Table of Contents
3. The enforcement of the agreement
4. The Processing of personal data
5. Data access, modification and deletion
6. Instructions / indications
7. Hostico Obligations
8. Client Obligations
9. Data subject rights
11. Technical and organizational measures
This agreement rules the personal data processing by Hostico ("Data Processor") on behalf of the customer ("Operator / Data Controller"). This Data Processing Agreement constitutes accordance of the involved parties and it rules the data processing by Hostico as the Processor in the name of the client, as a quality Controller. This accord comes in addition to the Terms and Conditions of the signed contract between Hostico respectively the client.
In this agreement:
- Services - constitutes the service provided to the client accodring to Terms and conditions respectively the contract signed with Hostico
- Personal Data - is any information on a identifiable person or identified person (data subject)
- Client or Controller - forms individual person, company, public authority or any entity that determines the purpose and means of data processing
- Processor or Hostico - constitutes the authority that will process the personal data in the name of the controller
- Process/processing - makes up any operation or set of operations performed on personal data such as collection, recording, organization, structuring, storage, adaptation or alteration, restoration, consultation, use, disclosure by transmission, dissemination or making available, alignment or combination, restriction, erasure or destruction
- Sub-processor or Partner - constitutes a third-party partner designated by Hostico for the supply of services and/or the processing of personal data of the customer
- Technical and organizational security measures - measure that is aimed at ensuring an adequate level of security including pseudo anonymity and encryption of personal data, the ability to make sure at any times the confidentiality, integrity, availability and the elasticity of processing systems and services, the ability to restore the availability of and access to personal data in good time in the event of a physical or technical incident a process regulated for testing and reviewing the efficiency of the processing security
- Laws in force - all laws and national provisions of the European Union from the field of the protection of the personal data
- Data subjects - users respectively clients of the controller
In relation to the services offered by this agreement shall apply:
- to all data sent by the client to Hostico for processing
- to all data accessed by Hostico for processing on behalf of the customer
- to all data received by Hostico on behalf of the customer
The customer will be the only responsible for the accuracy, quality and processing data of the persons concerned. Hostico will reach, use or process these data on behalf of the customer only in the following cases:
- at the request of the customer directly
- for the purpose of the contracted services
- to give technical assistance regarding the services
- for the maintenance operations
The customer will decide the origin and purpose of the personal data and the categories of targeted persons.
In order to comply with the agreement, and in particular to provide the contracted services, Hostico will process certain categories and types of personal data on behalf of the client according to its authorization and request.
The types and categories of personal data processed by Hostico are :
- name, address, telephone number, e-mail address, company name, fiscal code, commercial registration number
- personal data of representatives, employees and other third parties provided by the client
Data regarding services :
- data stored on Hostico servers
- data stored and processed by users such as : source code, databases, files, etc.
- electronic logs: login, authentication, access, errors
Hostico has no control over the content of these logs, these are generated automatically by the services running on the equipment and the applications of the client.
The processing activities performed will only be necessary and relevant to the services provided. Processing requests from the customer will be recorded by Hostico and retained until the client invokes the right to be forgotten. Hostico will process personal data about the customer and the contacts he provides through the Hostico commercial department and Hostico website.
During the use of the services, the client can access, modify and delete the data by logging into accounts held through common protocols and tools. In case of a change or alteration of the data, the initial version can be stored in the backup for 14 days.
Hostico will only take action and process personal data for the provision of contracted services and according to the precise indications and documents of the client. The instruction at the time of joining this Data Processing Agreement is that Hostico can process personal data only for the purpose of providing the contracted services in accordance with the Terms and Conditions presented and the respectively with the signed contract. The Customer warrants that the personal data they broadcast are managed in accordance with the law, also including with the legal processing requirements. Hostico will notify the customer if they consider that the instructions for data processing sent by him are in conflict with the law.
Hostico will treat all personal data as confidential information, these being disclosed to employees, partners, and legal institutions only if the situation requires it. Hostico employees are subject to confidentiality contracts that include and ensure that all personal data to which they have access are treated with the highest degree of seriousness and strict confidentiality.
Hostico will implement appropriate technical and organizational measures to protect data against unlawful or unauthorized processing and also against accidental loss, destruction or damage. A description of the conditions under which backups are made and maintained is available in the description of the backup service. Hostico will ensure that the access to personal data is restricted and accessible only to employees whom it is required to provide services requested by the clients. Hostico will also ensure that employees process the personal data of the client only in accordance with its exact instructions.
Hostico will provide information on security measures if they are requested by customers in writing.
In the event that Hostico identifies a personal data violation affecting the data of customers, Hostico will notify the customer and, where possible, offer the customer with information and reasonable coöperation so that the customer can meet any reporting obligations to the violation of data.
The Customer is responsible for complying with its controller obligations under the laws in force. The customer must ensure that any disclosure of personal data made to Hostico is done with the consent of the person concerned. He must also be able to justify each transmission of such data as well as his decisions regarding the processing or usage of these.
Hostico will give the customer access to the services that store the data of the subject in order to delete, release, correct or block the required data. If this access is not possible, Hostico will follow the instructions of the client to fulfill these operations in accordance with applicable laws. Hostico will send to the client any request from the data subjects for access regarding the personal data of these.
The location of personal data processing
Personal data are processed by Hostico only at headquarters, work points, and partner data centers. Any transfer of personal data to international organizations or third countries will be made only to the extent that this transfer is permitted and in accordance with applicable laws.
Hostico shall not subcontract without the Customer's consent any of its processing operations performed on behalf of the Customer under this Agreement. If Hostico will subcontract its obligations with Customer's consent, it will do so only with the existence of a written agreement from the partner imposing the same obligations on Hostico as those imposed on Hostico in this Agreement.
Hostico is implicitly authorized to contract third parties to process customer data without the need for written permission from the client. Hostico must indicate at the request of the client the identity of a partner before they process the personal data.
Hostico will ensure that appropriate technical and organizational measures are implemented and maintained during the processing of personal data on behalf of the client. These include, hiring qualified personnel, controlling access to the data center, controlling access to equipment, data access control, data transmission protocols, systems logins, isolation of customer data on systems against the personal data of other clients, safe copies, etc.
The customer may request in writing to perform an audit to verify the compliance of Hostico with its obligations under this Data Processing Agreement. The auditor will be agreed upon and the costs of the audit will be endured by the client. Hostico reserves the right to refuse to perform a audit, case in which the customer may request the termination of the contract and the Data Processing Agreement.
The Data Processing Agreement has a lifetime equal to the contract between the customer and Hostico. The authorization for Hostico to process personal data on behalf of the customer will terminate with the agreement.
As a processor if necessary, Hostico will continue to process personal data up to 30 days after the termination of the Agreement. At the same time, Hostico will include client data in the backup according to the Backup policy.
Hostico will delete all personal data processed on behalf of the customer not later than 45 days after the termination of the Agreement unless there are legal requests to keep them.
Data processing by Hostico during this 45 days period will be considered as per customer instructions
Last Update: 09.05.2022