Data Processing Addendum

1. Introduction

This Data Processing Agreement ("DPA") is an addendum to the Agreement between Ryan Davis, LLC, trading as WebOps Hosting ("Processor") and the customer ("Controller") and is applicable to the extent WebOps Hosting processes Personal Data on behalf of the Controller under the Agreement. This DPA is effective as of the date both parties sign it.

2. Definitions

• Data Subject: Any identified or identifiable natural person whose Personal Data is processed by WebOps Hosting on behalf of the Controller.
• Personal Data: Any information relating to an identified or identifiable natural person ("Data Subject"), including but not limited to name, email address, IP address, and other data as specified below.

3. Categories of Data Subjects

The categories of Data Subjects whose Personal Data may be processed include but are not limited to:

• Customers of the Controller.
• Employees, contractors, or agents of the Controller.
• Visitors to the Controller's websites.
• Users of the Controller's services.

4. Types of Personal Data

The types of Personal Data that may be processed under this DPA include:

• Contact information (e.g., name, email address, phone number).
• Account data (e.g., username, password).
• Payment and transaction data (e.g., credit card information, billing address).
• Online identifiers (e.g., IP addresses, cookies, browser data).
• Communication data (e.g., chat history, emails).
• Usage data (e.g., interaction with websites, logs).

5. Purposes of Data Processing

WebOps Hosting processes Personal Data on behalf of the Controller for the following purposes:

• Providing and managing hosting services.
• Facilitating customer support and communication.
• Ensuring the security and integrity of the services.
• Analyzing service usage to improve performance and customer experience.
• Complying with legal obligations.

6. Security Measures for Personal Data

WebOps Hosting implements the following security measures to protect Personal Data:

• Access Control: Limiting access to Personal Data to authorized personnel only.
• Encryption: Encrypting Personal Data during transmission and storage using industry-standard protocols.
• Data Minimization: Collecting and processing only the minimum necessary amount of Personal Data.
• Regular Audits: Conducting regular security audits and risk assessments to identify and mitigate vulnerabilities.
• Incident Response: Maintaining a data breach response plan to address potential security incidents promptly.

7. Use of Sub-processors

WebOps Hosting may engage sub-processors to assist in the processing of Personal Data. The list of current sub-processors can be found on the following page: WebOps Hosting Sub-processors. WebOps Hosting will ensure that any sub-processors engaged in the processing of Personal Data are bound by data protection obligations equivalent to those in this DPA.

8. Rights and Obligations of the Controller

The Controller retains the rights and obligations concerning the Personal Data and must ensure compliance with all applicable data protection laws. The Controller must provide necessary instructions to WebOps Hosting regarding the processing of Personal Data.

9. Data Subject Rights

WebOps Hosting will assist the Controller, where possible, in responding to Data Subject requests to exercise their rights under applicable data protection laws, such as access, correction, deletion, or restriction of Personal Data.

10. International Data Transfers

Any international transfer of Personal Data will be conducted in compliance with applicable data protection laws and regulations. WebOps Hosting will ensure appropriate safeguards, such as Standard Contractual Clauses, are in place for such transfers.

11. Termination and Deletion

Upon termination of the Agreement, WebOps Hosting will return or delete all Personal Data processed on behalf of the Controller unless otherwise required by applicable law to retain the data.

12. Governing Law

This DPA shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its conflict of law principles.