This Data Processing Agreement (this "DPA") is entered between, s.r.o. ("", "we") and Customer ("Customer", "you"), together referred as "The Parties". This agreement ("DPA") is part of the Terms of Service, Privacy Policy and other relevant policies (the "Agreement"). Customer agreeing to these terms enters in this DPA on their own behalf to the extent required under applicable Data Protection Regulations and Laws and to the extent processes Customer Data as instructed by the Controller (as defined in Section 1).

In the course of providing the Services to the Customer, may Process Customer Data on behalf of the Customer. The Parties agree to comply with the following provisions with respect to any Customer Data, each acting reasonably and in good faith.


"Agreement" means the Terms of Service and other relevant policies announced on our website, together with your Order for the purchase of Services and the Order confirmation sent by

"Order" means any Customer’s order for the purchase of the respective services.

"Site" means the website and all services we offer through our website.

"Services" means any hosting services we offer and the Customer has purchased that could involve the processing of Personal Data by

"Partner" means any entity that directly or indirectly controls, is controlled by or is under common control with the subject entity.

"Control," for the purpose of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

"Additional Products" means any features, products, software, programs, add-ons, plugins, scripts, tools or any other third-party software or content that are not part of the Services but that may be accessible via the User Area or the Control Panel, installed by the Customer or otherwise for the usage of the Services.

"Controller" means the natural person or the legal entity which, alone or jointly with others, determines the purposes and means of the processing of customer data.

"Affiliate" means, as to any entity, any other entity that, directly or indirectly, controls, is controlled by, or is under common control with such entity through majority ownership.

"Data Protection Law" means any and all data protection laws and regulations that apply to the Processing of Personal Data by under the Agreement.

"Data Subject" means an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

"" means the entity which is a party to this DPA, as specified in the section, a company registered and existing under the laws of Strážkovice, Czech Republic, with address: Pod Rafandou 906, 391 81 Veselí nad Lužnicí, Czech Republic.

"Personal Data" means any data that: (a) is deemed "personal data" or "personal information" (or other analogous variations of such terms) under Data Protection Law; and (b) that Customer submits using the Services for to Process on Customer’s behalf.

"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data.

"Process" or "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

"Standard Contractual Clauses" means the standard contractual clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the transfer of personal data to processors established in third countries, the text of which is available at:

"Subprocessor" means any Processor engaged by


This DPA applies when processes Customer’s data for which will act as "processor" or "service provider" (or other analogous variations of such terms) under Data Protection Law.

2.1. Limitations on Use will process Personal Data only: (a) in a manner consistent with documented instructions from Customer, including (i) to provide the Services, (ii) as permitted under the Agreement, including as specified in Attachment 1 to this DPA, and (iii) consistent with other reasonable instructions of Customer; and (b) with prior notice (unless notice is legally prohibited), as required by applicable law. Without limiting the foregoing, will not collect, retain, use, or disclose the Personal Data for any purpose other than as necessary for the specific purpose of performing the Services, including not collecting, retaining, using, or disclosing the Personal Data for a commercial purpose other than providing the Services.

2.2. Confidentiality will ensure that persons authorized by to Process any Personal Data are subject to appropriate confidentiality obligations.

2.3. Security will protect Personal Data in accordance with requirements under Data Protection Law, including by implementing appropriate technical and organizational measures designed to protect Personal Data against Personal Data Breach.

2.4. Return or Disposal

At the choice of Customer, delete or return (or will enable Customer to delete or retrieve) all Personal Data after the end of the provision of Services (unless applicable law requires to store any Personal Data).

2.5. Customer Obligations

Customer will not instruct to perform any Processing of Personal Data that violates any Data Protection Law. may suspend Processing based upon any Customer instructions that reasonably suspects violate Data Protection Law. Subject to the cooperation of as specified in this DPA, Customer will be solely responsible for safeguarding the rights of Data Subjects. Customer will promptly notify about any faults or irregularities in the Processing by discovered by Customer.


3.1. Data Subject’s Rights Assistance

Taking into account the nature of the Processing of Personal Data by under the Agreement, will provide reasonable assistance to Customer by appropriate technical and organizational measures, insofar as possible and as necessary, for the fulfilment of Customer’s obligations to respond to requests for exercising Data Subject’s rights under Data Protection Law (including Chapter III of the GDPR, as applicable) with respect to Personal Data solely to the extent Customer does not have the ability to address such Data Subject request without such assistance.

3.2. Security Assistance

To assist Customer in its efforts to ensure compliance with the security requirements under Data Protection Law including Article 32 of the GDPR, shall implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.

3.3. Data Protection Impact Assessment Assistance

Taking into account the nature of’s Processing of Personal Data and the information available to, will provide reasonable assistance to Customer as required for Customer to comply with its obligations under Articles 35 and 36 of the GDPR in connection with’s Processing of Personal Data under the Agreement.

