background image

Data Processing Agreement (DPA)

This Data Processing Agreement ("Agreement") is made and entered into by and between StellarDS.io, Inc. ("Processor") and the customer ("Controller") who subscribes to the StellarDS.io services ("Services"). This Agreement governs the processing of personal data by StellarDS.io in the provision of its cloud storage services.

Definitions

1.1. "Data Protection Laws" refers to all applicable laws and regulations relating to the processing of personal data and privacy, including the General Data Protection Regulation (EU) 2016/679 (GDPR) and any national implementing laws.

1.2. "Personal Data" means any information relating to an identified or identifiable natural person.

1.3. "Processing" means any operation performed on Personal Data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, alignment, combination, restriction, erasure, or destruction.

2. Scope and Duration

2.1. This Agreement applies to the processing of Personal Data in connection with the Services provided by StellarDS.io to the Controller.

2.2. This Agreement is effective for the duration of the Controller's subscription to the Services.

3. Processing of Personal Data

3.1. The Processor shall process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by applicable law.

3.2. The Processor shall ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

4. Security Measures

4.1. The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including, as appropriate:

(a) Pseudonymization and encryption of Personal Data;

(b) Ensuring the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;

(c) Ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;

(d) Regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.

5. Sub-processors

5.1. The Controller authorizes the Processor to engage sub-processors to process Personal Data, provided that:

(a) The Processor informs the Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Controller the opportunity to object to such changes;

(b) The Processor ensures that any sub-processor is bound by written agreements that require them to provide at least the same level of data protection as required by this Agreement.

6. Data Subject Rights

6.1. The Processor shall assist the Controller in responding to requests from data subjects to exercise their rights under the GDPR, including rights of access, rectification, erasure, restriction, data portability, and objection.

7. Personal Data Breach

7.1. The Processor shall notify the Controller without undue delay upon becoming aware of a personal data breach.

8. Data Protection Impact Assessment and Prior Consultation

8.1. The Processor shall provide reasonable assistance to the Controller in conducting data protection impact assessments and prior consultations with supervisory authorities as required under the GDPR.

9. Deletion or Return of Personal Data

9.1. Upon termination of the Services, the Processor shall, at the choice of the Controller, delete or return all Personal Data to the Controller and delete existing copies, unless retention of the data is required by applicable law.

10. Audits

10.1. The Processor shall make available to the Controller all information necessary to demonstrate compliance with this Agreement and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller.

11. Governing Law and Jurisdiction

11.1. This Agreement shall be governed by and construed in accordance with the laws of Belgium.

11.2. Any disputes arising out of or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of Belgium.

Acceptance

By using the Services, the Controller agrees to the terms of this Data Processing Agreement.

StellarDS.io