fbpx
LAST UPDATED: 21ST AUGUST 2018

GDPR – Data Processing Agreement

This Data Processing Agreement (“DPA”) is an addendum to the Terms & Conditions between PixelPal Ltd (“PixelPal”) and you (“Customer”).  The DPA will be effective and replace any previously applicable data processing and security terms as from 25th May 2018 and will continue for as long as PixelPal provides the services as set out in PixelPal Ltd Terms & Conditions.

Definitions

“Customer Data” means data provided by or on behalf of Customer or Customer End Users via the Services under the account.

“Data Controller” means the entity that determines the purposes and means of the processing of Personal Data.

“Data Processor” means the entity that processes Personal Data on behalf of the Data Controller.

“Data Protection Laws” means all data protection and privacy laws and regulations applicable to the processing of Personal Data under the Agreement, including the GDPR.

“Data Subject” means the individual to whom the Personal Data relates.

“EEA” means the European Economic Area.

“GDPR” means EU General Data Protection Regulation 2016/679.

“Personal Data” means any Customer Data relating to an identified or identifiable natural person to the extent that such information is protected as personal data under GDPR.

“Processing” has the meaning given to it in the GDPR and “process”, “processes” and “processed” shall be interpreted accordingly.

Sub-Processor” means any third party authorised under this DPA to have logical access to and process Customer Data to provide parts of the Services.

“Services” means any product or service provided to Customer and as described in PixelPal Ltd Terms & Conditions.

Data Processing

PixelPal will only act and process Customer Data in accordance with the documented instruction from Customer (the “Instruction”), unless required by law to act without such Instruction. The Instruction at the time of entering into this DPA is that PixelPal may only process Customer Data with the purpose of delivering Services as described in its Terms & Conditions and any product-specific agreements. Subject to the terms of this DPA and with agreement of the parties, Customer may issue additional written instructions consistent with the terms of this Agreement. Customer is responsible for ensuring that all individuals who provide instructions are authorised to do so.

PixelPal will inform Customer of any instruction that it deems to be in violation of GDPR and will not execute the instructions until they have been confirmed or modified.

When Customer Data is processed by PixelPal both parties acknowledge and agree that:

– PixelPal is a Data Processor of Customer Data under the GDPR
– Customer is a Data Controller of Customer Data under GDPR.

Confidentiality

PixelPalshall treat all Customer Data as strictly confidential information. Customer Data may not be copied, transferred or otherwise processed in conflict with the Instruction from Customer unless required by law.

PixelPal employees shall be subject to an obligation of confidentiality that ensures that the employees shall treat all Customer Data under this DPA with strict confidentiality and only process Customer Data in accordance with the Instruction.

Sub-Processing

Customer authorises PixelPal to engage third-parties to process Customer Data (“Sub-Processors”) without obtaining any further written, specific authorisation. PixelPal will restrict Sub-Processor access to Customer Data to what is necessary to provide the Services.

PixelPal shall complete a written agreement with any Sub-Processors. Such an agreement shall at a minimum provide the same data protection obligations as the ones applicable under this DPA. It remains accountable for any Sub-Processor in the same way as for its own actions and omissions.

PixelPal will inform Customer of any new Sub-Processor engagements at least 30 days before the new Sub-Processor processes any Customer Data. Notifications of such engagements will be delivered to the account email address and/or through the control panel interface. It is Customer’s sole responsibility to ensure account information is correct and kept up to date.

Customer has the right to object to a use of a Sub-Processor by terminating this Addendum and Services in accordance with PixelPal Terms and Conditions. A list of current Sub-Processors can be found in Annex 1.

Security

PixelPal will implement and maintain technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access as set out Annex 2 of this Addendum and in accordance with GDPR, article 32. The security measures are subject to technical progress and development and Customer acknowledges that PixelPal may update or modify the security measures from time-to-time provided that such updates and modifications do not result in the degradation of the overall security. In addition, PixelPal will make controls available to Customer to further secure Customer Data inside the control panel.

Data Breach Notifications

If PixelPal becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Customer Data on systems managed by or otherwise controlled by PixelPal, PixelPal agrees to notify Customer without hesitation or delay. Notifications of such incidents will be sent to the account email address as set by Customer. It is Customer’s sole responsibility to ensure this information is correct and kept up to date inside the control panel.

PixelPal will make reasonable efforts to identify the cause of any breach and take necessary steps to prevent such a breach from reoccurring.

