Data Processing Agreement (Dpa)

(B) The company wishes to subcontract to the subcontractor certain services that involve the processing of personal data. The customer authorises the transfer of data from the EU to such destinations outside the EU or access to EU data from these purposes outside the EU, provided that one of these measures has been taken. Notwithstanding the foregoing, the Standard Contractual Clauses do not apply and have no legal effect where DigitalOcean applies, during the term of this DPA, another appropriate security feature or means for the transmission of EU data described in this section. 2. The previous written contract between the data importer and the processor shall also provide for a third-party beneficiary clause, in accordance with clause 3, in cases where the data subject is unable to assert the right to compensation referred to in clause 6(1) against the data exporter or data importer because they have actually disappeared or no longer legally exist or have become insolvent and the successor company has all legal obligations of the data exporter or data importer have been taken into account contractually or by law. This liability of the subcontractor is limited to its own transformation operations, in accordance with the clauses. HAVE agreed on the following contractual clauses (the clauses) in order to provide appropriate safeguards for the protection of privacy and the fundamental rights and freedoms of natural persons for the transfer of the personal data referred to in Appendix 1 by the data exporter to the data importer. 7.1 After the deactivation of the services, all personal data is deleted, unless this requirement does not apply insofar as digitalOcean is required, under current legislation, to retain some or all of the personal data, or for personal data that it has archived on backup systems that securely isolate digitalOcean and protect them from further processing. unless it is necessary under current legislation.

`data importer` means the processor who agrees to obtain from the data exporter personal data to be processed on his behalf after transmission in accordance with his instructions and the provisions of the clauses and who is not subject to the system of a third country ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC; Article 26 defines jointly responsible persons as two or more controllers who jointly determine the purposes and means of the processing. . . .