Поддержка Способы оплаты
Личный кабинет

Data Processing Agreement

This Data Processing Agreement ("Agreement") is made and entered into as of the Effective Date by and between:

  1. Astraform Limited, a company incorporated under the laws of Hong Kong ("Service Provider"), and
  2. The Customer ("Data User"),

who has agreed to the Terms of Use and engages the Service Provider to provide hosting and related services.

This Agreement is an integral part of the Service Provider’s Terms of Use and applies to all Processing of Personal Data carried out in connection with the provision of the Services to the Data User.

1. Definitions

1.1. "PDPO" means the Personal Data (Privacy) Ordinance (Cap. 486, Laws of Hong Kong), as amended from time to time.
1.2. "Personal Data" means any information relating to an identified or identifiable living individual.
1.3. "Processing" means any operation or set of operations performed on Personal Data, whether or not by automated means.
1.4. "Subprocessor" means any third party engaged by the Service Provider to process Personal Data in connection with the Services.
1.5. "Data Subject" means any living individual whose Personal Data is processed.

2. Purpose and Scope

2.1. The Service Provider shall process Personal Data only for the purposes of providing the Services and in accordance with the documented instructions of the Data User.
2.2. The Data User determines the purposes and means of Processing Personal Data in connection with its use of the Services.
2.3. The Processing activities covered include storage, retrieval, backup, deletion, and other operations reasonably necessary for service provision.

3. Service Provider’s Obligations

3.1. The Service Provider shall:

  • Process Personal Data solely for the purpose of providing the Services and in accordance with the documented instructions of the Data User (Documented instructions include the Data User’s acceptance of the Terms of Use and Privacy Policy, data submitted through the Services, configuration changes performed in the account, API requests, and any written instructions provided via support channels).
  • Implement reasonable technical and organizational measures designed to protect Personal Data against unauthorized or unlawful Processing, loss, destruction, or damage.
  • Ensure that personnel and Subprocessors authorized to process Personal Data are bound by appropriate confidentiality obligations.
  • Take reasonable steps to assist the Data User in meeting its obligations under applicable data protection laws, taking into account the nature of the Services and the information available to the Service Provider.
  • Notify the Data User within a reasonable timeframe after becoming aware of a Personal Data security incident affecting the Services.

4. Data User’s Obligations

4.1. The Data User shall:

  • Ensure that Personal Data is collected, used, transferred, and otherwise processed lawfully and in compliance with applicable data protection laws.
  • Provide documented instructions for Processing Personal Data where necessary for the provision of the Services.
  • Ensure that any required notices are provided to Data Subjects and that any required consents are obtained.
  • Be solely responsible for responding to any Data Subject requests or claims and for handling any interactions with competent authorities relating to Personal Data.

5. Security Measures

5.1. The Service Provider shall implement reasonable technical and organizational security measures, including, where appropriate:

  • Encryption of Personal Data.
  • Access controls, ensuring only authorized personnel can access Personal Data.
  • Regular security testing and internal reviews designed to assess and improve security controls.
  • Incident detection and response procedures designed to mitigate security risks.

6. Personal Data Security Incidents

6.1. The Service Provider shall notify the Data User within a reasonable timeframe after becoming aware of a Personal Data security incident affecting the Services.
6.2. The notification shall include, to the extent reasonably available, information about the nature of the incident and the measures taken or proposed to mitigate its effects.

7. Subprocessors

7.1. The Service Provider is authorized to engage Subprocessors for service-related functions.
7.2. The Service Provider shall:

  • Take reasonable steps to ensure that Subprocessors are subject to obligations that provide an appropriate level of protection for Personal Data, consistent with this Agreement.
  • Remain responsible for the performance of Subprocessors engaged for Processing in connection with the Services.

8. Cross-Border Data Transfers

8.1. Personal Data may be processed or stored in jurisdictions outside the Data User’s country of establishment where required for the provision of the Services.
8.2. The Service Provider shall take reasonable steps to ensure that any such cross-border Processing is carried out in accordance with applicable data protection laws.

9. Data Subject Requests

9.1. Where reasonably practicable, the Service Provider shall assist the Data User in responding to lawful requests from Data Subjects relating to Personal Data processed in connection with the Services, taking into account the nature of the Services and the information available to the Service Provider.

10. Data Retention and Deletion

10.1. The Service Provider shall retain Personal Data only for the duration required to provide services.
10.2. Upon termination of services, the Service Provider shall delete or return all Personal Data, unless otherwise required by law.

11. Compliance Information

11.1. Upon reasonable request, the Service Provider shall provide the Data User with information reasonably necessary to demonstrate compliance with this Agreement, subject to confidentiality and security constraints.
11.2. Any on-site or independent audit may be conducted only where required by applicable law or where otherwise agreed in writing by the parties, and shall be subject to reasonable scope, scheduling, confidentiality, and security requirements.

12. Liability and Indemnification

12.1. The Service Provider shall be liable only for breaches of this Agreement caused by its own negligence or willful misconduct.
12.2. The Data User shall indemnify and hold harmless the Service Provider against claims arising from the Data User’s unlawful Processing of Personal Data or failure to comply with applicable data protection obligations.

13. Term and Termination

13.1. This Agreement remains in effect for the duration of the Data User’s use of the Service Provider’s services.
13.2. Upon termination, the Service Provider shall delete or return Personal Data unless legal retention obligations apply.

14. Governing Law and Jurisdiction

14.1. This Agreement shall be governed by and construed in accordance with the laws of Hong Kong.
14.2. Any disputes arising out of or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of Hong Kong.

15. Miscellaneous

15.1. If any provision of this Agreement is found invalid, the remainder shall remain in full force.
15.2. This Agreement supersedes any prior data processing terms.
15.3. The Service Provider reserves the right to update this Agreement to reflect changes in legal requirements.