For the storage of personal data on external infrastructures, it may be necessary to conclude a data processing agreement with the respective operator, as prescribed by Article 28 of the EU-GDPR. It is recommended to seek advice from a data protection officer or lawyer on this matter.
We offer our customers the possibility to conclude such an additional agreement. If our provided contract generator is used, no additional fees apply.
To conclude the contract, click on 'Create DPA'. We will store a copy of the contract. Your electronic signature is sufficient for the conclusion. You also have the option to send us your signed contract version by mail. We will then store the contract in our archive.
A Data Processing Agreement is a central requirement of the GDPR (General Data Protection Regulation) according to Art. 28 paragraph 3. When personal data is transferred to a processor, this processing must be based on a contract between the controller and the processor. This contract regulates the rights and obligations of the client and contractor as well as possible subcontractors. The technical and organizational measures for the protection of personal data are determined in a DPA.
A Data Processing Agreement is necessary when personal data is transferred to third parties and processed by them. The processors must ensure that appropriate technical and organizational measures are taken so that the processing is in accordance with the requirements of this regulation and the protection of the rights of the data subject is guaranteed.
A Data Processing Agreement must be concluded if an external service provider has access to personal data. As soon as an external service provider has the opportunity to access personal data within the scope of an order, it should be carefully checked to what extent the regulations on data processing apply.
If an agreement on data processing is missing or incomplete, although it was necessary, fines can be imposed which can vary depending on the violation. Violations of the GDPR are examined and sanctioned by the responsible supervisory authorities.
According to Art.4 GDPR, personal data is "any information relating to an identified or identifiable natural person". This means that all information that can establish a reference to a person is considered personal data. This includes:
Yes, you can deposit a Data Processing Agreement (DPA) at any time in the netcup Customer Control Panel (CCP) under the item "Master Data", sub-item "Order Processing". Deposited DPAs can then be retrieved at this point at any time afterwards.
We offer our customers the conclusion of such an additional agreement. Despite the associated effort, we do this without charging separate costs if our template for the additional agreement is used.
To conclude such an additional agreement on data processing with us, please proceed as follows:
You will receive a contract signed and stamped by us. We will store a copy of the contract. Your electronic signature is sufficient for the conclusion. If you wish, you can also send us your version of the contract signed by mail. We will then store the contract in our archive.
For details, please consult a lawyer.
Please understand that the conclusion of a completely individual agreement on data processing with our lawyer involves a great deal of effort. This can result in costs that can amount to several hundred euros. Each individual data processing must be managed separately by us, which incurs further costs. Therefore, we only offer the free conclusion of an additional agreement on data processing based on our contract draft. This has been carefully prepared and covers the essential requirements of the GDPR according to our assessment.
Please send two originals signed by you to us. We will sign one of the originals and send it back to you.
The data you have provided as well as the circle of those affected, which you have informed us, are mentioned in the contract.
Yes, there is the possibility to receive the contract in English.
Unfortunately, we are not permitted to provide legal advice. In Germany, out-of-court legal advice is regulated by the Legal Services Act. A comprehensive, out-of-court, paid legal advice may only be provided by certain persons, such as lawyers, legal advisors, tax consultants, and patent attorneys.
Of course, we answer all questions about how we store personal data when you or your customers are affected by the data storage. However, we cannot explain to you how you need to inform your own customers in accordance with the GDPR, which log files you are allowed to store and for how long, and the like. We ask for your understanding in this regard and recommend that you contact a trusted lawyer, especially if you are pursuing commercial goals.
Unfortunately, that is not possible. We are of course more than happy to answer all your questions concerning data processing.