Data Processing Agreement

Blob Background

This Data Processing Agreement (this “DPA”) is entered between Bellinetti Hosting ("Bellinetti", “we”, "us") and Customer (“Customer”, “you”), together referred to as the “Parties”. This DPA is part of the Terms of Service, Privacy Policy and other relevant policies available here. Customers agreeing to these terms enter into this DPA on their own behalf to the extent required under applicable Data Protection Regulations and Laws and to the extent Bellinetti processes Customer Data as instructed by the Controller (as defined in Section 1).

In the course of providing the Services to the Customer Bellinetti may process Customer Data on behalf of the Customer.

The Parties agree to comply with the following provisions with respect to any Customer Data, each acting reasonably and in good faith:

1. Definitions

Unless otherwise defined in this DPA, all capitalized terms have the meanings outlined below:

Adequacy decision: means a formal decision made by the EU which recognises that another country, territory, sector or international organisation provides an equivalent level of protection for personal data as the EU does.

Adequate country or countries: means countries covered by an adequacy decision issued by the EU, meaning data can flow freely between such countries.

Additional Products: means any features, products, software, programs, addons, plugins, scripts, tools or any other third-party software or content that are not part of the services but that may be accessible via the Bellinetti Client Area.

Agreement: means the Terms of Service and other relevant documents announced on our website, together with your order for the purchase/use of services and the order confirmation sent by Bellinetti, if applicable.

Controller: means the natural person or the legal entity which, alone or jointly with others, determines the purposes and means of the processing of customer data; In this agreement, it means the Customer (you).

Customer Data: means any "Personal Data" that is provided to Bellinetti by, or on behalf of the customer through its use of the services (for avoidance of doubt Personal Data part of the Customer’s Order for purchase/use of the respective service shall not be treated as Customer Data, subject to this DPA).

Data Protection Losses means all liabilities, including:

  • claims, demands, actions, settlements, charges, procedures, expenses, losses and damages (whether material or non-material, and including for emotional distress);
  • to the extent permitted by Applicable Law:
    • administrative fines, penalties, sanctions, liabilities or other remedies imposed by a Data Protection Supervisory Authority, other relevant Regulatory Authority or the respective competent court;
    • compensation to a Data Subject ordered by a Data Protection Supervisory Authority or the respective competent court;
    • the reasonable costs of compliance with investigations by a Data Protection Supervisory Authority or any other relevant Regulatory Authority;
  • the costs of loading Customer Data and replacement of Customer materials and equipment, to the extent that the same are lost or damaged, and any loss or corruption of Customer Data including the cost of rectification or restoration of Customer Data;
  • any other costs (including legal costs).

Data Protection Regulations and Laws or Data Protection Regulations means all regulations and laws, including but not limited to laws and regulations of the European Union, the European Economic Area, their member states, Switzerland and the United Kingdom, applicable to the Processing of Customer Data under this DPA.

Terms: Data Subject, Personal Data, Processing, Processor and Supervisory Authority Data Protection Authority have the same meaning as described in the applicable Data Protection Regulations.

Effective date means, as applicable:

  • the date on which the customer clicked to accept the agreement or the parties otherwise agreed to this DPA in respect of the applicable Agreement; or
  • 10 days from the date on which Bellinetti makes this DPA publicly available and sends a notice to the customer.

GDPR means the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of customer data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Notification Email Address means the email address specified by the customer in the "Owner Profile Details" section in the Client Area to receive certain notifications from Bellinetti.

International Data Transfer Agreement (IDTA) means the standard data protection clauses for the transfer of Customer Data when the data subject is in the UK.

Order means any customer’s order for purchase/use of the respective service(s).

Partner means any person or entity which directly or indirectly controls, is controlled by, or is under common control with Bellinetti. Control for the purpose of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

Services means any services we offer which could involve processing of Personal Data by Bellinetti and its subcontractors.

Sub-processor means any Processor engaged by Bellinetti.

Term means the period from the Effective Date until the end of Bellinetti's provisioning of the services under the applicable Agreement, including, if applicable, any period during which the services may have been suspended and any post-termination period during which Bellinetti may continue providing services for transitional purposes.

