DATA PROCESSING AGREEMENT OF AegeanHost Single Member P.C.

This Data Processing Agreement (hereinafter the "DPA") is entered into between Aegean Host Single Member P.C. ("Aegean Host", "Domain Market", "we") and the Customer ("Customer", "you"), together referred to as the "Parties". This DPA forms part of the Terms of Service, the Privacy Policy and other related policies available here. Customers who agree to these terms enter into this DPA on their own behalf with regard to the application of the applicable regulatory and legal provisions on data protection and to the extent that Domain Market processes the Customer’s data on the controller’s instructions (as defined in Section 1).

In providing the Services to the Customer, Domain Market may process Customer data on behalf of the Customer. The Parties agree to comply with the following provisions regarding Customer data, each acting reasonably and in good faith:

1. Definitions

Unless otherwise defined in this DPA, all bolded terms have the meanings set out below:

"Adequacy Decision" means an official decision issued by the European Union recognizing that another country, territory, sector or international organization provides a level of personal data protection equivalent to that of the EU.
"Adequate Country or Countries" means countries covered by an adequacy decision issued by the EU, which means that data may flow freely between those countries.
"Additional Products" means any features, products, software, programs, add-ons, tools or any other third-party software or content that are not part of the Services but may be accessible through Domain Market’s Customer Area or control panel.
"Agreement" means the Terms of Service and other related documents published on our website, together with your Order for the purchase/use of the Services and the Order confirmation sent by Domain Market, where applicable.
"Controller" means the natural or legal person which, alone or jointly with others, determines the purposes and means of processing Customer data. For the purposes of this Agreement, this refers to the Customer (you).
"Customer Data" means any "Personal Data" provided to Domain Market by or on behalf of the Customer through the use of the Services (for the avoidance of doubt, Personal Data forming part of the Customer’s Order for the purchase/use of the relevant Service will not be treated as Customer Data unless otherwise specified in this DPA).
"Data Protection Damages" means all liabilities, including:

a. claims, demands, actions, disputes, charges, proceedings, expenses, losses and damages (whether material or non-material, including psychological distress).

b. to the extent permitted by Applicable Law:

1. administrative fines, sanctions, liabilities or other measures imposed by a Data Protection Supervisory Authority, other competent Regulatory Authority or the competent court.

2. compensation for the benefit of a data subject imposed by a Data Protection Supervisory Authority or the competent court.

3. the reasonable costs of complying with investigations by a Data Protection Supervisory Authority or any other relevant Regulatory Authority.

c. the costs of reloading Customer Data and replacing the Customer’s materials and equipment, insofar as the same materials and equipment have been lost or destroyed, as well as any loss or destruction of Customer Data, including the cost of correcting or restoring Customer Data.

d. any other expenses (including legal costs).

"Data Protection Regulations and Legislation" or "Data Protection Regulations" means all regulations and laws, including but not limited to the laws and regulations of the European Union, the European Economic Area, their member states, Switzerland and the United Kingdom, applicable to the Processing of Customer Data under this DPA.

The terms "Data Subject", "Personal Data", "Processing", "Processor" and "Supervisory Authority" (or "Data Protection Authority") have the same meaning as described in the applicable Data Protection Regulations.

"Effective Date" means, as applicable:

a. the date on which the Customer clicks to accept the Agreement or the Parties otherwise agree to this DPA with respect to the applicable Agreement, or

b. 10 days from the date on which Domain Market makes this DPA publicly available and sends notice to the Customer.