Customer agrees that Data Breach Notifications will not include unsuccessful attempts or activities that do not compromise the security of Customer Data, including unsuccessful log-in attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or networked systems.

Data Subject Rights

If PixelPal directly receives a request from a Data Subject to exercise such rights in relation to Customer Data, it will forward the request to Customer. Customer must respond to any such request within the timeframes specified within GDPR.

PixelPal will assist Customer in fulfilling any obligation to respond to requests by data subjects, which may include providing controls via the control panel to help comply with the commitments set out under GDPR.

Data Transfers

PixelPal stores and processes data in secure datacentres located inside the European Economic Area (“EEA”). Data may be transferred and processed outside the EEA to countries where Sub-Processors maintain their own data processing operations. Customer hereby agrees to the transfer, storing or processing of data outside the EEA. PixelPal will take all steps reasonably necessary to ensure that Customer Data is treated securely and in accordance with the relevant Data Protection Laws.

Compliance and Audit Rights

PixelPal agrees to maintain records of its security standards and, upon written request by Customer, PixelPal shall make available all relevant information necessary to demonstrate compliance with this DPA. Customer agrees any audit or inspection shall be carried out with reasonable prior written notice of no less than 30 days and shall not be conducted more than once in any 12-month period. If PixelPal declines the request, Customer is entitled to terminate this addendum and Services.

Return or Deletion of Data

PixelPal only retains Customer Data for as long as required to fulfil the purposes for which it was initially collected. Termination of this Addendum or Services in line with PixelPal Terms & Conditions will result in all Customer Data being deleted unless otherwise required by law. For Customer Data archived on backup systems, PixelPal shall securely isolate and protect from any further processing.

Limitation of Liability

The total liability of each part under this addendum shall be subject to the limitation of liability as set out in PixelPal Terms & Conditions. For the avoidance of doubt, in no instance will PixelPal be liable for any losses or damages suffered by Customer where Customer is using Services in violation of its Terms & Conditions, regardless of whether it terminates or suspend an account due to such violation.

Annex 1 – Sub-Processors

 

Company

Service

GoCardlessDirect Debit Payments
Stripe Payment Gateway ServicesCredit/Debit Card Payments
NominetDomain Names
Tucows (OpenSRS)Domain Names
GeoTrust (Symantec)SSL/TLS Certificates
Google AnalyticsControl panel analytics. Reporting on anonymised data.

 

Annex 2 – Security Measures

Available upon request.

If you have any questions regarding our terms, please contact us

Top
PixelPal Help

What is an SSL certificate?

SSL (Secure Sockets Layer) ensures that all information passed between your website and your visitors browser remains private. Web browsers will display a padlock symbol  to let visitors know your website is safe and secure. This a free facility for all PixelPal customers.

PixelPal Help

What is an SSL certificate?

SSL (Secure Sockets Layer) ensures that all information passed between your website and your visitors browser remains private. Web browsers will display a padlock symbol  to let visitors know your website is safe and secure. This a free facility for all PixelPal customers.

WordPress Only Server

Who is this best for?

Managed WordPress hosting is designed for those that could benefit from automation and support that specializes in helping with WordPress only. WordPress is a content management system (CMS) that’s easy to customise and deploy. Powering over 30% of the web, it's the worlds most popular CMS. It can be used for most types of sites such as blogs, personal, corporate, portfolio or online stores. This is not for people that want greater access or control of their server facilites.

Managed WordPress Server

Summary

  Pro – Unlimited Linux Server

Summary

  Pro – Unlimited Linux Server

Who is this best for?

This is truly brilliant, it is the preffered plan for those that want complete control over their hosting facilites. Make use of unlimited facilites and free apps including WordPress, Drupel, Joomla! and more. It can be used for all types of sites such as blogs, personal, corporate, portfolio, retail or ecommerce.

  Pro Plus – Unlimited Linux Server

Summary

  Pro Plus – Unlimited Linux Server

Who is this best for?

One level better than Pro, our Pro Plus plan is for those that want complete control over their hosting facilites but would prefer to outsource the development of the website and facilites to PixelPal. Make use of unlimited facilites and free apps including WordPress, Drupel, Joomla! and more. It can be used for all types of sites such as blogs, personal, corporate, portfolio, retail or ecommerce. Consider PixelPal your own personal IT department.

Job Description Coming Soon!

We're in the process of developing our job description for this role and will post it online soon. Be the first to know when it goes live, SIGN UP for our email updates on all new jobs.