Domain Registration Anonymous Hosting Anonymous VPS Blog Support Control panel: VPS Servers Domains & Hosting
Prv.to
Domain Registration Anonymous Hosting Anonymous VPS Blog Support
VPS Servers Domains & Hosting

Data Processing Agreement

This data processing agreement is applicable to all processing of personal data to be undertaken by Luxury Direct s.r.o., further referred to as the "Processor" for the benefit of another party to whom it provides services, further referred to as the "Controller" on the basis of the agreement concluded between these parties, further referred to as the "Agreement".

Data Processing Agreement

This Data Processing Agreement (“DPA”) is applicable to all processing of personal data undertaken by Processor (Luxury Direct s.r.o.) for the benefit of the Controller (the Client) on the basis of the Service Agreement.

Article 1: Purposes of Processing

  1. The Processor shall process personal data solely for the purpose of providing VPS hosting, Shared/WordPress hosting, and Domain Registration services, including associated technical support and security.
  2. The categories of data and data subjects are defined in Appendix 1. The Processor shall not process data for any other purpose unless legally required by Slovak or EU law.

Article 2: Processor Obligations

  1. The Processor shall comply with the GDPR and all applicable data protection regulations.
  2. The Processor shall assist the Controller, insofar as possible, in fulfilling its obligations to respond to requests from data subjects (Articles 15-22 GDPR) and in ensuring compliance with obligations regarding security and data protection impact assessments.
  3. The Processor shall maintain a record of processing activities in accordance with Article 30 GDPR.

Article 3: Transfer of Personal Data

  1. Internal Transfers: Processor may process data within the European Economic Area (EEA).
  2. International Transfers (Domains): The Controller acknowledges that Domain Registration requires the transfer of personal data to Registries and Registrars located outside the EEA (e.g., the United States).
  3. Where data is transferred to a third country without an adequacy decision, the Processor shall ensure that appropriate safeguards (such as Standard Contractual Clauses) are in place to protect the data.

Article 4: Involvement of Sub-processors

  1. The Controller provides a general authorization for the Processor to engage sub-processors (e.g., upstream domain registrars, data center operators).
  2. A list of current sub-processors is available upon request. The Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors, giving the Controller the right to object.
  3. The Processor remains fully liable to the Controller for the performance of the sub-processor’s obligations.

Article 5: Security Measures

  1. The Processor shall implement appropriate technical and organizational measures, including:
    • Encryption: SSL/TLS for data in transit;
    • Access Control: Strong password policies and Two-Factor Authentication (2FA);
    • Network Security: Firewalls, secure internal networks, and regular security audits;
    • Physical Security: Strict access control to server locations.
  2. The Processor does not guarantee absolute security but commits to maintaining security levels consistent with industry "state-of-the-art" standards.

Article 6: Data Breach Notification

  1. The Processor shall notify the Controller without undue delay (and no later than 48 hours) after becoming aware of a personal data breach.
  2. The notification shall include the nature of the breach, the data affected, and the mitigation steps taken.

Article 7: Audit Rights

  1. The Controller has the right to conduct an audit or inspection through an independent auditor once per year, provided the Controller gives at least 30 days' notice and bears all associated costs (unless the audit reveals a significant breach of this DPA by the Processor).

Article 8: Secrecy and Confidentiality

  1. All personal data is subject to strict obligations of confidentiality. Processor shall not use this information for any purpose other than for which it was obtained.

Article 9: Termination and Deletion

  1. Upon termination of the agreement, the Processor shall destroy all personal data and copies thereof, unless EU or Slovak law requires storage (e.g., for accounting or registry data retention).

Appendix 1: Personal Data and Data Subjects

Data Categories: Names, addresses, telephone numbers, email addresses, IP addresses, financial data, and Domain Registrant data.
Data Subjects: Customers, account holders, leads, and visitors of the Controller's hosted websites.

Last Updated: March, 2026

Service provided by Luxury direct s.r.o. • Slavicie chodniky 31 • 949 01 Nitra • Slovakia
Business registry number 51 199 882 • VAT number SK 2120635869
© 2026 Prv.to. All rights reserved.