"General Data Protection Regulation" or "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of customer data and on the free movement of such data, and repealing Directive 95/46/EC.
"Notification Email Address" means the email address designated by the Customer in the "Owner Details" section of Domain Market’s Customer Area.
"International Data Transfer Agreement" ("IDTA") means the standard data protection terms for the transfer of Customer Data when the data subject is located in the United Kingdom, included as Annex 4 to this DPA.
"Order" means any Customer order for the purchase/use of the relevant services.
"Affiliate" means any natural or legal person that directly or indirectly controls, is controlled by, or is under common control with Domain Market. For this purpose, "control" means direct or indirect ownership or control over more than 50% of the ownership interests of the subject entity.
"Services" means any services we offer that may involve the processing of Personal Data by Domain Market and its subprocessors.
"Domain Market" means the Domain Market legal entity that is party to this DPA, namely: Aegean Host Single Member P.C., a company registered in Greece (GEMI registration number 172337959000 and VAT No. 802217794), with registered address: Eleftheriou Venizelou 69, Chios 82132, Greece.
"Aegean Host Group of Companies" means all companies belonging to the Aegean Host Group of Companies involved in the Processing of Customer Data.
"Domain Market", a company of Aegean Host.
"Standard Contractual Clauses" or "SCCs" means the standard data protection contractual clauses for the transfer of Customer Data, as described in Article 46(2)(c) GDPR, included as Annex 1 to this DPA.
"Subprocessor" means any Processor engaged by Domain Market or a member of the Aegean Host Group of Companies.
"Term" means the period from the Effective Date until the end of the provision of the Services by Domain Market under the applicable Agreement, including, where applicable, any period during which the Services may have been suspended and any transition period after termination during which Domain Market may continue to provide Services for transitional purposes.

2. Data processing

2.1. Scope

This DPA applies if and only to the extent that Domain Market processes Customer Data on behalf of the Customer in providing the Services and such Customer Data is subject to the applicable Data Protection Regulations.

Annex 1 (Standard Contractual Clauses) will apply to Data Subjects located in the EU, while Annex 4 (International Data Transfer Agreement) will apply to Data Subjects located in the United Kingdom.

If the Customer agreeing to this DPA is already a customer, this DPA forms part of the agreement, the privacy policy and other related policies and documents published on our website. This DPA, including its annexes, shall apply and replace all previously applicable terms regarding privacy, data processing and/or data security when Domain Market acts as Processor.

2.2. Compliance with laws

Each Party shall comply with the obligations applicable to it under the applicable data protection regulations with regard to the processing of the relevant Customer Data.

2.3. Subject matter and details of data processing

2.3.1. Subject matter.

Domain Market will process Customer Data as necessary for the provision of the Services and related technical and other support, including other requests under the Agreement and as further instructed by the Customer through the use of the Services.

2.3.2. Duration of processing.

Except as provided in Section 11, the duration of data processing is the Term defined under the Order and the applicable Agreement.

2.3.3. Nature and purpose of processing.

Domain Market will process Customer Data for the purposes of providing the Services and related technical and other support to the Customer under the Agreement, this DPA and other relevant documents.

2.3.4. Categories of data subjects.

We process Personal Data of the following categories of Data Subjects:

Individuals who access and/or use the Services,

Individuals whose data is provided to Domain Market through the Services by the Customer or on the Customer’s behalf or by the Customer’s end users/website visitors,

Employees, freelancers, customers and other contractors of the Customer, as well as any other individual whose Personal Data is processed in connection with the provision of the Services,

Individuals who transmit data through the Services, including individuals who cooperate and communicate with the Customer or the Customer’s end users/website visitors.

2.3.5. Categories of personal data.

We may process the following categories of Personal Data in the context of providing the Services:

Personal identification information (such as name, etc.),

Contact information (such as address, email address, telephone number, etc.),

Any other type of Personal Data of Data Subjects transmitted in connection with the provision of the Services, including Personal Data processed in the Customer’s logs or Customer content (such as IP address, etc.).

2.4. Roles of the parties

The parties acknowledge and agree that:

Domain Market is the processor of Customer Data under the applicable data protection regulations,

the Customer is the Data Controller or Data Processor, as applicable, of Customer Data under the applicable Data Protection Regulations and relies on a lawful basis under the applicable Data Protection Regulations in order for Domain Market to process Customer Data and provide the Services under the Agreement and this DPA.

