Start Free Trial
Login
Start Free Trial
Login

Check-in Pax

Data Processing Agreement (DPA)

Effective Date: 7 June 2025

Check-in Pax – Data Processing Agreement (DPA)

This Data Processing Agreement (“Agreement”) is incorporated into the Terms of Service (“Terms”) of Check-in Pax and is effective as of the date you accept the Terms.

Effective Date: 7 June 2025

Parties:

  • Check-in Pax, a product operated by Central Pacific Consultants Limited.
    Registered office: 2F Beverly House, 93-107 Lockhart Road, Wan Chai, Hong Kong
    Business Registration Number: 53642392
    (Hereinafter referred to as “Processor”)
  • You
    (Hereinafter referred to as “Controller”)
  1. Definitions
  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation or set of operations performed on Personal Data, including collection, storage, use, transfer, and deletion.
  • “Data Subject” means the identified or identifiable natural person to whom Personal Data relates.
  • “Services” means the event management platform and associated services provided by the Processor.
  1. Purpose of Processing

The Processor shall process Personal Data on behalf of the Controller solely for the purpose of providing the Services, including but not limited to:

  • Uploading and managing guest lists before the event and during event check-in.
  • Collecting RSVPs through registration forms.
  • Sending emails and/or SMS to guests.
  • Conducting data analytics and generating event reports.
  1. Roles and Responsibilities
  • You are the sole data controller of the Personal Data uploaded to the Processor’s platform. The Processor acts as a data processor and provides the tools and functionalities necessary for you to manage Personal Data in accordance with applicable data protection laws.
  • The Processor shall process Personal Data only as necessary to provide the Services and shall not use Personal Data for any purpose other than as specified in this Agreement or as required by law.
  • Check-in Pax’s Obligations: The Controller hereby appoints Check-in Pax to process Controller Data on Controller’s behalf for the purposes described in the Terms (including this DPA) and its privacy policy. Check-in Pax shall process Controller Data in accordance with Controller’s instructions, as further specified in the Terms and this DPA. All Controller Data processed under the Terms (including this DPA) will be stored, organized, and made available to Controller as the Controller. Check-in Pax shall appoint a Data Protection Officer: dataprotection@checkinpax.com.
  1. Data Deletion and Retention
  • Upon your request, the Processor shall delete or make available for download all Personal Data at the end of the provision of Services. The data will be provided in a commonly used electronic format.
  • If you choose to delete the data, the Processor will ensure that all Personal Data is securely deleted from its systems, unless applicable law requires the storage of the Personal Data for a specified period.
  • Data Destruction or Export: The Controller may, at any time during the performance of the Terms, (i) access or delete Controller Data processed by Check-in Pax directly via the Platform or (ii) retrieve the data that the Controller has uploaded on the Platform or reports relating to the data by clicking on the “export button” in Controller’s Check-in Pax account. Upon termination of the Terms, Check-in Pax shall, upon Controller’s request, destroy all Controller Data within three (3) months of termination. Upon request by Controller, Check-in Pax shall provide Controller with written confirmation of such destruction. Notwithstanding the foregoing, Check-in Pax reserves the right to retain Controller Data for longer periods where a longer retention period is required by applicable law.
  1. Security Measures

The Processor implements a comprehensive set of technical and organizational measures to ensure a level of security appropriate to the risk associated with processing Personal Data. These measures include, but are not limited to:

