Data Processing Statement
- GDPR - General Data Protection Regulation of EU 2016/679 of the European Parliament
- Data Controller - an entity which determines the purposes and means of the processing of customer data. Full definition of Data Controller is determined by the GDPR.
- Data Processor - an entity which processes personal data on behalf of the controller. Full definition of Data Controller is determined by the GDPR.
- Personal Data - defined in the GDPR, any data that can be used to determine a physical person or a company.
The Provider, as an owner/maintainer of the infrastructure used for the provision of services to the Customer, has access to any data that the Customer stores on the Provider infrastructure. As such, the Provider acts as a Data Processor for this data. The Provider cannot and will not act as a Data Controller of any data that the Customer stores on the infrastructure of the Provider.
With this Data Processing Statement, the Provider confirms the following:
1. Any Personal Data for which the Provider acts as a Data Processor will not be used by the Provider for any other means than for the provisioning of the ordered and paid services by the Customer. This includes any technical assistance needed for the provision of services. The Provider will never disclose any of this Personal Data to third parties, unless this is required by law.
2. The Provider has taken the needed measures to ensure the security of the server and network infrastructure. This includes the physical security at the locations where the infrastructure is located, as well as the software and network security of the devices used in the infrastructure. Information about specific security measures can be found on the Provider web page and/or related documents.
3. The Provider maintains active monitoring of their servers and network. Any possible breaches that could involve leakage of Personal Data to third parties will be immediately reported to the Customer, via the contact details provided by the Customer for the provision of the ordered services.
NOTE: The website of the Customer, as well as related software maintained by the Customer, is not considered a part of the Provider infrastructure.
4. The Provider maintains monitoring on the site of any Customer. Any possible breaches spotted by this monitoring will be reported to the Customer, to the best of the Provider's abilities.
5. All personnel of the Provider that has access to Personal Data has been properly trained and instructed on the manner it should work with it.
6. To ensure the security of their own infrastructure and network, and to be able to investigate malicious activity, the Provider records the following data of all Site Visitors: IP address, User Agent. The Provider also records the time of visit and the resources accessed. The Provider will not request a consent regarding the above Personal Data of Site Visitors. The above Personal Data will be stored for two years after its creation, and will not be used for any other purpose than for an investigation of possible malicious/fraudulent activities.
7. Except for the data listed in point 6, the Customer can manage/delete at their own discretion any other Personal Data they store on the infrastructure of the Provider.
8. To comply with the GDPR, the Customer, as a Data Controller of Personal Data of Site Visitors, must establish their own rules and practices regarding data processing.