2.5. Instructions for data processing

Domain Market processes Customer Data in accordance with this DPA, which constitutes the Customer’s complete and final instructions to Domain Market in relation to the processing of Customer Data. Processing outside the scope of this DPA (if any) requires prior written agreement between Domain Market and the Customer regarding additional processing instructions. By entering into this DPA, the Customer instructs Domain Market to process Customer Data only in accordance with the applicable data protection regulations:

for the provision of the Services and related technical and other support,

at the initiative of the Customer and the end users/website visitors during the use of the Services,

as set out in the Agreement, the Terms of Service, the Privacy Policy and other related documents governing the provision of the Services and related technical and other support.

2.6. Access or use

Domain Market will not access or use Customer Data unless necessary to provide the Services and related technical and other support to the Customer under the DPA, the Agreement and other relevant documents, and in order to comply with applicable law, including a valid and binding order (such as a court order or other binding document) from a law enforcement agency and/or any other competent authority/state body.

2.6.1. Processing by the Customer.

The Customer, in using the Services, processes Personal Data in accordance with the requirements of the data protection laws and regulations applicable to it. The Customer is solely responsible for the accuracy, quality and legality of its Data and the means by which it acquired such Data.

2.6.2. Processing of Customer Data by Domain Market.

Domain Market processes Customer Data only on behalf of the Customer and in accordance with the Customer’s documented instructions (this DPA) for the following purposes:

1. Processing for the provision of the Services and related technical and other support,

2. Processing at the initiative of the Customer and/or end users/website visitors during the use of the Services,

3. Processing necessary for the maintenance and improvement of the Services.

2.6.3. Domain Market’s compliance with instructions.

From the Effective Date, Domain Market will comply with the instructions described above, including with regard to data transfers, unless applicable law to which Domain Market is subject requires other processing of Customer Data by Domain Market, in which case Domain Market will inform the Customer (unless such law prohibits Domain Market from doing so for important reasons of public interest).

Domain Market and its subprocessors may access and process Customer Data to fulfill obligations arising from this DPA, the relevant agreement or applicable law. Such processing will comply with the measures described in Sections 3, 7 and Annex 2 Security Measures.

2.7. Rights of data subjects

2.7.1. Access, rectification, restricted processing, portability.

During the applicable Term, Domain Market will provide the Customer, in a manner consistent with the functionality of the Services, with the ability to access, correct and restrict the processing of Customer Data, including through deletion of all or part of the Customer Data within the account or deletion of the entire account, as described in Section 2.8. (Return and deletion of Customer Data), as well as through export of Customer Data.

2.7.2. Data subject requests.

2.7.2.1. Customer responsibility for requests.

If, during the applicable Term, Domain Market receives a request from a Data Subject to exercise the right of access, rectification, restriction of processing, erasure ("right to be forgotten"), data portability, objection to processing or the right not to be subject to automated individual decision-making ("Data Subject Request"), Domain Market will advise the Data Subject to submit the request to the Customer, and the Customer will be responsible for responding to any such request, including where necessary through use of the functionality of the Services. To the extent permitted by law, Domain Market will take commercially reasonable steps to notify the Customer of such requests.

2.7.2.2. Domain Market assistance with data subject requests.

Taking into account the nature of the Processing, the Customer agrees that Domain Market will provide appropriate technical and organizational assistance, to the extent possible, to fulfill the Customer’s obligation to respond to Data Subject Requests, including where applicable the Customer’s obligation to respond to requests to exercise Data Subject rights under the applicable Data Protection Regulations, by:

(a) providing documentation resources in the form of educational guides and knowledge base articles, features and/or controls in the control panel that the Customer may choose to use for proper configuration of the Services and secure use of the Services.

(b) providing features, functionalities and/or controls in the control panel that the Customer may choose to use to retrieve, correct or delete Customer Data from the Services.

(d) To the extent that the Customer, in using the Services, does not have the ability to respond to a Data Subject Request, Domain Market, upon the Customer’s request, will use commercially reasonable efforts to assist the Customer in responding to that Data Subject Request, to the extent Domain Market is legally required to do so and a response to that Data Subject Request is required under the applicable Data Protection Regulations. To the extent permitted by law, the Customer is responsible for any costs arising from the provision of such assistance by Domain Market.

