HostBuddy

24/7 Tech Support

888-993-7327




Data Processing Agreement

This Customer Data Processing Agreement (DPA) is part of the requirements of the European Data Protection Regulation (GDPR) and is an addendum to our Hosting Terms of Service (TOS) and Affiliate Program Agreement.



Definitions

Controller: Entity who determines the purpose and means of processing Personal Data.
Customer Data: Data that HostBuddy.com processes on behalf of Customer.
Personal Data: Data relating to an identified or identifiable natural person.
Processor: Entity that processes Personal Data on behalf of Customer.
Security Incidents: Unauthorized and/or unlawful breach of security leading to accidental and/or unlawful destruction, alteration, loss, unauthorized disclosure of or access to Personal Data.
Subprocessor: Processors used by HostBuddy.com to fulfill its obligations in providing the Service.



Scope

This DPA applies only to the extent that HostBuddy.com processes Personal Data on behalf of the Customer in the course of providing the Service and in the case such Personal Data is subject to Data Protection Laws of the European Union (EU).

In this DPA, the Customer is the Controller of Personal Data and HostBuddy.com will process Personal Data only as a Processor on behalf of Customer. Nothing in this DPA prevents HostBuddy.com from using any data that HostBuddy.com collects and processes independently of Customer's use of the Service.

As a Controller, Customer agrees that they will comply with its obligations under Data Protection Laws in respect to their processing of Personal Data and any processing instructions they issue to HostBuddy.com; and that they have obtained consents and rights necessary under Data Protection Laws for HostBuddy.com to process Personal Data and provide the Service.

As a Processor, HostBuddy.com will process Personal Data only for the following purposes:
- processing to perform the Service in accordance with the TOS; and
- to comply with other reasonable instructions provided by Customer.

HostBuddy.com handles Customer Data provided by Customer and the Customer Data may contain special categories of data depending on how the Service is used by Customer. The Customer Data may be subject to the following process activities:
- storage and other processing necessary to provide and improve the Service;
- to provide customer and technical support to Customer; and
- disclosures as required by law or otherwise set forth in the TOS.

Customer acknowledges that HostBuddy.com has the right to use and disclose data relating to and/or obtained in connection with the operation, support and/or use of the Service for its legitimate business purposes (e.g., billing, technical support, product development..etc.). For data that is considered personal data under Data Protection Laws, HostBuddy.com will process such data in compliance with Data Protection Laws.



Subprocessing

Customer agrees that HostBuddy.com may engage Subprocessors to process Personal Data on Customer's behalf. You may request a list of Subprocessors currently engaged by HostBuddy.com.

When engaging with a Subprocessor, HostBuddy.com will
- enter into a written agreement with the Subprocessor which imposes data protection terms that require the Subprocessor to protect Personal Data to the standards required by Data Protection Laws; and
- remain responsible for its compliance with the obligations of this DPA and for any acts or omissions of the Subprocessor that cause HostBuddy.com to breach any of its obligations under this DPA.

HostBuddy.com shall provide Customer reasonable advance notice via email if it adds or removes Subprocessors.

Customer may object to HostBuddy.com’s engagement with a new Subprocessor on reasonable grounds relating to data protection by notifying HostBuddy.com in writing within five (5) days of receipt of HostBuddy.com's notice. The notice should reasonably explain the grounds for the objection. The parties will discuss such concerns in good faith with the goal of achieving a reasonable resolution. If a resolution is not possible, either party may terminate the applicable Service related to the use of the Subprocessor.



Security

HostBuddy.com will implement and maintain appropriate security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data.

HostBuddy.com will ensure that any person who is authorized by HostBuddy.com to process Personal Data (e.g., HostBuddy.com staff, subcontractors) will be under an appropriate obligation of confidentiality.

In the event of a Security Incident, HostBuddy.com will notify Customer without undue delay and will provide timely information relating to the Security Incident as it becomes known.

Customer acknowledges that the security measures evolve and that HostBuddy.com may update or modify the security measures from time to time.



International Transfers

Customer Data may be transferred and processed in the United States and anywhere in the world where Customer and/or its Subprocessors maintain data processing operations. HostBuddy.com will implement appropriate safeguards to protect the Personal Data, wherever it is processed, in accordance with the requirements of Data Protection Laws.



Return and Deletion of Data

Customers have access to their uploaded files and databases and can download them. If Customer has any issues with downloading their content, they can contact our Technical Support for assistance. Upon deactivation of a HostBuddy.com Service, all Personal Data will be deleted, except for data which is required to be retained by applicable law, or Personal Data that is archived on backup systems (which are securely isolated and protected from further processing.



Cooperation

If Customer is unable to independently access the specific Personal Data within the Service in response to requests from individuals or data protection authorities, HostBuddy.com will (at Customer's expense) provide reasonable cooperation to assist Customer, if possible. In the event that any such request is made directly to HostBuddy.com, HostBuddy.com will not respond to such communication directly without Customer's prior authorization, unless legally compelled to do so. If HostBuddy.com is required to respond to such a request, HostBuddy.com will promptly notify Customer and provide it with a copy of the request unless legally prohibited from doing so.

To the extent HostBuddy.com is required under Data Protection Law, HostBuddy.com will (at Customer's expense) provide reasonably requested information regarding HostBuddy.com’s processing of Personal Data under the TOS to enable the Customer to carry out data protection impact assessments or prior consultations with data protection authorities as required by law.



Miscellaneous

Except for the changes made by this DPA, the TOS remains unchanged and in full force and effect. If there is any conflict between this DPA and the TOS, the DPA will prevail to the extent of that conflict.

This DPA shall be governed by and construed in accordance with governing law and jurisdiction provisions in the TOS, unless required otherwise by Data Protection Laws.



Last updated May 21st, 2019.