Legal

Client Data Processing Agreement

Data Processing Agreement

This Data Processing Agreement (the “DPA”) forms part of xneelo’s Terms of Service (the “Principal Agreement”), and is incorporated into the Principal Agreement by reference. Xneelo reserves the right to make changes to the respective Agreements at any time without notice. Any updated versions of the aforesaid Agreements will be posted on our website.

1. Introduction

This DPA applies when you sign up for our services, and xneelo acts as the Processor of your Personal Data. When we provide these services to you, you are the Controller of the Personal Data that we Process because you decide why and how we Process that Personal Data.

2. Definitions and Interpretations

2.1. The defined terms in this DPA supplement the terms of the Principal Agreement. Terms not defined herein will have the meaning as set forth in the Principal Agreement. If there is a conflict between any of the Principal Agreement’s provisions and this DPA’s provisions, the provisions of the DPA will prevail.

“Controller” means the person who decides why and how personal data will be processed. This would be you, our Customer.

“Data Protection Law” means any and all data protection laws and regulations that apply to xneelo’s Processing of Personal Data under the DPA including, the GDPR, the Protection of Personal Information Act 4 of 2013, ePrivacy laws and, to the extent applicable, the data protection or privacy laws of any other country;

“Data Subject” means the person whose data is processed, which are your customers or site visitors.

“GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

“Personal Data” means any data or information that relates to an individual who can be directly or indirectly identified. For example, names and email addresses are personal data. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions can also be personal data.

“Personal Data Breach” any unauthorized or otherwise unlawful personal data processing.

“Process I Processing” means any action performed on data, whether automated or manual. This would include collecting, recording, organizing, structuring, storing, using, or erasing. Thus, basically doing anything with data.

“Processor” means xneelo, a third party that processes personal data on behalf of a data controller.

“Standard Contractual Clauses” means the new Standard Contractual Clauses (the “SCCs”) adopted by the European Commission on 4 June 2021 to facilitate the transfer of data between EU/EEA and non-EU/EEA countries.

“Subprocessor” means any person appointed by or on behalf of the Processor to process Personal Data on behalf of xneelo in connection with the Agreement.

3. Agreement Subject Matter

3.1. Application. The DPA applies when xneelo Processes your Personal Data subject to the applicable Data Protection Law.

3.2. Acceptance. By using our products and services you are deemed to have read, understood, accepted, and agreed to be bound by all of the terms of the respective Agreements.

3.3. Duration. xneelo will Process Personal Data until the Principal Agreement expires or terminates, unless otherwise agreed in writing, subject to clause 4.1.5 below.

3.4. Limitations. DPA does not apply where xneelo Processes data on either Controller or Data Subject’s behalf in terms of any activity not set out in the Principal Agreement.

3.5. Details of Processing. The following details related to the Processing is described in the Principal Agreement and our Privacy Policy, which are incorporated into this DPA by reference:

3.5.1. the Processing’s subject-matter;

3.5.2. the Processing’s nature;

3.5.3. the Processing’s purpose;

3.5.4. the Personal data type;

3.5.5. the Data Subject categories; and

3.5.6. the Controller’s rights.

4. Data Processing and Protection

4.1. Processor’s Obligations

4.1.1. Processing of Data

xneelo will comply with the applicable Data Protection Law when Processing Personal Data and will only Process Personal Data on Controller’s documented instructions.
Controller instructs xneelo to Process Personal Data to provide the Services and related technical support in terms of the Principal Agreement.

4.1.2. Data Transfer

xneelo may only transfer Personal Data to a third country or international organisation on Controller’s documented instructions, unless required to do so by applicable law.
xneelo must advise Controller about the legal requirement before Processing the Personal Data, unless the law prohibits them from doing so in the public interest. The Parties agree that the DPA and Principal Agreement constitute Controller’s documented instructions for Processing Personal Data.

4.1.3. Processors Personnel

xneelo will take reasonable steps to ensure that persons authorised by xneelo to Process any Personal Data are subject to appropriate confidentiality obligations.
xneelo imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security. For more information, please see our Privacy Policy.