2.8. Return and deletion of customer data

Domain Market provides the Customer with the ability to delete Customer Data during the applicable Term in a manner consistent with the functionality of the Services used and the relevant features. The retrieval or deletion of Customer Data by the Customer constitutes an instruction to Domain Market to delete the relevant Customer Data archived in backup systems in accordance with applicable law and within a maximum period of 60 calendar days.

Deactivation of the Services or the end of the applicable Term constitutes an instruction to Domain Market to delete Customer Data and related Customer Data archived in backup systems within a maximum period of 60 calendar days.

Nothing in this Section 2.8 alters or modifies any obligation of Domain Market to retain some or all Customer Data as necessary to comply with applicable law, including a valid and binding order (such as a court order or other binding document) from a law enforcement agency and/or any other competent authority/state body.

2.9. Disclosure

Domain Market does not disclose Customer Data to any government, law enforcement agency or other authority unless necessary to comply with applicable law or with a valid and binding order (such as a court order or other binding document) of a law enforcement agency and/or any other competent authority/state body. Upon receiving an order from the authorities of a third country, Domain Market will act in accordance with Clause 15 of the Standard Contractual Clauses. Domain Market may also disclose Customer Data to third parties if Domain Market sells or buys any business or assets, in which case Domain Market may disclose Customer Data to the prospective seller or buyer, or if Domain Market sells, buys, merges, is acquired or partners with other companies or businesses or sells part or all of its assets.

2.10. Domain Market personnel

Domain Market restricts its personnel from processing Customer Data without authorization from Domain Market. Access to Customer Data is limited to personnel whose role and responsibilities are related to the provision of the Services.

Domain Market imposes appropriate contractual obligations on its personnel, including relevant obligations regarding confidentiality, data protection and data security. Domain Market ensures that such confidentiality obligations survive the end of the personnel engagement.

2.11. Data protection officer

In accordance with applicable data protection law, Domain Market has appointed a data protection officer, who can be reached at dpo@domainmarket.gr

3. Subprocessors

3.1. Consent to engage subprocessors / appointment of subprocessors

The Customer acknowledges and agrees that:

(a) Domain Market’s Affiliates may be engaged as Subprocessors; and

(b) Domain Market and its Affiliates respectively may engage subprocessors in connection with the provision of the Services. Domain Market has entered into a written agreement with each subprocessor containing data protection obligations no less protective than those in this DPA with respect to the protection of Customer Data, to the extent applicable to the nature of the services provided by such subprocessors.

If the Customer has entered into the Standard Contractual Clauses (Annex 1) or the International Data Transfer Agreement (Annex 4), as described in Section 5, the above authorizations constitute the Customer’s prior written consent to Domain Market’s subcontracting of the processing of Customer Data if such consent is required under the Standard Contractual Clauses.

3.2. Information about subprocessors

3.2.1. Domain Market may share information about you with subprocessors, such as the Aegean Host Group of Companies, which may be involved in the provision of Services subject to your Agreement and which are located within and/or outside the EU, EEA or the United Kingdom. Such subprocessors process the Customer Data provided under Domain Market’s instructions and in accordance with our Privacy Policy and this DPA.

3.2.2. The list of Domain Market subprocessors may be disclosed upon request, in accordance with Annex 3.

3.3. Requirements for engaging a subprocessor

When engaging any subprocessor, Domain Market must:

(a) ensure by written contract that:

(i) the subprocessor gains access to and uses Customer Data only to the extent required to perform the subcontracted obligations, and does so in accordance with this Data Processing Agreement and any Standard Contractual Clauses or International Data Transfer Agreement entered into or Alternative Transfer Solution adopted by Domain Market, as described in Section 5, and

(ii) the data protection obligations set out in the applicable data protection regulations, as described in this Data Processing Agreement, are imposed on the subprocessor; and

(b) remain fully responsible for all subcontracted obligations, as well as for all acts and omissions of the subprocessor.

3.4. Right to object to subprocessor(s)

3.4.1. The Customer may object to any Subprocessor by terminating the applicable Agreement immediately upon written notice to Domain Market, provided that the Customer gives such notice within 10 calendar days of being informed of the appointment of the relevant Subprocessor. This right of termination is the Customer’s sole and exclusive remedy if the Customer objects to any subprocessor.

