Data Processing Agreement (DPA)

1. INTRODUCTION

This Data Processing Agreement ("DPA") forms part of the contractual relationship between AIRYRIDES TECHNOLOGIES LLC ("AiryRides", "we", "us", or "our") and its business partners, including Online Travel Agencies (OTAs), Travel Agencies, Tour Operators, Hotels, Corporate Travel Companies, Transportation Suppliers, Fleet Operators, and other business customers ("Partner").

This DPA governs the processing of Personal Data by AiryRides in connection with the services provided through the AiryRides platform and related business operations.

2. PARTIES

Data Processor:

Data Controller:

The Partner or Customer providing Personal Data to AiryRides in connection with transportation bookings and related services.

3. DEFINITIONS

"Personal Data" means any information relating to an identified or identifiable natural person.

"Data Subject" means the individual to whom the Personal Data relates.

"Processing" means any operation performed on Personal Data including collection, storage, transmission, organization, use, disclosure, or deletion.

"Controller" means the entity determining the purposes and means of processing Personal Data.

"Processor" means the entity processing Personal Data on behalf of the Controller.

4. NATURE AND PURPOSE OF PROCESSING

AiryRides processes Personal Data solely for purposes related to:

• Booking management
• Transportation service coordination
• Supplier assignment
• Customer support
• Flight tracking
• Operational communications
• Fraud prevention
• Billing and payment processing
• Legal and regulatory compliance
• Service improvement

5. CATEGORIES OF PERSONAL DATA

Depending on the services provided, AiryRides may process:

• Passenger names
• Email addresses
• Telephone numbers
• Flight details
• Pickup locations
• Drop-off locations
• Booking references
• Travel dates and times
• Communication records
• Customer service inquiries

6. CATEGORIES OF DATA SUBJECTS

Personal Data may relate to:

• Travelers
• Passengers
• Drivers
• Supplier representatives
• Partner representatives
• Business contacts
• Website users

7. PROCESSING INSTRUCTIONS

AiryRides shall process Personal Data only:

• On documented instructions from the Controller;
• For purposes necessary to provide contracted services;
• To comply with applicable laws and regulations.

8. CONFIDENTIALITY

AiryRides shall ensure that personnel authorized to process Personal Data:

• Are subject to confidentiality obligations;
• Receive appropriate privacy and security training;
• Access Personal Data only where necessary for their duties.

9. SECURITY MEASURES

AiryRides implements reasonable technical and organizational measures designed to protect Personal Data, including:

• Access controls
• Password protection
• User authentication procedures
• Encryption where appropriate
• Secure cloud infrastructure
• Network security measures
• Monitoring and logging systems
• Data minimization practices

10. SUBPROCESSORS

AiryRides may engage third-party service providers to support its services. Such subprocessors may include:

• Google Workspace
• HubSpot
• Zoho
• Cloudflare
• Hosting providers
• Communication providers
• IT infrastructure providers

AiryRides shall require subprocessors to implement appropriate data protection measures.

11. INTERNATIONAL DATA TRANSFERS

Personal Data may be transferred internationally where necessary to provide services. Where required by applicable law, AiryRides shall implement appropriate safeguards for international transfers.

12. DATA SUBJECT RIGHTS

To the extent required by applicable law, AiryRides shall reasonably assist Controllers in responding to requests relating to:

• Access
• Rectification
• Erasure
• Restriction
• Objection
• Data portability

13. DATA BREACH NOTIFICATION

If AiryRides becomes aware of a Personal Data breach affecting Personal Data processed under this DPA, AiryRides shall notify the relevant Controller without undue delay and provide available information regarding:

• The nature of the breach;
• Categories of affected data;
• Likely consequences;
• Mitigation measures taken.

14. DATA RETENTION

AiryRides shall retain Personal Data only for as long as necessary:

• To provide services;
• To comply with legal obligations;
• To resolve disputes;
• To enforce contractual rights.

Upon expiration of applicable retention periods, Personal Data may be deleted or anonymized unless retention is required by law.

15. AUDIT AND COMPLIANCE

Upon reasonable request, AiryRides may provide information necessary to demonstrate compliance with applicable data protection obligations under this DPA.

16. LIABILITY

Each party shall remain responsible for its own compliance with applicable privacy and data protection laws.

Nothing in this DPA shall expand either party's liability beyond the limits established under applicable agreements between the parties.

17. GOVERNING LAW

This DPA shall be governed by and construed in accordance with the laws of the State of Wyoming, United States, unless otherwise required by applicable data protection legislation.

18. CONTACT

For privacy, security, or data protection inquiries, please contact: