Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the Terms and Conditions between Domainshark.io ("Processor") and the customer ("Controller") who subscribes to our services. It governs our processing of personal data on your behalf and ensures compliance with applicable privacy legislation, including the GDPR.

1. Definitions

• "Personal Data" means any information relating to an identified or identifiable natural person processed by the Processor on behalf of the Controller.
• "Data Subject" means the individual whose Personal Data is being processed.
• "Subprocessor" means any third party engaged by the Processor to assist with processing Personal Data.

2. Roles and Scope

The Controller determines the purposes and means of processing Personal Data. The Processor shall process Personal Data solely on documented instructions from the Controller and only as necessary to deliver the subscribed services.

3. Processing Details

The Processor will handle Personal Data for the following limited purposes:

• Provision, maintenance, and support of the Domainshark.io platform.
• Account management, billing, and customer assistance.
• Security monitoring, incident response, and compliance with legal obligations.

4. Subprocessors

The Controller authorizes the Processor to engage Subprocessors provided that the Processor maintains an up-to-date list of Subprocessors, ensures they are bound by obligations no less protective than those in this DPA, and remains fully responsible for their performance.

5. Security Measures

The Processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption, access controls, regular testing, and staff confidentiality commitments.

6. Data Subject Requests

The Processor shall assist the Controller, to the extent reasonably possible, in fulfilling Data Subject requests to access, rectify, erase, restrict, or transfer Personal Data. Any such requests received directly by the Processor will be promptly forwarded to the Controller.

7. International Transfers

The Processor shall not transfer Personal Data outside of jurisdictions deemed adequate without ensuring appropriate safeguards, such as Standard Contractual Clauses or an alternative legal transfer mechanism.

8. Incident Notification

In the event of a Personal Data Breach, the Processor will notify the Controller without undue delay and provide information reasonably required for the Controller to meet its legal obligations.

9. Audit and Compliance

Upon reasonable notice, the Processor will make available information necessary to demonstrate compliance with this DPA and allow for audits or inspections conducted by the Controller or an independent auditor mandated by the Controller.

10. Termination

Upon termination of the services or upon request, the Processor will delete or return Personal Data and delete existing copies, unless retention is required by law. Sections of this DPA that by their nature should survive termination will remain in effect.

11. Contact

For questions about this DPA, contact us at [email protected].