GDPR
Data Processing
Agreement
This Data Processing Agreement describes the requirements of the European General Data Protection Regulation (GDPR) that comes into effect on May 25, 2018. 4in44’s services offered in the European Union are GDPR compliant and this Data Processing Agreement (DPA) provides you with the necessary information of this compliance.
This Data Processing Agreement (DPA)
This Data Processing Agreement (DPA) is an addendum to the Terms of Services (such as Free Shared Hosting, Premium Shared Hosting, Semi-Dedicated Hosting, VPS Hosting, Certificate Services Agreement, Domain Names Registration, Domain Privacy Protection Agreement and Affiliate Terms of Services) between 4in44 and the Client.
All capitalized terms not defined in this DPA shall have the meanings set forth in the Terms of Services. The client enters into this DPA on behalf of itself and, to the extent required under Data Protection Laws, in the name and on behalf of its Authorized Affiliates (defined below).
The parties agree to the following:
- General Definitions
Affiliate means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.
Authorized Affiliate means any of Customer Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Terms of Services.
Control means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term Controlled shall be construed accordingly.
Controller means an entity that determines the purposes and means of the processing of Personal Data.
Customer Data means any data that 4in44 and/or its Affiliates processes on behalf of the Client in the course of providing the Services under the Terms of Services.
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Data Protection Laws means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Terms of Services, including, where applicable, EU Data Protection Law.
EU Data Protection Law means (i) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (Directive) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (GDPR); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).
Personal Data means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law.
Processor means an entity that processes Personal Data on behalf of the Controller.
Processing has the meaning given to it in the GDPR and process, processes and processed shall be interpreted accordingly.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance.
Security Incident means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.
Services means any service distributed by 4in44 and provided by Attractsoft GmbH to the Client pursuant to and as more particularly described in the Terms of Services.
Sub-processor means any Processor engaged by 4in44 or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Terms of Services or this DPA. Sub-processors may include third parties or any 4in44 Affiliate.
- General Definitions
- DPA Scope and Applicability
- Applicability
This DPA applies where and only to the extent that 4in44 processes Personal Data on behalf of the Client in the course of providing the Services and such Personal Data is subject to Data Protection Laws of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.
- Applicability
- Role of the Parties
As between 4in44 and the Client, the Client is the Controller of Personal Data and 4in44 shall process Personal Data only as a Processor on behalf of the Client. Nothing in the Terms of Services or this DPA shall prevent 4in44 from using or sharing any data that 4in44 would otherwise collect and process independently of the Client’s use of the Services.
- Role of the Parties
- Customer Obligations
The Client agrees that (i) it shall comply with its obligations as a Controller under Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to 4in44; and (ii) it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for 4in44 to process Personal Data and provide the Services pursuant to the Terms of Services and this DPA.
- Customer Obligations
- 4in44 Processing of Personal Data
As a Processor, 4in44 shall process Personal Data only for the following purposes: (i) processing to perform the Services in accordance with the Terms of Services; (ii) processing to perform any steps necessary for the performance of the Terms of Services; and (iii) to comply with other reasonable instructions provided by the Client to the extent they are consistent with the terms of these Terms of Services and only in accordance with the Client’s documented lawful instructions. The parties agree that this DPA and the Terms of Services set out the Client’s complete and final instructions to 4in44 in relation to the processing of Personal Data and processing outside the scope of these instructions shall require prior written agreement between the Client and 4in44.
- 4in44 Processing of Personal Data
- Nature of the Data
4in44 handles Customer Data provided by the Client. Such Customer Data may contain special categories of data depending on how the Services are used by Client. The Customer Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to the Client; (ii) to provide client and technical support to the Client; and (iii) disclosures as required by law or otherwise set forth in the Terms of Services.
- Nature of the Data
- 4in44 Data
Notwithstanding anything to the contrary in the Terms of Services (including this DPA), Client acknowledges that 4in44 shall have a right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as billing, accounting, account management, technical support, product development, sales, marketing and digital marketing. To the extent any such data is considered personal data under Data Protection Laws, 4in44 is the Controller of such data and accordingly shall process such data in compliance with Data Protection Laws.
- 4in44 Data
- DPA Scope and Applicability
- Subprocessing
- Authorized Sub-processors
The Client agrees that 4in44 may engage Sub-processors to process Personal Data on the Client’s behalf.
- Authorized Sub-processors
- Sub-processor Obligations
4in44 shall: (i) enter into an agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause 4in44 to breach any of its obligations under this DPA.
- Sub-processor Obligations
- Subprocessing
- Security
- Security Measures
4in44 shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with 4in44 ‘s security standards.
- Security Measures
- Confidentiality of Processing
4in44 shall ensure that any person authorized to process Personal Data (including staff members, agents and subcontractors) shall be under an appropriate obligation of confidentiality.
- Confidentiality of Processing
- Security Incident Response
Upon becoming aware of a Security Incident, 4in44 shall notify the Client without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by the Client.
- Security Incident Response
- Updates to Security Measures
The Client acknowledges that the Security Measures are subject to technical progress and development and that 4in44 may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Client.
- Security
- Client’s General Data Protection Rights
- Right of confirmation
Each data subject shall have the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.
- Right of confirmation
- Right of access
Each data subject shall have the right to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.
- Right of access
- Right to rectification
Each data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
- Right to rectification
- Right to erasure (Right to be forgotten)
Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.
- Right to erasure (Right to be forgotten)
- Right of restriction of processing
Each data subject shall have the right to obtain from the controller restriction of processing.
- Right of restriction of processing
- Right to data portability
Each data subject shall have the right to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.
- Right to data portability
- Right to object
Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her.
- Right to object
- Automated individual decision-making, including profiling
Each data subject shall have the right to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her.
- Client’s General Data Protection Rights
- International Transfers
4in44 processes EU Data (defined below) in data centers located inside the European Union. All other Customer Data may be transferred and processed in the United States and anywhere in the world where the Client, its Affiliates and/or its Sub-processors maintain data processing operations. 4in44 shall implement appropriate safeguards to protect the Personal Data, wherever it is processed, in accordance with the requirements of Data Protection Laws.
- International Transfers
- Deletion of Data
Upon deactivation of the Services, all Personal Data will be deleted, save that this requirement shall not apply to the extent 4in44 is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data 4in44 shall securely isolate and protect from any further processing, except to the extent required by applicable law.
Don’t miss out on our upcoming promotion! Make sure you like and follow our Facebook page or subscribe here to get the latest news and offers.
By signing up you automaticaly
accept our Privacy Policy and Terms of use