Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between the Customer (“Controller”) and Maximum Effort Ay (“Processor”). It applies where we process personal data contained in content you host or submit through the Service.

It implements Article 28 of the GDPR. You determine the purposes and means of processing; we process personal data only on your documented instructions, including the operation of the Service.

Subject matter: hosting, storage and processing of the personal data you place in the Service. Duration: for the term of your subscription plus any retention period set out in the Privacy Policy.

Nature & purpose: providing web hosting, email, databases, backups and related infrastructure. Categories of data subjects and personal data are determined by you as Controller.

We process personal data only on your instructions and ensure persons authorised to process it are bound by confidentiality.

We implement appropriate technical and organisational measures, including encryption in transit and at rest, access controls and monitoring (Article 32).

We assist you, taking into account the nature of processing, with data subject requests and with your obligations under Articles 32–36.

You authorise us to engage sub-processors (e.g. infrastructure, payment and email providers) under written terms imposing equivalent data protection obligations. We remain responsible for their performance and will inform you of intended changes so you can object.

Personal data is processed primarily within the EU. Where a transfer outside the EEA occurs, we rely on an adequacy decision or the EU Standard Contractual Clauses with supplementary measures as appropriate.

We notify you without undue delay after becoming aware of a personal data breach affecting your data.

On termination, we delete or return personal data at your choice, except where storage is required by law.

We make available information necessary to demonstrate compliance and allow for reasonable audits. Contact: privacy@lanetti.fi.