Note: If you would like to have a mutually signed copy of this Addendum, please send us your request and indicate the email address where you would like it sent. You will need to have your One Planet Hosting account name when completing the contract.
“Affiliates” means any entity which is controlled by, controls, or is in common control with One Planet Hosting.
“Covered Services” means any hosted services we offer you that could involve our Processing of Personal Data.
“Customer Data” means the Personal Data of any Data Subject Processed by One Planet Hosting within the One Planet Hosting Network on behalf of Customer pursuant to or in connection with the Terms of Service.
“Data Controller” means the Customer, as the entity which determines the purposes and means of the Processing of Personal Data.
“Data Processor” means One Planet Hosting, as the entity which Processes Personal Data on behalf of the Data Controller.
“Data Protection Laws” means all laws and regulations, including laws and regulations of the European Union, applicable to the Processing of Personal Data under the Agreement.
“Data Subject” means the individual to whom Personal Data relates.
“EEA” means the European Economic Area.
“One Planet Hosting Network” means One Planet Hosting’s data center facilities, servers, networking equipment, and host software systems (e.g., virtual firewalls) that are within One Planet Hosting’s control and are used to provide the Covered Services.
“Personal Data” means any information relating to an identified or identifiable person.
“Processing” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. “Process”, “processes” and “processed” will be interpreted accordingly. Detail of Processing are set forth in Appendix 1.
“Security Incident” means either (a) a breach of security of the One Planet Hosting Security Standards leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, any Customer Data; or (b) any unauthorized access to One Planet Hosting equipment or facilities, where in either case such access results in destruction, loss, unauthorized disclosure, or alteration of Customer Data.
“Security Standards” means the security standards attached to this Addendum as Appendix 2.
“Standard Contractual Clauses” or “SCCs” means Appendix 3, attached to and forming part of this Addendum, pursuant to the European Commission Decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries under the Directive.
“Sub-processor” means any Data Processor engaged by Processor to Process data on behalf of Data Controller.
2. Data Processing
2.1 Scope and Roles. This Addendum applies when Customer Data is processed by One Planet Hosting. In this context, One Planet Hosting will act as the Data Processor on behalf of the Customer as the Data Controller with respect to Customer Data.
2.2 Details of Data Processing. The subject matter of processing of Customer Data by One Planet Hosting is the performance of the Covered Services pursuant to the Terms of Service and product-specific agreements. One Planet Hosting shall only Process Customer Data on behalf of and in accordance with Customer’s documented instructions for the following purposes: (i) Processing in accordance with the Terms of Service or applicable product-specific agreement; (ii) Processing initiated by end users in their use of the Covered Services; (iii) Processing to comply with other documented, reasonable instructions provided by Customers (ex. via email) where such instructions are consistent with the terms of the Agreement. One Planet Hosting shall not be required to comply with or observe Customer’s instructions if such instructions would violate the GDPR or any other applicable data privacy laws. The duration of the Processing, the nature and purpose of the Processing, the types of personal data and categories of Data Subjects Processed under this Addendum are further specified in Appendix 1 (‘Details of the Processing’) to this Addendum.
3. Confidentiality of Customer Data.
One Planet Hosting will not disclose Customer Data to any government or any other third party, except as necessary to comply with the law or a valid and binding order of a law enforcement agency (such as a subpoena or court order).
4.1 One Planet Hosting has implemented and will maintain the technical and organizational measures for the One Planet Hosting Network as described herein this Section and as further described in Appendix 2 to this Addendum, Security Standards. In particular, One Planet Hosting has implemented and will maintain the following technical and organizational measures that address the (i) security of the One Planet Hosting Network; (ii) physical security of the facilities; (iii) controls around employee and contractor access to (i) and/or (ii); and (iv) processes for testing, assessing and evaluating the effectiveness of technical and organizational measures implemented by One Planet Hosting.
4.2 One Planet Hosting makes available a number of security features and functionalities that Customer may elect to use in relation to the Covered Services. Customer is responsible for (a) properly configuring the Covered Services, (b) using the controls available in connection with the Covered Services (including the security controls) to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, (c) using the controls available in connection with the Covered Services (including the security controls) to allow the Customer to restore the availability and access to Customer Data in a timely manner in the event of a physical or technical incident (e.g. backups and routine archiving of Customer Data), and (d) taking such steps as Customer considers adequate to maintain appropriate security, protection, and deletion of Customer Data, which includes use of encryption technology to protect Customer Data from unauthorized access and measures to control access rights to Customer Data.