3.4.2. Domain Market shall refund to the Customer any prepaid fees covering the remainder of the term of the relevant Order(s) after the effective date of termination with respect to such terminated Services, without imposing a penalty for such termination on the Customer.

4. Data protection impact assessments and consultations

Upon the Customer’s request, Domain Market will provide the Customer with the reasonable cooperation and assistance required to fulfill the Customer’s obligation under the applicable data protection regulations to carry out a data protection impact assessment (DPIA) related to the Customer’s use of the Services, to the extent the Customer does not otherwise have access to the relevant information and to the extent such information is available to Domain Market. Domain Market shall provide reasonable assistance to the Customer with cooperation or prior consultation with the Supervisory Authority in the performance of its duties relating to this DPA, to the extent required by the Data Protection Regulations.

5. Transfers outside the EU, EEA and the United Kingdom

5.1. Data centers

Domain Market processes Customer Data in Data Centers located within and outside the European Union, the EEA and the United Kingdom. Information regarding Data Center locations is available at: https://www.aegeanhost.com/datacenters and Domain Market reserves the right to update them from time to time.

The Customer may specify the location of the Data Center where the content of the hosting account will be stored. The Customer agrees that Domain Market may change Data Center locations and transfer the Customer’s hosting account to another Data Center at its sole discretion. Domain Market will notify the Customer at least 10 calendar days before moving the Customer’s hosting account at its sole discretion to a new Data Center, either by sending an email to the Notification Email Address or through the Customer Area. If the Data Center change results in the Customer Data located in the Customer’s hosting account being stored under a different jurisdiction, the Customer may object to such change by terminating the Agreement immediately and by written notice to Domain Market, provided that the Customer gives such notice within 10 calendar days of being informed of the Data Center change.

The Customer may transfer the hosting account to another Data Center location at any time, provided that the functionality of the Services allows it and in exchange for additional fees.

5.2. Processing locations

To the extent Customer Data is located in a Data Center outside the EU, the European Economic Area or the United Kingdom, and to the extent Domain Market provides the Services and related technical and other support, the Customer agrees that Domain Market may, subject to Section 5, transfer, access and process Customer Data in the EU, EEA, the United Kingdom, Asia, Australia and the United States and in any other country where Domain Market and/or its Affiliates and Subprocessors have Data Centers, facilities or maintain data processing operations.

Such international data transfer operations may occur in the course of providing any of the Services offered by Domain Market.

The geographical locations of the servers where the above-mentioned data transfer may take place are listed on our website and are subject to change at our sole discretion.

If the storage and/or processing of Customer Data involves processing Customer Data outside the EEA and the EU GDPR applies, then this DPA and Annex 1 containing the Standard Contractual Clauses shall automatically apply as the contractual safeguard for the international data transfer.

If the storage and/or processing of Customer Data involves processing Customer Data outside the United Kingdom and the UK GDPR applies, then this DPA and Annex 4 containing the International Data Transfer Agreement shall automatically apply as the contractual safeguard for the international data transfer.

5.3. Transfer mechanism

To the extent that Domain Market processes or transfers (directly or through onward transfer) Customer Data under this DPA from the European Union, the European Economic Area or the United Kingdom to countries that do not ensure an adequate level of data protection within the meaning of the applicable data protection regulations of those regions, the parties agree that:

1. The Customer hereby permits any transfer or access to Customer Data to and from such destinations outside the European Union, the European Economic Area and the United Kingdom,

2. Domain Market is deemed to provide appropriate and proportionate technical and organizational data protection safeguards and cyber risk mitigation measures, as well as to carry out appropriate risk assessments when transferring Customer Data outside the EU, EEA and the United Kingdom,

3. Domain Market is deemed to provide appropriate safeguards for the protection of Customer Data by making available the Standard Contractual Clauses (Annex 1) and the International Data Transfer Agreement (Annex 4) as the transfer mechanism.

3.1. The Standard Contractual Clauses (Annex 1) shall apply to transferred Customer Data where the Data Subject is located in the EU or the EEA,

3.2. The International Data Transfer Agreement (Annex 4) shall apply to transferred Customer Data where the Data Subject is located in the United Kingdom.

