VPSBlocks Pty Ltd Data Processing Addendum
This Data Processing Addendum (“Addendum”) forms part of the Terms of Service, entered into between VPSBlocks Pty Ltd, Inc. (“VPSBlocks Pty Ltd”) and you that incorporates this Addendum by reference (the “Agreement”), and governs the Processing of Personal Information by VPSBlocks Pty Ltd in providing its hosting service (the “Service”) pursuant to the Agreement.
If you would like to complete a countersigned copy of this Addendum for your records, the following are the instructions for completing such a copy:
1. This Addendum has been pre-signed on behalf of VPSBlocks Pty Ltd.
2. To complete a countersigned copy of this Addendum, you must:
1.1 “Data Subject” means any individual about whom Personal Information may be Processed under this Addendum.
1.2 “Data Protection Legislation” means the GDPR (as defined below), together with any national implementing laws in Australia.
1.3 “GDPR” means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
1.4 “Personal Information” means personal data (as defined under the Data Protection Legislation) that are subject to the Data Protection Legislation and that you authorize VPSBlocks Pty Ltd to collect in connection with VPSBlocks Pty Ltd’s provision of the Service under the Agreement.
1.5 “Process” or “Processing” means any operation or set of operations performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of Personal Information.
1.6 “Security Incident” means a breach of security of the Service or VPSBlocks Pty Ltd’s systems used to Process Personal Information leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored or otherwise Processed by VPSBlocks Pty Ltd in the context of this Addendum.
1.7 “Sensitive Information” means Personal Information revealing a Data Subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, sex life or sexual orientation.
2. Limitations on Use
VPSBlocks Pty Ltd will Process Personal Information solely on your behalf and in accordance with the Agreement, this Addendum and any other documented instructions from you (whether in written or electronic form), or as otherwise required by applicable law. VPSBlocks Pty Ltd is hereby instructed to Process Personal Information to the extent necessary to enable VPSBlocks Pty Ltd to provide the Service in accordance with the Agreement. In case VPSBlocks Pty Ltd cannot process Personal Information in accordance with your instructions due to a legal requirement Australian law to which VPSBlocks Pty Ltd is subject, VPSBlocks Pty Ltd shall (i) promptly notify you in writing (including by e-mail) of such legal requirement before carrying out the relevant Processing, to the extent permitted by the applicable law; and (ii) cease all Processing (other than merely storing and maintaining the security of the affected Personal Information) until such time as you provides VPSBlocks Pty Ltd with new
instructions. you will be responsible for providing any necessary notices to, and obtaining any necessary consents from, Data Subjects whose Personal Information is provided by you to VPSBlocks Pty Ltd for Processing pursuant to this Addendum. You acknowledge that the Service are not intended or designed for the Processing of Sensitive Information, and you agree not to provide any Sensitive Information through the Service.
VPSBlocks Pty Ltd shall implement and maintain throughout the term of the Addendum at all times in accordance with then current good industry practice, appropriate technical and organizational measures to protect Personal Information in accordance with Article 32 of the GDPR. The Service provides reasonable technical and organizational measures that have been designed, taking into account the nature of its Processing, to assist you in securing Personal Information Processed by VPSBlocks Pty Ltd. VPSBlocks Pty Ltd may charge a reasonable fee for any assistance with (including consultation with a supervisory authority) regards to legally required data protection impact assessments, as permitted by applicable law.
4. Data Subject Requests
You are responsible for handling any requests or complaints from Data Subjects with respect to their Personal Information Processed by VPSBlocks Pty Ltd under this Addendum. VPSBlocks Pty Ltd will notify you promptly and in any event no less than fifteen (15) business days’ notice, unless prohibited by applicable law, if VPSBlocks Pty Ltd receives any such requests or complaints. The Service include technical and organizational measures that have been designed, taking into account the nature of its Processing, to assist customers, insofar as this is possible, in fulfilling their obligations to respond to such requests or complaints.
5. Regulatory Investigations
At your request, VPSBlocks Pty Ltd will assist you in the event of an investigation by a competent regulator, including a data protection regulator or similar authority, if and to the extent that such investigation relates to the Processing of Personal Information by VPSBlocks Pty Ltd on your behalf in accordance with this Addendum. VPSBlocks Pty Ltd may charge a reasonable fee for such requested assistance except where such investigation arises from a breach by VPSBlocks Pty Ltd of the Agreement or this Addendum, to the extent permitted by applicable law.
6. Security Incident
In the event that VPSBlocks Pty Ltd becomes aware of a Security Incident, VPSBlocks Pty Ltd will notify you promptly and in any event no later than forty-eight (48) hours after VPSBlocks Pty Ltd discovers the Security Incident. In the event of such a Security Incident, VPSBlocks Pty Ltd shall provide you with a detailed description of the Security Incident and the type of Personal Information concerned, unless otherwise prohibited by law or otherwise instructed by a law enforcement or supervisory authority. Following such notification, VPSBlocks Pty Ltd will take reasonable steps to mitigate the effects of the Security Incident and to minimize any damage resulting from the Security Incident. At your request, VPSBlocks Pty Ltd will provide reasonable assistance and cooperation with respect to any notifications that you are legally required to send to affected Data Subjects and regulators. VPSBlocks Pty Ltd may charge a reasonable fee for such requested assistance.
7. Data Transfers
In connection with the performance of the Agreement, you authorize VPSBlocks Pty Ltd to transfer Personal Information to Australia. You and VPSBlocks Pty Ltd will enter into Standard Contractual Clauses for the Transfer of Personal Data to Processors Established In Third Countries pursuant to Commission Decision 2010/87/EU of 5 February 2010 Countries ("ModelContract").
VPSBlocks Pty Ltd shall immediately inform you if, in its opinion, an instruction infringes the Data Protection Legislation.
10. Return or Disposal
Upon termination of your User Account for any reason, VPSBlocks Pty Ltd will return or destroy Personal Information at your request and choice after the required period by law in Australia for data retention, which currently stands at 2 years.
|VPSBlocks Pty Ltd:
|Name: William Kruss
|Your Legal Name: ____________________________
|Title: IT Director
|Name of Signatory: ___________________________
|Title of Signatory: ____________________________