  • Encryption of Personal Data.
  • Access controls to limit access to authorized personnel only.
  • Regular security audits and assessments.
  • Multi-factor authentication for access to sensitive data.
  • Regular penetration testing to identify vulnerabilities.
  • Data breach detection and response procedures.
  • Security: Check-in Pax undertakes to take all commercially reasonable and legally necessary precautions, in respect of the nature of Personal Data and the risks presented by the processing, to preserve the security of Personal Data and in particular, to prevent it from being distorted, damaged, or accessed by unauthorized third parties. Check-in Pax shall implement and maintain appropriate technical and organizational security and confidentiality measures available on demand.
  1. Sub-Processors
  • The Processor may engage sub-processors to carry out specific processing activities on behalf of the Controller. The Processor shall ensure that any sub-processor is bound by data protection obligations that are no less protective than those set out in this Agreement.
  • A list of approved sub-processors can be found here www.checkinpax.com/security.
  1. Data Subject Rights
  • The Processor shall assist you in fulfilling your obligations to respond to requests from Data Subjects exercising their rights under applicable data protection laws, including the right to access, rectify, or erase Personal Data.
  1. Compliance with Laws
  • Each party shall comply with all applicable data protection laws, including the GDPR, in relation to the processing of Personal Data under this Agreement.
  1. Liability
  • The Processor shall not be liable for any indirect, incidental, or consequential damages arising out of or in connection with this Agreement. The Controller shall indemnify and hold harmless the Processor against any claims arising from Controller’s instructions or failure to comply with applicable data protection laws.
  1. Term and Termination
  • This Agreement shall remain in effect for as long as the Processor processes Personal Data on behalf of the Controller. Either party may terminate this Agreement with written notice if the other party breaches any material term of this Agreement and fails to cure such breach within thirty (30) days of receiving notice.
  1. Governing Law
  • This Agreement shall be governed by and construed in accordance with the laws of Hong Kong.
  1. Assistance and Audit
  • Assistance: To the extent the Controller is unable to independently access the relevant Controller Data via the Platform, upon written request by the Controller and at Controller’s expense, Check-in Pax shall reasonably assist and cooperate with the Controller to respond to a Data Subject request to exercise rights as required by applicable Data Protection Laws or a request from applicable data protection authorities relating to the processing of Personal Data under the Terms. If any such request is made directly to Check-in Pax, Check-in Pax shall not respond to such request directly without the Controller’s prior authorization unless legally compelled to do so. If Check-in Pax is legally compelled to directly respond to such a request, Check-in Pax shall promptly notify the Controller and provide the Controller with a copy of the request unless legally prohibited from doing so. Check-in Pax may directly execute a data subject’s request if (i) the request is an automatic unsubscription or if (ii) the request refers to an unsolicited communication, a prohibited use of the Services, or a potential breach of this Agreement by the Controller or one of Check-in Pax’s customers. In cases (i) and/or (ii), Check-in Pax will execute the request of the data subject without the prior approval of the Controller. In case (ii), Check-in Pax may suspend the possibility of sending any electronic communication to the domain of the person concerned.
  • Audit: Check-in Pax endeavors to provide the Controller with all the information and documents necessary for the Controller to demonstrate its compliance with the obligations set out in this DPA. Check-in Pax undertakes to accede to all reasonable requests made by the Controller to verify that Check-in Pax complied with the contractual obligations imposed by this DPA. If the Controller requires further documentation related to this DPA, upon the Controller’s written request and at reasonable intervals and the Controller’s sole expense, and subject to the confidentiality obligations set forth in the Terms, Check-in Pax shall make available to the Controller documentation regarding Check-in Pax compliance with the obligations set forth in this DPA in the form of a copy of Check-in Pax’s then most recent third-party audits or certifications or comparable documentation as determined by Check-in Pax or, upon request by the Controller, documentation of a Sub-Processor’s compliance with this DPA (collectively, “Audit Documentation”). The Controller acknowledges that: (i) documentation of a Sub-Processor’s compliance shall be considered confidential and (ii) certain Sub-Processors may require the Controller to execute a non-disclosure Terms with them to view Sub-Processor documentation.
  • Audit Limitations: The audits described in Section 12.2: (i) may not occur more than one (1) time per contract year; (ii) will be limited to Controller Data processing activities performed by Check-in Pax on behalf of the Controller; (iii) may not involve any on-site investigation, except as mutually agreed in writing by Check-in Pax and the Controller; and (iv) available Audit Documentation shall be limited to the extent necessary for Check-in Pax to comply with the legal rights of Check-in Pax employees.
  1. International Data Transfers
  • If Personal Data is transferred outside of the jurisdiction in which the Controller is located, Check-in Pax shall ensure that adequate safeguards are in place to protect the Personal Data in accordance with applicable data protection laws, including the GDPR. Specifically, Check-in Pax will utilize Standard Contractual Clauses or other appropriate mechanisms as required by applicable law to ensure that Personal Data is adequately protected during international transfers.
  1. Client-Specific Terms
  • The Processor acknowledges that the Controller may have specific requirements regarding data processing. Custom terms or modifications to this Agreement may be negotiated on a case-by-case basis. Such modifications may involve additional costs and can be included as part of Check-in Pax’s enterprise plan, which offers enhanced features and support tailored to meet the needs of larger organizations.
  1. Data Breach Notification
  • In the event of a Data Breach, Check-in Pax shall notify the Controller without undue delay, and in any event within 24 hours of becoming aware of the breach. The notification shall include, at a minimum, the following information:
    • The nature of the breach, including the categories and approximate number of Data Subjects affected.
    • The likely consequences of the breach.
    • The measures taken or proposed to be taken to address the breach, including measures to mitigate its possible adverse effects.
  1. Reputation Management
  • In the event of a data breach or incident that may impact the Controller’s reputation, Check-in Pax shall work collaboratively with the Controller to manage the situation. This includes providing timely information, assisting in communications, and supporting the Controller in any necessary public relations efforts to mitigate reputational damage.
  1. Employee Training
  • Check-in Pax shall ensure that its employees who have access to Personal Data are trained on data protection and security measures annually and upon hiring. This training will cover relevant data protection laws, security protocols, and the importance of safeguarding Personal Data.
  1. Review Period
  • This Agreement shall be reviewed at least annually to ensure compliance with applicable data protection laws and to reflect any changes in the processing of Personal Data. Any significant changes in data protection laws or practices will trigger an immediate review of this Agreement.
  1. Third-Party Audits
  • Check-in Pax shall provide documentation of its ongoing ISO certification process and any other relevant third-party audits or certifications to demonstrate compliance with applicable data protection standards.
  1. Additional Costs for Audits
  • Any requests for additional documentation or audits beyond the standard compliance reports provided by Check-in Pax may incur additional costs. The Controller seeking such audits or specific compliance documentation will be informed of the associated fees in advance. These services may be included as part of Check-in Pax’s enterprise plan, which offers enhanced features and support tailored to meet the needs of larger organizations.

By accepting the Terms, you agree to the terms of this Data Processing Agreement.

Product
Platform
Resources
Company
Legal

©2025 Check-in Pax | All rights reserved.

Youtube Linkedin