Effective Date: August 14, 2024
Data Processing Agreement
1. Introduction
This Data Processing Agreement (“DPA”) forms part of the [Service Agreement] (“Agreement”) between ReallyGoodHost.com (“Processor”) and [Customer Name] (“Controller”). This DPA ensures that Personal Data is processed in compliance with applicable data protection laws and the terms of the Agreement.
2. Definitions
2.1. “Personal Data” refers to any information relating to an identified or identifiable natural person as defined in relevant data protection laws.
2.2. “Processing” refers to any operation performed on Personal Data, whether automated or manual, including collection, use, storage, disclosure, and deletion.
2.3. “Sub-processor” refers to any third party engaged by the Processor to assist in processing Personal Data on behalf of the Controller.
3. Processing of Personal Data
3.1. The Processor agrees to process Personal Data solely on documented instructions from the Controller, unless required to do so by law.
3.2. The Processor will implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.
3.3. The Processor shall not process Personal Data in any manner that would constitute a breach of applicable data protection laws.
4. Sub-processing
4.1. The Controller authorizes the Processor to engage Sub-processors to process Personal Data on its behalf, provided that the Processor ensures that Sub-processors are bound by data protection obligations equivalent to those in this DPA.
4.2. The Processor will provide the Controller with a list of current Sub-processors and notify the Controller of any intended changes concerning the addition or replacement of Sub-processors.
4.3. The Processor remains fully liable for any acts or omissions of its Sub-processors in relation to this DPA.
5. Data Subject Rights
5.1. The Processor shall, to the extent legally permitted, promptly notify the Controller if it receives a request from a data subject to exercise any of their rights under applicable data protection laws.
5.2. The Processor will assist the Controller in responding to data subject requests by providing necessary information and support, within the capabilities of the services provided.
6. Data Breach Notification
6.1. The Processor shall notify the Controller without undue delay upon becoming aware of a Personal Data breach.
6.2. The notification will include all relevant information to allow the Controller to comply with its legal obligations concerning the breach.
7. Data Retention and Deletion
7.1. Upon termination of the Agreement, the Processor will delete or return all Personal Data to the Controller, unless applicable law requires storage of the Personal Data.
8. Audits and Inspections
8.1. The Processor agrees to allow for audits and inspections by the Controller or an auditor appointed by the Controller, to ensure compliance with this DPA.
8.2. The Processor will cooperate fully with any such audit, providing access to necessary information and facilities.
9. International Data Transfers
9.1. The Processor shall not transfer Personal Data outside the European Economic Area (EEA) unless it ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of their Personal Data.
10. Liability
10.1. The Processor’s liability under this DPA shall be subject to the exclusions and limitations of liability set forth in the Agreement.
11. Termination
11.1. This DPA shall automatically terminate upon the termination or expiration of the Agreement.
12. Governing Law and Jurisdiction
12.1. This DPA shall be governed by, and construed in accordance with, the laws of the United States of America, State of Florida, and any disputes arising out of or in connection with this DPA shall be subject to the exclusive jurisdiction of the courts of the County of Palm Beach, United States of America.