Data Processing Agreement
Version 1.1 — 3 June 2026
Parties
Controller: the merchant who has an active account on checkout.bookto.eu (hereafter "Merchant" or "Controller").
Processor: ianka fleerackers Comm. V., a Belgian limited partnership (commanditaire vennootschap), registered offices at Nieuwstraat 84, 2880 Bornem, Belgium, enterprise / VAT number BE 0824.677.865 (hereafter "bookto checkout", "Processor", "we", or "us").
By activating an account on checkout.bookto.eu, the Merchant accepts these processing conditions. The person accepting is deemed authorised to do so on behalf of the Merchant.
1. Definitions
- GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data.
- Personal Data — any information relating to an identified or identifiable natural person, as defined in article 4 of the GDPR.
- Merchant Personal Data — any Personal Data of end customers processed by bookto checkout on behalf of the Merchant in connection with the Services.
- Data Subject — a natural person whose Personal Data is processed.
- Data Breach — any unauthorised or unlawful processing, disclosure, or access to Merchant Personal Data, or any unintentional or unlawful destruction, loss, or alteration of such data.
- Services — the checkout, payment, invoicing, and post-payment automation services provided by bookto checkout to the Merchant.
- Sub-processor — any party designated by or on behalf of bookto checkout to process Merchant Personal Data.
- Controller and Processor — as defined in article 4 of the GDPR.
- All terms not defined above have the same meaning as in the GDPR.
2. Scope and duration
2.1. These conditions apply to all Merchant Personal Data processed by bookto checkout in connection with the Services.
2.2. These conditions remain in force until all Merchant Personal Data has been deleted or returned as described in section 11. They expire automatically at that point.
3. Processing of Personal Data
3.1. The Merchant determines which products are sold and which Personal Data is collected from end customers through the checkout. The Merchant is the Controller for this data.
3.2. bookto checkout processes Merchant Personal Data solely for the purpose of providing, maintaining, and improving the Services. We process this data only on behalf of the Merchant and in accordance with the Merchant's documented instructions, unless otherwise required by applicable law.
3.3. bookto checkout will comply with all applicable data protection laws when processing Merchant Personal Data.
3.4. bookto checkout will promptly inform the Merchant if, in our opinion, an instruction from the Merchant relating to the processing of Merchant Personal Data breaches the GDPR or other applicable data protection law, unless prohibited by law from doing so.
3.5. Categories of Personal Data processed
bookto checkout processes the following categories of Merchant Personal Data on behalf of the Merchant:
- End-customer identity data: name, email address
- End-customer billing data: street address, postal code, city, country, optional address line 2, VAT number (if provided)
- Order data: product name, quantity, price, order date, order reference
- Transaction data: Mollie transaction reference, payment status (succeeded / failed / refunded), amount
bookto checkout does not process payment instrument data (card numbers, CVC codes, bank account numbers). These are handled directly by Mollie and never reach our servers.
3.6. Categories of Data Subjects
- End customers who complete a checkout through the Merchant's payment links.
3.7. Merchant-configured integrations (outbound webhooks)
3.7.1. Through the Integrations settings, the Merchant may instruct bookto checkout to transmit order data — including the end-customer identity, billing, order, and transaction data listed in 3.5 — to one or more external destinations that the Merchant chooses and configures (for example, the Merchant's own server endpoint, or an automation tool such as Zapier connected to the Merchant's own account).
3.7.2. This transmission happens only when, and only to the destinations that, the Merchant configures. It is triggered when an order is paid. Each delivery is sent over HTTPS and cryptographically signed so the receiving system can verify it genuinely originates from bookto checkout.
4. Security measures and confidentiality
4.1. bookto checkout implements and maintains appropriate technical and organisational measures to protect Merchant Personal Data, including:
- Encryption of data in transit (TLS) and at rest (AES-256 via Supabase)
- Authentication and role-based access control for Merchant accounts
- Rate limiting on checkout and webhook endpoints
- Bot protection via Cloudflare Turnstile on checkout pages
- Separation of Merchant data through seller-scoped database queries
- Daily automated backups with buyer personally identifiable information excluded
4.2. All persons authorised to process Merchant Personal Data are bound by confidentiality obligations or have a legal obligation of confidentiality.
4.3. Only persons who need access to Merchant Personal Data to provide and maintain the Services are granted access, and only to the extent necessary.
4.4. bookto checkout is not responsible for Personal Data collected by or through the Merchant outside the Services, nor for Personal Data collected by third-party tools or plug-ins used by the Merchant independently.
5. Sub-processors
5.1. The Merchant grants bookto checkout general written authorisation to engage Sub-processors listed in the table below. bookto checkout will inform the Merchant of any intended changes to this list (additions or replacements) at least 14 days in advance via email. The Merchant may object in writing within that period. If the objection cannot be reasonably resolved, either party may terminate the Services.
5.2. bookto checkout ensures that each Sub-processor is bound by data protection obligations no less protective than those in this agreement, in accordance with article 28(4) of the GDPR.
5.3. bookto checkout remains responsible for the acts and omissions of its Sub-processors.
5.4. Recipients that the Merchant designates through the outbound webhook or third-party integration settings (such as the Merchant's own endpoints, or the Merchant's own Zapier account) are recipients chosen and controlled by the Merchant. They are not bookto checkout Sub-processors. The Merchant is responsible for ensuring an appropriate legal basis and, where required, a separate data processing agreement with each such recipient.
5.5. Once data has been transmitted to a Merchant-designated destination at the Merchant's instruction, bookto checkout is no longer responsible for its subsequent processing by that recipient.
