DATA PROCESSING AGREEMENT (DPA)
This Data Processing Agreement ("DPA") forms an integral part of the Terms of Service and Master Service Agreement ("Agreement") between Exsile Digital Ltd., operating under the brand YouServ ("Processor", "We", "Us", or "YouServ"), and the client utilizing YouServ's hosting, VPS, or infrastructure services ("Controller", "Customer", or "You").
By utilizing YouServ's services, the Customer accepts and agrees to the terms of this DPA.
1. Definitions
- "Data Protection Laws" refers to all applicable privacy and data protection regulations, including the Israeli Privacy Protection Law (1981) and the EU General Data Protection Regulation (GDPR) 2016/679, where applicable.
- "Personal Data" means any information relating to an identified or identifiable natural person that is uploaded, stored, or processed on the Processor’s infrastructure by the Customer.
- "Controller" is the Customer, who determines the purposes and means of the processing of Personal Data.
- "Processor" is YouServ, providing the underlying cloud and server infrastructure.
2. Scope and Nature of Processing
2.1. Passive Infrastructure Role: YouServ provides cloud hosting, VPS, and infrastructure services. YouServ acts solely as a passive conduit for the storage and automated processing of data. We do not monitor, access, mine, or monetize the Personal Data stored on our servers by the Customer.
2.2. Processing Activities: Processing is limited exclusively to the automated storage, routing, and technical backups necessary to maintain server uptime and provide the hosting services requested by the Customer.
2.3. Prohibition of Sensitive Data: The Customer is strictly prohibited from storing highly sensitive data on YouServ infrastructure, including but not limited to full credit card numbers (PCI data), protected health information (PHI), or special categories of data under Article 9 of the GDPR.
3. Obligations of the Controller (Customer)
3.1. Lawful Basis and Consent: The Customer bears full and sole responsibility for establishing a lawful basis for data collection. The Customer must ensure that all Personal Data uploaded to the server has been collected legally, with appropriate end-user consent and privacy notices in place.
3.2. Application Security: While YouServ secures the physical infrastructure and network perimeter, the Customer is completely responsible for the security of their application layer. This includes maintaining secure passwords, updating Content Management Systems (e.g., WordPress), patching plugins, and preventing unauthorized access to their website or database.
3.3. Logs and Retention: YouServ does not maintain long-term application or server logs. If the Customer requires log retention for compliance, security, or audit purposes, it is the Customer's sole responsibility to configure and export such data to an external location.
4. Obligations of the Processor (YouServ)
4.1. Confidentiality: YouServ ensures that any personnel authorized to manage the infrastructure are bound by strict obligations of confidentiality.
4.2. Security Measures: YouServ shall implement and maintain appropriate technical and organizational measures to protect the underlying hardware and network infrastructure against unauthorized access, DDoS attacks, and hardware failures.
4.3. Data Subject Requests: Because YouServ does not interact with the Customer's end-users, YouServ shall not respond directly to Data Subject Requests (e.g., right to be forgotten, data portability). The Customer has full administrative access to their servers to fulfill these requests independently. If a request is made directly to YouServ, we will forward it to the Customer.
5. Personal Data Breach Management
5.1. Notification: In the event of a confirmed security breach originating at the infrastructure or network level managed by YouServ that compromises Customer Personal Data, YouServ will notify the Customer without undue delay.
5.2. Exclusion: YouServ is not responsible for, and will not generate breach notifications for, security incidents resulting from Customer negligence, compromised Customer passwords, or vulnerabilities within the Customer's website, code, or third-party plugins.
6. Sub-processing
6.1. The Customer provides general authorization for YouServ to engage third-party sub-processors (e.g., upstream data centers, network carriers) to facilitate the services.
6.2. YouServ ensures that any sub-processor engaged is subject to data protection obligations that are substantially similar to those contained in this DPA.
7. Data Deletion and Return
7.1. Upon termination or cancellation of the hosting services, YouServ will permanently delete all Customer Personal Data, files, and databases associated with the account from its active servers, in accordance with our standard data destruction policies. The Customer is responsible for exporting any required data prior to account cancellation.
8. Governing Law and Jurisdiction
8.1. This DPA shall be governed by and construed in accordance with the laws of the State of Israel.
8.2. Any disputes arising from this DPA shall be subject to the exclusive jurisdiction of the competent courts in Tel Aviv-Jaffa, Israel.