Tortoise Host Logo
Get Started

Data Processing Agreement

According to Art. 28 (3) General Data Protection Regulation (GDPR)

Data Processing Illustration

Ensuring secure and compliant data processing practices.

1. Subject-matter and Duration of the Processing

This Agreement applies to the extent that Tortoise Host Ltd. processes personal data on behalf of the Customer as a controller, in relation to providing hosting, cloud services, and other contracted services.

The terms “controller,” “data subject,” “personal data,” “processing,” “processor,” and “third party” shall have the meaning assigned to them under the Data Protection Legislation.

2. Nature and Purpose of the Processing

The nature of the processing includes all types of data handling necessary for the performance of the services under the Main Contract.

The purpose of processing includes, but is not limited to, cloud services, hosting, IT support, and Software as a Service (SaaS).

3. Type of Personal Data and Categories of Data Subjects

The type of data processed is determined by the Customer based on the product selection, configuration, and data submitted through the services.

4. Responsibility and Processing on Documented Instructions

The Customer is responsible for ensuring the legality of the data transfer and compliance with the Data Protection Legislation.

5. Rights of the Customer, Obligations of the Processor

The Processor processes data only in accordance with the Customer's instructions, except where otherwise required by law.

6. Obligations of the Customer

The Customer must immediately inform the Processor if they detect any data protection irregularities.

7. Requests from Data Subjects

If a data subject approaches the Processor with requests for correction, deletion, or information, the Processor shall refer the request to the Customer.

8. Measures for the Security of Processing

The Processor will implement appropriate technical and organizational measures to ensure data security, including confidentiality, integrity, and resilience of the processing systems.

9. Proof and Verification

The Processor will provide the Customer with all necessary information to demonstrate compliance with data processor obligations.

10. Subprocessors

The Customer authorizes the Processor to engage subprocessors for the performance of services, in compliance with this Agreement.

11. Liability and Compensation

The Processor shall assist the Customer in defending any claims made by data subjects, and liabilities shall follow the provisions of the Main Contract.

12. Contract Period and Miscellaneous

This Agreement comes into force when the Main Contract is signed and remains valid until processing activities cease.