VetLocal
FeaturesHow it worksPricingFree auditFAQ
csen
Log inCreate account

Legal

Data Processing Agreement (DPA)

Last updated: May 15, 2026

This Data Processing Agreement ("DPA") forms an annex to the Terms of Service and becomes binding when the Customer ("Controller") begins processing personal data of third parties in the Service — typically Google review content containing a client's name. The Provider acts as processor under Article 28 GDPR.

This document is available in Czech and English. In case of conflict, the Czech version prevails.

Contents

  1. 1. Subject, nature and purpose of processing
  2. 2. Categories of personal data and data subjects
  3. 3. Processor obligations
  4. 4. Sub-processors
  5. 5. International transfers
  6. 6. Security incidents
  7. 7. Data subject rights
  8. 8. Audit and inspection
  9. 9. Liability
  10. 10. Final provisions

1. Subject, nature and purpose of processing

The subject is the processing of personal data of the Controller's clients for the purpose of providing the VetLocal Service — specifically review synchronisation, AI reply drafting, storage of review content and generation of monthly reports.

2. Categories of personal data and data subjects

Categories of data processed:

• Client name (or alias) as it appears on Google, • public profile picture from Google, • review text, • 1–5 star rating, • date of review publication.

Categories of data subjects: clients of veterinary practices who voluntarily published a review on Google.

3. Processor obligations

The Provider undertakes to: process personal data only on documented instructions from the Controller; ensure confidentiality of authorised persons; implement appropriate technical and organisational measures under Article 32 GDPR; and assist the Controller in responding to data subject rights requests.

4. Sub-processors

The Controller grants the Provider general authorisation to use the sub-processors listed in the Privacy Policy. The Provider will notify the Controller of any changes at least 30 days in advance.

5. International transfers

Transfers of personal data to third countries outside the EEA take place exclusively on the basis of an adequacy decision or Standard Contractual Clauses 2021/914.

6. Security incidents

The Provider will notify the Controller of any personal data breach without undue delay and at most within 72 hours of becoming aware of it.

7. Data subject rights

If a data subject contacts the Provider with a rights request, the Provider will not respond directly and will forward the request to the Controller within 5 business days.

8. Audit and inspection

The Controller may conduct one audit per 12-month period at their own cost, on 30 days' written notice and during normal business hours.

9. Liability

Liability between the parties is governed by the Terms of Service. Where GDPR imposes direct liability on the processor toward a data subject (Article 82), the Provider bears liability only to the extent of the obligations expressly imposed on processors by GDPR.

10. Final provisions

This DPA remains in force for as long as the Provider processes personal data for the Controller. In case of conflict between this DPA and the main contract, this DPA prevails.

VetLocal

AI Google Business Profile manager for Czech veterinary practices.

Product

  • Features
  • Pricing
  • Free audit
  • Vets by city
  • Sign up
  • Log in

Legal

  • Privacy
  • Terms
  • Cookies
  • Data Processing Agreement

Contact

    danila.s.anikin@gmail.com

© 2026 VetLocal. All rights reserved.·powered by Lokwave

·

Made in Prague · GDPR · EU data