Standard Contractual Clauses or SCCs means the standard data protection clauses for the transfer of Customer Data, as described in the GDPR.

2. Data Processing

2.1 Scope
This DPA applies where and only to the extent that Bellinetti processes Customer Data on behalf of the customer in the course of providing the services and such Customer Data is subject to the applicable Data Protection Regulations. If the customer agreeing to this DPA is already a customer, this DPA forms part of the Agreement, Privacy Policy and other relevant policies and documents announced on our website. This DPA will be effective and replace any terms previously applicable to privacy, data processing and/or data security where Bellinetti acts as a Data Processor.

2.2 Compliance with Laws
Еach party will comply with the obligations applicable to it under the applicable Data Protection Regulations with respect to the processing of that Customer Data.

2.3 Roles of the Parties
The Parties acknowledge and agree that:

  • Bellinetti is a Data Processor of the Customer Data under the applicable Data Protection Regulations;
  • Customer is a Data Controller or Data Processor, as applicable, of the Customer Data under the applicable Data Protection Regulations; and
  • relies on a lawful basis according to the applicable Data Protection Regulations in order for Bellinetti to process Customer Data and to provide the services pursuant to the Agreement and this DPA.

2.4 Instructions for Data Processing
Bellinetti shall process Customer Data in accordance with this DPA, which is the customer’s complete and final instructions to Bellinetti in relation to processing of Customer Data. Processing outside the scope of this DPA (if any) shall require prior written agreement between Bellinetti and customer on additional instructions for processing. By entering into this DPA, customer instructs Bellinetti to process Customer Data only in accordance with applicable Data Protection Regulations:

  • in order to provide the Services and related technical and other support;
  • as initiated by the Customer and its end users / website visitors in their usage of the Services;
  • as specified in the Agreement, Terms of Service, Privacy Policy and other relevant documents governing the provision of the Services and related technical and other support.

2.5 Subject Matter and Details of the Data Processing.

  • Subject Matter
    Bellinetti will process Customer Data as necessary for the provisioning of the Services and related technical and other support, incl. other inquiries pursuant to the Agreement and as further instructed by customer in its use of the services.

  • Duration of Processing
    Except as provided under Section 11, the duration of data processing shall be the Term designated under the order and the applicable Agreement.

  • Nature and Purpose of the Processing
    Bellinetti will process Customer Data for the purposes of providing the services and related technical and other support to the customer in accordance with the Agreement, this DPA and other relevant documents.

  • Categories of Data Subjects
    We process Personal Data of the following categories of Data Subjects:
    1. Individuals which access and/or use the services;
    2. Individuals whose data is provided to Bellinetti via the services by or at the direction of the customer or by the customer’s end users / website visitors;
    3. Employees, agents, freelancers, clients, and other contractors of the customer, and any other individuals whose Personal Data is processed in connection with the provision of the services;
    4. Individuals which transmit data via the services, including individuals collaborating and communicating with the customer or customer’s end users / website visitors.

  • Categories of Personal Data
    We may process the following categories of Personal Data in the course of the provision of the Services:
    1. Personal identification information (such as name etc.);
    2. Contact details (such as address, email address, phone number etc.);
    3. Any other type of Personal Data of Data Subjects transmitted in relation to the provision of the Services, including Personal Data processed in Customer’s logs or Customer’s content (such as IP address etc.).

2.6 Access or Use
Bellinetti shall not access or use Customer Data, except as necessary to provide the services and related technical and other support to the customer in accordance with the DPA, the Agreement and other relevant documents, and in order to comply with the applicable legislation, including with a valid and binding order (such as court order or other binding documents) of a law enforcement agency and/or any other competent authority/state body.

  • Customer’s Processing
    The customer shall, in its use of the services, process its Personal Data in accordance with the requirements of Data Protection Laws and Regulations applicable to it. The customer shall have sole responsibility for the accuracy, quality, and legality of its data and the means by which the customer acquired this data.