4.1.4. Security Measures

Data Securityxneelo will implement appropriate technical and organisational security measures to ensure a level of security appropriate to the risk, including, the measures referred to in Data Protection Law, and the measures referred to in xneelo’s Security Statement.In assessing the appropriate level of security, xneelo will pay special attention to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
Auditsxneelo will cooperate and provide reasonable assistance for audits (including inspections) by Controller or another auditor that they mandate. Controller must provide xneelo with at least 30 (thirty) business days prior written notice of Controller’s intention to audit.
Access to informationWhere necessary, xneelo will give Controller reasonable access to audit the relevant records that are necessary to demonstrate our compliance with our data protection obligations.
Personal Data Breachxneelo will notify Controller without undue delay after becoming aware of a Personal Data Breach.
Assistance to ControllerAny Personal Data Breach notification xneelo makes to assist Controller will include information xneelo is reasonably able to disclose, taking into account:
- the technical and organisational measures Controller requires to fulfil its obligation to respond to requests by Data Subjects, and
- the nature of Processing, the information available to xneelo, and any restrictions on disclosing the information, such as confidentiality.

4.1.5. Return or Deletion of Personal Data

Any time upon notification by Controller, xneelo will, and will cause its Subprocessors to securely delete all Personal Data (including all copies) to the extent permitted by applicable law.
xneelo agrees to preserve the confidentiality of any Personal Data retained by us in accordance with applicable law. Any active Processing of such Personal Data after the Data Processing services are terminated will be limited to the extent necessary to comply with applicable law. Xneelo will ensure that the post-termination obligations in this section are also required of Subprocessors.

4.1.6. Subprocessing

Restrictionxneelo will not appoint or assign any of its obligations to any Subprocessor without Controller’s prior specific authorisation or general written authorisation (provided that xneelo informs Controller of any intended changes to Subprocessors and gives Controller an opportunity to object to such changes).

4.1.7. Authorised Subprocessors

Controller authorises xneelo to engage the following categories of Subprocessors that are mostly located in the European Union, for the Data Processing activities related to the services described in the Principal Agreement and our Privacy Policy:
- Registrars for domain names,
- CRM for emails and calls,
- Hosting services, or
- any other services necessary to provide services to you.

4.1.8. Specific obligations

xneelo will ensure that its Subprocessors are bound by data protection obligations compatible with our obligations as a Processor under this DPA.

4.2. Controller’s Obligations

4.2.1. Warranties. Controller warrants that it has all necessary rights to provide the Personal Data to xneelo.

4.2.2. Responsibilities. Controller must make sure that certain designated personnel within their organisation:

provide all necessary privacy notices to data subjects;
obtain any necessary Data Subject consent to the Processing;
maintain a record of such consent; and
Communicate to Processor that a Data Subject has revoked consent, where a Data Subject does so;

to the extent that applicable Data Protection Law requires.

5. Processing of Personal Data outside of the European Economic Area (the “EEA”)

5.1. Standard Contractual Clauses

5.1.1. When does it apply?

The Standard Contract Clauses apply to any Processing where the parties:

directly (or via onward transfer) transfer Personal Data outside of the EEA or otherwise to an undesignated territory; or
Processes Personal Data originating in the EEA outside of it or in an undesignated territory (a territory that has not been designated by the European Commission to ensure adequate levels of protection for Personal Data).

5.1.2. When does it not apply?

Personal Data that the Parties otherwise transfer or Process; or
Where Parties have adopted binding corporate rules or a similar mechanism or alternate recognised compliance standard for the lawful transfer of personal data outside the EEA.

5.1.3. Adequate protection

The Parties will assess whether the following requirements are met:

the level of protection of the third country meets the level required by the applicable Data Protection Law, and
the laws of the third country enable the Processor to comply with the SCCs.

Supplementary measures may be taken to ensure a level of protection equivalent to the protection provided under the applicable data protection law, if the requirements in this clause are not met. The Parties will implement the guidance from the relevant supervisory authority to determine the supplementary measures they must put in place.

6. General Terms

6.1. Confidentiality

xneelo will keep all Personal Data confidential, and will not disclose it to any third party except as is required by law.

