Data Processing Agreement
This Data Processing Agreement (the “DPA”) forms part of Texo Webhosting cc’s Terms and Conditions of Service (the “Principal Agreement”), and is incorporated into the Principal Agreement by reference. Texo Webhosting cc reserves the right to make changes to the respective Agreements at any time without notice. Any updated versions of the aforesaid Agreements will be posted on our website.
1. Introduction
This DPA applies when you sign up for our services, and Texo Webhosting cc acts as the Processor of your Personal Data and Information. When we provide these services to you, you are the Controller (Responsible Party) of the Personal Data and Information that we Process because you decide why and how we Process that Personal Data and Information.
2. Definitions and Interpretations
2.1. The defined terms in this DPA supplement the terms of the Principal Agreement. Terms not defined herein will have the meaning as set forth in the Principal Agreement. If there is a conflict between any of the Principal Agreement’s provisions and this DPA’s provisions, the provisions of the DPA will prevail.
“Controller (Responsible Party)” means the person who decides why and how Personal Data and Information will be processed. This would be you, our Customer.
“Data Protection Law” means any and all data protection laws and regulations that apply to Texo Webhosting cc’s Processing of Personal Data and Information under the DPA including, the GDPR, the Protection of Personal Information Act 4 of 2013, ePrivacy laws and, to the extent applicable, the data protection or privacy laws of any other country;
“Data Subject” means the person whose data is processed, which are your customers or site visitors.
“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and Information and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
“Personal Data and Information” means any data or information that relates to an individual who can be directly or indirectly identified. For example, names and email addresses are Personal Data and Information. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be Personal Data and Information.
“Personal Data Breach” any unauthorized or otherwise unlawful Personal Data and Information processing.
“Process I Processing” means any action performed on data, whether automated or manual. This would include collecting, recording, organizing, structuring, storing, using, or erasing. Thus, basically doing anything with data.
“Processor I Operator” means Texo Webhosting cc, a third party that processes Personal Data and Information on behalf of a data Controller (Responsible Party) .
“Standard Contractual Clauses” means the standard contractual clauses annexed to the EU Clauses/SCCs” Commission Decision 2010/87/EU of 5 February 2010 for the transfer of Personal Data and Information to processors I operator established in third countries.
“Subprocessor I Subopreator” means any person appointed by or on behalf of the Processor I Operator to process Personal Data and Information on behalf of Texo Webhosting cc in connection with the Agreement.
3. Agreement Subject Matter
3.1. Application. The DPA applies when Texo Webhosting cc Processes your Personal Data and Information subject to the applicable Data Protection Law.
3.2. Acceptance. By using our products and services you are deemed to have read, understood, accepted, anD agreed to be bound by all of the terms of the respective Agreements.
3.3. Duration. Texo Webhosting cc will Process Personal Data and Information until the Principal Agreement expires or terminates, unless otherwise agreed in writing, subject to clause 4.1.5 below.
3.4. Limitations. DPA does not apply where Texo Webhosting cc Processes data on either Controller (Responsible Party) or Data Subject’s behalf in terms of any activity not set out in the Principal Agreement.
3.5. Details of Processing. The following details related to the Processing is described in the Principal Agreement and our Privacy Policy, which are incorporated into this DPA by reference:
3.5.1. the Processing’s subject-matter;
3.5.2. the Processing’s nature;
3.5.3. the Processing’s purpose;
3.5.4. the Personal Data and Information type;
3.5.5. the Data Subject categories; and
3.5.6. the Controller’s rights.
4. Data Processing and Protection
4.1. Processor’s Obligations
4.1.1. Processing of Data
Texo Webhosting cc will comply with the applicable Data Protection Law when Processing Personal Data and Information and will only Process Personal Data and Information on Controller (Responsible Party)’s documented instructions.
Controller (Responsible Party) instructs Texo Webhosting cc to Process Personal Data and Information to provide the Services and related technical support in terms of the Principal Agreement.
4.1.2. Data Transfer
Texo Webhosting cc may only transfer Personal Data and Information to a third country or international organisation on Controller (Responsible Party)’s documented instructions, unless required to do so by applicable law.
Texo Webhosting cc must advise Controller (Responsible Party) about the legal requirement before Processing the Personal Data and Information, unless the law prohibits them from doing so in the public interest. The Parties agree that the DPA and Principal Agreement constitute Controller (Responsible Party)’s documented instructions for Processing Personal Data and Information.
4.1.3. Processors I Operator Personnel
Texo Webhosting cc will take reasonable steps to ensure that persons authorised by Texo Webhosting cc to Process any Personal Data and Information are subject to appropriate confidentiality obligations.
Texo Webhosting cc imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security. For more information, please see our Privacy Policy.
4.1.4. Security Measures
Data Security
Texo Webhosting cc will implement appropriate technical and organisational security measures to ensure a level of security appropriate to the risk, including, the measures referred to in Data Protection Law, and the measures referred to in Texo Webhosting cc’s Security Statement.
In assessing the appropriate level of security, Texo Webhosting cc will pay special attention to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data and Information transmitted, stored or otherwise processed.
Audits
Texo Webhosting cc will cooperate and provide reasonable assistance for audits (including inspections) by the Controller (Responsible Party) or another auditor that they mandate. Controller (Responsible Party) must provide Texo Webhosting cc with at least 30 (thirty) business days prior written notice of Controller (Responsible Party)’s intention to audit.