  • Bellinetti’s processing of Customer Data
    Bellinetti shall only process Customer Data on behalf of and in accordance with the customer’s documented instructions (this DPA) for the following purposes:
    1. Processing to provide the services and related technical and other support;
    2. Processing initiated by customer and/or its end users / website visitors in their usage of the services;
    3. Processing necessary to maintain and improve the Services.

  • Bellinetti’s compliance with instructions
    As from the Effective Date Bellinetti shall comply with the described instructions above including with regard to data transfers, unless the applicable legislation to which Bellinetti is subject requires other processing of Customer Data by Bellinetti, in which case Bellinetti shall inform the customer (unless that law prohibits Bellinetti from doing so on important grounds of public interest). Customer Data may be accessed and processed by Bellinetti and Sub-processors to fulfil the obligations under this DPA, the respective Agreement or applicable legislation.

2.7 Rights of the Data Subjects

  • Access, Rectification, Restricted Processing, Portability
    During the applicable Term, BiteGround shall, in a manner consistent with the functionality of the services, enable customer to access, rectify and restrict processing of Customer Data, including via deletion of all or some of the Customer Data under its account or deletion of the whole account as described in Section 2.8. (Return and Deletion of customer data), and via export of Customer Data.

  • Data Subject Requests
    1. Customer’s Responsibility for Requests
      If during the applicable Term, Bellinetti receives a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, objection to the Processing, or its right not to be subject to an automated individual decision making (“Data Subject Request”), Bellinetti shall advise the Data Subject to submit its request to the customer, and the customer shall be responsible for responding to any such request including, where necessary, by using the functionality of the services. Bellinetti shall, to the extent legally permitted, take commercially reasonable steps to notify the Customer about such requests.

    2. Bellinetti Data Subject Request Assistance
      Taking into account the nature of the processing, customer agrees that Bellinetti shall provide appropriate technical and organisational assistance, insofar as this is possible, for the fulfillment of customer’s obligation to respond to requests by Data Subjects, including if applicable customer’s obligation to respond to requests for exercising the Data Subject’s rights laid down in the applicable Data Protection Regulations, by:
      • Providing documentation resources in the form of tutorials and knowledge base articles, functionality and/or controls in the control panel that customer may elect to use to properly configure the Services and use the Services in a secure manner.
      • Providing features, functionalities and/or controls in the control panel that customer may elect to use to retrieve, correct or delete the Customer Data from the Services.
      • Complying with the commitments set out in this DPA.
      • To the extent customer, in its use of the services, does not have the ability to address a Data Subject Request, Bellinetti shall upon customer’s request provide commercially reasonable efforts to assist customer in responding to such Data Subject Request, to the extent Bellinetti is legally obliged to do so and the response to such Data Subject Request is required under the applicable Data Protection Regulations. To the extent legally permitted, customer shall be responsible for any costs arising from Bellinetti’s provisioning of such assistance.

    2.8 Return and Deletion of Customer Data
    Bellinetti shall enable the customer to delete Customer Data during the applicable Term in a manner consistent with the functionality of the used services and respective features. Retrieval or deletion of Customer Data by the customer shall constitute an instruction to Bellinetti to delete the respective Customer Data archived on backup systems in accordance with applicable law and within а maximum period of 60 calendar days. Deactivation of the services or expiry of the applicable Term shall constitute an instruction to Bellinetti to delete the Customer Data and the relevant Customer Data archived on backup systems within а maximum period of 60 calendar days. Nothing in this section varies or modifies any obligation of Bellinetti to retain some or all Customer Data as necessary to comply with the applicable legislation including with a valid and binding order (such as court order or other binding documents) of a law enforcement agency and/or any other competent authority/state body.

