that guests can, for example, delete their personal data from the Booking Modules. You can find the status of this in the main article on the GDPR.


My hotel is outside the EU

The GDPR applies to all companies that process personal data of EU citizens, even if the company is located outside the EU. Hotels in for example Curaçao or the United Kingdom must also comply with the GDPR and therefore sign the Data Processor Agreement.



Note If you have any questions about the AVG that are not mentioned above or in themain article on the GDPR, we will be happy to help you. Please contact Support for this.





Below, you can place a comment, in case you have a suggestion or question about this article. If case you have a bug, complaint or question concerning your account, we recommend to use "Submit a request" at the top of this page.
Have more questions? Submit a request