Access to information
Texo Webhosting cc will cooperate and provide reasonable assistance for audits (including inspections) by the Controller (Responsible Party) or another auditor that they mandate. Controller (Responsible Party) must provide Texo Webhosting cc with at least 30 (thirty) business days prior written notice of Controller (Responsible Party)’s intention to audit.
Personal Data and Information Breach
Texo Webhosting cc will notify the ControllerI Responsible Party without undue delay after becoming aware of a Personal Data and Information Breach.
Assistance to Controller
Any Personal Data and Information Breach notification Texo Webhosting cc makes to assist Controller (Responsible Party) will include information Texo Webhosting cc is reasonably able to disclose, taking into account:
the technical and organisational measures ControllerI Responsible Party requires to fulfil its obligation to respond to requests by Data Subjects, and
the nature of Processing, the information available to Texo Webhosting cc, and any restrictions on disclosing the information, such as confidentiality.
4.1.5. Return or Deletion of Personal Data and Information
Any time upon notification by Controller (Responsible Party), Texo Webhosting cc will, and will cause its Subprocessors I Suboperator to securely delete all Personal Data and Information (including all copies) to the extent permitted by applicable law.
Texo Webhosting cc agrees to preserve the confidentiality of any Personal Data and Information retained by us in accordance with applicable law. Any active Processing of such Personal Data and Information after the Data Processing services are terminated will be limited to the extent necessary to comply with applicable law. Texo Webhosting cc will ensure that the post-termination obligations in this section are also required of Subprocessors / Suboperator.
4.1.6. Subprocessing
Restriction
Texo Webhosting cc will not appoint or assign any of its obligations to any Subprocessor I Suboperator without Controller (Responsible Party)’s prior specific authorisation or general written authorisation (provided that Texo Webhosting cc informs Controller (Responsible Party) of any intended changes to Subprocessors / Suboperator and gives Controller (Responsible Party) an opportunity to object to such changes).
4.1.7. Authorised Subprocessors / Suboperator
Controller (Responsible Party) authorises Texo Webhosting cc to engage the following categories of Subprocessors / Suboperators that are mostly located in the European Union, for the Data Processing activities related to the services described in the Principal Agreement and our Privacy Policy:
Registrars for domain names,
CRM for emails and calls,
Hosting services, or
any other services necessary to provide services to you.
4.1.8. Specific obligations
Texo Webhosting cc will ensure that its Subprocessors / Suboperator are bound by data protection obligations compatible with our obligations as a Processor I Operator under this DPA.
4.2. Controller (Responsible Party)’s Obligations
4.2.1. Warranties. Controller (Responsible Party) warrants that it has all necessary rights to provide the Personal Data and Information to Texo Webhosting cc.
4.2.2. Responsibilities. Controller (Responsible Party) must make sure that certain designated personnel within their organisation:
provide all necessary privacy notices to Data Subjects;
obtain any necessary Data Subject consent to the Processing;
maintain a record of such consent; and
Communicate to Processor I Operator that a Data Subject has revoked consent, where a Data Subject does so;
to the extent that applicable Data Protection Law requires.
5. Processing of Personal Data and Information outside of the European Economic Area (the “EEA”)
5.1. Standard Contractual Clauses
5.1.1. When does it apply?
The Standard Contract Clauses apply to any Processing where the parties:
directly (or via onward transfer) transfer Personal DataI Information outside of the EEA or otherwise to an undesignated territory; or
Processes Personal Data and Information originating in the EEA outside of it or in an undesignated territory (a territory that has not been designated by the European Commission to ensure adequate levels of protection for Personal Data and Information).
5.1.2. When does it not apply?
Personal Data and Information that the Parties otherwise transfer or Process; or
Where Parties have adopted binding corporate rules or a similar mechanism or alternate recognised compliance standard for the lawful transfer of Personal Data and Information outside the EEA.
5.1.3. Adequate protection
The Parties will assess whether the following requirements are met:
the level of protection of the third country meets the level required by the applicable Data Protection Law, and
the laws of the third country enable the Processor I Operator to comply with the SCCs.
Supplementary measures may be taken to ensure a level of protection equivalent to the protection provided under the applicable data protection law, if the requirements in this clause are not met. The Parties will implement the guidance from the relevant supervisory authority to determine the supplementary measures they must put in place.
6. General Terms
6.1. Confidentiality
Texo Webhosting cc will keep all Personal Data and Information confidential, and will not disclose it to any third party except as is required by law.
6.2. Notices
All notices and communications given under this Agreement must be in writing and will be sent via email. Controller (Responsible Party) will be notified via email sent to the address related to its use of the Services under the Principal Agreement. Texo Webhosting cc will be notified via email, sent to the address: legal@Texo Webhosting cc.com.
6.3. Liability and indemnity
Each Party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages and expenses that the other party incurs arising out of a breach of this DPA or Applicable Data Protection law by the indemnifying party, provided that:
6.3.1. each Party provides the other with a notice of the claim promptly after receiving it;
6.3.2. the indemnified Party gives the indemnifying Party the right to control the defence;
6.3.3. the indemnified Party will provide the indemnifying Party with reasonable assistance as necessary; and
6.3.4. the indemnified Party will avoid admission of liability.