Deutsch Deutsch

 

Data Processing Addendum (DPA) of One Click Actions

Last update: November 6, 2024

This Data Processing Addendum (“DPA”) forms part of the Services Agreement (“Main Agreement”) between the Data Controller and One Click Actions (“Data Processor”), located at Friesengasse 29, Frankfurt am Main, Germany. This DPA governs the terms and conditions for the processing of personal data by One Click Actions on behalf of the Data Controller in accordance with the European Union General Data Protection Regulation (GDPR) and German data protection laws.

1. definitions

  • Data controller: The person or organization that determines the purposes and means of the processing of personal data.
  • Data Processor: One Click Actions, which processes data on behalf of the Data Controller.
  • Personal data: Information relating to an identified or identifiable natural person (the “data subject”).
  • Sub-processor: any other service provider that processes personal data on behalf of One Click Actions.
  • Personal data breach: A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.

2. object and duration of the processing

  • Purpose: This DPA governs the processing of personal data carried out by One Click Actions on behalf of the Data Controller in connection with the services described in the Main Agreement.
  • Duration: One Click Actions will only process personal data for as long as the contractual relationship exists or as specified by the data controller.

3. nature and purpose of the processing

  • Processing operations: Activities include the collection, storage, retrieval, transmission and deletion of personal data necessary to provide One Click Actions’ hosting and domain services.
  • Purpose: The processing is carried out exclusively for the provision of hosting and domain services, customer support, billing and other services defined in the main contract.

4. types of personal data and categories of data subjects

  • Types of personal data: Identification data (name, address, e-mail, telephone number), contact data and data-related information.
  • Categories of data subjects: The personal data relates to the data controller’s customers and, where applicable, end users of the services.

5 Obligations of the data controller

  • Lawfulness of processing: The data controller ensures that all necessary consents have been obtained and that the personal data is processed lawfully, transparently and fairly.
  • Documented instructions: The data controller provides One Click Actions with documented instructions on the processing of personal data, including any changes.
  • Rights of the data subjects: The data controller is responsible for processing requests from data subjects in relation to their rights under the GDPR.

6. obligations of One Click Actions as data processor

  • Processing according to instructions: One Click Actions will only process the personal data in accordance with the instructions of the data controller.
  • Security measures: One Click Actions implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction or alteration in accordance with Articles 32-36 GDPR.
  • Notification of breaches: One Click Actions will notify the data controller without undue delay of any personal data breach.
  • Support in complying with legal obligations: One Click Actions supports the data controller to the best of its ability in complying with the GDPR, including data subject rights, data protection impact assessments and consultations with supervisory authorities.
  • Return or deletion of data: Upon termination of the contract, One Click Actions will return or delete all personal data unless there is a legal obligation to retain it.

7. sub-processors

  • Authorization of sub-processors: One Click Actions has general authorization to engage sub-processors, provided they comply with the same data protection obligations as in this DPA.
  • List of sub-processors: Upon request, One Click Actions will provide an up-to-date list of sub-processors.
  • Contracts with sub-processors: Contracts with sub-processors contain the same data protection obligations to which One Click Actions is subject under this DPA.

8. international data transfers

  • Transfers outside the EEA: Where personal data is transferred outside the European Economic Area (EEA), One Click Actions will ensure that appropriate safeguards are implemented, such as standard contractual clauses or transfer mechanisms approved by the European Commission.
  • Information requests: One Click Actions will notify the data controller of any requests from foreign authorities for access to personal data where permitted by law.

9. audit rights

  • Right to audit: The Data Controller has the right to audit the processing activities of One Click Actions to ensure compliance with this DPA, upon reasonable notice and without business interruption.
  • Audit support: One Click Actions will assist the data controller in conducting audits or inspections to verify compliance with this DPA.

10. confidentiality

  • Duty of confidentiality: One Click Actions guarantees that all persons authorized to process personal data are subject to a duty of confidentiality or a statutory duty of secrecy.
  • Restricted access: Access to personal data is only permitted to authorized personnel and only to the extent necessary for the provision of services.

11 Liability and compensation

  • Liability: One Click Actions is liable for breaches of this DPA caused by its own actions or those of its sub-processors.
  • Compensation: In the event of damage or loss caused by a breach of this DPA, One Click Actions will pay compensation in accordance with the applicable legal provisions.

12. termination of the DPA

  • Terms of termination: This DPA will remain in force for as long as the main contract between the Data Controller and One Click Actions remains in force.
  • Return and deletion of data upon termination: Upon termination of the contract or at the request of the data controller, One Click Actions will return or delete all personal data, provided that there are no statutory retention obligations.