Trust Built on Compliance.

This Data Processing Agreement (“DPA”) forms part of the main service agreement or Terms of Service between you (“Customer”, “Controller”) and SNELBIT NETWORKS SINGLE MEMBER P.C. (“SnelBit Networks”, “SNELBIT”, “Processor”, “we”, “us”) for the provision of hosting, domain, and email services.

The purpose of this DPA is to ensure compliance with the requirements of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) in relation to the processing of Personal Data on your behalf.

1. Definitions

   For the purposes of this DPA:

   • “Personal Data” means any information relating to an identified or identifiable natural person as defined in GDPR.
   • “Processing”, “Controller”, “Processor”, “Data Subject”, “Supervisory Authority” have the meanings given in the GDPR.
   • “Services” means the hosting, domain, email, and related services provided by SnelBit Networks.
   • “Sub-Processor” means any third party engaged by SnelBit Networks that processes Personal Data on behalf of the Customer in connection with the Services.

2. Scope of Processing

   SnelBit Networks will process Personal Data solely for the purpose of providing the Services to the Customer under the main agreement. This includes, but is not limited to:

   • Storing and serving website content, databases, and emails.
   • Providing access to the client portal and account management tools.
   • Providing technical and security support.
   • Managing domains and DNS, where applicable.

   SnelBit shall not process Personal Data for any other purpose unless required to do so by EU or Member State law, in which case SnelBit will inform the Customer (unless prohibited by law).

3. Roles of the Parties

   The Customer acts as the Data Controller for Personal Data stored, uploaded, or otherwise processed through the Services. SnelBit Networks acts as the Data Processor for such data.

   The Customer is responsible for determining the lawful basis for processing Personal Data and for complying with all applicable Controller obligations under GDPR.

4. Obligations of the Processor (SnelBit Networks)

   SnelBit Networks agrees to:

   • Process Personal Data only on documented instructions from the Customer, including transfers to a third country or international organization, unless required by EU or Member State law.
   • Ensure persons authorized to process Personal Data are bound by confidentiality obligations.
   • Implement appropriate technical and organizational measures (Article 32 GDPR) to ensure security appropriate to the risk.
   • Assist the Customer, insofar as reasonably possible, with Data Subject rights requests.
   • Assist the Customer with security, breach notification, DPIAs, and prior consultation obligations where relevant and reasonable.
   • Make available information necessary to demonstrate compliance with this DPA and GDPR obligations relating to processing.

5. Security Measures

   SnelBit Networks will implement appropriate security measures, which may include, as appropriate:

   • Use of secure data centers and network infrastructure.
   • Firewalls, intrusion detection, and DDoS protection.
   • Encryption of data in transit (e.g., TLS).
   • Access controls based on least privilege.
   • Security monitoring, logging, and regular updates.

6. Sub-Processors

   The Customer authorizes SnelBit Networks to engage sub-processors to provide the Services, such as:

   • Data center and infrastructure providers.
   • Domain registries and registrars.
   • Email delivery and DNS providers.
   • Backup and security providers.

   SnelBit will ensure sub-processors are bound by written agreements with data protection obligations no less protective than those set out in this DPA. SnelBit remains fully liable to the Customer for the performance of sub-processors.

7. Analytics and Marketing Providers

   With the Customer’s configuration and subject to end-user consent where required by law, the Services may integrate third-party analytics and marketing platforms, including but not limited to Google Analytics, Google Tag Manager, Facebook (Meta) Pixel, LinkedIn Insight Tag, and X (Twitter) Ads Pixel.

   • These providers generally act as independent data controllers for Personal Data they collect directly through their tracking technologies.
   • Such scripts are only activated where the Customer has chosen to enable them and where end-users have provided consent via the cookie banner or other consent mechanisms.
   • The Customer remains responsible for ensuring a valid legal basis and disclosures in the Customer’s own privacy and cookie notices.

8. International Data Transfers

   Where Personal Data is transferred outside the EU/EEA, SnelBit Networks will ensure such transfers are made in compliance with GDPR, including through mechanisms such as:

   • Transfers to countries with an adequacy decision from the European Commission.
   • Standard Contractual Clauses (SCCs) or other appropriate safeguards.

9. Data Subject Requests

   If SnelBit receives a request from a Data Subject directly (e.g., access, rectification, deletion), SnelBit will, where reasonably possible, notify the Customer without undue delay. SnelBit will not respond directly unless authorized by the Customer or required by law.

   It is the Customer’s responsibility, as Controller, to respond to Data Subject requests in accordance with GDPR.

10. Personal Data Breach Notification

    In the event of a Personal Data breach affecting data processed on behalf of the Customer, SnelBit Networks will notify the Customer without undue delay after becoming aware of the breach.

    Such notification will include, where possible, relevant information to help the Customer meet any obligations to report the breach to supervisory authorities or Data Subjects, as required by GDPR.

11. Data Retention and Deletion

    Upon termination or expiration of the Services, SnelBit Networks will:

    • Delete or anonymize Personal Data processed on behalf of the Customer within a reasonable period, unless storage is required by EU or Member State law.
    • Delete backups containing Personal Data as they reach the end of their backup lifecycle.
    • At the Customer’s written request and where technically feasible, provide a copy of certain data before deletion, subject to applicable fees and security verification.

12. Audits and Compliance Information

    Upon reasonable request, SnelBit Networks will make available information necessary to demonstrate compliance with this DPA and applicable data protection law. Where further verification is required, the Customer may request a more detailed review subject to:

    • Reasonable advance notice.
    • Non-disruption of SnelBit’s operations.
    • Confidentiality obligations.
    • Additional terms and cost reimbursement for any on-site audits, if agreed.

13. Liability

    The liability of each party under this DPA is subject to the limitations and exclusions of liability set out in the main service agreement or Terms of Service between the Customer and SnelBit Networks. Nothing in this DPA shall increase or expand SnelBit’s liability beyond that agreed in the main agreement.

14. Term and Termination

    This DPA enters into force when the Customer first uses SnelBit Networks’ Services or otherwise agrees to the Terms of Service and remains in effect for as long as SnelBit processes Personal Data on behalf of the Customer.

    Upon termination of all Services and completion of data deletion in accordance with this DPA, this Agreement shall automatically terminate, except for provisions intended to survive (e.g., confidentiality and liability).

15. Contact and Data Protection Queries

    If you have any questions about this Data Processing Agreement or how SnelBit Networks processes Personal Data on your behalf, please contact us: abuse@snelbit.com