Current Sub-processors
| Sub-processor | Purpose | Location | Transfer safeguards |
|---|---|---|---|
| Supabase Inc. | Database, authentication, data storage | EU region (Frankfurt). US-based parent entity. | Standard Contractual Clauses |
| Mollie B.V. | Payment processing | Netherlands (EU) | None required |
| Vercel Inc. | Application hosting | EU region (Frankfurt). US-based parent entity. | Standard Contractual Clauses; EU-US Data Privacy Framework |
| Resend Inc. | Transactional email (order confirmations) | United States | Standard Contractual Clauses; EU-US Data Privacy Framework |
| Kit (ConvertKit Inc.) | Post-payment email automations (when activated by Merchant) | United States | Standard Contractual Clauses; EU-US Data Privacy Framework |
| Onfact | Invoice generation (when activated by Merchant) | Belgium (EU) | None required |
| GitHub Inc. | Automated database backups (buyer PII excluded) | United States | Standard Contractual Clauses; EU-US Data Privacy Framework |
6. International transfers
6.1. Where possible, Merchant Personal Data is stored within the European Economic Area. Supabase and Vercel store data in EU regions (Frankfurt) by default. Mollie and Onfact are based in the EU.
6.2. For Sub-processors with US-based parent entities (Supabase, Vercel, Resend, Kit, GitHub), operational routing may involve the United States. We rely on Standard Contractual Clauses (article 46 GDPR) and, where the provider is certified, the EU-US Data Privacy Framework.
6.3. We monitor the status of the EU-US Data Privacy Framework. If it is invalidated or replaced, we continue to rely on Standard Contractual Clauses.
6.4. The Merchant may request a copy of the specific safeguards in place by contacting legal@bookto.eu.
7. Rights of Data Subjects
7.1. bookto checkout will assist the Merchant in fulfilling its obligation to respond to requests from Data Subjects exercising their rights under Chapter III of the GDPR (access, rectification, erasure, restriction, portability, objection).
7.2. If a Data Subject contacts bookto checkout directly regarding Merchant Personal Data, we will direct them to the Merchant without undue delay and inform the Merchant of the request.
7.3. Upon request, bookto checkout will enable the Merchant to access, export, correct, or delete Merchant Personal Data stored in the platform.
8. Data Breach notification
8.1. In the event of a Data Breach affecting Merchant Personal Data, bookto checkout will notify the Merchant without undue delay and no later than 48 hours after becoming aware of the breach.
8.2. The notification will include, to the extent available: the nature of the breach, the categories and approximate number of Data Subjects affected, the likely consequences, and the measures taken or proposed to address the breach.
8.3. bookto checkout will take immediate measures to contain the breach and mitigate any adverse effects.
8.4. bookto checkout will assist the Merchant in complying with its obligations to report the breach to a supervisory authority (article 33 GDPR) and to notify Data Subjects (article 34 GDPR), where applicable.
9. Data Protection Impact Assessments
9.1. bookto checkout will assist the Merchant in carrying out data protection impact assessments and prior consultations with supervisory authorities, to the extent required under articles 35 and 36 of the GDPR, in relation to the processing performed under this agreement.
10. Records of processing activities
10.1. bookto checkout maintains a register of processing activities carried out on behalf of the Merchant, in accordance with article 30(2) of the GDPR.
10.2. This register will be made available to the Merchant upon written request.
11. Deletion or return of Personal Data
11.1. Upon termination of the Services, or at an earlier time upon written request from the Merchant, bookto checkout will delete all Merchant Personal Data, including existing copies, within 30 days, unless retention is required by applicable law.
11.2. Where Belgian accounting or tax law (articles III.86 and following of the Belgian Code of Economic Law) requires retention of invoicing or transaction records, those records will be retained for 7 years from the transaction date. This retention is limited to names, billing addresses, VAT numbers, transaction amounts, and transaction references.
11.3. Upon written request, bookto checkout will confirm deletion in writing.
12. Audit
12.1. The Merchant, or a qualified third party acting under instruction of the Merchant, has the right to audit bookto checkout's compliance with this agreement and applicable data protection law, at the Merchant's expense. The Merchant will provide at least 30 days written notice.
12.2. bookto checkout may satisfy audit requests by providing relevant documentation, certifications, or reports, in lieu of on-site access, where this is sufficient to demonstrate compliance.
12.3. Audits will be conducted during normal business hours, in a manner that minimises disruption, and will not exceed once per calendar year unless required by a supervisory authority.
13. Liability
13.1. Each party is liable for damage caused by processing that infringes the GDPR, in accordance with article 82 of the GDPR.
13.2. bookto checkout's aggregate liability under this agreement — excluding liability that cannot be limited under applicable law — is limited to the fees paid by the Merchant in the 12 months preceding the event giving rise to the claim.
13.3. bookto checkout is not liable for damage caused by processing that occurs outside the Services, or by third-party tools or plug-ins used by the Merchant independently.
14. Governing law and disputes
14.1. This agreement and its interpretation are governed exclusively by Belgian law.
14.2. Any dispute arising from or in connection with this agreement will be submitted to the courts of Mechelen, Belgium, unless the parties agree otherwise in writing.
15. Amendments and severability
15.1. bookto checkout may update these conditions from time to time. Material changes will be communicated to the Merchant at least 30 days in advance via email. Continued use of the Services after the notice period constitutes acceptance.
15.2. Should any provision of this agreement be deemed invalid or unenforceable, the remaining provisions remain in full force. The invalid provision will be amended to the minimum extent necessary to make it valid and enforceable while preserving the intent of the parties.
16. Contact
For any question about this agreement, contact us at legal@bookto.eu in English or Dutch.
ianka fleerackers Comm. V. · Nieuwstraat 84, 2880 Bornem, Belgium · VAT BE 0824.677.865