WebVerse/Data Processing Agreement (DPA)/Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

This Data Processing Agreement forms part of the Terms & Conditions and governs how EclipsiumX SRL processes personal data on behalf of its customers in accordance with GDPR (EU Regulation 2016/679).

1. Parties

This DPA is between:

Data Controller (Client) — the customer using EclipsiumX services
Data Processor (Provider) — EclipsiumX SRL

CUI: 53832723 Nr. Reg. Comerț: J2026008520009 Sediu: Str. Rasaritului ,Nr.58, Lunca banului, Jud vaslui Romania Email: [email protected]

2. Subject of Processing

The Processor provides hosting, VPS, automation, management and digital services under WebVerse, HostVerse and EclipsiumX Universe. Personal data may be stored, transmitted or processed as part of these services.

3. Types of Data Processed

The Processor may handle:

  • account data (name, email, phone)
  • billing data (address, invoices)
  • technical data (IP, logs, device info)
  • content stored by the Controller (databases, files, emails)
  • support communication

4. Duration of Processing

Data is processed for the duration of the service contract. Upon termination, data is deleted or returned to the Controller.

5. Processor Obligations

The Processor agrees to:

  • process data only on documented instructions from the Controller
  • ensure confidentiality of personnel
  • implement strong technical and organizational security measures
  • assist the Controller with GDPR requests
  • notify the Controller of data breaches without undue delay
  • delete or return data upon contract termination

6. Controller Obligations

The Controller agrees to:

  • ensure lawful basis for processing personal data
  • provide accurate and lawful instructions
  • secure access to accounts and credentials
  • avoid uploading illegal or harmful data

7. Sub‑Processors

The Processor may use trusted sub‑processors for infrastructure, payments, analytics or email delivery. These may include:

  • datacenter providers
  • CDN and security providers
  • payment processors (Stripe, PayPal)
  • email delivery services

All sub‑processors comply with GDPR and equivalent security standards.

8. Security Measures

The Processor implements:

  • encryption in transit and at rest
  • firewalls and DDoS protection
  • access control and authentication
  • regular backups
  • monitoring and intrusion detection
  • secure development practices

9. Data Breach Notification

In case of a personal data breach, the Processor will notify the Controller without undue delay, including:

  • nature of the breach
  • affected data
  • mitigation steps
  • recommended actions

10. Data Subject Rights

The Processor assists the Controller in responding to GDPR requests such as:

  • access
  • rectification
  • erasure
  • restriction
  • portability
  • objection

11. Termination

Upon termination of services, the Processor will:

  • delete all personal data
  • or return it to the Controller upon request
  • unless law requires retention

12. Governing Law

This DPA is governed by the laws of Romania and the European Union (GDPR).

Contact Privacy Team