Data Protection Regulation Agreement

6.1 Processing sites. DigitalOcean can transmit and process customer data in the U.S. and around the world, where DigitalOcean, its related companies and/or subprocessings maintain data processing operations. DigitalOcean uses appropriate safeguards to protect personal data wherever it is processed, in accordance with the requirements of data protection legislation. When a subcontractor uses another organization (i.e. a subcontractor) to help process personal data for a processing manager, it must have a written contract with that subcontractor. 11.1 The subcontractor may not transfer or authorize the transfer of data to countries outside the EU and/or the European Economic Area (EEA) without the company`s prior written consent. When personal data processed under this agreement is transferred from a country within the European Economic Area to a country outside the European Economic Area, the parties ensure that personal data is adequately protected. To do so, contracting parties, unless otherwise agreed, rely on standard contractual clauses approved by the EU for the transfer of personal data. ensure that there are appropriate technical and organizational safeguards for the processing of personal data, including the recruitment of qualified personnel, access controls for physical computing units, system access controls, data access controls, data transfer protocols, system protocols and backup systems.

„European Union Data Protection Act“ (i) by 25 May 2018, European Parliament and Council Directive 95/46/EC on the Protection of Individuals in relation to the processing of personal data and the free movement of such data („Directive“) and, 25 May 2018, the European Parliament and Council Regulation 2016/679 on the protection of individuals with regard to the processing of personal data and the free movement of such data („General Data Protection Regulation“); and (ii) Directive 2002/58/EC on the handling of personal data and privacy in the area of electronic communications and applicable national transpositions (at least in their modification, replacement or redemption). provide the client, in accordance with this data protection authority and services, with appropriate and timely assistance to enable the client to respond to a request from a person concerned in order to exercise one of his rights under the General Data Protection Regulation (including his rights of access, rectification, opposition, deletion and portability of data, to the extent permitted); and any other correspondence, request or complaint received from a person, regulator or other relevant third party regarding the processing of the client`s personal data. In the event that such a request, correspondence, request or claim directly to, will inform the customer of the details of this, except for anything else prohibited. When the customer`s personal data is downloaded as the Services is used, you can access, edit or delete data by connecting to the Services with general protocols and tools. After changing or deleting the customer`s personal data, the original data can be stored in the backup memory for up to ninety (90) days.