Data Processing Agreement (DPA) Nuco Technologies Ltd t/a Host-it™ Internet Solutions
Data Processing Agreement (DPA) Nuco Technologies Ltd
This Agreement specifies the data protection obligations of the contractual parties arising from the defined processing activities in which “personal data” is processed by Nuco Technologies Ltd (the data “Processor”) on behalf of a Customer / Reseller’s End user (the “Data Controller”) as part of “services” being supplied to them in compliance with the General Data Protection Regulations (“GDPR”).
- “GDPR” - General Data Protection Regulation (https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1528874672298&uri=CELEX:02016R0679-20160504)
- “Nuco” - Nuco Technologies Limited t/a Host-it Internet Solutions, Serveyou Hosting, 4sure Hosting,Perfect Hosting, Pinbrook, Dotnetted, Skynet, 3dPixel, Mirrorservers and MacroDesign.
- “Data Controller” shall have the same meaning as set out in article 4(7) of the GDPR.
- “Data Subject” shall have the same meaning as set out in article 4(1) of the GDPR.
- "Personal data" shall have the same meaning as set out in article 4(1) of the GDPR.
- “Processing” shall have the same meaning as set out in article 4(2) of the GDPR.
- “Processor” shall have the same meaning as set out in article 4(8) of the GDPR.
- “Services” shall include all Virtual Hosting, VPS/VDS, Dedicated server and Offsite data backup.
1. Duration of the Processing on Behalf of the “Data Controller”
- 1.1 The terms of this Agreement shall continue for the duration of the provision of all “Services” supplied by “Nuco” to the “Data Controller”.
2. Area of Application and Responsibility
- 2.1 In the provision of the “Services”, any “Personal data” will be stored at the “Data Controllers” own risk, on the hosting platforms within the data centres of “Nuco”. The only processing activities that may be performed by “Nuco” are the storage of such “personal data” including any offsite data backups which are either part of the “Service” or separately subscribed to, in order to provide continuity of service and disaster recovery.
- 2.2 The “Data Controller” shall be solely responsible for compliance with the legal provisions of applicable data protection laws, in relation to such “personal data”, in particular the lawfulness of the data processing.
3. Obligations of “Nuco” as the Data “Processor”
- 3.1 “Nuco” shall only be considered a “processor” for the storage of any “personal data” that has been uploaded to the “service”.
- 3.2 Any different types of “processing” of “personal data” other than storage, shall only be in accordance with a request from the “Data Controller” and be under a separate agreement. It is the “Data Controllers” responsibility to ensure that alternative data “processing” instruction does not violate any applicable laws defined within the “GDPR”. “Nuco” are not under any obligation to identify and report this to the “Data Controller” themselves but reserve the right to refuse the “Data Controllers” request if it believes this to be the case.
- 3.3 “Nuco” will use its best endeavours to ensure the physical security and capacity of the systems in line with industry standards such as ISO27001 required for the “services” to operate, however it remains the “Data Controllers’” sole responsibility to ensure digital protection of any “Personal Data” that is held on the “services” as per clause 4.2
- 3.4 “Nuco” reserves the right to alter any agreed security measures, provided that any such amendment ensures that the agreed level of protection shall not be materially diminished.
- 3.5 “Nuco” agrees to reasonably assist the “Data Controller” in respect of any requests and claims in accordance with the “GDPR”.
- 3.6 “Nuco” shall ensure that employees and affiliates who may be involved in the provision and operation of the “service” provided shall act in accordance with this Agreement.
- 3.7 “Nuco “shall inform the “Data Controller” promptly if “Nuco” becomes aware of any breaches which affect “personal data” under the control of the “Data Controller”.
- 3.8 “Nuco” shall, once notified in writing, inform the “Data Controller” of any request for disclosure of “personal data” by authorities, unless expressly prohibited under applicable laws.
- 3.9 The “Data Controller” may contact “Nuco’s” Data Protection Officer by raising a Support Ticket via their Online Account (https://portal.host-it.co.uk).
- 3.10 At the point of “service” termination, all data, personal or otherwise, shall be deleted from the Operating Systems on “Nuco’s” hosting platforms within an appropriate time and in accordance with applicable laws however some data may still be available on the platforms’ physical hard drives post deletion, using data recovery techniques until such time that it is either completely over-written by fresh data OR the hard drive is physically destroyed by an approved WEEE disposal company, as per “Nuco’s” Equipment Disposal Policy (ISO27001:2013).
- 3.11 In the event of a claim against the “Data Controller” regarding any of the rights defined under the “GDPR”, “Nuco” shall provide reasonable assistance to the “Data Controller”.
4. Obligations of the “Customer / Reseller’s End user”as the “Data Controller”
- 4.1 The “Data Controller” shall inform “Nuco” of any issues with respect to data protection laws promptly.
- 4.2 The “Data Controller” is responsible for all data that is stored on the “service” operated by “Nuco“, and agrees to ensure the protection of all “personal data” using recommended protective measures such as data encryption or anonymization/obfuscation.
- 4.3 In the event of a claim against the “Data Controller” regarding any of the rights defined under the “GDPR”, this Agreement shall apply accordingly.
- 4.4 The “Data Controller” acknowledges and agrees that “Nuco” has no knowledge of the retained “personal data” or how such “personal data” shall be utilised and therefore, no awareness of how such “personal data” shall be processed, other than as stated in clause 2.1 above.
- 4.5 It is the “Data Controller’s” responsibility to ensure that appropriate backups are retained in relation to the “personal data” described in this Agreement.
- 4.6 In using the “services” provided by “Nuco”, the “Data Controller” agrees that it shall defend, indemnify, save and hold “Nuco” harmless from any and all demands, liabilities, losses, costs and claims, including reasonable legal fees asserted against “Nuco”, its agents, its customers, officers and employees as a result of any breach of this agreement.
5. Requests from “Data Subjects”
- 5.1 In the event “Nuco” receives a request for correction, deletion or information, “Nuco” shall refer such requests to the “Data Controller”, provided that the “Data Controller” may be identified. “Nuco” shall provide reasonable assistance to the “Data Controller” if required but reserves the right to charge to cover for the amount of time involved in doing so. “Nuco” shall not be liable in the event the request not be answered at all, not be answered correctly or not answered promptly by the “Data Controller”. Should the “Data Controller” be un-cooperative to the request then “Nuco” reserves the right to terminate the “service” and delete all data held on the “service” (see clause 3.10).
6. Subcontractors (Additional Processors)
- 6.1 In the event “Nuco” chooses to use subcontractors, it is “Nuco’s” responsibility to transfer its data protection obligations from this Agreement to the subcontractor.
7. Notification Obligations, Amendments and Jurisdiction
- 7.1 In the event of “personal data” being located on servers within the “Nuco” data centres, suffering the risk of seizure for example by law enforcement or any other such event, then “Nuco” if reasonably made aware of such situation, shall attempt to notify the “Data Controller”, if permissible by law.
- 7.2 Changes or additions to this Agreement may be amended at any time.
- 7.3 Should any conflicts arise, the provisions of this Agreement shall take precedence over the provisions of any other agreement or terms. Should any clause of this Agreement be found invalid, this shall not affect the validity of the rest of this Agreement.
- 7.4 The laws of England and Wales shall apply.
- 7.5 This Agreement supersedes all previous agreements or terms in relation to this subject.
- 8.1 This Agreement shall be in conjunction with “Nuco’s” General Terms and Conditions.
- 8.2 “Nuco” is registered on the ICO’s Data Protection Register. Registration number is Z8167547.