    2.9 Disclosure
    Bellinetti shall not disclose Customer Data to any government, law enforcement agencies and other authorities, except as necessary to comply with the applicable legislation or a valid and binding order (such as court order or other binding documents) of a law enforcement agency and/or any other competent authority/state body. Upon receipt of an order by the authorities of a third country, Bellinetti will act in accordance with clause 15 of the Standard Contractual Clauses. Bellinetti may also disclose Customer Data to third parties in the event that Bellinetti sells or buys any business or assets, in which case Bellinetti may disclose Customer Data to the prospective seller or buyer, or in case Bellinetti sells, buys, merges, is acquired by, or partners with other companies or businesses, or sells some or all of its assets.

    2.10 Bellinetti's Personel
    Bellinetti restricts its personnel from processing Customer Data without authorisation by Bellinetti. Access to Customer Data is limited to those personnel whose role and responsibilities are connected to the provision of Services. Bellinetti imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security. Bellinetti ensures that these confidentiality obligations survive the termination of the personnel engagement.

    2.11 Data Protection Officer
    In compliance with the applicable Data Protection Legislation Bellinetti has appointed a Data Protection Officer (DPO), who can be reached at dpo@bellinetti.com

3. Sub-processors

3.1 Consent to Sub-processor Engagement/Appointment of Sub-processors.
The Customer acknowledges and agrees that:

  • Bellinetti Partners may be retained as Sub-processors; and
  • Bellinetyi and Bellinetti Partners respectively may engage Sub-processors in connection with the provisioning of the services. Bellinetti has entered into a written agreement with each Sub-processor containing data protection obligations not less protective than those in this DPA with respect to the protection of Customer Data to the extent applicable to the nature of the services provided by such Sub-processors. If customer has entered into Standard Contractual Clauses or the International Data Transfer Agreement as described in section 5, the above authorizations shall constitute customer’s prior written consent to the subcontracting by Bellinetti of the processing of Customer Data if such consent is required under the Standard Contractual Clauses.

3.2 Information about Sub-processors

  1. Bellinetti may share information about you with Sub-processors who may be engaged with provisioning of services subject to your Agreement and who are based within and/or outside the EU, EEA or UK. These Sub-processors shall process the provided Customer Data under instructions of Bellinetti and in compliance with our Privacy Policy and this DPA.
  2. A list of Bellinetti’s Sub-processors can be disclosed upon request.

3.3 Requirements for Sub-processor engagement
When engaging any Sub-processor, Bellinetti shall:

  1. ensure via a written contract that:
    • the Sub-processor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it, and does so in accordance with this Data Processing Agreement and any Standard Contractual Clauses or International Data Transfer Agreement entered into or Alternative Transfer Solution adopted by Bellinetti as described in section 5; and
    • the data protection obligations set out in the applicable Data Protection Regulations, as described in this Data Processing Agreement, are imposed on the Sub-processor;
    and
  2. remain fully liable for all obligations subcontracted to it, and all acts and omissions of the Sub-processor.

3.4 Objection Right for Sub-processor(s)

  1. Customer may object to any Sub-processor by terminating the applicable Agreement immediately upon written notice to Bellinetti, on condition that customer provides such notice within 10 calendar days of being informed of the engagement of the respective Sub-processor. This termination right is customer’s sole and exclusive remedy if customer objects to any Sub-processor.
  2. Bellinetti shall refund customer any prepaid fees covering the remainder of the term of such order(s) following the effective date of termination with respect to such terminated services, without imposing a penalty for such termination on the customer.

4. Data Protection Impact Assessments and Consultations

Upon customer’s request, Bellinetti shall provide the customer with reasonable cooperation and assistance needed to fulfil the customer’s obligation under the applicable Data Protection Regulations to carry out a data protection impact assessment (DPIA) related to the customer’s use of services, to the extent the customer does not otherwise have access to the relevant information, and to the extent that such information is available to Bellinetti. Bellinetti shall provide reasonable assistance to the customer in the cooperation or prior consultation with the Supervisory Authority in the performance of its tasks relating to this DPA, to the extent required under the Data Protection Regulations.

