Data processing agreement

For domain name registrations, the central registry is considered to be the data controller and NameWeb is a processor and the reseller is a sub-processor.
For other services, NameWeb is the data controller and the reseller is a processor.

For anybody operating as a reseller of NameWeb, the below shall constitute an integral part of the Terms and Conditions.

1) Compliance with data protection legislation

The reseller shall comply with its obligations under all applicable Data Protection Legislation at all times when processing Personal Data.

The reseller shall process Personal Data only as instructed by NameWeb and only for the purpose of the domain name registrations or additional services acquired from NameWeb (here after referred to as the Services)(*).

The Reseller shall inform NameWeb immediately if, in its opinion, an instruction results in a violation of the Data Protection Legislation.

The Reseller shall provide reasonably assistance to NameWeb in the context of a data protection impact assessment related to the Services.

2) Sub-processors

Consent is hereby given to the reseller to use sub-processors for the processing of the Personal Data, if reseller has an agreement with the sub-processors which imposes obligations that correspond to those stipulated in this agreement.

3) Confidentiality

The Reseller undertakes to treat all Personal Data confidentially and shall not disclose any Personal Data to a third party other than:
- Its own employees, sub-processors or employees of the sub-processors for whom such disclosure is reasonably necessary for the provision of the services. And this on condition that the persons to whom Personal Data may be disclosed are bound by obligations of confidentiality which correspond with those imposed on the Reseller by this agreement.
or
- Insofar as required by law, by any government body, or by a court or other competent body.

4) Security

The Reseller shall take appropriate technical and organizational measures to prevent any accidental or unlawful destruction, loss, modification, unauthorised disclosure of or access to the Personal data.

5) Notification of breach

The Reseller shall notify NameWeb as quickly and thoroughly as reasonably possible upon becoming aware of a security breach which accidentally or unlawfully might lead to the destruction, loss, modification, unauthorized disclosure or access to the Personal Data.

6) Transfers of personal data to third countries

The Reseller may transfer Personal Data to a recipient in a country outside the European Economic area; provided that either:
- The EU Commission has taken an adequacy decision concerning that Third Country in
accordance with the applicable Data Protection Legislation
- The transfer falls within the scope of the EU-US Privacy Shield programme
- The recipient has concluded an agreement which contains model clauses approved by the EU Commission or by another competent governmental authority in accordance with the applicable Data Protection Legislation.

7) Audit

If NameWeb so requests, reseller shall provide NameWeb with all information that the latter needs to verify that the reseller complies with its obligations under this agreement and the reseller shall allow NameWeb or an inspector authorized by NameWeb to conduct an audit at the reseller to ascertain that the latter complies with its obligations under this agreement.

8) Processing requests from data subjects

The reseller shall cooperate with NameWeb in the handling of requests from data subjects in exercising their rights.

9) Term and termination

This agreement is entered into for the duration of the reseller-ship of the reseller and can only be terminated by the reseller ceasing to resell services from NameWeb.
Upon termination, the reseller shall destroy all personal data in the possession or under the control of the reseller and the reseller shall provide NameWeb with a list of Personal Data that the reseller is legally required to keep after the termination of this agreement.

(*) For the avoidance of doubt, this agreement shall not affect personal data procession executed by the reseller in its own name for the purposes and by manner and means of which the reseller has control. With regard to such processing, the reseller is an independent processor and NameWeb is not liable for such personal data processing.