1. Scope and roles — and how you enter into it
When your stable runs its operations on Nose, you (the stable) are the data controller for the rider and operational data you enter, and horsenose is your processor — we handle that data only on your documented instructions. This Data Processing Agreement (DPA) is the Article 28 GDPR contract that governs that relationship.
The DPA is part of your Terms of Service: you enter into it automatically when you accept the Terms, and there is nothing separate to sign. For your own account and contact data, our marketing-site data, consent-based analytics, and security data, horsenose is the controller in its own right (see Privacy Policy → "Who is responsible").
2. What we do with your data — only on your instructions
We process your members’ personal data to provide the Service and nothing else: creating and isolating your tenant; creating rider, customer, and participant records on your behalf; scheduling rides and recording attendance; managing passes and gift vouchers; recording how a rider paid (the cash / pass / voucher / transfer labels and, where you enable online payments, a record of each online payment or balance top-up on your behalf — the funds and card data are handled by Stripe on your own Stripe account, never by horsenose); calculating instructor earnings; sending the one-way announcements you initiate; giving each member a self-service view of their own bookings; and the support, abuse-prevention, and audit-logging needed to run all of that.
We do not use your data for our own purposes, do not sell or share it for advertising, and do not use it to train AI or machine-learning models.
You confirm that you have a lawful basis under Article 6 GDPR (and, where relevant, Article 9 or Article 8 GDPR) for every instruction you give us and every item of personal data you put into Nose, that you have given your members the notices Articles 13 and 14 GDPR require, and that your instructions will not cause us to break the law.
3. Children
Riding schools teach children, so Nose is built to hold children’s data on your behalf — typically a child entered as a lesson participant by a parent who is your customer. You are responsible for the lawful basis and for any parental consent or authority required, including under Article 8 GDPR; where you rely on a child’s own consent, you confirm you have made reasonable efforts to verify parental authority. We keep what is held about a child to a minimum (typically a name and the lessons attended) and never market or target the Service to children.
4. Confidentiality, security, and sub-processors
Everyone with access to your data is bound by confidentiality, and we apply the technical and organisational measures described on our Security & Trust page — including database-enforced row-level security scoping each stable’s data to that stable, TLS in transit, encryption at rest, and an append-only audit log.
We use a small set of vetted sub-processors to run the Service; the current list, with each one’s purpose, region, and transfer mechanism, is at Sub-processors and in Privacy Policy → "Sharing — sub-processors". Before adding or replacing one, we give at least 15 days’ advance notice (by email to the stable’s account address or in-product) — sooner only where security or service continuity genuinely requires it, in which case we notify you as soon as reasonably possible and you can still object within 15 days of that notice. If you object and we can’t resolve it, you can end the affected part of the Service — or the whole agreement if that sub-processor is essential to it — with a pro-rata refund of pre-paid fees for the unused period. We bind every sub-processor to data-protection obligations at least as protective as this DPA and remain fully responsible to you for their performance.
We run across more than one region and add regions as we grow; the current primary region for each sub-processor is on the Sub-processors page and can change as we expand. Today most processing is in the EEA, with a few components outside it. For every cross-region transfer we rely on an appropriate mechanism — the EU Standard Contractual Clauses, the EU–U.S. Data Privacy Framework (and its UK Extension), the UK International Data Transfer Addendum where the UK GDPR applies, or the equivalent a further region requires — as set out on the Sub-processors page.
5. Audits
On request, we’ll give you what you need to demonstrate our Article 28 GDPR compliance as a first step — our Security & Trust page, this DPA, relevant third-party reports from our sub-processors where we’re permitted to share them, and written answers to reasonable security and processing questionnaires. If that isn’t enough, we’ll agree the scope, timing, and conduct of a further audit or inspection with you — given at least 30 days’ prior notice (sooner only after a security incident or supervisory-authority order), no more than once a calendar year (except after a breach affecting your data or where a supervisory authority requires it), during our normal business hours, and without unreasonable disruption to the Service for other stables. You cover the reasonable cost of that further audit, unless it reveals a material breach of this DPA on our part, in which case we cover our own cooperation costs.
6. Your members’ rights, and data breaches
If one of your members exercises a GDPR right (access, correction, deletion, and so on), you decide the response — you are their controller. We assist you and forward any request that reaches us to you; we do not decide it ourselves (Article 28(3)(e) GDPR).
If we become aware of a personal-data breach affecting your data, we notify you without undue delay so that you can meet your own obligations under Articles 33–34 GDPR.
If an instruction you give us would, in our view, break the GDPR or other data-protection law, we’ll tell you before acting on it. Taking into account the nature of the processing and the information available to us, we’ll also reasonably assist you with data-protection impact assessments and prior consultations with a supervisory authority (Articles 35–36 GDPR) where they concern processing on Nose.
7. Keeping, returning, and deleting your data
We keep your data for the life of your active account, because a stable needs its own history to operate. When an individual member is erased, we strip their direct identifiers after a 30-day reversible grace period (pseudonymisation under Art. 4(5) GDPR), leaving de-identified financial and lesson lines in your books so they reconcile.
Archiving or closing a stable starts a 90-day reversible offboarding window, automatically. Within it, the stable can be restored and a full export is available on request; when it ends, your data is kept for a maximum of 90 days in total and is then deleted automatically. Your own statutory records (for example, the 5-year Polish accounting/VAT records) are yours to keep — horsenose holds no independent duty to retain rider personal data for five years, so export what you need before the window closes.
8. Liability, order of precedence, and survival
Our liability under this DPA follows the caps and exclusions in your Terms of Service, except to the extent the law does not allow them to be limited — including Articles 82–83 GDPR. If this DPA and your Terms conflict on how personal data is processed, this DPA prevails; if this DPA conflicts with the Standard Contractual Clauses we rely on for a transfer, the SCCs prevail. This DPA lasts as long as we process your data on your behalf; the parts that need to keep applying after that — confidentiality, breach notification for anything discovered later, keeping/returning/deleting your data, audits for the period before you left, and this section — survive its end.
9. What makes up this DPA
This page states the DPA’s operative terms. Together with the Security & Trust page (our technical and organisational measures), the Sub-processors page (the authorised sub-processor list), and the details of processing described above, it forms the complete data-processing agreement between your stable and horsenose — there is nothing separate to sign. Where a cross-border transfer requires them, the EU Standard Contractual Clauses incorporated in our sub-processors’ agreements apply (together with the UK Addendum or an equivalent mechanism where another jurisdiction requires it). If you need a countersigned copy or a detailed processing record for your own accountability documentation, write to support@horsenose.eu and we’ll provide one.