6. Processing records

The Customer acknowledges that Domain Market is required under the applicable data protection regulations to:

(a) collect and maintain records of certain information, including the name and contact details of each processor and/or controller on whose behalf Domain Market acts and, where applicable, the local representative and data protection officer of such processor or controller, and

(b) make such information available to supervisory authorities. Where GDPR applies to the processing of Customer Data, the Customer shall, upon request, provide such information to Domain Market through Domain Market’s website or other means provided by Domain Market and ensure that all information provided is kept accurate and up to date.

7. Domain Market security obligations

7.1. Security measures

Domain Market implements and maintains technical and organizational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, as described in Annex 2 ("Security Measures"). As described in Annex 2, the Security Measures include measures to provide encrypted transmission of Customer Data outside the Service environment, to help ensure the ongoing confidentiality, integrity, availability and resilience of Domain Market’s systems and Services, to help restore timely access to Customer Data from an available backup provided either by Domain Market’s backup Services or by the Customer’s own backup after an incident, and to regularly test effectiveness. Domain Market may update or modify the Security Measures from time to time, provided that such updates and modifications do not result in a downgrade of the overall security of the Services.

7.2. Customer responsibilities and security assessment

The Customer agrees that, subject to Domain Market’s obligations under Section 7 and other relevant sections of this DPA:

7.2.1. The Customer is solely responsible for its use of the Services, including:

i. the proper use of the Services to ensure a level of security appropriate to the risk with respect to the Customer’s Data and the content of its hosting account,

ii. securing the account authentication credentials, systems and devices used by the Customer to access the Services,

iii. ensuring that all programs, scripts, add-ons, plugins and other software installed in the hosting account are secure, properly configured and regularly maintained and that their use does not pose a security risk with respect to Customer Data and the account itself,

7.2.2. Domain Market has no obligation to protect Customer Data that the Customer stores or transfers outside Domain Market’s systems and those of its Subprocessors (for example, offline or on-premises storage), or to provide additional paid security services unless Domain Market offers and the Customer orders and pays for such services.

7.2.3. The Customer is solely responsible for reviewing the documentation and assessing whether the Services, the Security Measures, Domain Market’s commitments under this section and the following meet the Customer’s needs, including any Customer security obligations under the applicable data protection regulations.

7.2.4. The Customer acknowledges and agrees that (taking into account the cost of implementation and the nature, scope, context and purpose of processing of Customer Data, as well as the risks to individuals) the Security Measures implemented and maintained by Domain Market, as set out in Section 7.1., provide the required level of security appropriate to the risk with respect to Customer Data.

7.2.5. The Customer is responsible for creating backups of Customer Data and all data and content stored in the hosting account in order to avoid possible data loss. Domain Market’s backup services are provided "as is" and are subject to all liability limitations set forth in the applicable Agreement. In the event of partial or total data loss or corruption and where the Customer is not satisfied with the result of restoration from Domain Market’s backup Services or Domain Market’s backup is not recent or suitable for restoration, it is the Customer’s obligation to restore all data and content stored in the hosting account from its own backup.

8. Review and compliance audits

In accordance with the applicable data protection regulations:

The Customer has the right to verify Domain Market’s compliance with its obligations under this DPA by conducting a documentation review or audit, carried out by the Customer or an independent auditor appointed by the Customer, by submitting a specific written request to Domain Market at the address set out in the relevant Terms of Service.

Domain Market shall also provide written answers to all reasonable Customer requests and may charge a fee for any such review or audit. Domain Market shall provide details of any applicable fee before any such audit and the Customer shall be responsible for any fee charged by any auditor and any fee related to the performance of an audit. Reports of any such audit shall be made available to Domain Market without restriction as to the purposes of further use by Domain Market.

Domain Market may object to and refuse in writing any audit by the Customer or an auditor appointed by the Customer if, in Domain Market’s reasonable opinion, the Customer or auditor is not suitably qualified or independent, is a competitor of Domain Market or is otherwise manifestly unsuitable.

