This Data Processing Agreement (this "DPA") is entered between Host-telecom.com, s.r.o. ("Host-telecom.com", "we") and Customer ("Customer", "you"), together referred as "The Parties". This agreement ("DPA") is part of the Terms of Service, Privacy Policy and other relevant policies (the "Agreement"). Customer agreeing to these terms enters in this DPA on their own behalf to the extent required under applicable Data Protection Regulations and Laws and to the extent Host-telecom.com processes Customer Data as instructed by the Controller (as defined in Section 1).
In the course of providing the Services to the Customer, Host-telecom.com may Process Customer Data on behalf of the Customer. The Parties agree to comply with the following provisions with respect to any Customer Data, each acting reasonably and in good faith.
1. DEFINITIONS
"Agreement" means the Terms of Service and other relevant policies announced on our website, together with your Order for the purchase of Services and the Order confirmation sent by Host-telecom.com.
"Order" means any Customer’s order for the purchase of the respective services.
"Site" means the Host-telecom.com website and all services we offer through our website.
"Services" means any hosting services we offer and the Customer has purchased that could involve the processing of Personal Data by Host-telecom.com.
"Partner" means any entity that directly or indirectly controls, is controlled by or is under common control with the Host-telecom.com subject entity.
"Control," for the purpose of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
"Additional Products" means any features, products, software, programs, add-ons, plugins, scripts, tools or any other third-party software or content that are not part of the Services but that may be accessible via the Host-telecom.com User Area or the Control Panel, installed by the Customer or otherwise for the usage of the Services.
"Controller" means the natural person or the legal entity which, alone or jointly with others, determines the purposes and means of the processing of customer data.
"Affiliate" means, as to any entity, any other entity that, directly or indirectly, controls, is controlled by, or is under common control with such entity through majority ownership.
"Data Protection Law" means any and all data protection laws and regulations that apply to the Processing of Personal Data by Host-telecom.com under the Agreement.
"Data Subject" means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
"Host-telecom.com" means the Host-telecom.com entity which is a party to this DPA, as specified in the section, a company registered and existing under the laws of Strážkovice, Czech Republic, with address: Pod Rafandou 906, 391 81 Veselí nad Lužnicí, Czech Republic.
"Personal Data" means any data that: (a) is deemed "personal data" or "personal information" (or other analogous variations of such terms) under Data Protection Law; and (b) that Customer submits using the Services for Host-telecom.com to Process on Customer’s behalf.
"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.
"Process" or "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
"Standard Contractual Clauses" means the standard contractual clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the transfer of personal data to processors established in third countries, the text of which is available at: https://eurlex.europa.eu/legal-content/en/TXT/?uri=CELEX%3A32010D0087.
"Subprocessor" means any Processor engaged by Host-telecom.com.
2. DATA PROCESSING AND PROTECTION
This DPA applies when Host-telecom.com processes Customer’s data for which Host-telecom.com will act as "processor" or "service provider" (or other analogous variations of such terms) under Data Protection Law.
2.1. Limitations on Use
Host-telecom.com will process Personal Data only: (a) in a manner consistent with documented instructions from Customer, including (i) to provide the Services, (ii) as permitted under the Agreement, including as specified in Attachment 1 to this DPA, and (iii) consistent with other reasonable instructions of Customer; and (b) with prior notice (unless notice is legally prohibited), as required by applicable law. Without limiting the foregoing, Host-telecom.com will not collect, retain, use, or disclose the Personal Data for any purpose other than as necessary for the specific purpose of performing the Services, including not collecting, retaining, using, or disclosing the Personal Data for a commercial purpose other than providing the Services.
2.2. Confidentiality
Host-telecom.com will ensure that persons authorized by Host-telecom.com to Process any Personal Data are subject to appropriate confidentiality obligations.
2.3. Security
Host-telecom.com will protect Personal Data in accordance with requirements under Data Protection Law, including by implementing appropriate technical and organizational measures designed to protect Personal Data against Personal Data Breach.
2.4. Return or Disposal
At the choice of Customer, delete or return (or will enable Customer to delete or retrieve) all Personal Data after the end of the provision of Services (unless applicable law requires Host-telecom.com to store any Personal Data).
2.5. Customer Obligations
Customer will not instruct Host-telecom.com to perform any Processing of Personal Data that violates any Data Protection Law. Host-telecom.com may suspend Processing based upon any Customer instructions that Host-telecom.com reasonably suspects violate Data Protection Law. Subject to the cooperation of Host-telecom.com as specified in this DPA, Customer will be solely responsible for safeguarding the rights of Data Subjects. Customer will promptly notify Host-telecom.com about any faults or irregularities in the Processing by Host-telecom.com discovered by Customer.
3. DATA PROCESSING ASSISTANCE
3.1. Data Subject’s Rights Assistance
Taking into account the nature of the Processing of Personal Data by Host-telecom.com under the Agreement, Host-telecom.com will provide reasonable assistance to Customer by appropriate technical and organizational measures, insofar as possible and as necessary, for the fulfilment of Customer’s obligations to respond to requests for exercising Data Subject’s rights under Data Protection Law (including Chapter III of the GDPR, as applicable) with respect to Personal Data solely to the extent Customer does not have the ability to address such Data Subject request without such assistance.
3.2. Security Assistance
To assist Customer in its efforts to ensure compliance with the security requirements under Data Protection Law including Article 32 of the GDPR, Host-telecom.com shall implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
3.3. Data Protection Impact Assessment Assistance
Taking into account the nature of Host-telecom.com’s Processing of Personal Data and the information available to Host-telecom.com, Host-telecom.com will provide reasonable assistance to Customer as required for Customer to comply with its obligations under Articles 35 and 36 of the GDPR in connection with Host-telecom.com’s Processing of Personal Data under the Agreement.
