Joint Controller Agreement (JCA)

(Joint data control — GDPR Art. 26)

1. Joint controllers

• Platform
• Establishment owner

Joint control arises when the Platform and the restaurant jointly determine the purposes and means of processing, for example:

• displaying the establishment's profile;
• processing reviews;
• interacting with users;
• creating events.

2. Distribution of roles

The Platform is responsible for:

• technical data storage;
• security;
• basic moderation;
• processing user complaints;
• compliance with DSA and GDPR;
• providing information to data subjects.

The establishment is responsible for:

• the accuracy of data about the establishment;
• the legality of employee data;
• responding to reviews;
• communicating with users;
• obtaining all required licenses.

3. Joint processing purposes

• creating and maintaining the establishment's profile;
• displaying information to users;
• interacting with guests (reservations, reviews);
• promoting establishment pages;
• analyzing user behavior.

4. Data subject rights (Art. 15–22 GDPR)

The data subject may send a request to:

• The platform;
• The establishment.

The party receiving the request is obliged to notify the other party and ensure that the obligations are fulfilled within 30 days.

5. Data breach notification

Each party is obliged to:

• immediately notify the other party of the breach;
• cooperate in the investigation;
• provide information to supervisory authorities.

6. Transparency

The Platform shall include information on joint control in its Privacy Policy in accordance with Art. 26(2) GDPR.

7. Liability of the parties

Each party is liable for its own violations of the GDPR.

In the event of joint violations, liability shall be apportioned in proportion to the level of participation.

For questions about joint data control, please contact help@plattr.me.

See also: Privacy Policy | Data Processing Agreement (DPA)