DPA – Exhibit A

Download as PDF
4 min read
Published: September 13, 2024
Last Updated: October 17, 2025

PITCHED
Incorporating Pitched Applications Limited and Pitched Booking Limited

List of Parties, Description of Processing and Transfer of Personal Data, Competent Supervisory Authority

A. LIST OF PARTIES

The Exporter:

means the Customer.

Address:

As set out for the Customer in the Agreement.

Contact person’s name, position and contact details:

As provided by the Customer in its account and used for notification and invoicing purposes.

Activities relevant to the data transferred under the SCCs:

Use of the Services.

Signature and date:

By entering into the Agreement, the Exporter is deemed to have signed the SCCs incorporated into this DPA and including their Annexes, as of the Effective Date of the Agreement.

Role:

Controller.

Name of Representative (if applicable):

Any UK or EU representative named in the Exporter’s privacy policy.

The Importer:

means Pitched Applications Limited trading as Pitched

Address:

Whitsand, St Ingunger Country offices, Lanivet, Bodmin, Cornwall, PL30 5HS, United Kingdom.

Contact person’s name, position and contact details:

Ian Chambers (Director)
[email protected]

Activities relevant to the data transferred under the SCCs:

The provision of cloud computing solutions to the Exporter under which the Importer processes Personal Data upon the instructions of the Exporter in accordance with the terms of the Agreement.

Signature and date:

By entering into the Agreement, the Importer is deemed to have signed the SCCs, incorporated into this DPA, including their Annexes, as of the Effective Date of the Agreement.

Role:

Processor.

В. DESCRIPTION OF PROCESSING AND TRANSFERS

Categories of Data Subjects:

Employees, agents, advisors, consultants, freelancers of the Controller (who are natural persons).

Authorised Users, Affiliates and other participants authorised by the Controller to access or use the Services in accordance with the terms of the Agreement.

Prospects, customers, clients, business partners and vendors of the Controller (who are natural persons) and individuals with whom those end users communicate with by email and/or other messaging media.

Employees or contact persons of Controller’s prospects, customers, clients, business partners and vendors.

Suppliers and service providers of the Controller.

Other individuals to the extent identifiable in the context of emails of their attachments or in archiving content.

Categories of Personal Data:

The Controller may submit Personal Data to the Services, the extent of which is determined and controlled by the Controller. The Personal Data includes but is not limited to:

  • Personal details, first name, middle name and surname, email addresses, telephone number, postal addresses and company name of Authorised Users of the Services.

  • Unique identifiers such as username, account number or passwords.

  • Personal Data derived from an Authorised User’s use of the Services such as records and business intelligence information.

  • Personal Data within email and messaging content which identifies or may reasonably be used to identify individuals.

  • Meta data including, cookie IDs sent, to, from, date, time, subject, which may include Personal Data.

  • Geolocation based upon IP address.

  • Financial data required for invoicing.

  • Consumption data.

  • File attachments that may contain Personal Data.

  • Survey, feedback and assessment messages.

  • Information offered by users of the Services as part of support enquiries.

  • Other data added by the Controller from time to time.

Sensitive Data:

No sensitive data will be processed or transferred and shall not be contained in the content of or attachments to, emails.

The frequency of the processing and transfer (e.g. whether the data is transferred on a one-off or continuous basis):

Continuous basis for the duration of the Agreement.

Nature of the processing:

Processing operations include but are not limited to:

  • Holiday park bookings and enquiries.

  • Data analytics.

  • Marketing services.

  • Software support including email.

  • Management of employees and intermediaries.

  • Providing support to users.

  • Backup and transfer of data etc.

Purpose(s) of the data transfer and further processing:

Personal Data is transferred to sub-contractors who need to process some of the Personal Data in order to provide their services to the Processor as part of the Services provided by the Processor to the Controller.

The period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period:

Unless agreed otherwise in writing, for the duration of the Agreement, subject to clause 14 of the DPA.

For transfers to (Sub-) processors, also specify subject matter, nature and duration of the processing:

The Sub-processor list published sets out the Personal Data processed by each Sub-processor and the services provided by each Sub-processor.

C. COMPETENT SUPERVISORY AUTHORITY

Identify the competent supervisory authority/ies (e.g. in accordance with Clause 13 of the SCCs)

Where the EU GDPR applies, the Irish Data Protection Authority – Data Protection Commission, (DPC).

Where the UK GDPR applies, the UK Information Commissioner’s Office, (ICO).

Where the FADP applies, the Swiss Federal Data Protection and Information Commissioner, (FDPIC).

Need More Help?

If you need help and support with any of our terms and conditions, please contact us below.

Contact Us Call 01726 418118