Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) forms part of the agreement between Cue Technologies (“Cue”, “Processor”) and any hospitality business, restaurant, venue, or organization (“Partner”, “Controller”) using the Cue Platform.

This DPA governs the processing of personal data by Cue on behalf of the Partner.

1. Definitions

For the purposes of this DPA:

  • Personal Data means any information relating to an identified or identifiable natural person.

  • Controller means the entity that determines the purposes and means of processing Personal Data.

  • Processor means the entity processing Personal Data on behalf of the Controller.

  • Applicable Data Protection Law means the Jordan Personal Data Protection Law (PDPL) and any applicable international data protection regulations.

2. Scope and Purpose of Processing

2.1 Cue processes Personal Data solely for the purpose of providing booking, reservation coordination, and related platform services.

2.2 Processing activities include:

  • Collection of reservation details

  • Storage of reservation information

  • Transmission of reservation data to Partners

  • System automation and confirmation handling

  • Platform security and fraud prevention

2.3 Cue does not determine the purpose of reservation-related data collection; the Partner remains the Controller.

3. Categories of Data Subjects

Processing may involve data relating to:

  • Customers submitting reservations

  • Partner staff using the Platform

4. Categories of Personal Data

Personal Data may include:

  • Full name

  • Contact details (phone, email)

  • Reservation details (date, time, party size)

  • Communication records

  • Device or usage information

Cue does not intentionally process sensitive personal data unless voluntarily provided by Users.

5. Obligations of Cue (Processor)

Cue shall:

5.1 Process Personal Data only on documented instructions from the Partner.

5.2 Ensure persons authorized to process data are bound by confidentiality obligations.

5.3 Implement appropriate technical and organizational security measures to protect against:

  • Unauthorized access

  • Accidental loss

  • Alteration or disclosure

  • Destruction of data

5.4 Assist the Partner, where reasonably possible, in responding to data subject requests.

5.5 Notify the Partner without undue delay upon becoming aware of a data breach affecting Partner-controlled data.

6. Sub-Processors

6.1 Cue may engage third-party service providers (such as hosting providers, cloud infrastructure, analytics tools) to support the Platform.

6.2 Cue shall ensure that any sub-processor is bound by written data protection obligations equivalent to those in this DPA.

6.3 Cue remains responsible for sub-processor compliance with this DPA.

7. Data Transfers

7.1 Personal Data may be processed in jurisdictions outside Jordan where Cue’s infrastructure providers operate.

7.2 Where cross-border transfers occur, Cue shall implement appropriate safeguards consistent with applicable data protection standards.

8. Data Retention

8.1 Personal Data shall be retained only for as long as necessary to:

  • Provide the Service

  • Meet legal or regulatory requirements

  • Resolve disputes

  • Enforce agreements

8.2 Upon termination of the service relationship, Cue may delete or anonymize Personal Data unless legally required to retain it.

9. Security Measures

Cue maintains administrative, technical, and organizational safeguards appropriate to the risk, including but not limited to:

  • Access controls

  • Encrypted data transmission where applicable

  • Secure hosting environments

  • Internal access limitations

  • Routine system monitoring

Cue does not guarantee absolute security due to the inherent nature of internet-based services.

10. Audit and Compliance

10.1 Upon reasonable request, Cue may provide information necessary to demonstrate compliance with this DPA.

10.2 Formal audits must be reasonable, non-disruptive, and subject to confidentiality.

11. Liability

11.1 Each party remains responsible for compliance with applicable data protection law.

11.2 Cue’s liability under this DPA shall be subject to the limitation of liability provisions contained in the main Partner Terms.

12. Term and Termination

This DPA remains in effect for as long as Cue processes Personal Data on behalf of the Partner.

13. Governing Law

This DPA shall be governed by the laws of the Hashemite Kingdom of Jordan.

Disputes shall fall under the jurisdiction of the competent courts of Amman, Jordan.