Data Processing Agreement

For the storage of personal data on external infrastructures, it may be necessary to conclude a data processing agreement with the respective operator, as prescribed by Article 28 of the EU-GDPR. It is recommended to seek advice from a data protection officer or lawyer on this matter.

We offer our customers the possibility to conclude such an additional agreement. If our provided contract generator is used, no additional fees apply.

To conclude the contract, click on 'Create DPA'. We will store a copy of the contract. Your electronic signature is sufficient for the conclusion. You also have the option to send us your signed contract version by mail. We will then store the contract in our archive.

What is a Data Processing Agreement (DPA)?

A Data Processing Agreement is a central requirement of the GDPR (General Data Protection Regulation) according to Art. 28 paragraph 3. When personal data is transferred to a processor, this processing must be based on a contract between the controller and the processor. This contract regulates the rights and obligations of the client and contractor as well as possible subcontractors. The technical and organizational measures for the protection of personal data are determined in a DPA.

Why do I need to conclude a Data Processing Agreement?

A Data Processing Agreement is necessary when personal data is transferred to third parties and processed by them. The processors must ensure that appropriate technical and organizational measures are taken so that the processing is in accordance with the requirements of this regulation and the protection of the rights of the data subject is guaranteed.

Who is affected by the regulations on data processing?

A Data Processing Agreement must be concluded if an external service provider has access to personal data. As soon as an external service provider has the opportunity to access personal data within the scope of an order, it should be carefully checked to what extent the regulations on data processing apply.

What happens if I do not conclude a Data Processing Agreement?

If an agreement on data processing is missing or incomplete, although it was necessary, fines can be imposed which can vary depending on the violation. Violations of the GDPR are examined and sanctioned by the responsible supervisory authorities.

What is personal data?

According to Art.4 GDPR, personal data is "any information relating to an identified or identifiable natural person". This means that all information that can establish a reference to a person is considered personal data. This includes:

• Name and address
• E-mail address
• Telephone number
• Account data

Can I retrieve or deposit the DPA later?

Yes, you can deposit a Data Processing Agreement (DPA) at any time in the netcup Customer Control Panel (CCP) under the item "Master Data", sub-item "Order Processing". Deposited DPAs can then be retrieved at this point at any time afterwards.

Additional agreement on data processing

We offer our customers the conclusion of such an additional agreement. Despite the associated effort, we do this without charging separate costs if our template for the additional agreement is used.

To conclude such an additional agreement on data processing with us, please proceed as follows:

1. Log in to the CCP with your login data.
2. Click on Order Processing, in the menu under the point Master Data.
3. Indicate which data you store with us.
4. Name the circle of affected persons.
5. Read through the contract.
6. If you agree with it, please click on "Generate DPA".

You will receive a contract signed and stamped by us. We will store a copy of the contract. Your electronic signature is sufficient for the conclusion. If you wish, you can also send us your version of the contract signed by mail. We will then store the contract in our archive.

For details, please consult a lawyer.

Please understand that the conclusion of a completely individual agreement on data processing with our lawyer involves a great deal of effort. This can result in costs that can amount to several hundred euros. Each individual data processing must be managed separately by us, which incurs further costs. Therefore, we only offer the free conclusion of an additional agreement on data processing based on our contract draft. This has been carefully prepared and covers the essential requirements of the GDPR according to our assessment.

Frequently Asked Questions (FAQ)

What is the procedure if I send the DPA by mail to you?

Please send two originals signed by you to us. We will sign one of the originals and send it back to you.

Which data are mentioned in the DPA?

The data you have provided as well as the circle of those affected, which you have informed us, are mentioned in the contract.

Can I get the contract in English?

Yes, there is the possibility to receive the contract in English.

Why does our company not answer questions concerning DPA?

Unfortunately, we are not permitted to provide legal advice. In Germany, out-of-court legal advice is regulated by the Legal Services Act. A comprehensive, out-of-court, paid legal advice may only be provided by certain persons, such as lawyers, legal advisors, tax consultants, and patent attorneys.

Of course, we answer all questions about how we store personal data when you or your customers are affected by the data storage. However, we cannot explain to you how you need to inform your own customers in accordance with the GDPR, which log files you are allowed to store and for how long, and the like. We ask for your understanding in this regard and recommend that you contact a trusted lawyer, especially if you are pursuing commercial goals.

Can the DPA be tailored to my specific needs?

Unfortunately, that is not possible. We are of course more than happy to answer all your questions concerning data processing.