Data Processing Agreement#
This Data Processing Agreement (referred to as "DPA") is an integral part of Fusionsoftdomains’s Terms of Service (the "Principal Agreement") and is thereby incorporated into the Principal Agreement by reference. Fusionsoftdomains retains the right to modify the respective Agreements at any time without prior notice. Any updated versions of these Agreements will be made available on our website.
1. Introduction#
This DPA becomes applicable upon your subscription to our services, with Fusionsoftdomains acting as the Processor of your Personal Data. When providing these services, you, as the Controller, retain authority over the Personal Data we process, determining the reasons and methods for such Processing.
2. Definitions and Interpretations#
2.1. The terms defined in this DPA complement those in the Principal Agreement. Any terms not expressly defined herein shall carry the meanings ascribed to them in the Principal Agreement. In the event of a conflict between provisions of the Principal Agreement and this DPA, the provisions of the DPA shall prevail.
- "Controller" refers to the entity determining the purposes and means of Personal Data processing, which is you, our Customer.
- "Data Protection Law" encompasses all applicable regulations governing Fusionsoftdomains’s Processing of Personal Data under this DPA, including GDPR, the Protection of Personal Information Act 4 of 2013, and ePrivacy laws.
- "Data Subject" represents the individual whose data is being processed, typically your customers or site visitors.
- "GDPR" denotes Regulation (EU) 2016/679 concerning the protection of personal data.
- "Personal Data" includes any information relating to an identifiable individual, such as names, email addresses, and other identifiable details.
- "Personal Data Breach" signifies any unauthorised or unlawful processing of Personal Data.
- "Process" or "Processing" encompasses any action performed on data, whether automated or manual, such as collection, recording, organisation, or deletion.
- "Processor" refers to Fusionsoftdomains, a third party processing Personal Data on behalf of the Controller.
- "Standard Contractual Clauses" denotes the new Standard Contractual Clauses adopted by the European Commission on 4 June 2021 to facilitate data transfers.
- "Subprocessor" represents any entity appointed by or on behalf of the Processor to process Personal Data in connection with the Agreement.
3. Agreement Subject Matter#
3.1. Application: This DPA applies to Fusionsoftdomains’s Processing of your Personal Data subject to relevant Data Protection Laws.
3.2. Acceptance: By utilising our products and services, you are deemed to have read, understood, accepted, and agreed to be bound by all terms of the respective Agreements.
3.3. Duration: Fusionsoftdomains shall Process Personal Data until the expiry or termination of the Principal Agreement, unless otherwise specified in writing, as per clause 4.1.5 below.
3.4. Limitations: This DPA does not apply to Fusionsoftdomains’s Processing of data beyond the scope of the Principal Agreement.
3.5. Details of Processing: Specifics related to Processing are outlined in the Principal Agreement and our Privacy Policy, which are incorporated into this DPA by reference.
- The subject-matter, nature, purpose, type, and categories of Personal Data, as well as Controller’s rights, are described therein.
4. Data Processing and Protection#
4.1. Processor’s Obligations
4.1.1. Processing of Data: Fusionsoftdomains will comply with applicable Data Protection Laws when Processing Personal Data, strictly adhering to Controller’s documented instructions.
- Fusionsoftdomains is instructed by the Controller to Process Personal Data for the provision of Services and related technical support as per the Principal Agreement.
4.1.2. Data Transfer: Fusionsoftdomains may only transfer Personal Data to a third country or international organisation based on Controller’s documented instructions, except where required by law.
- Fusionsoftdomains must inform Controller of any legal requirement prior to Processing Personal Data, unless prohibited by law.
4.1.3. Processors Personnel: Fusionsoftdomains shall ensure that its personnel authorised to Process Personal Data are bound by appropriate confidentiality obligations.
- Fusionsoftdomains imposes relevant contractual obligations, including those pertaining to confidentiality, data protection, and security, upon its personnel.
4.1.4. Security Measures: Fusionsoftdomains will implement suitable technical and organisational security measures to mitigate risks associated with Personal Data processing.
- These measures will be in line with Data Protection Laws and Fusionsoftdomains’s Security Statement.
- Fusionsoftdomains will assess the appropriate level of security, prioritising protection against unauthorised access or disclosure of Personal Data.
- Fusionsoftdomains will cooperate and provide assistance for audits by Controller or authorised auditors.
- Fusionsoftdomains will notify Controller promptly upon becoming aware of a Personal Data Breach, providing all necessary information to assist Controller in fulfilling its obligations.
4.1.5. Return or Deletion of Personal Data: Upon Controller’s notification, Fusionsoftdomains shall securely delete all Personal Data, including copies thereof, to the extent permitted by applicable law.
- Fusionsoftdomains agrees to maintain the confidentiality of any retained Personal Data in accordance with the law.
4.1.6. Subprocessing: Fusionsoftdomains shall not engage any Subprocessor without Controller’s prior authorisation, unless provided for in the Principal Agreement.
4.1.7. Authorised Subprocessors: Controller authorises Fusionsoftdomains to engage specific categories of Subprocessors primarily located in the European Union for Data Processing activities related to the services under the Principal Agreement.
4.1.8. Specific Obligations: Fusionsoftdomains will ensure that its Subprocessors adhere to data protection obligations compatible with those of Fusionsoftdomains under this DPA.
4.2. Controller’s Obligations
4.2.1. Warranties: Controller warrants possessing all necessary rights to provide Personal Data to Fusionsoftdomains.
4.2.2. Responsibilities: Controller must ensure that designated personnel within its organisation comply with Data Protection Laws.
- This includes providing privacy notices to Data Subjects, obtaining necessary consent, maintaining records of consent, and informing Processor of any revocation of consent by Data Subjects, as required by applicable law.
5. Processing of Personal Data outside of the European Economic Area (EEA)#
5.1. Standard Contractual Clauses
5.1.1. Applicability: The Standard Contractual Clauses apply to processing involving the transfer of Personal Data outside the EEA.
- Exceptions apply where Parties have adopted alternative mechanisms for lawful data transfers outside the EEA.
5.1.2. Adequate Protection: Parties must ensure that the level of protection in the recipient country meets the requirements of applicable Data Protection Laws.
- Supplementary measures may be necessary to maintain a level of protection equivalent to that mandated by law.
6. General Terms#
6.1. Confidentiality: Fusionsoftdomains shall maintain the confidentiality of Personal Data and refrain from disclosing it to third parties except as required by law.
6.2. Notices: All notices and communications under this Agreement shall be in writing and sent via email to the respective addresses provided by the Parties.
6.3. Liability and Indemnity: Each Party indemnifies the other against claims arising from breaches of this DPA or applicable Data Protection Laws, subject to specified conditions.