If Domain Market refuses to follow any instruction requested by the Customer or an auditor in relation to a properly requested and defined audit or review, the Customer is entitled to terminate this DPA and the Agreement.

Nothing in this Section 8 (Review and compliance audits) alters or modifies the rights or obligations of the Customer or Domain Market under the Standard Contractual Clauses entered into as described in Section 5.

9. Security breach notification

9.1. Domain Market maintains security incident management policies and procedures and notifies the Customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data, including Customer Data transmitted, stored or otherwise processed by Domain Market or its subprocessors, of which Domain Market becomes aware and which affects the rights and freedoms of any Data Subject ("Customer Data Incident"). Domain Market shall make reasonable efforts to identify the cause of such Customer Data Incident and shall take such steps as Domain Market deems necessary and reasonable to remedy the cause of such Customer Data Incident to the extent that remediation is within Domain Market’s reasonable control. These obligations do not apply to incidents caused by the Customer, the Customer’s use of the Services, the Customer’s actions or activities or the Customer’s Users.

9.2. Notifications made under this section shall, to the extent possible, describe details of the Customer Data Incident, including measures taken to mitigate potential risks and measures Domain Market recommends that the Customer take to address the Customer Data Incident.

9.3. Notification(s) of any Customer Data Incident shall be delivered to the Notification Email Address or, at Domain Market’s discretion, by direct communication (for example, by telephone call). The Customer is solely responsible for ensuring that the Notification Email Address and the contact details specified in the "Owner Profile Details" section of the Customer Area are correct and valid.

9.4. Domain Market will not assess the content of Customer Data in order to identify information subject to specific legal requirements. The Customer is solely responsible for complying with incident notification laws applicable to the Customer and for fulfilling any third-party notification obligations related to any Customer Data Incident(s).

9.5. Domain Market’s notification of or response to a Customer Data Incident under this Section 9 shall not be construed as an acknowledgement by Domain Market of any fault or liability with respect to the Customer Data Incident.

10. Liability and indemnification

10.1. The Customer shall indemnify and hold Domain Market harmless in relation to all data protection breaches and losses suffered or incurred arising out of or in connection with:

(a) any non-compliance by the Customer with data protection laws and regulations,

(b) any breach by the Customer of its data protection obligations and other obligations under this DPA and the Agreement,

10.2. Domain Market shall be liable for data protection breaches and losses caused by the processing of Customer Data only to the extent arising directly from Domain Market’s non-compliance with its obligations as processor under data protection laws and regulations. Domain Market’s liability under the DPA is subject to the exclusions and limitations of liability set out in the Agreement.

11. Termination

This DPA shall remain in force from the Effective Date until the end of the provision of the Services by Domain Market under the applicable Agreement, including, where applicable, any period during which the Services may have been suspended and any period after termination (i.e. up to 60 calendar days) during which Domain Market may continue to process Customer Data for transitional purposes ("Term"). Nothing in this Section 11 alters or modifies any obligation of Domain Market to retain some or all Customer Data as necessary to comply with applicable law or a valid and binding order (such as a subpoena or court order) from a law enforcement agency and/or any other competent authority/state body. This DPA will terminate automatically upon termination of the Agreement and deletion of all Customer Data by Domain Market.

12. Legal effect. Amendments

12.1. In the event of any conflict or inconsistency between the terms of this DPA and the terms of the applicable Agreement relating to the Processing of Customer Data, the terms of this DPA shall prevail. For the avoidance of doubt, if the Customer has entered into more than one agreement, this DPA modifies each agreement separately.

12.2. Domain Market may amend the terms of this DPA at any time. If we make material changes to this DPA, we will notify you here, by email or by notice via our website or your Customer Area, at least ten (10) calendar days before the changes become effective. Non-material changes to this DPA take effect immediately.

Economy Hosting

Premium Web Hosting

NVMe Performance Cloud

Semi-Dedicated Hosting

Reseller Hosting

Fully Managed SSD VServers

Hosting for WordPress

Hosting for WooCommerce

Domain Search

Register a Domain

Transfer a Domain

WHOIS

Domain Pricing