Data Processing Agreement — Happy Puppies

Legal · GDPR · Data Processing

Data Processing Agreement

📅 Version: March 2026

📌

Introduction

This Data Processing Agreement (DPA) describes how Happy Puppies, as data controller, processes personal data and works with its data processors. It sets out the technical and organisational measures in place to protect personal data processed in connection with our dog care services.

This agreement is intended for clients and website visitors whose data we process and meets the requirements of Art. 28 GDPR.

🏢

1. General Information

👤 Controller: Camila de Diago — Happy Puppies
📍 Address: Loosduinseweg 65H, 2571 AA The Hague, Netherlands
🏛️ KvK number: 93920881
📧 Data Protection Officer: dpo@happypuppies.nl
📞 Phone: +31 6 34698983
🌐 Website: happypuppies.nl
📅 Valid from: March 2026

We regularly review and update our security measures. Changes to this agreement will be communicated via our website.

🛠️

2. Which Services Does This Cover?

This agreement applies to the following services offered by Happy Puppies:

Dog boarding — overnight stays at our home in The Hague
Dog daycare — day supervision during working hours
Dog walking — structured walks in and around The Hague Centre
Puppy care — support and socialisation for young dogs

⚙️

3. What Do We Process Exactly?

In connection with our services, we process the following personal data:

Owner contact details (name, email, phone number)
Dog information (name, breed, age, vaccination status, health notes)
Booking information (dates, service type, special instructions)
Payment information (processed via our bank and invoicing tools — we do not store full card details)
Website usage data (via functional cookies and server logs)
Live chat correspondence (via Crisp)

ℹ️
We only process the data strictly necessary to deliver our services safely and correctly. We do not process special categories of personal data (Art. 9 GDPR) unless a dog’s health needs make this necessary for their care.

🌍

4. Where Is Your Data Stored?

All data processing takes place within the EU/EEA, with the following exception:

Processing	Location	Legal basis for transfer
Website security & CDN	🇺🇸 United States (Cloudflare)	Standard Contractual Clauses (SCCs, Art. 46 GDPR)

🔗

5. Who Do We Work With? (Sub-processors)

We work with the following parties for our operations:

Provider	Service	Location
Hostinger	Web hosting, server infrastructure & email delivery	🇳🇱 Netherlands (EU)
Yuvo	WordPress maintenance & backups (WP Umbrella, NinjaFirewall, NinjaScanner)	🇳🇱 Netherlands
WP Umbrella	WordPress backup management, monitoring & automated backups	🇫🇷 France (EU)
Knab	Banking services	🇳🇱 Netherlands
MoneyMonk	Financial administration & invoicing	🇳🇱 Netherlands
Contact Form 7	Contact & service request forms	🇪🇺 EU
Crisp	Live chat & customer support	🇫🇷 France (EU)
WP Statistics	Privacy-friendly website analytics (no external data sharing)	🇪🇺 EU
Polylang	Multilingual website (NL/EN/ES)	🇪🇺 EU
LiteSpeed Cache	Website performance & caching	🇳🇱 Netherlands (server)
NinjaFirewall	Website firewall & security	🇪🇺 EU
NinjaScanner	Malware & virus scanning	🇪🇺 EU
Complianz	Cookie consent management	🇳🇱 Netherlands
Cloudflare	Website security & CDN	🇺🇸 United States (SCCs)

All parties have committed to processing data only within the EU/EEA or in countries with adequate protection. For transfers to the United States (Cloudflare), Standard Contractual Clauses (SCCs) apply in accordance with Art. 46 GDPR.

🔒

6. How Do We Secure Your Data?

🔒

Transit encryptionTLS/SSL for all data in transit

💾

Backup encryptionWP Umbrella — automated backups managed by Yuvo

🛡️

Website securityNinjaFirewall & NinjaScanner — firewall and malware scanning (via Yuvo)

✉️

Email securityDKIM, SPF and DMARC against phishing and spoofing

🔐

Access controlTwo-factor authentication where possible, strict access rights

🔍

MonitoringRegular security scans of the WordPress site

🔄

UpdatesRegular patches for WordPress core, themes and plugins

🏠

Physical securityDog data and booking records stored on password-protected, encrypted devices

We have no structural access to data beyond what is necessary to deliver our services. We only access client data when explicitly required for service delivery or support.

✅

7. Rights of Data Subjects

We honour all GDPR data subject rights. Requests for access, correction, or deletion of personal data can be submitted as described in our Privacy Policy.

🗓️

8. Retention & Deletion

When the relationship with a client ends:

Timeline	Action
Immediately	Booking access and login credentials are revoked
Within 6 months	All personal data is irreversibly deleted, unless longer retention is required by law
Financial records	Retained for 7 years to comply with Dutch tax law (legal obligation)

🚨

9. What Do We Do in Case of a Data Breach?

ℹ️
What is a data breach? A security incident in which personal data is accidentally or unlawfully destroyed, lost, altered, or accessed without authorisation.

Aspect	Description
Notification	In the event of a breach affecting client data, we notify the affected party within 24 hours of discovery.
Regulatory reporting	Where required under GDPR, we report to the Dutch Data Protection Authority within 72 hours.
Our response	We document the incident, contain it immediately (e.g. restore from backup, apply security patch), and inform affected parties of the scope and actions taken.

⚖️

10. Legal Framework

This Data Processing Agreement is governed by Dutch law and complies with Article 28 of the GDPR. Any disputes arising from this agreement will be submitted to the competent court in The Hague.

Questions? Contact our Data Protection Officer at dpo@happypuppies.nl.