Data Processing Agreement
Explore how WebHostingM adheres to data protection laws in our Data Processing Agreement. Learn about our commitment to securely managing customer data.

Overview

The Data Processing and Security Terms (DPA) form a legal contract between WebHostingM and its customers. These terms explicitly outline how WebHostingM processes user data. The primary objective of this agreement is to ensure that WebHostingM adheres to the General Data Protection Regulation (GDPR) and other relevant data protection laws.


DPA Acceptance

This Data Processing Agreement ("DPA") is an addendum to the Customer Terms of Service ("Agreement") between ("WebHostingM") and the Customer. WebHostingM and Customer are individually a "party" and, collectively, the "parties."


This DPA applies where and only to the extent that WebHostingM processes Personal Data on behalf of the Customer in the course of providing the Services and such Personal Data is subject to Data Protection Laws of the appropriate jurisdiction, including the State of California, the European Union, the European Economic Area and/or its member states, Switzerland and/or the United Kingdom. The parties agree to comply with the terms and conditions in this DPA in connection with such Personal Data.


The duration of the Processing covered by this DPA shall be per the duration of the Agreement.


2. Definitions

The following terms have the meanings set forth below. All capitalized terms not defined in this DPA will have the meanings outlined in the Agreement. The following terms have the definitions given to them in the CCPA:

  • "Business," "Sell," "Service Provider," and "Third Party."
  • "Controller" means the entity that determines the purposes and means of the Processing of Personal Data. "Controller" includes equivalent terms in other Data Protection Laws, such as the CCPA-defined term "Business" or "Third Party," as the context requires.
  • "Data Protection Law" means all data protection and privacy laws applicable to the processing of Personal Data under the Agreement as it relates to the Customer, including Regulation 2016/679 (General Data Protection Regulation) ("GDPR"), and Cal. Civ. Code Title 1.81.5, ยง 1798.100 et seq. (California Consumer Privacy Act) ("CCPA").
  • "Data Subject" means an identified or identifiable natural person.
  • "De-identified Data" means a data set that does not contain any Personal Data. Aggregated data is De-identified Data. To "De-identify" means to create De-identified Data from Personal Data.
  • "EEA" means the European Economic Area.
  • "Standard Contractual Clauses" means the European Union standard contractual clauses for international transfers from the European Economic Area to third countries, Commission Implementing Decision (EU) 2021/914 of 4 June 2021.
  • "Personal Data" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a Data Subject in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. "Personal Data" includes equivalent terms in other Data Protection Laws, such as the CCPA-defined term "Personal Information," as the context requires.
  • "Personal Data Breach" means a breach of security of the Services leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.
  • "Process" or "Processing" means any operation or set of operations which is performed upon Personal Data, whether by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
  • "Processor" means an entity that processes Personal Data on behalf of another entity. "Processor" includes equivalent terms in other Data Protection Law, such as the CCPA-defined term "Service Provider," as the context requires.
  • "Sensitive Data" means the following types and categories of data: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; genetic data; biometric data; data concerning health, including protected health information governed by the Health Insurance Portability and Accountability Act; data concerning a natural person's sex life or sexual orientation; government identification numbers (e.g., SSNs, driver's license); payment card information; nonpublic personal information governed by the Gramm Leach Bliley Act; an unencrypted identifier in combination with a password or other access code that would permit access to a data subject's account; and precise geolocation.
  • "Subprocessor" means a Processor engaged by a party who is acting as a Processor.

1. Scope of Processing

The Processor shall process Personal Data on behalf of the Controller per the terms of this DPA.


The Personal Data to be processed is as follows: Customer's customer data, including names, addresses, email addresses, phone numbers, and purchase history.


2. Purposes of Processing

The Processor shall process the Personal Data for the following purposes:


  • To provide Customer with the services that it has contracted with WebHostingM to provide, including hosting, email, and customer support.
  • To comply with applicable laws and regulations.
  • To protect the security of the Personal Data.
  • To improve the services that WebHostingM provides to Customer.

3. Security Measures

The Processor shall take all necessary technical and organizational measures to protect the Personal Data from unauthorized access, use, disclosure, alteration, or destruction. These measures shall be at least as effective as those used by the Processor to protect its confidential information.


4. Subprocessors

WebHostingM uses Subprocessors when it acts as a Processor. Processors may engage sub-processors to assist in the provision of services. The processor shall ensure that any sub-processor it engages complies with the obligations under this DPA. Processor shall remain fully liable to Customer for the performance of any sub-processor. Subprocessors are available upon request at team+compliance@webhostingm.com.


5. International Transfers

If Personal Data is transferred to a country outside the European Economic Area (EEA) that does not provide an adequate level of data protection, the Processor shall ensure that appropriate safeguards are in place to protect the Personal Data, such as standard contractual clauses or other mechanisms as required by Data Protection Laws.


6. Data Subject Requests

The Processor shall comply with all requests from Data Subjects regarding their Personal Data, including requests to access, correct, delete, or restrict the processing of their Data. The Processor shall also comply with all requests from Data Subjects to port their Data to another controller.


7. Data Security Incidents

The Processor shall promptly notify the Controller of any data security incident that involves the Personal Data. The Processor shall also cooperate with the Controller to investigate and remediate any data security incident.


8. Governing Law

This DPA shall be governed by and construed per the laws of the State of Georgia.


9. Entire Agreement

This DPA constitutes the entire agreement between the parties to the subject matter hereof and supersedes all prior or contemporaneous communications, representations, or agreements, whether oral or written.


10. Severability

If any provision of this DPA is held to be invalid or unenforceable, such provision shall be struck from this DPA and the remaining provisions shall remain in full force and effect.


11. Waiver

No waiver of any provision of this DPA shall be effective unless in writing and signed by both parties.


12. Notices

All notices and other communications hereunder shall be in writing and shall be deemed to have been duly given when delivered in person, upon the first business day following deposit in the United States mail, postage prepaid, certified or registered, return receipt requested, addressed as follows:


WebHostingM, 1007 N Orange St, Fl 4, Wilmington DE 19801
or:

WebHostingM, 2093 Philadelphia Pike, Ste 3728, Claymont, DE 19703-2424

or to such other address as either party may designate in writing from time to time.


13. Headings

The headings in this DPA are for convenience only and shall not affect its interpretation.


14. Counterparts

This DPA may be executed in one or more counterparts, each of which shall be deemed an original, but all of which together shall constitute the same instrument.


More information about how WebHostingM processes personal data is outlined in the Privacy Policy available at: webhostingm.com/privacy-policy.

Live Chat
Chat with one of our representatives in real-time.
Send Email
Contact us for bespoke solution or technical guidance.
Knowledge base
Read our FAQs, and/or technical guides or get direct support.