Data processing agreement

1. Scope and Purpose

QuickBuy.io processes personal data on behalf of Clients in the course of providing restaurant management services. This DPA outlines obligations under applicable data protection laws, including the UAE PDPL and GDPR.

2. Roles and Responsibilities

• Client: Data Controller
• QuickBuy.io: Data Processor
• QuickBuy.io will only process personal data per documented instructions from the Client and will not use the data for any other purposes.

3. Security Measures

QuickBuy.io implements appropriate technical and organizational measures including:

• Encryption of data in transit and at rest
• Role-based access control (RBAC)
• Regular security testing and updates
• Two-factor authentication for admin access

4. Subprocessors

QuickBuy.io may engage subprocessors such as:

• Google Cloud Provider (GCP) – Infrastructure
• Stripe – Payments
• SendGrid/Twilio – Notifications

All subprocessors are bound by data protection agreements ensuring adequate safeguards.

5. International Transfers

QuickBuy.io may transfer data outside of the UAE/EU under lawful mechanisms, including Standard Contractual Clauses (SCCs) and similar safeguards.

6. Data Subject Rights and Support

QuickBuy.io shall assist the Client in responding to data subject rights requests (access, rectification, deletion, etc.).

7. Audit and Compliance

QuickBuy.io will make documentation available to demonstrate compliance and, upon reasonable notice, allow audits under strict confidentiality.

8. Termination and Data Deletion

Upon termination of services, QuickBuy.io will:

• Return all personal data upon request
• Delete data from all systems within 60 days unless legally required to retain it

9. Contact

For DPA-specific inquiries: info@quickbuy.io