Data Processing Agreement (Controller–Processor)
Last Updated: October 2025
Parties and Roles
This DPA forms part of the Service Agreement where Customer is the controller and Hostyt is the processor for Customer Personal Data.
Subject Matter and Duration
Processing relates to provisioning and support of hosting services for the term of the Agreement until deletion or return of data upon termination.
Nature and Purpose; Categories
Processing includes storage, transmission, and security operations on data such as identifiers, contact details, and logs for end users of Customer’s services.
Processor Obligations
- Process only on documented instructions, including transfers, unless required by EU/Member State law.
- Ensure confidentiality, implement appropriate technical and organizational security measures, and assist with data subject requests and DPIAs.
- Notify without undue delay after becoming aware of a personal data breach and cooperate in remediation.
Sub‑processing
Use of sub‑processors requires prior authorization; Hostyt maintains a list and ensures equivalent obligations via written contracts.
International Transfers
Transfers outside the EEA are safeguarded by the European Commission Standard Contractual Clauses and supplementary measures where necessary.
Audits
Hostyt makes available information necessary to demonstrate compliance and allows audits by the Customer or an appointed auditor subject to reasonable notice and confidentiality.
Data Return and Deletion
Upon termination, Hostyt deletes or returns all Customer Personal Data, unless retention is required by law, then deletes after expiry.
