Terms of Service Privacy Policy Data Processing Agreement

Data Processing Agreement

1. Definition of Basic Terms

1.1. The terms "Provider" and "Customer" have the same meaning as defined in the Terms of Service, and the terms "GDPR", "data controller", "data processor", "personal data", "processing", "appropriate technical and organizational measures" have the meaning defined in the Personal Data Protection Regulations.

1.2. This Data Processing Agreement defines the method of processing the personal data of the Customer's business partners in accordance with GDPR requirements.

1.3. The Provider is the processor in relation to the personal data of the Customer's business partners, and the Customer is the controller of these data.

1.4. The Provider is not authorized to process personal data in conflict with or beyond the scope set out in these terms without direct, specific consent. The Customer may grant this consent, for example, in an email or other communication with the Provider.

2. What Data the Provider Processes

2.1. The Provider manages the data that the Customer uploads to the Provider's servers using SSH, SFTP, FTP protocols, or via the program interface operated by the Customer, or through a database management tool. This data may also contain personal data of the Customer's users.

2.2. The Provider does not manipulate the data uploaded by the Customer in the manner described in Section 2.1, with the exception of the cases described in Sections 3.3 and 3.4.

3. What the Provider Does with Data and How It Is Processed

3.1. Personal data are processed for the purpose of carrying out all activities necessary for providing space for web applications.

3.2. The Customer grants the Provider general authorization to engage another personal data processor in the processing. The Provider must impose on its subcontractors in the position of data processor the same obligations for personal data protection as set out in these terms.

3.3. List of the Provider's subcontractors:

  • DigitalOcean - data servers and backups
  • AWS - backups
  • BackBlaze - backups
  • Fakturoid - processing of billing data
  • Slack - internal communication
  • Mailgun - email communication
  • Google - email communication and documents
  • Trello - internal communication
  • SmartSupp - online chat

3.4. The Provider performs the following operations with the Customer's data obtained in the manner described in Section 2.1:

  • Copying between the Provider's servers,
  • storing encrypted backups of these data for up to 60 days,
  • deletion.

3.5. The Provider agrees not to enter the space reserved for the Customer except in the case of:

  • Testing the service functionality,
  • at the explicit request of the Customer,
  • when modifying the service configuration.

3.6. The Provider agrees that the processing of personal data will be secured particularly in the following ways:

  • The Provider has adopted and will maintain technical and organizational measures corresponding to the level of risk to prevent unauthorized or accidental access to data, their modification, destruction, loss, unauthorized transfers, other unauthorized processing, as well as other misuse.
  • Authorized persons of the Provider who process personal data under these terms are obliged to maintain confidentiality about personal data and about security measures whose disclosure would endanger their security. The Provider will ensure their demonstrable commitment to this obligation. The Provider will ensure that this obligation of the authorized person continues even after the termination of the employment or other relationship with the Provider.
  • The Provider will provide the Customer with all information necessary to prove that the obligations under this agreement and GDPR have been met, and will allow audits, including inspections, conducted by the Customer or another auditor authorized by the Customer.

4. Right of the Customer to Export Data

4.1. The Customer has the right to export the data stored by the Provider at any time.

5. Data Erasure

5.1. Data on the servers are deleted immediately after the services are canceled from the administration interface.

5.2. Within 60 days of service cancellation, the Provider deletes the data also from the application backups.