DATA PROCESSING AGREEMENT
This Data Processing Agreement (“DPA”) is entered into between:
Controller:
Email:
Representative: |
and
Processor:
BizXtreme, operating under the trade name WebExpert4U
Amersfoort, The Netherlands
KVK: 74884182
Email: [email protected]
Representative: Marek Pulit | Owner
This DPA forms part of the Terms of Service between the parties.
1. SUBJECT AND DURATION
Processor provides IT services including WordPress website development, maintenance, optimization, technical support, malware removal, VPS hosting management, domain/email management, and related services (“Services”).
Processing continues for the duration of the Services.
Services Covered by this Agreement:
,
2. NATURE AND PURPOSE OF PROCESSING
Processing is limited to providing the Services, including:
- hosting websites,
- maintaining WordPress installations,
- removing malware,
- managing servers,
- creating backups,
- providing technical support.
3. TYPES OF PERSONAL DATA
May include:
- names,
- email addresses,
- phone numbers,
- IP addresses,
- customer data stored on websites,
- user account data,
- email content,
- database content.
4. CATEGORIES OF DATA SUBJECTS
- website visitors,
- customers of Controller,
- employees,
- contractors,
- newsletter subscribers,
- users of Controller’s services.
5. PROCESSOR OBLIGATIONS
- process personal data only on documented instructions,
- ensure confidentiality,
- implement appropriate technical and organizational measures,
- assist Controller with GDPR obligations,
- notify of data breaches without undue delay,
- delete or return data after termination,
- keep records where required.
6. SECURITY MEASURES
- secure VPS infrastructure,
- encrypted connections (SSL/SSH),
- access control,
- malware protection,
- regular backups,
- firewall protection,
- limited admin access.
7. SUB-PROCESSORS
Authorized sub-processors may include:
- Contabo GmbH – hosting
- Namecheap Inc. – domain/email services
- Cloudflare Inc. – CDN/security
- payment providers, backup providers, monitoring tools
Processor ensures sub-processors provide adequate safeguards.
Sub-processors may be used automatically where required to provide the selected Services.
Infrastructure Providers
Some Services may require the use of third-party infrastructure providers such as VPS hosting providers, domain registrars, email providers, or CDN/security services. These entities may act as sub-processors under this Agreement where required to deliver the Services.
8. DATA TRANSFERS OUTSIDE EEA
Transfers outside the EEA are based on Standard Contractual Clauses, EU-US Data Privacy Framework, or equivalent safeguards.
9. ASSISTANCE
Processor assists Controller with data subject requests, security incidents, DPIA where applicable, and supervisory authority cooperation.
10. BREACH NOTIFICATION
Processor notifies Controller without undue delay after discovering a personal data breach.
11. AUDIT
Controller may request reasonable information confirming Processor’s compliance with this DPA.
12. TERMINATION
After termination, Processor deletes or returns personal data unless required by law to retain it. Backups are deleted within reasonable technical timeframes.
13. LIABILITY
Liability is subject to limitations defined in the Terms of Service.
14. INDEPENDENT CONTRACTOR
Processor acts as an independent contractor and not as employee, partner or agent of Controller.
15. GOVERNING LAW
This DPA is governed by Dutch law.
