GDPR Data Processing
Agreement

This Data Processing Agreement describes the requirements of the European General Data Protection Regulation (GDPR) that comes into effect on May 25, 2018. 4in44’s services offered in the European Union are GDPR compliant and this Data Processing Agreement (DPA) provides you with the necessary information of this compliance.

This Data Processing Agreement (DPA)

This Data Processing Agreement (DPA) is an addendum to the Terms of Services (such as Free Shared Hosting, Premium Shared Hosting, Semi-Dedicated Hosting, VPS Hosting, Certificate Services Agreement, Domain Names Registration, Domain Privacy Protection Agreement and Affiliate Terms of Services) between 4in44 and the Client.

All capitalized terms not defined in this DPA shall have the meanings set forth in the Terms of Services. The client enters into this DPA on behalf of itself and, to the extent required under Data Protection Laws, in the name and on behalf of its Authorized Affiliates (defined below).


The parties agree to the following:

    1. General Definitions

      Affiliate means an entity that directly or indirectly Controls, is Controlled by or is under common Control with an entity.

      Authorized Affiliate means any of Customer Affiliate(s) permitted to or otherwise receiving the benefit of the Services pursuant to the Terms of Services.

      Control means an ownership, voting or similar interest representing fifty percent (50%) or more of the total interests then outstanding of the entity in question. The term Controlled shall be construed accordingly.

      Controller means an entity that determines the purposes and means of the processing of Personal Data.

      Customer Data means any data that 4in44 and/or its Affiliates processes on behalf of the Client in the course of providing the Services under the Terms of Services.

      Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

      Data Protection Laws means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Terms of Services, including, where applicable, EU Data Protection Law.

      EU Data Protection Law means (i) prior to May 25, 2018, Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data (Directive) and on and after May 25, 2018, Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (GDPR); and (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and applicable national implementations of it (in each case, as may be amended, superseded or replaced).

      Personal Data means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under applicable Data Protection Law.

      Processor means an entity that processes Personal Data on behalf of the Controller.

      Processing has the meaning given to it in the GDPR and process, processes and processed shall be interpreted accordingly.

      Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance.

      Security Incident means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data.

      Services means any service distributed by 4in44 and provided by Attractsoft GmbH to the Client pursuant to and as more particularly described in the Terms of Services.

      Sub-processor means any Processor engaged by 4in44 or its Affiliates to assist in fulfilling its obligations with respect to providing the Services pursuant to the Terms of Services or this DPA. Sub-processors may include third parties or any 4in44 Affiliate.

 

    1. DPA Scope and Applicability

        1. Applicability

          This DPA applies where and only to the extent that 4in44 processes Personal Data on behalf of the Client in the course of providing the Services and such Personal Data is subject to Data Protection Laws of the European Union, the European Economic Area and/or their member states, Switzerland and/or the United Kingdom. The parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.

        1. Role of the Parties

          As between 4in44 and the Client, the Client is the Controller of Personal Data and 4in44 shall process Personal Data only as a Processor on behalf of the Client. Nothing in the Terms of Services or this DPA shall prevent 4in44 from using or sharing any data that 4in44 would otherwise collect and process independently of the Client’s use of the Services.

        1. Customer Obligations

          The Client agrees that (i) it shall comply with its obligations as a Controller under Data Protection Laws in respect of its processing of Personal Data and any processing instructions it issues to 4in44; and (ii) it has provided notice and obtained (or shall obtain) all consents and rights necessary under Data Protection Laws for 4in44 to process Personal Data and provide the Services pursuant to the Terms of Services and this DPA.

        1. 4in44 Processing of Personal Data

          As a Processor, 4in44 shall process Personal Data only for the following purposes: (i) processing to perform the Services in accordance with the Terms of Services; (ii) processing to perform any steps necessary for the performance of the Terms of Services; and (iii) to comply with other reasonable instructions provided by the Client to the extent they are consistent with the terms of these Terms of Services and only in accordance with the Client’s documented lawful instructions. The parties agree that this DPA and the Terms of Services set out the Client’s complete and final instructions to 4in44 in relation to the processing of Personal Data and processing outside the scope of these instructions shall require prior written agreement between the Client and 4in44.

        1. Nature of the Data

          4in44 handles Customer Data provided by the Client. Such Customer Data may contain special categories of data depending on how the Services are used by Client. The Customer Data may be subject to the following process activities: (i) storage and other processing necessary to provide, maintain and improve the Services provided to the Client; (ii) to provide client and technical support to the Client; and (iii) disclosures as required by law or otherwise set forth in the Terms of Services.

        1. 4in44 Data

          Notwithstanding anything to the contrary in the Terms of Services (including this DPA), Client acknowledges that 4in44 shall have a right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Services for its legitimate business purposes, such as billing, accounting, account management, technical support, product development, sales, marketing and digital marketing. To the extent any such data is considered personal data under Data Protection Laws, 4in44 is the Controller of such data and accordingly shall process such data in compliance with Data Protection Laws.

 

    1. Subprocessing

        1. Authorized Sub-processors

          The Client agrees that 4in44 may engage Sub-processors to process Personal Data on the Client’s behalf.

        1. Sub-processor Obligations

          4in44 shall: (i) enter into an agreement with the Sub-processor imposing data protection terms that require the Sub-processor to protect the Personal Data to the standard required by Data Protection Laws; and (ii) remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Sub-processor that cause 4in44 to breach any of its obligations under this DPA.

 

    1. Security

        1. Security Measures

          4in44 shall implement and maintain appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with 4in44 ‘s security standards.

        1. Confidentiality of Processing

          4in44 shall ensure that any person authorized to process Personal Data (including staff members, agents and subcontractors) shall be under an appropriate obligation of confidentiality.

        1. Security Incident Response

          Upon becoming aware of a Security Incident, 4in44 shall notify the Client without undue delay and shall provide timely information relating to the Security Incident as it becomes known or as is reasonably requested by the Client.

      1. Updates to Security Measures

        The Client acknowledges that the Security Measures are subject to technical progress and development and that 4in44 may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services purchased by the Client.

 

    1. Client’s General Data Protection Rights

        1. Right of confirmation

          Each data subject shall have the right to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed.

        1. Right of access

          Each data subject shall have the right to obtain from the controller free information about his or her personal data stored at any time and a copy of this information.

        1. Right to rectification

          Each data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

        1. Right to erasure (Right to be forgotten)

          Each data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay.

        1. Right of restriction of processing

          Each data subject shall have the right to obtain from the controller restriction of processing.

        1. Right to data portability

          Each data subject shall have the right to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

        1. Right to object

          Each data subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal data concerning him or her.

      1. Automated individual decision-making, including profiling

        Each data subject shall have the right to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her.

 

    1. International Transfers

      4in44 processes EU Data (defined below) in data centers located inside the European Union. All other Customer Data may be transferred and processed in the United States and anywhere in the world where the Client, its Affiliates and/or its Sub-processors maintain data processing operations. 4in44 shall implement appropriate safeguards to protect the Personal Data, wherever it is processed, in accordance with the requirements of Data Protection Laws.

 

  1. Deletion of Data

    Upon deactivation of the Services, all Personal Data will be deleted, save that this requirement shall not apply to the extent 4in44 is required by applicable law to retain some or all of the Personal Data, or to Personal Data it has archived on back-up systems, which such Personal Data 4in44 shall securely isolate and protect from any further processing, except to the extent required by applicable law.

Don’t miss out on our upcoming promotion! Make sure you like and follow our Facebook page or subscribe here to get the latest news and offers. 

By signing up you automaticaly
accept our Privacy Policy and Terms of use

Login