This Processor Agreement applies to the processing of personal data by Digi Company, acting as Digi Hosting (hereinafter "the Processor") on behalf of its clients (hereinafter "the Processor") and has been prepared in accordance with the General Data Protection Regulation (GDPR).

1. Introduction and scope

This agreement governs the rights and obligations regarding the processing of personal data in the context of the provision of web hosting services and related services. This agreement forms an integral part of the Processor's General Terms and Conditions.

2. Processing of personal data

The Processor processes the following categories of personal data on behalf of the Controller:

• Contact and identification information (name, e-mail address);

• IP addresses and domain names;

• User names and login information;

• Analysis and usage data;

• Order history and contract information;

• Communication and support requests;

• Images and other content stored on the servers.

Processing shall take place solely on the basis of the written instructions (including the execution of the main agreement), unless legal provisions require the Processor to carry out other processing.

3. Purposes of processing.

The data is processed exclusively for the provision of the agreed services: web hosting, e-mail, domain registration, technical support, backups and network security.

4. Obligations of Digi Hosting.

The Processor undertakes to:

• Confidentiality: Ensure that employees are subject to strict confidentiality obligations.

• Security: Implementing appropriate technical and organizational measures (see Appendix 1).

• Assistance: Assist the client with data subject requests, data breach reports and conduct DPIAs where reasonably possible.

• Data deletion: To delete or return the data after termination of services, subject to legal retention periods (e.g., tax laws).

5. Subprocessors

The Controller hereby authorizes the engagement of the following sub-processors:

The Processor shall inform the Customer of proposed changes to sub-processors. The Processor guarantees that sub-processors are bound by similar data protection obligations.

6. Data breaches and incidents

In the event of a security breach leading to the theft, loss or unauthorized access to personal data, the Processor shall inform the Controller without delay and at the latest within 72 hours after discovery.

7. Rights of data subjects

The Processor shall cooperate in exercising the rights of data subjects (inspection, correction, deletion), insofar as this is within the technical possibilities of the standardized service.

8. Duration and termination

This agreement is valid as long as the Processor processes personal data on behalf of the customer.

Appendix 1: Technical and Organizational Measures.

1. Organization & Personnel

• Digi Hosting has a coordinated security policy under the supervision of management.

• Employees are periodically trained in AVG awareness and security best-practices.

2. Physical and Environmental Security.

• The infrastructure is housed in data centers with strict physical access control, camera surveillance and protection against fire and power outages.

3. Access Control and Authorization

• Access to systems is based on the 'Need-to-Know' principle and strong authentication.

• Passwords are stored irreversibly encrypted.

• Sessions are automatically terminated upon inactivity.

4. Operational Security

• Use of malware scanning, network filters and firewalls.

• Logging of critical system activities to detect unauthorized access attempts.

• Data exchange over the Internet is conducted exclusively via encrypted connections (SSL/TLS).

5. Continuity and Disaster Recovery.

• Redundant storage structures and geographically separated backups ensure data recoverability after incidents.

• Current emergency plans are in place for various emergency scenarios.