5. Data Subject Rights
Taking into account the nature of the Covered Services, One Planet Hosting offers Customer certain security standards as described in the “Security” section of this Addendum. Customer may use these stated technical and organizational measures to assist it in connection with its obligations under applicable privacy laws, including its obligations relating to responding to requests from Data Subjects. As commercially reasonable, and to the extent lawfully required or permitted, One Planet Hosting shall promptly notify Customer if One Planet Hosting directly receives a request from a Data Subject to exercise such rights under any applicable data privacy laws (“Data Subject Request”). In addition, where Customer’s use of the Covered Services limits its ability to address a Data Subject Request, One Planet Hosting may, where legally permitted and appropriate and upon Customer’s specific request, provide commercially reasonable assistance in addressing the request, at Customer’s cost (if any).
6.1 Authorized Sub-processors. Customer agrees that One Planet Hosting may use Sub-processors to fulfil its contractual obligations under its Terms of Service and this Addendum or to provide certain services on its behalf, such as providing support services. Customer hereby consents to One Planet Hosting’s use of Sub-processors as described in this Section. Except as set forth in this Section or as otherwise explicitly authorized by you, One Planet Hosting will not permit any other sub-processing activities.
6.2 Sub-processor Obligations. Where One Planet Hosting uses any authorized Sub-processor as described in Section 6.1:
7. Security Breach Notification
7.1 Security Incident. If One Planet Hosting becomes aware of a Security Incident, One Planet Hosting will without undue delay: (a) notify Customer of the Security Incident; and (b) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.
7.2 One Planet Hosting Assistance. To assist Customer in relation to any personal data breach notifications Customer is required to make under any applicable privacy laws, One Planet Hosting will include in the notification under section 8.1 such information about the Security Incident as One Planet Hosting is reasonably able to disclose to Customer, taking into account the nature of the Covered Services, the information available to One Planet Hosting, and any restrictions on disclosing the information, such as confidentiality.
7.3 Failed Security Incidents. Customer agrees that:
7.4 Communication. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s administrators by any means One Planet Hosting selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on the One Planet Hosting account panel and secure transmission at all times.
8. Customer Rights
8.1 Independent Determination. Customer is responsible for reviewing the information made available by One Planet Hosting relating to data security and its Security Standards and making an independent determination as to whether the Covered Services meets Customer’s requirements and legal obligations as well as Customer’s obligations under this Addendum. The information made available is intended to assist Customer in complying with Customer’s obligations under applicable privacy laws, including the GDPR, in respect of data protection impact assessments and prior consultation.
8.2 Customer Audit Rights. Customer has the right to confirm One Planet Hosting’s compliance with this Addendum as applicable to the Covered Services, including specifically One Planet Hosting’s compliance with its Security Standards. Customer may do so by exercising a reasonable right to conduct an audit or inspection, including under the Standard Contractual Clauses if they apply by making a specific request in writing. If One Planet Hosting declines to follow any instruction requested by Customer regarding a properly requested and scoped audit or inspection, Customer is entitled to terminate this Addendum and the Terms of Service. If the Standard Contractual Clauses apply, nothing in this Section varies or modifies the Standard Contractual Clauses nor affects any supervisory authority’s or data subject’s rights under the Standard Contractual Clauses. This Section will also apply insofar as One Planet Hosting carries out the control of Sub-processors on behalf of the Customer.
9. Transfers of Personal Data
9.1 U.S. Based Processing. Except where specifically noted in the Terms of Service, Customer Data will be transferred outside the EEA and processed in the United States.
9.2 Application of Standard Contractual Clauses. The Standard Contractual Clauses will apply to Customer Data that is transferred outside the EEA, either directly or via onward transfer, to any country not recognized by the European Commission as providing an adequate level of protection for personal data (as described in the GDPR). The Standard Contractual Clauses will not apply to Customer Data that is not transferred, either directly or via onward transfer, outside the EEA.
