BoothGatorBoothGator
Log inGet Started

Data Processing Agreement

Last updated: June 2025 — This DPA forms part of your agreement with BoothGator.

Admin notice: The following environment variables are not configured. Set them in Replit Secrets before going live: VITE_LEGAL_COMPANY_NAME, VITE_LEGAL_COMPANY_ADDRESS, VITE_LEGAL_COMPANY_EMAIL, VITE_LEGAL_PRIVACY_EMAIL, VITE_LEGAL_COUNTRY

1. Parties & Definitions

This Data Processing Agreement ("DPA") is entered into between:

  • Controller: The entity or individual who has accepted BoothGator's Terms of Service and uses the platform to collect visitor lead data ("Customer").
  • Processor: BoothGator (the operator of the BoothGator platform).

This DPA is automatically incorporated into your agreement with BoothGator upon acceptance of the Terms of Service. No separate signature is required.

2. Subject Matter

BoothGator processes personal data on behalf of the Customer for the purpose of providing the lead capture platform, including storing, retrieving, and displaying visitor lead data submitted through the Customer's QR code campaigns.

3. Nature & Purpose of Processing

  • Categories of data subjects: Trade show visitors who scan the Customer's QR code and submit the lead form.
  • Categories of personal data: Name, email address, and any additional fields configured by the Customer (e.g. phone number, job title, company). No special category data.
  • Purpose: Collecting, storing, and making available lead information for the Customer's marketing and sales activities.
  • Duration: For the term of the Customer's subscription and as required by applicable law thereafter.

4. Processor Obligations

BoothGator shall:

  • Process personal data only on documented instructions from the Customer (i.e. providing the Service as described).
  • Ensure that persons authorised to process personal data are bound by confidentiality.
  • Implement appropriate technical and organisational security measures (encryption in transit, access controls, password hashing).
  • Assist the Customer in responding to data subject requests, where technically feasible.
  • Delete or return all personal data upon termination of the Service, at the Customer's choice.
  • Make available all information necessary to demonstrate compliance with this DPA.
  • Notify the Customer without undue delay (within 72 hours where possible) upon becoming aware of a personal data breach.

5. Controller Obligations

The Customer (Controller) shall:

  • Ensure a lawful basis exists for collecting visitor personal data.
  • Provide visitors with a privacy notice informing them of data collection (e.g. signage at the booth).
  • Not instruct BoothGator to process data in a manner that violates applicable law.
  • Not collect special category data (health, ethnicity, political opinions, etc.) via lead forms.

6. Sub-processors

The Customer grants general authorisation to BoothGator to engage sub-processors. Current sub-processors are listed in our Privacy Policy (Section 5). BoothGator will give at least 14 days' notice before adding or replacing a sub-processor. The Customer may object by ceasing use of the Service.

7. International Transfers

Where personal data is transferred outside the EEA (e.g. to US-based sub-processors), such transfers are made pursuant to Standard Contractual Clauses (SCCs) adopted by the European Commission or another approved transfer mechanism.

8. Audit Rights

The Customer may request an audit of BoothGator's data processing activities with at least 30 days' written notice. Audits shall be conducted at the Customer's expense and must not disrupt normal operations.

9. Governing Law

This DPA shall be governed by the same law as the Terms of Service. In case of conflict, this DPA takes precedence on matters of data processing.

10. Contact

For DPA-related queries: privacy@boothgator.com