3.4. Personal Data Breach Notice and Assistance
Host-telecom.com will notify Customer without undue delay after becoming aware of a Personal Data Breach. Taking into account the nature of Processing and the information available to Host-telecom.com, Host-telecom.com will provide reasonable assistance to Customer as may be necessary for Customer to satisfy any notification obligations required under Data Protection Law (including Articles 33 or 34 of the GDPR) related to any Personal Data Breach.
4. AUDITS
Host-telecom.com will allow for and contribute to audits as follows:
(а) Once every 12 months, Customer may request to review a summary of Host-telecom.com’s SOC audit report regarding the Processing activities covered by this DPA;
(б) Customer or a third party auditor reasonably acceptable to Host-telecom.com may conduct an on-site audit of Host-telecom.com’s processing activities as required by a supervisory authority or Data Protection Law. Such on-site audit must (i) be scheduled on at least 45 days advance notice at a mutually agreed date and time; (ii) occur during Host-telecom.com’s normal business hours; (iii) be permitted only to the extent required to assess Host-telecom.com’s compliance with this DPA; (iv) comply with the policies, procedures, and other restrictions reasonably imposed by Host-telecom.com and, if applicable, the Subprocessor; and (v) not unreasonably interfere with Host-telecom.com’s business activities. Customer’s auditor will not be entitled to access information subject to third-party confidentiality obligations. Customer will provide written communication of any audit findings to Host-telecom.com, and the results of the audit will be the confidential information of Host-telecom.com.
5. SUBPROCESSORS
Customer authorizes Host-telecom.com to use Host-telecom.com’s Affiliates and third-party subprocessors to Process Personal Data in connection with the provision of Services to Customer ("Subprocessor"). Host-telecom.com will impose data protection obligations upon any Subprocessor that are no less protective than those included in this DPA. Host-telecom.com shall remain liable to Customer for a Subprocessor’s failure to fulfill its data protection obligations.
6. DATA TRANSFERS
Personal Data may be transferred to any country in which Host-telecom.com or its Subprocessors maintain facilities. This Section 6 only applies to the transfer of Personal Data from the European Economic Area ("EEA") to a third country that has not been deemed adequate by the European Commission (for transfers from the EEA).
6.1. Data Transfers from Customer to Host-telecom.com
For Personal Data transferred from the EEA Host-telecom.com will conduct the transfer: (a) pursuant to the Standard Contractual Clauses; or (b) any other data transfer mechanism permitted under Data Protection Law, such as binding corporate rules. For purposes of the Standard Contractual Clauses, the following terms will apply: (i) Customer and Host-telecom.com will be deemed to have executed the Standard Contractual Clauses as of the effective date of this DPA; (ii) Customer will be referred to as the "Data Exporter" and Host-telecom.com will be referred to as the "Data Importer" in the clauses with relevant company name and address details from the Agreement being inserted accordingly; (iii) details in Attachment 1 to this DPA will be used to complete Appendix 1 of those clauses, as appropriate.
6.2 Host-telecom.com Data Transfers to Subprocessors
If Host-telecom.com transfers Personal Data to a Subprocessor then Host-telecom.com shall enter into the Standard Contractual Clauses with the Subprocessor on Customer’s behalf, and the Subprocessor will be the "data importer" and the Customer will be the "data exporter".
7. MISCELLANEOUS
7.1 If there is a conflict (a) the terms of this DPA will prevail over the terms of the Agreement and (b) the Standard Contractual Clauses will prevail over this DPA. Except for the matters covered by this DPA, all terms of the Agreement, remain in effect. Capitalized terms not defined in this DPA have the same meaning as in the Agreement. Except as otherwise stated in the Agreement, this DPA and the Standard Contractual Clauses will automatically terminate upon the termination or expiration of the Agreement.
Attachment 1 - Scope of Processing
Subject-Matter and Duration of Processing
Host-telecom.com Processes Personal Data for the subject matter specified under the Agreement and until the Agreement terminates or expires, unless otherwise agreed upon by the parties in writing. In particular, the subject matter is determined by the Service(s) to which Customer subscribes and the data which Customer uploads to the Service.
Nature and Purpose of Processing (including Processing Operations)
The nature and purpose of Processing is determined by the Service(s) to which Customer subscribes and the data which Customer uploads to the Service.
For instance:
- Data Integration Cloud Services Process data uploaded to the Service, including Personal Data if uploaded, to connect, transform, and integrate data, applications, and processes across on-premise and cloud systems.
- Data Management, Quality, and Governance Cloud Services Process data uploaded to the Service, including Personal Data if uploaded, to help Customer understand and enrich data, to help ensure that data are relevant and trustworthy, and to help optimize compliance and business value from data.
- Infrastructure Hosting Services Process data uploaded to the Service, including Personal Data if uploaded, in accordance with the function performed by the Host-telecom.com software product that Host-telecom.com is hosting for Customer.
Types of Personal Data
Customer controls the types of Personal Data uploaded via the Services for Processing. Host-telecom.com may Process postal addresses, email addresses, and/or telephone numbers, in accordance with the specific Service to which Customer subscribes.
Special Categories of Personal Data None anticipated, but Customer controls the types of Personal Data processed via the Services.
Categories of Data Subjects Customer controls the categories of Data Subjects to which the Personal Data relates. For instance, Customer may Process via the Services Personal Data that relates to its current or prospective customers, employees or business partners.