This DPA amends the Agreement between Exactly WWW LLC (hereafter named “ewww.io”) and the Customer and addresses the rights and obligations of the parties with respect to data privacy under Applicable Law. We may update this DPA from time to time in our sole discretion; the current version may be found at https://ewww.io/dpa/
Data Processing Agreement in Accordance with Article 28 of the General Data Protection Regulation (GDPR) Agreement
A. Relationship with the Agreement
- This contract defines the rights and obligations of the Customer and ewww.io in the context of ewww.io processing personal data on behalf of the Customer. The terms used in this contract are to be understood in accordance with their respective definitions in the EU General Data Protection Regulation (GDPR). ewww.io shall process personal data for the Customer on the basis of this Agreement.
- Both parties agree that this Data Processing Agreement (DPA) will replace any existing DPA the parties may have previously entered into. Except for the changes made by this DPA, the existing agreement remains unchanged and in full effect. If there is any conflict between this DPA and the agreement,
this DPA shall prevail to the extent of that conflict.
- The subject matter and duration of the Data Processing Agreement shall be determined entirely according to the information provided in the respective contractual relationship.
- Should any parts of this data processing agreement be invalid, this will not affect the validity of the remainder of the agreement.
B. Roles, scope and the duration of the agreement
- The Customer will act as the data controller and ewww.io as the processor of customer data. ewww.io will process customer data only as a data processor acting at the Customer’s direction or for the purposes described in this Data Processing Agreement. ewww.io shall carry out the following processes: Processing of user information necessary for the provision, improved security, optimization, control and troubleshooting of the service.
- The provision of the contractually agreed upon data processing will begin on and be carried out for an unspecified period until the services provided to the Customer are terminated and the correlating service account is deleted by ewww.io.
- The type of data that will be processed includes but is not limited to: network connection data, IP addresses, user agent, URL referrer information as well as any kind of personal data contained in the files or file names that the Customer is holding on ewww.io.
- Processing the data consists of the following: collecting, saving, modifying, using, transferring, distributing or any other form of provision, replication, restricting, deleting, collating or destroying data.
- ewww.io shall notify the Customer in writing if it intends to add or replace Sub-processors and will ensure with reasonable measures that any Sub-processor has the requisite capabilities to Process Customer Data in accordance with this Data Processing Agreement and the GDPR.
- The Customer may object in writing within 5 days of such notice provided that the objection is based on reasonable, documented grounds related to data protection. In the event of an objection, ewww.io will attempt to discuss in good faith with the Customer in an attempt to achieve a mutual resolution. A Customer’s failure to respond or reasonably document the basis of the objection will constitute as the Customer’s authorization of the proposed changes.
D. Security and obligations of the processor (ewww.io)
- ewww.io will only process personal data as contractually agreed and as instructed by the Customer, unless ewww.io is legally obliged to do otherwise. Should ewww.io be bound by such obligations, ewww.io will inform the Customer prior to processing the data, unless informing him/her is illegal.
- The Customer is responsible and agrees to maintain a confidential and secure use of services provided by ewww.io and protect access to customer data to the best of their ability. ewww.io and the Customer can, upon request, cooperate with the performance of their duties.
- The Customer is aware that ewww.io can from time to time update it’s security measures, provided that such updates and modifications do not result in the degradation of the overall security of the services purchased by the Customer.
- ewww.io shall ensure that any person authorized to access the customer data have been made aware of the relevant data protection provisions as well as this contract before starting to process the data.
- ewww.io must support the Customer when updating the list of processing activities and implementing
the data protection assessment. All data and documentation required need to be provided and made available to the Customer upon request.
- Due to a global nature of the service, ewww.io may process customer data from anywhere in the world, where ewww.io operates. ewww.io and all of its Sub-processors will at all times provide appropriate measures for secure customer data processing in accordance with the requirements of data protection laws.
- ewww.io will strictly limit access to any customer data to persons specifically trained and tasked with processing the data and adequately instructed and supervised on an ongoing basis in terms of fulfilling data protection requirements.
E. Rights and obligations of the Customer
- It is the sole responsibility of the Customer to assess and ensure the admissibility of any processing requested. The Customer will ensure any data processing requested is in line with privacy and data regulations and to assure the rights of affected parties.
- The Customer will immediately notify ewww.io if any irregularities or errors are discovered as a result of the processing.
- ewww.io will comply with any audit request to the extent required by law or due legal process. The Customer may appoint an auditor of the required professional qualification, bound by a duty of confidentiality to perform an inspection of the data security that is reasonably necessary to confirm ewww.io’s compliance with this Data Processing Agreement. The Customer shall not exercise this right more than once per year, including with respect to any support required to perform a data protection impact assessment. Inspections must be carried out without any avoidable disturbances to the operation of ewww.io’s services.
- With respect to all personal data, ewww.io warrants that it will only process personal data in order to provide and improve the service and only in accordance with this Data Processing Agreement.
F. Data breach response obligations
- ewww.io will implement and maintain appropriate technical, organizational and security measures designed to maintain strict confidentiality and protect customer data from any kind of data breaches and to ensure the confidentiality and availability to the best of its technical abilities. Any individuals who could have access to the data processed on behalf of ewww.io must be obliged in writing to maintain confidentiality, unless legally obliged to do otherwise.
- ewww.io will notify and offer support to the Customer without any unjustifiable delay and, where feasible, no later than 48 hours after becoming aware, of any breach of personal data stored or processed by ewww.io.
- ewww.io will immediately inform the Customer of any inspections, law enforcement requests or measures carried out by supervisory authorities or other third parties if they relate to the commissioned data processing unless legally prohibited from doing so.
- The Customer reserves the right of full authority to issue instructions concerning data processing on his/her behalf.
- If ewww.io determines that an instruction carried out by the Customer violates the legal requirements, ewww.io will inform the Customer immediately. ewww.io will then be entitled to suspend the execution of the relevant instructions until the Customer confirms or alters said instructions.
- When terminating the Data Processing Agreement or at any time upon the Customer’s request, ewww.io will either destroy the data or submit the data to the Customer at the Customer’s discretion. The data must be destroyed in such a way that restoring or recreating the remaining information will no longer be possible, even with considerable effort.
- ewww.io can temporarily contain older data archived on backup systems. In all such cases, ewww.io shall maintain the customer data securely and protect it from any further processing.
- The terms of this Data Processing Agreement shall remain in effect for so long as ewww.io continues to retain any customer data.
- Cancellation of the agreement by the Customer or deleting the Customer’s user account provided by ewww.io will simultaneously terminate and invalidate this agreement.
This agreement applies to all Customers, but while we do not enter into separate agreements with individual Customers, if you believe there is something we could do to better protect your privacy or the privacy of your visitors who access our services, please let us know!
If you are not satisfied with our response or believe we are collecting or processing your Personal Information not in accordance with the laws and regulations, you may file a complaint to the applicable supervisory authority.