Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of, and is incorporated by reference into, the Music Teacher Pros Terms of Service (the "Agreement") between Music Teacher Pros ("MTP", "we", "us", "Processor"), operated by Cent and Honey Ltd, and the client accepting the Agreement ("Client" ,"you", "Controller"). It applies where and to the extent MTP processes Personal Data on the Client's behalf in the course of providing the Services.

By continuing to use the Services after the date shown above, the Client agrees to this DPA. Where required, a signed counterpart is available on request.

1. Definitions

"Data Protection Laws" means the EU General Data Protection Regulation (Regulation (EU) 2016/679) ("EU GDPR"), the UK GDPR and the Data Protection Act 2018, and any other applicable data protection legislation, in each case as amended or replaced.

"Personal Data", "Controller", "Processor", "Sub-Processor", "Processing", "Data Subject" and "Personal Data Breach" have the meanings given to them in the Data Protection Laws.

"Client Personal Data" means the Personal Data that MTP processes on the Client's behalf in connection with the Services, as described in Annex 1.

"Standard Contractual Clauses" or "SCCs" means the clauses adopted by the European Commission (Implementing Decision (EU) 2021/914) and, for UK transfers, the UK International Data Transfer Addendum.

2. Roles of the parties

The parties agree that, in respect of Client Personal Data, the Client acts as the Controller and MTP acts as the Processor. Where the Client is itself acting as a processor for a third party, MTP acts as a Sub-Processor, and references to the "Controller" apply for the benefit of that third party accordingly.

This DPA does not apply to Personal Data for which MTP is itself the Controller (for example, the Client's own account and billing details), which is governed by the MTP Privacy Policy.

3. Scope and instructions

MTP shall process Client Personal Data only on the Client's documented instructions, including with regard to international transfers, unless required to do otherwise by applicable law (in which case MTP shall, where legally permitted, inform the Client first). The Agreement, this DPA, and the Client's ordinary use of the Services constitute theClient's complete and documented instructions. MTP shall inform the Client if, in its opinion, an instruction infringes the Data Protection Laws.

4. Confidentiality

MTP shall ensure that any person authorised to process Client Personal Data is bound by an appropriate obligation of confidentiality.

5. Security

MTP shall implement appropriate technical and organisational measures to protect Client Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, taking into account the state of the art, the costs of implementation and the nature, scope and purposes of processing. These measures are summarised in Annex 2 and are supported by the security controls of MTP's platform infrastructure provider.

6. Sub-Processors

The Client grants MTP general authorisation to engage Sub-Processors to process Client Personal Data. MTP maintains a current list of Sub-Processors in Annex 3.

MTP shall impose data protection obligations on each Sub-Processor that are no less protective than those in this DPA, and remains liable to the Client for the performance of each Sub-Processor's obligations.

MTP shall give the Client reasonable notice of any intended addition or replacement of a Sub-Processor. The Client may object on reasonable, data-protection-related grounds within thirty (30) days. The parties will work in good faith to resolve the objection; if no resolution is reached, the Client may terminate the affected Services.

7. Data Subject rights

Taking into account the nature of the processing, MTP shall assist the Client by appropriate technical and organisational measures, insofar as possible, to respond to requests from Data Subjects exercising their rights under the Data Protection Laws. If MTP receives such a request directly, it shall not respond except on the Client's documented instructions or as required by law, and shall promptly inform the Client.

8. Personal Data Breach

MTP shall notify the Client without undue delay after becoming aware of a Personal Data Breach affecting Client Personal Data, and shall provide the Client with information reasonably available to it to assist the Client in meeting its own breach-notification obligations.

9. Assistance

MTP shall provide the Client with reasonable assistance, taking into account the nature of processing and the information available to MTP, in relation to data protection impact assessments and prior consultations with supervisory authorities under Articles 35–36 of the GDPR.

10. International transfers

Where MTP or its Sub-Processors transfer Client Personal Data outside the UK or EEA, such transfers are made under an appropriate safeguard recognised by the Data Protection Laws, including the Standard Contractual Clauses and/or the platform infrastructure provider's certification under the EU–US Data Privacy Framework, as applicable.

11. Audit and information

MTP shall make available to the Client information reasonably necessary to demonstrate compliance with this DPA and the Processor obligations under Article 28 of the GDPR, and shall allow for and contribute to audits, including inspections, conducted by the Client or an auditor mandated by the Client, on reasonable prior notice, no more than once per year except where required by a supervisory authority, subject to reasonable confidentiality and security conditions.

12. Deletion and return

On termination of the Services, MTP shall, at the Client's choice, delete or return Client Personal Data and delete existing copies, unless retention is required by applicable law. The Client is responsible for exporting any data it wishes to retain before the account is closed.

13. Duration

This DPA takes effect on the date the Client first accepts the Agreement and continues for as long as MTP processes Client Personal Data on the Client's behalf.

14. General

In the event of a conflict between this DPA and the Agreement in respect of the processing of Personal Data, this DPA prevails. MTP may update this DPA from time to time to reflect changes in law, Sub-Processors, or the Services, and will provide notice of material changes in accordance with the Agreement.

Annex 1 — Details of Processing

Subject matter: Provision of marketing, CRM, booking and communications services to the Client via the MTP platform.

Duration: For the term of the Agreement and until deletion or return under Section 12.

Nature and purpose: Collection, storage, organisation, retrieval, use, transmission and deletion of Personal Data for the purpose of enabling the Client to capture, manage, contact and convert leads and to communicate with their own customers and prospects.

Categories of Data Subjects: The Client's leads, prospects, students, customers and contacts.

Categories of Personal Data: Identity and contact details (e.g. name, email address, telephone number), booking and enquiry information, communications content, and technical data such as IP address and device information submitted through the Client's forms, funnels, booking widgets and campaigns.

Special category data: Not required or requested by the Services. The Client should not submit special category data through the Services.

Annex 2 — Security Measures (summary)

  • Access to Client Personal Data restricted to authorised personnel on a need-to-know basis.

  • Encryption of data in transit and at rest via the platform infrastructure provider.

  • Logical access controls, authentication and, where available, two-factor authentication.

  • Reliance on infrastructure providers maintaining recognised security certifications (e.g. SOC 2, ISO 27001) and hosting within audited cloud environments.

  • Breach detection, response and notification procedures.

Annex 3 — Sub-Processors

Sub-Processor

HighLevel Inc. (operating the

LeadConnector platform infrastructure)

Role/Service

CRM, communications, automation and hosting platform underpinning the Services, including its own sub-processors (e.g. cloud hosting, email and SMS delivery)

Location

United States (with appropriate safeguards)

Note: Advertising platforms (e.g. Meta, Google) that the Client authorises MTP to run campaigns on act under their own terms and are not Sub-Processors under this DPA. HighLevel Inc. maintains its own published Sub-Processor list, incorporated here by

reference.

Music Teacher Pros is operated by Cent and Honey Ltd. This DPA is a general contractual document and not legal advice; the Client remains responsible for its own compliance as controller.

Last updated : July 7, 2025

FEATURES

Insights

Dashboard

Outbound Calling

Appointment Automation

Reputation Management

Unified Messaging

Lead Management

Easy Integration

Mobile App

contact us

Let's talk about what Music Teacher Pros can do for your business.


[email protected]

© 2026 Music Teacher Pros All Rights Reserved.