10. Termination of the Addendum
This Addendum will continue in force until the termination of our processing in accordance with the Terms of Service (the “Termination Date”).
11. Return or Deletion of Customer Data
Any deletion of Customer Data will be governed by the terms of the particular Covered Services and Universal Terms of Service.
12. Limitations of Liability
The liability of each party under this Addendum will be subject to the exclusions and limitations of liability set out in the Terms of Service. Customer agrees that any regulatory penalties incurred by One Planet Hosting in relation to the Customer Data that arise as a result of, or in connection with, Customer’s failure to comply with its obligations under this Addendum and any applicable privacy laws will count towards and reduce One Planet Hosting’s liability under the Terms of Service as if it were liability to the Customer under the Terms of Service.
13. Entire Terms of Service; Conflict
This Addendum supersedes and replaces all prior or contemporaneous representations, understandings, agreements, or communications between Customer and One Planet Hosting, whether written or verbal, regarding the subject matter of this Addendum, including any data processing addenda entered into between One Planet Hosting and Customer with regard to the processing of personal data and on the free movement of such data. Except as amended by this Addendum, the Terms of Service will remain in full force and effect. If there is a conflict between any other agreement between the parties including the Terms of Service and this Addendum, the terms of this Addendum will control.
DETAILS OF THE PROCESSING
One Planet Hosting will Process Personal Data as necessary to perform the Covered Services pursuant to the Terms of Service, product-specific agreements, and as further instructed by Customer throughout its use of the Covered Services.
2. Duration of Processing
Subject to Section 10 of this Addendum, One Planet Hosting will Process Personal Data during the effective date of the Terms of Service, but will abide by the terms of this Addendum for the duration of the Processing if in excess of that term, and unless otherwise agreed upon in writing.
3. Categories of Data Subjects
Customer may upload Personal Data in the course of its use of the Covered Services, the extent to which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to Personal Data relating to the following categories of Data Subjects:
Customer may upload Personal Data in the course of its use of the Covered Services, the type of and extent to which is determined and controlled by Customer in its sole discretion, and which may include, but is not limited to the following categories of Personal Data of Data Subjects:
We are, as always, committed to the protection of our customer’s information. To provide the best level of security, we consider a number of factors such as best practices, cost to execution, details and circumstances of processing, severity and risk of data breach occurrence and its potential impact to a customer. We also regularly test, assess and evaluate the effectiveness of our procedures.
We have established internal privacy policies and agreements to ensure personal data is processed in accordance with customers’ preferences and instructions.
[See Section 9.2 of the Addendum for applicability of these SCCs]
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection.
The entity identified as “Customer” in the Addendum (the “data exporter”) and One Planet Hosting Inc. (the “data importer”) each a “party”; together “the parties”, HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
For the purposes of the Clauses:
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Third-party beneficiary clause
Obligations of the data exporter
The data exporter agrees and warrants:
Obligations of the data importer
The data importer agrees and warrants:
Mediation and jurisdiction
Cooperation with supervisory authorities
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Obligation after the termination of personal data processing services
Exhibit 1 to the Standard Contractual Clauses
The data exporter is the entity identified as “Customer” in the Addendum
The data importer is One Planet Hosting Inc., a provider hosted services.
The processing operations are defined in Section 1.3 and Appendix 1 of the Addendum.
Categories of data
The processing operations are defined in Section 1.3 and Appendix 1 of the Addendum.
The processing operations are defined in Section 1.3 and Appendix 1 of the Addendum.
Exhibit 2 to the Standard Contractual Clauses
This Exhibit forms part of the Clauses. By purchasing Covered Services from One Planet Hosting, the Addendum and this Exhibit 2 are deemed accepted and executed by and between the parties.
Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):
The technical and organizational security measures implemented by the data importer are as described in the Addendum, specifically in Appendix 2, which is incorporated and attached to it.
 National mandatory requirements applicable to the data importer, as described in Article 13(1) of Directive 95/46/EC, will be defined as consistent with the Standard Contractual Clauses so long as they meet the requirements of this Directive. Examples of eligible mandatory requirements are legislation related to national security, defense, public security, internationally recognized sanctions, tax-reporting requirements and/or anti-money-laundering reporting requirements.