Data Processing Addendum

Name: Easy Tee Golf
Author: Easy Tee Golf

Data Processing Addendum (DPA)

This Data Processing Addendum (“DPA”) is entered into between Easy Tee Golf LLC (“Processor”) and the Merchant/Golf Course entity (“Controller”) using the Services. This DPA is incorporated into and forms part of the Easy Tee Golf Terms of Service.

1. Definitions

“Personal Data” means any information relating to an identified or identifiable natural person (the “Golfer” or “End User”) processed by Easy Tee on behalf of the Merchant.
“Processing” means any operation performed on Personal Data, such as collection, storage, use, or transmission.

2. Relationship

The parties acknowledge that for the purposes of data protection laws, the Merchant is the Data Controller and Easy Tee Golf is the Data Processor.

3. Scope of Processing

Processor shall process Personal Data only to provide the Services, including managing reservations and waitlists, synchronizing data with Square POS, and sending transactional communications at the Controller’s direction.

4. Processor Obligations

Instruction: Processor shall process Personal Data only on the documented instructions of the Controller (including those provided via the Easy Tee application).
Confidentiality: Processor ensures that all personnel authorized to process Personal Data are committed to confidentiality.
Security: Processor shall implement industry-standard technical and organizational measures to protect Personal Data against unauthorized access or loss.

5. Subprocessors

Authorization: Controller provides a general written authorization for Processor to engage subprocessors to assist in providing the Services.
Notice of Changes: An up-to-date list of authorized subprocessors is maintained at easyteegolf.com/subprocessors/.
Update Mechanism: Processor will notify Controller of any intended changes to the subprocessor list by publishing those changes to the Subprocessor Page.
Objection Period: Controller shall have fifteen (15) days from the date of publication to object to a new subprocessor. If no objection is received in writing within 15 days, the Controller is deemed to have authorized the new subprocessor.

6. Personal Data Breach

In the event of a confirmed security breach leading to the accidental or unlawful destruction, loss, or unauthorized disclosure of Personal Data, Easy Tee Golf will notify the Merchant without undue delay (typically within 48–72 hours) after becoming aware of the breach.

7. Deletion or Return of Data

Upon termination of the Services, Easy Tee Golf will, at the choice of the Merchant, delete or return all Personal Data, unless local law requires continued storage.