Effective Date: November 1, 2025
CasitaMX Enterprises, Inc.
8737 Colesville Rd STE 1101, Silver Spring, MD 20910, United States
Contact: [email protected]
This Data Processing Addendum (“Addendum”) forms part of the Terms of Service or any other agreement between CasitaMX Enterprises, Inc. (“Casita”) and the user (“Customer,” “you,” or “your”) who uses casitahomes.com to manage or facilitate direct bookings. The purpose of this Addendum is to outline the roles, responsibilities, and commitments regarding the processing of personal data under applicable data protection laws.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
“Controller” means the entity that determines the purposes and means of processing Personal Data.
“Processor” means the entity that processes Personal Data on behalf of the Controller.
“Applicable Data Protection Laws” means the data protection and privacy laws of the United States, the European Union, and other jurisdictions that may apply, including the General Data Protection Regulation (EU) 2016/679 (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).
Casita acts as a Processor when it processes Personal Data on behalf of Customers (for example, when hosting account data, property listings, messages, or booking details).
Customers act as Controllers with respect to any Personal Data they collect from guests, hosts, or other users via casitahomes.com.
Each party agrees to comply with its respective obligations under applicable data protection laws.
Casita processes Personal Data solely for the following purposes:
To provide, maintain, and improve the casitahomes.com platform and related services
To enable account management, communication, and booking functionality between users
To provide technical support and ensure platform security
To comply with legal obligations or requests from competent authorities
Casita will not process Personal Data for any other purpose or sell Personal Data to any third party.
As the Controller, you are responsible for:
Ensuring that you have a lawful basis to collect and process Personal Data
Providing adequate privacy notices to your users and guests
Responding to requests from data subjects (such as access, correction, or deletion requests)
Ensuring that Personal Data shared with Casita is accurate and lawful
Casita will assist you, to the extent reasonably possible, in fulfilling your obligations to respond to data subject requests or inquiries.
Casita agrees to:
Process Personal Data only on documented instructions from the Customer
Implement reasonable administrative, technical, and physical safeguards to protect Personal Data against unauthorized access or disclosure
Notify the Customer without undue delay in the event of a confirmed data breach affecting Customer Personal Data
Ensure that any Casita personnel with access to Personal Data are subject to confidentiality obligations
Only engage sub-processors that provide at least the same level of protection for Personal Data, and make available a list of sub-processors upon request
Casita is a U.S.-based company. Personal Data may be transferred to and processed in the United States, where data protection standards may differ from those of the country in which the Customer or data subjects are located.
By using casitahomes.com, the Customer authorizes such transfers in accordance with applicable law. Casita will ensure appropriate safeguards, such as standard contractual clauses where required.
Casita retains Personal Data only as long as necessary to provide the service or comply with legal obligations. Upon termination of your account or written request, Casita will delete or anonymize Personal Data within a reasonable period unless retention is required by law.
Casita maintains appropriate technical and organizational security measures designed to protect Personal Data. These measures include access controls, encryption of data in transit, regular monitoring, and secure storage systems.
In the event of a confirmed data breach that is likely to result in a risk to data subjects’ rights and freedoms, Casita will promptly notify the Customer with information about the nature of the breach, the affected data, and mitigation steps taken.
Casita may engage sub-processors (such as hosting providers, analytics services, or infrastructure partners) to support the platform. Casita remains responsible for ensuring that any sub-processor complies with this Addendum. A current list of sub-processors is available upon request at [email protected].
This Addendum is governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to its conflict-of-law provisions. Any dispute arising under this Addendum shall be resolved by binding arbitration in Wilmington, Delaware.
For data protection questions, requests, or inquiries under this Addendum, contact:
CasitaMX Enterprises, Inc.
Email: [email protected]
Address: 8737 Colesville Rd STE 1101, Silver Spring, MD 20910, United States