This Data Processing Agreement (DPA) forms part of the Terms of Service and governs the processing of personal data that OtterStorage carries out on behalf of the customer, in accordance with Article 28 of the GDPR.
1. Roles
The customer acts as the data controller and EasyDataHost, S.L. (NIF B87347621, owner of the OtterStorage brand) acts as the data processor with respect to the personal data contained in the objects that the customer stores.
2. Subject Matter and Duration
Processing is limited to providing the storage service for the duration of the contract. Upon termination, the data is deleted or returned in accordance with the customer's instructions, except where there is a legal obligation to retain it.
3. Instructions
OtterStorage processes the data solely in accordance with the customer's documented instructions and applicable law.
4. Confidentiality and Security
We apply appropriate technical and organizational measures (encryption in transit and at rest, access control, activity logging), and personnel with access are bound by confidentiality.
5. Subprocessors
We may engage subprocessors subject to the safeguards required by the GDPR, notifying the customer of any changes with reasonable advance notice so that the customer may object.
6. International Transfers
We offer regions within the EU. Any transfer outside the EEA would be covered by appropriate safeguards (e.g. standard contractual clauses).
7. Assistance and Breaches
We assist the customer in responding to data subjects' rights requests and in meeting its security obligations. We will notify the customer without undue delay of any personal data security breach.
8. Audit
We will make available the reasonable information needed to demonstrate compliance with this DPA.
To sign a DPA, write to us at privacidad@otterstorage.io.