6.2. Notices

All notices and communications given under this Agreement must be in writing and will be sent via email. Controller will be notified via email sent to the address related to its use of the Services under the Principal Agreement. xneelo will be notified via email, sent to the address: legal@xneelo.com.

6.3. Liability and indemnity

Each Party indemnifies the other and holds them harmless against all claims, actions, third party claims, losses, damages and expenses that the other party incurs arising out of a breach of this DPA or Applicable Data Protection law by the indemnifying party, provided that:

6.3.1. each Party provides the other with a notice of the claim promptly after receiving it;

6.3.2. the indemnified Party gives the indemnifying Party the right to control the defence;

6.3.3. the indemnified Party will provide the indemnifying Party with reasonable assistance as necessary; and

6.3.4. the indemnified Party will avoid admission of liability.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Analytics" category.
cookielawinfo-checkbox-functional	1 year	The GDPR Cookie Consent plugin sets the cookie to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-marketing	1 year	This cookie is set by the GDPR Cookie Consent plugin to store the user consent for the cookies in the category "Marketing".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Necessary" category.
cookielawinfo-checkbox-others	1 year	Set by the GDPR Cookie Consent plugin, this cookie stores user consent for cookies in the category "Others".
CookieLawInfoConsent	1 year	CookieYes sets this cookie to record the default button state of the corresponding category and the status of CCPA. It works only in coordination with the primary cookie.
debug	never	No description available.
viewed_cookie_policy	1 year	The GDPR Cookie Consent plugin sets the cookie to store whether or not the user has consented to use cookies. It does not store any personal data.

Cookie	Duration	Description
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
li_gc	5 months 27 days	Linkedin set this cookie for storing visitor's consent regarding using cookies for non-essential purposes.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.
_fw_crm_v	1 year	FreshChat uses this cookie to track visitor identity and chat sessions performed.
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.n
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gid	1 day	Google Analytics sets this cookie to store information on how visitors use a website while also creating an analytics report of the website's performance. Some of the collected data includes the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	Hotjar sets this cookie to detect a user's first pageview session, which is a True/False flag set by the cookie.
_vwo_uuid_v2	1 year	This cookie is set by Visual Website Optimiser and calculates unique traffic on a website.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Linkedin set this cookie to store information about the time a sync took place with the lms_analytics cookie.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements by tracking user behaviour across the web, on sites with Facebook pixel or Facebook social plugin.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
uuid	3 months	MediaMath sets this cookie to avoid the same ads from being shown repeatedly and for relevant advertising.
zukoVisitorId	1 year	No description available.
zukoVisitorId-7f96a3b640b14eb8	1 year	Description is currently not available.
_fbp	3 months	Facebook sets this cookie to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising after visiting the website.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_hjFirstSeen	30 minutes	Hotjar sets this cookie to identify a new user’s first session. It stores the true/false value, indicating whether it was the first time Hotjar saw this user.
_hjIncludedInSessionSample_1418369	2 minutes	Description is currently not available.
_hjSessionUser_1418369	1 year	Description is currently not available.
_hjSession_1418369	30 minutes	Description is currently not available.
_vwo_ssm	1 year 1 month 4 days	This cookie is set by VWO to track visitor behavior.
_zg1686212616839	session	Description is currently not available.

Search for a domain

Transfer a domain

Web Hosting

Volume Plan

Managed Servers

Self-Managed Servers

Colocation

xneelo Cloud

Recent Insights

Advice

News

Product Updates

Customer Stories

Contact us

Help Centre

Network Status

Introducing the xneelo Control Panel

Client Data Processing Agreement

Data Processing Agreement

1. Introduction

2. Definitions and Interpretations

3. Agreement Subject Matter

4. Data Processing and Protection

5. Processing of Personal Data outside of the European Economic Area (the “EEA”)

6. General Terms

Expert advice & more, straight to your inbox.

Products

Company

Support

Legal

Client Data Processing Agreement

Data Processing Agreement

1. Introduction

2. Definitions and Interpretations

3. Agreement Subject Matter

4. Data Processing and Protection

5. Processing of Personal Data outside of the European Economic Area (the “EEA”)

6. General Terms

Expert advice & more, straight to your inbox.

Social Media

Products

Company

Support

Legal