Data Processing Agreement

Data Processing Agreement

This Data Processing Agreement (“Agreement”) is entered into between:

Controller: [Client Company Name]
and
Processor: DV Global, [адрес], Netherlands
(together referred to as the “Parties”)

Purpose

This Agreement governs the processing of personal data by DV Global on behalf of the Controller in connection with:

  • Managed hosting services
  • IT infrastructure services
  • Data center decommissioning

Definitions

  • Personal Data – any information relating to an identified or identifiable natural person
  • Processing – any operation performed on personal data
  • Controller – determines purposes and means of processing
  • Processor – processes data on behalf of the Controller

(All definitions follow GDPR Article 4)

Subject matter and duration

Processing shall:

  • occur only for the duration of the service agreement
  • end upon termination unless legally required otherwise

Nature and purpose of processing

DV Global may process personal data for:

  • Hosting and infrastructure management
  • System monitoring and maintenance
  • Data migration and decommissioning
  • Secure data destruction

Types of personal data

May include (depending on client systems):

  • Names
  • Email addresses
  • IP addresses
  • User account data
  • System logs
  • Business-related data

Categories of data subjects

  • Client employees
  • End users
  • Customers of the Controller

Obligations of the Processor

DV Global shall:

7.1 Process data only on instructions

Process personal data only on documented instructions from the Controller.

7.2 Confidentiality

Ensure that all personnel:

  • are bound by confidentiality obligations
  • receive appropriate training

7.3 Security measures

Implement appropriate technical and organizational measures, including:

  • Access control
  • Encryption where applicable
  • Network security
  • Physical security
  • Secure data destruction procedures

7.4 Data destruction (important for your business)

DV Global shall:

  • securely erase or destroy data upon instruction
  • apply industry standards (e.g., NIST 800-88 where applicable)
  • provide a Data Destruction Certificate upon completion

7.5 Assistance to Controller

Assist with:

  • Data subject requests (access, deletion, etc.)
  • GDPR compliance obligations
  • Security assessments

7.6 Breach notification

Notify the Controller without undue delay after becoming aware of a personal data breach.

8. Sub-processors

DV Global may use sub-processors such as:

  • Data center providers
  • Cloud providers
  • IT service vendors

Conditions:

  • sub-processors must comply with GDPR
  • written agreements must be in place

9. International transfers

If data is transferred outside the EEA:

  • Standard Contractual Clauses (SCCs) will be used
  • or other lawful transfer mechanisms

10. Audit and inspection

The Controller may:

  • request information about security measures
  • conduct audits (with reasonable notice)

11. Return or deletion of data

Upon termination, DV Global shall:

  • delete or return all personal data
  • unless legal retention is required

12. Liability

Each Party shall be liable in accordance with:

  • GDPR
  • applicable Dutch law

DV Global is not liable for:

  • instructions given by the Controller
  • unlawful data processed by the Controller

13. Governing law

This Agreement is governed by the laws of the Netherlands.

14. Signatures

Controller:
Name: __________________
Company: ______________
Signature: _____________
Date: __________________

Processor:
DV Global
Name: __________________
Signature: _____________
Date: __________________