3.4. Personal Data Breach Notice and Assistance will notify Customer without undue delay after becoming aware of a Personal Data Breach. Taking into account the nature of Processing and the information available to, will provide reasonable assistance to Customer as may be necessary for Customer to satisfy any notification obligations required under Data Protection Law (including Articles 33 or 34 of the GDPR) related to any Personal Data Breach.

4. AUDITS will allow for and contribute to audits as follows:

(а) Once every 12 months, Customer may request to review a summary of’s SOC audit report regarding the Processing activities covered by this DPA;

(б) Customer or a third party auditor reasonably acceptable to may conduct an on-site audit of’s processing activities as required by a supervisory authority or Data Protection Law. Such on-site audit must (i) be scheduled on at least 45 days advance notice at a mutually agreed date and time; (ii) occur during’s normal business hours; (iii) be permitted only to the extent required to assess’s compliance with this DPA; (iv) comply with the policies, procedures, and other restrictions reasonably imposed by and, if applicable, the Subprocessor; and (v) not unreasonably interfere with’s business activities. Customer’s auditor will not be entitled to access information subject to third-party confidentiality obligations. Customer will provide written communication of any audit findings to, and the results of the audit will be the confidential information of


Customer authorizes to use’s Affiliates and third-party subprocessors to Process Personal Data in connection with the provision of Services to Customer ("Subprocessor"). will impose data protection obligations upon any Subprocessor that are no less protective than those included in this DPA. shall remain liable to Customer for a Subprocessor’s failure to fulfill its data protection obligations.


Personal Data may be transferred to any country in which or its Subprocessors maintain facilities. This Section 6 only applies to the transfer of Personal Data from the European Economic Area ("EEA") to a third country that has not been deemed adequate by the European Commission (for transfers from the EEA).

6.1. Data Transfers from Customer to

For Personal Data transferred from the EEA will conduct the transfer: (a) pursuant to the Standard Contractual Clauses; or (b) any other data transfer mechanism permitted under Data Protection Law, such as binding corporate rules. For purposes of the Standard Contractual Clauses, the following terms will apply: (i) Customer and will be deemed to have executed the Standard Contractual Clauses as of the effective date of this DPA; (ii) Customer will be referred to as the "Data Exporter" and will be referred to as the "Data Importer" in the clauses with relevant company name and address details from the Agreement being inserted accordingly; (iii) details in Attachment 1 to this DPA will be used to complete Appendix 1 of those clauses, as appropriate.

6.2 Data Transfers to Subprocessors

If transfers Personal Data to a Subprocessor then shall enter into the Standard Contractual Clauses with the Subprocessor on Customer’s behalf, and the Subprocessor will be the "data importer" and the Customer will be the "data exporter".


7.1 If there is a conflict (a) the terms of this DPA will prevail over the terms of the Agreement and (b) the Standard Contractual Clauses will prevail over this DPA. Except for the matters covered by this DPA, all terms of the Agreement, remain in effect. Capitalized terms not defined in this DPA have the same meaning as in the Agreement. Except as otherwise stated in the Agreement, this DPA and the Standard Contractual Clauses will automatically terminate upon the termination or expiration of the Agreement.

Attachment 1 - Scope of Processing

Subject-Matter and Duration of Processing Processes Personal Data for the subject matter specified under the Agreement and until the Agreement terminates or expires, unless otherwise agreed upon by the parties in writing. In particular, the subject matter is determined by the Service(s) to which Customer subscribes and the data which Customer uploads to the Service.

Nature and Purpose of Processing (including Processing Operations)

The nature and purpose of Processing is determined by the Service(s) to which Customer subscribes and the data which Customer uploads to the Service.

For instance:

  1. Data Integration Cloud Services Process data uploaded to the Service, including Personal Data if uploaded, to connect, transform, and integrate data, applications, and processes across on-premise and cloud systems.
  2. Data Management, Quality, and Governance Cloud Services Process data uploaded to the Service, including Personal Data if uploaded, to help Customer understand and enrich data, to help ensure that data are relevant and trustworthy, and to help optimize compliance and business value from data.
  3. Infrastructure Hosting Services Process data uploaded to the Service, including Personal Data if uploaded, in accordance with the function performed by the software product that is hosting for Customer.

Types of Personal Data

Customer controls the types of Personal Data uploaded via the Services for Processing. may Process postal addresses, email addresses, and/or telephone numbers, in accordance with the specific Service to which Customer subscribes.

Special Categories of Personal Data None anticipated, but Customer controls the types of Personal Data processed via the Services.

Categories of Data Subjects Customer controls the categories of Data Subjects to which the Personal Data relates. For instance, Customer may Process via the Services Personal Data that relates to its current or prospective customers, employees or business partners.


Spelling error report

The following text will be sent to our editors: