Data Processing Agreement

1. This contract defines the rights and obligations of the Client and Grawt in the context of Grawt processing personal data on behalf of the Client. The terms used in this contract are to be understood in accordance with their respective definitions in the EU General Data Protection Regulation (GDPR). Grawt shall process personal data for the Client on the basis of this Agreement. 
2. Both parties agree that Data Processing Agreement (DPA) will replace any existing DPA the parties may have previously entered into. Except for the changes made by this DPA, the existing agreement remains unchanged and in full effect. If there is any conflict between this DPA and the agreement, this DPA shall prevail to the extent of that conflict.
3. The subject matter and duration of the Data Processing Agreement shall be determined entirely according to the information provided in the respective contractual relationship.
4. Should any parts of this data processing agreement be invalid, this will not affect the validity of the remainder of the agreement.
   

1. The Client will act as the data controller and Grawt as the processor of customer data. Grawt will process customer data only as a data processor for the purposes described in this Data Processing Agreement. Grawt shall carry out the following processes: Processing of user information necessary for the provision, improved security, optimization, control and troubleshooting of the service.
2. The provision of the contractually agreed upon data processing will begin on 18 Oct 2023 and be carried out for an unspecified period until the services provided to the Client are terminated and the correlating service account is deleted by Grawt.
3. The type of data that will be processed includes but is not limited to: network connection data, IP addresses, user agent, URL referrer information as well as any kind of personal data contained in the files or file names that the Client is holding on Grawt.
4. Processing the data consists of the following: collecting, saving, modifying, using, transferring, distributing or any other form of provision, replication, restricting, deleting, collating or destroying data.
   

1. Grawt shall notify the Client in writing if it intends to add or replace Sub-processors and will ensure with reasonable measures that any Sub-processor has the requisite capabilities to Process Customer Data in accordance with this Data Processing Agreement and the GDRP data protection regulations.

1. Grawt will only process personal data as contractually agreed, unless Grawt is legally obliged to do otherwise. Should Grawt be bound by such obligations, Grawt will inform the Client prior to processing the data, unless informing him/her is illegal.
2. The Client is responsible and agrees to maintain a confidential and secure use of services provided by Grawt and protect access to customer data to the best of their ability. Grawt and the Client can, upon request, cooperate with the performance of their duties.
3. The Client is aware that Grawt can from time to time update its security measures, provided that such updates and modifications do not result in the degradation of the overall security of the services purchased by the Client.
4. Grawt shall ensure that any person authorized to access the customer data have been made aware of the relevant data protection provisions as well as this contract before starting to process the data and will carry out corresponding training on a regular basis.
5. Grawt must support the Client when updating the list of processing activities and implementing the data protection assessment. All data and documentation required need to be provided and made available to the Client upon request.
6. Due to a global nature of the service, Grawt may process customer data from anywhere in the world, where Grawt operates. Grawt and all of its Sub-processors will at all times provide appropriate measures for secure customer data processing in accordance with the requirements of data protection laws.
7. Grawt will strictly limit access to any customer data to persons specifically trained and tasked with processing the data and adequately instructed and supervised on an ongoing basis in terms of fulfilling data protection requirements.

1. It is the sole responsibility of the Client to assess and ensure the admissibility of any processing requested. The Client will ensure any data processing requested is in line with privacy and data regulations and to assure the rights of affected parties.
2. The Client will immediately notify Grawt if any irregularities or errors are discovered as a result of the processing.
3. With respect to all personal data, Grawt warrants that it will only process personal data in order to provide and improve the service and only in accordance with this Data Processing Agreement.

1. Grawt will implement and maintain appropriate technical, organizational and security measures designed to maintain strict confidentiality and protect customer data from any kind of data breaches and to ensure the confidentiality and availability to the best of its technical abilities. Any individuals who could have access to the data processed on behalf of Grawt must be obliged in writing to maintain confidentiality, unless legally obliged to do otherwise.
2. Grawt will notify and offer support to the Client without any unjustifiable delay and, where feasible, no later than 48 hours after becoming aware, of any breach of personal data stored or processed by Grawt.
3. Grawt will immediately inform the Client of any inspections, law enforcement requests or measures carried out by supervisory authorities or other third parties if they relate to the commissioned data processing unless legally prohibited from doing so.

1. The Client reserves the right of full authority to issue instructions concerning data processing on his/her behalf.
2. If Grawt determines that an instruction carried out by the client violates the legal requirements, Grawt will inform the Client immediately. Grawt will then be entitled to suspend the execution of the relevant instructions until the Client confirms or alters said instructions

1. When terminating the Data Processing Agreement or at any time upon the Client's request, Grawt will either destroy the data or submit the data to the Client at the Client's discretion. The data must be destroyed in such a way that restoring or recreating the remaining information will no longer be possible, even with considerable effort.
2. Grawt can temporarily contain older data archived on backup systems. In all such cases, Grawt shall maintain the customer data securely and protect it from any further processing.
3. The terms of this Data Processing Agreement shall remain in effect for so long as Grawt continues to retain any customer data.
4. Cancellation of the agreement by the Client or deleting the Client's user account provided by Grawt will simultaneously terminate and invalidate this agreement.