Trust Built on Lawful Processing.

Definitions

For the purposes of this DPA:

• “Personal Data” means any information relating to an identified or identifiable natural person as defined in GDPR.
• “Processing”, “Controller”, “Processor”, “Data Subject”, “Supervisory Authority” have the meanings given in the GDPR.
• “Services” means the hosting, domain, email, and related services provided by SnelBit Networks.
• “Sub-Processor” means any third party engaged by SnelBit Networks that processes Personal Data on behalf of the Customer in connection with the Services.

Scope of Processing

SnelBit Networks will process Personal Data solely for the purpose of providing the Services to the Customer under the main agreement. This includes, but is not limited to:

• Storing and serving website content, databases, and emails.
• Providing access to the client portal and account management tools.
• Providing technical and security support.
• Managing domains and DNS, where applicable.

SnelBit shall not process Personal Data for any other purpose unless required to do so by EU or Member State law, in which case SnelBit will inform the Customer (unless prohibited by law).

Roles of the Parties

The Customer acts as the Data Controller for Personal Data stored, uploaded, or otherwise processed through the Services. SnelBit Networks acts as the Data Processor for such data.

The Customer is responsible for determining the lawful basis for processing Personal Data and for complying with all applicable Controller obligations under GDPR.

Obligations of the Processor (SnelBit Networks)

SnelBit Networks agrees to:

• Process Personal Data only on documented instructions from the Customer, including with regard to transfers of Personal Data to a third country or an international organization, unless required to do so by EU or Member State law.
• Ensure that persons authorized to process Personal Data are bound by confidentiality obligations.
• Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as required by Article 32 GDPR.
• Assist the Customer, insofar as reasonably possible, in fulfilling the Customer’s obligations to respond to Data Subjects’ requests to exercise their rights under GDPR.
• Assist the Customer in complying with security, breach notification, impact assessment, and prior consultation obligations where relevant and reasonable.
• Make available to the Customer information necessary to demonstrate compliance with this DPA and GDPR obligations relating to data processing.

Security Measures

SnelBit Networks will implement appropriate security measures, which may include, as appropriate:

• Use of secure data centers and network infrastructure.
• Firewalls, intrusion detection, and DDoS protection.
• Encryption of data in transit (e.g., TLS).
• Access controls based on least privilege.
• Security monitoring, logging, and regular updates.

Sub-Processors

The Customer authorizes SnelBit Networks to engage sub-processors to provide the Services, such as:

• Data center and infrastructure providers.
• Domain registries and registrars.
• Email delivery and DNS providers.
• Backup and security providers.

SnelBit will ensure that sub-processors are bound by written agreements imposing data protection obligations no less protective than those set out in this DPA. SnelBit remains fully liable to the Customer for the performance of sub-processors.

Analytics and Marketing Providers

With the Customer’s configuration and subject to end-user consent where required by law, the Services may integrate certain third-party analytics and marketing platforms, including but not limited to Google Analytics, Google Tag Manager, Facebook (Meta) Pixel, LinkedIn Insight Tag, and X (Twitter) Ads Pixel.

• These providers generally act as independent data controllers for Personal Data they collect directly through their tracking technologies.
• SnelBit ensures that such scripts are only activated where the Customer has chosen to enable them and where end-users have provided consent via the cookie banner or other consent mechanisms.
• It remains the Customer’s responsibility, as Controller, to ensure that use of these platforms is covered by a valid legal basis and appropriately described in the Customer’s own privacy and cookie notices.

International Data Transfers

Where Personal Data is transferred outside the EU/EEA, SnelBit Networks will ensure that such transfers are made in compliance with GDPR, including through mechanisms such as:

• Transfers to countries with an adequacy decision from the European Commission.
• Standard Contractual Clauses (SCCs) or other appropriate safeguards.

Data Subject Requests

If SnelBit receives a request from a Data Subject directly (e.g., for access, rectification, or deletion), SnelBit will, where reasonably possible, notify the Customer without undue delay. SnelBit will not respond directly to such requests unless authorized by the Customer or required by law.

It is the Customer’s responsibility, as Controller, to respond to Data Subject requests in accordance with GDPR.

Personal Data Breach Notification

In the event of a Personal Data breach affecting data processed on behalf of the Customer, SnelBit Networks will notify the Customer without undue delay after becoming aware of the breach.

Such notification will include, where possible, relevant information to help the Customer meet any obligations to report the breach to supervisory authorities or Data Subjects, as required by GDPR.

Data Retention and Deletion

Upon termination or expiration of the Services, SnelBit Networks will:

• Delete or anonymize Personal Data processed on behalf of the Customer, within a reasonable period, unless storage is required by EU or Member State law.
• Delete backups containing Personal Data as they reach the end of their backup lifecycle.

At the Customer’s written request and where technically feasible, SnelBit will provide a copy of certain data before deletion, subject to applicable fees and security verification.

Audits and Compliance Information

Upon reasonable request, SnelBit Networks will make available information necessary to demonstrate compliance with this DPA and applicable data protection law. Where further verification is required, the Customer may request a more detailed review, subject to:

• Reasonable advance notice.
• Non-disruption of SnelBit’s operations.
• Confidentiality obligations.

Any on-site audits, if agreed, may be subject to additional terms and cost reimbursement.

Liability

The liability of each party under this DPA is subject to the limitations and exclusions of liability set out in the main service agreement or Terms of Service between the Customer and SnelBit Networks. Nothing in this DPA shall increase or expand SnelBit’s liability beyond that agreed in the main agreement.

Term and Termination

This DPA enters into force when the Customer first uses SnelBit Networks’ Services or otherwise agrees to the Terms of Service and remains in effect for as long as SnelBit processes Personal Data on behalf of the Customer.

Upon termination of all Services and completion of data deletion in accordance with this DPA, this Agreement shall automatically terminate, except for provisions that are intended to survive, such as confidentiality and liability clauses.

Contact and Data Protection Queries

If you have any questions about this Data Processing Agreement or how SnelBit Networks processes Personal Data on your behalf, please contact us:

• abuse@snelbit.com