Data Processing Agreement

This Data Processing Agreement ('DPA') is entered into between OMNIWARE APS ('Processor') and the Business utilizing the WayPAY platform ('Controller'). Using the WayPAY service constitutes acceptance of this DPA.

The Processor processes personal data on behalf of the Controller. **Purpose:** To maximize the utility of the WayPAY booking and payment platform. **Data Subjects:** The Controller's customers (end-users). **Categories of Data:** Name, email, phone number, booking history, purchase history, and payment metadata.

The Processor shall: 1. Only process personal data in accordance with the documented instructions of the Controller (which includes the functionality of the Platform). 2. Ensure that persons authorized to process the personal data have committed themselves to confidentiality. 3. Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The Controller authorizes the Processor to engage the following sub-processors: - **Supabase:** Database and authentication infrastructure (hosted in EU/Frankfurt). - **Stripe:** Payment processing. - **Hetzner:** Server hosting (EU). The Processor shall inform the Controller of any intended changes concerning the addition or replacement of other processors.

The Processor shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights (e.g., right to transparent information, right of access, right to rectification, right to erasure).

The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach.