Koyeb Data Processing Agreement - April, 27th 2021
For all intents and purposes, all terms used in this Data Processing Agreement whose first letter of each word is in capital letter have the same meaning as in the Koyeb Terms of Service.
In the context of the performance of the Agreement, Koyeb is required to process personal data among Customer Data.
Koyeb (the “Processor”) acts as a subcontractor, the Customer (the “Controller”) being responsible for the collection and processing of such personal data.
The purpose of these clauses is to define the conditions under which the Processor undertakes to carry out the personal data processing operations defined below on behalf of the Controller.
In the context of their contractual relationship, the Parties undertake to comply with the regulations in force applicable to the processing of personal data and, in particular, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”).
The Subcontractor is authorized to process on behalf of the Controller the personal data necessary to provide the Service(s).
The categories of data subject are the end users of the services provided by the Customer and the Authorised Users entitled to access the Platform by the Customer.
The purposes of the processing are as follows:
Unless the consent of the data subjects obtained under the conditions provided in accordance with the applicable legislation, these operations must not lead to the creation of profiles that may reveal sensitive data (racial or ethnic origins, philosophical, political, trade union, or religious opinions, sexual life or people's health).
In any event, the Controller is required to previously inform the Processor of any other processing intended and to guarantee compliance with the applicable regulation. In particular, the Controller is required to carry out, if necessary, a data protection impact assessment of the processing intended under the conditions defined in Article 35 of the GDPR.
The personal data processed is or may be as follows if necessary in view of the purpose of the processing in question:
For the performance of the Service subject of the Agreement, the Controller shall make available to the Processor the information which guarantees compliance with the legal provisions in force and in particular the GDPR.
These clauses take effect as from the entry into force of the Agreement, for the duration of the Agreement.
The Controller undertakes, in the context of the performance of the Agreement to:
The Processor shall not be liable for any failure by the Controller to comply with applicable regulation except where the law expressly provides otherwise.
In accordance with Articles 28 and 32 of the GDPR, the processor undertakes:
The Processor may use another subcontractor to carry out specific processing activities. In this case, it shall previously inform the Controller in writing of any proposed changes concerning the addition or replacement of other subcontractors. The Controller has a minimum of seven (7) days from the date of receipt of this information to submit its objections. This subcontracting can only be carried out if the Controller has not raised any objections within the agreed period.
Koyeb uses certain subcontractors to assist in providing Koyeb Services to its customers. Subcontractor will be referred as sub-processor if the entity will or potentially have access to or process Personal Data.
A subcontractor is a third party engaged by Koyeb, who is providing services that enable Koyeb to provide the Services and/or will provide added value directly or indirectly to Koyeb’s customers. Subcontractors have or potentially have access to or process service data (which may contain Personal Data) in which case they will be referred to as sub-processor.
Koyeb back-end services are located in co-location facilities and in the infrastructure subcontractors listed below. Koyeb controls the logical access to infrastructure running these services. Subcontractors don’t have access to these services.
Entity Name | Purpose | Entity Country |
---|---|---|
Google Cloud Platform | Koyeb control plane | Belgium |
Koyeb owns and controls access to the infrastructure that Koyeb uses to host Customer services and to store and process Customer Data. Subcontractor and region depend on which subcontractor and region Customer chooses to select. Customer Data will stay in the region selected by the Customer but may be shifted and co-located between different datacenters within the region to ensure performance and availability of the services. These subcontractors don’t have logical access to data.
Entity Name | Purpose |
---|---|
Equinix Metal | Infrastructure |
IBM Cloud | Infrastructure |
Scaleway | Infrastructure |
Amazon Web Services | Infrastructure |
Koyeb uses certain third parties listed below to provide specific functionality within the Services. In order to provide the relevant functionality these subcontractors have access to Service data, limited to the indicated Services.
Entity Name | Purpose | Entity Country |
---|---|---|
Intercom | Customer support | USA |
Slack | Internal Operational messaging | USA |