Exhibit A

Details of Processing of Customer Personal Data

1. The following details of processing apply to circumstances in which Cendyn processes Customer Personal Data as a Data Processor. Where the EU 2010 Standard Contractual Clauses apply, these details are also deemed to constitute Annex B thereto. Where the EU 2021 Standard Contractual Clauses apply, these details are also deemed to constitute Annex I and II thereto.

The subject matter of the Processing of Customer Personal Data pertains to the provision of the Services as detailed in the Agreement, provided that the Services are cloud-based and Cendyn has access or stores Customer Personal Data. For the avoidance of doubt, Services that do not involve Cendyn’s Processing of Customer Personal Data (i.e. because all Customer Personal Data is stored by Customer and Cendyn does not have any access nor stores Customer Personal Data) are excluded from the scope of this DPA.
The purpose of the Processing of Customer Personal Data is to provide the Services detailed in the Agreement.
The duration of the Processing of Customer Personal Data is subject to the terms of the Agreement.
Depending on the Services provided to Customer, the categories of Data Subjects to whom the Personal Data relates may include: past and existing Customers of Customer (hotel guests, customers of hotel restaurants, customers of casino hotels), Customer’s leads.
Depending on the Services provided to Customer, the categories of Customer Personal Data to be Processed may include:
  • Customers of Customer (hotel guests):
    • Biographical information, including but not limited to first name, last name, gender.
    • Identifiers, including but not limited to Customer ID, Source Guest ID.
    • Contact information, including but not limited to: reservation email and email status, home phone, address line, mobile phone, work phone, work extension, home phone, fax.
    • Accomodation information, including but not limited to company, property, number of stays, total nights, days since last stay, feedback provided.
    • Financial information, including lifetime spend on the Customer’s properties.
    • Other information, including but not limited to photograph, reviews, and language
    • Inferred information, including but not limited to information used to create a segment.
  • Customer employees’
    • Identifier, including but not limited to Customer ID and username.
    • Biographical information, including but not limited to first name, last name, gender.
    • Contact information, including but not limited to: company, work email address, work phone, work extension, fax.
    • Log data, including but not limited to source and destination IP addresses, host name, user-ids, policy names, email addresses, URLs, date and time stamps, data volumes, activity and content.
Special categories of Customer Personal Data: N/A

Depending on the Services provided to Customer, the basic Processing operations to which the Personal Data will be subject include but are not limited to collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure, alignment, or combination, blocking, erasure, and destruction.

A description of technical and organizational security measures is available in Exhibit D of the DPA.
The identity and contact information of the DPO of the Parties is:
The identity and contact information of the EU representative of the Parties.
  • Cendyn:
    Serenata Intraware GMBH, Neumarkter
    Straße 18
    81673
    Munich,
    Germany
    dpo@cendyn.com
  • Customer: the information indicated in the Agreement (if any) under Section 11 e).
The retention period is the period during which the Services will be provided as described in the Agreement.
The frequency of the transfer: continuous basis according to the terms of the Agreement.
The following is deemed an instruction by Customer to Process Customer Personal Data:
  • a) Processing in accordance with the Agreement.
  • b) Processing initiated by Data Subjects in their use of the Services.
  • c) Processing to comply with other reasonable documented instructions provided by Customer (e.g.,via email) where such instructions are consistent with the terms of the Agreement.
  • d) Asking Cendyn to receive or transfer data from/to a third party, which may include but it is not limited to Cendyn partners (for example, survey companies and reservation services providers).