5. Transfers Out of the EU, EEA and the UK

5.1 Data Centers
Bellinetti may processes Customer Data in Data Centers located inside and outside the European Union, EEA and the UK. Information about the Data Centers locations is available here. Bellinetti reserves the right to update it from time to time. The customer may specify the Data Center location where its hosting account content will be stored. The customer agrees that Bellinetti may change the locations of the Data Centers and move customer’s hosting account to another Data Center at its sole discretion. Bellinetti shall inform the customer at least 15 calendar days before moving customer’s hosting account at its sole discretion to a new Data Center either by sending an email to the Notification Email Address or via the Client Area. If the change of the Data Center results in storing the Customer Data located in the customer’s hosting account under a different jurisdiction, the customer may object to such change by terminating the Agreement immediately and upon written notice to Bellinetti, on condition that the customer provides such notice within 10 calendar days of being informed of the change of the Data Center. The customer can move its hosting account to another Data Center location at any time, provided that the functionality of the services allows it and in exchange of additional fees.

5.2 Processing Locations
To the extend the Customer Data is located in a Data Center outside the EU, European Economic Area or the UK, and to the extend Bellinetti provides the services and related technical and other support, the customer agrees that Bellinetti may, subject to section 5, transmit, access and process Customer Data in the EU, EEA, UK, Asia, Australia, and the United States and any other countries where Bellinetti and/or its partners and Sub-processors have Data Centers, facilities or maintain data processing operations. This type of international data transfer operations may occur upon provision of any of the services provided by Bellinetti, including Content Delivery Network (CDN) service. The geographical locations of the servers to which the above-mentioned data transfer may happen are listed on our website and are subject to changes at our sole discretion. If the storage and/or processing of Customer Data involves processing of Customer Data outside of the EEA and the EU GDPR applies, then this DPA, containing the Standard Contractual Clauses, will automatically apply as a contractual safeguard of the international data transfer. If the storage and/or processing of Customer Data involves processing of Customer Data outside of the UK, and the UK GDPR applies, then this DPA, containing the International Data Transfer Agreement, will automatically apply as a contractual safeguard of the international data transfer.

5.3 Transfer Mechanism
To the extent Bellinetti processes or transfers (directly or via onward transfer) Customer Data under this DPA from the European Union, the European Economic Area, UK to countries which do not ensure an adequate level of data protection within the meaning of applicable Data Protection Regulations of the foregoing territories, the parties agree that:

  1. The customer hereby authorises any transfer or access to Customer Data from and to such destinations outside the EU, European Economic Area and the UK;
  2. Bellinetti shall be deemed to provide appropriate and proportional technical and organisational data protection and cybersecurity risk mitigation measures, as well as to perform the appropriate risk assessments when transferring Customer Data outside of the EU, EEA and the UK;
  3. Bellinetti shall be deemed to provide appropriate safeguards to protect Customer Data by virtue of making available Standard Contractual Clauses and International Data Transfer Agreement as a transfer mechanism.
    • The Standard Contractual Clauses will apply to Customer Data that is transferred, when the Data Subject is in the EU or EEA;
    • The International Data Transfer Agreement will apply to Customer Data that is transferred, when the Data Subject is in the UK.

6. Processing records

The Customer acknowledges that Bellinetti is required under the applicable Data Protection Regulations to:

  1. collect and maintain records of certain information, including the name and contact details of each processor and/or controller on behalf of which Bellinetti is acting and, where applicable, of such processor’s or controller’s local representative and data protection officer; and
  2. make such information available to the Supervisory Authorities. When the GDPR applies to the processing of Customer Data, the customer shall, where requested, provide such information to Bellinetti via the Bellinetti website or other means provided by Bellinetti, and shall ensure that all provided information is kept accurate and up-to-date.

7. Security Responsibilities of Bellinetti

7.1 Security measures
Bellinetti shall implement and maintain technical and organisational measures to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access (the “Security Measures”). The "Security Measures" include measures to provide encrypted transmission of Customer Data outside the service environment; to help ensure ongoing confidentiality, integrity, availability and resilience of Bellinetti’s systems and services; to help restore timely access to Customer Data from an available backup copy, provided either by Bellinetti Backup Services or customer’s own backup copy following an incident; and for regular testing of effectiveness. Bellinetti may update or modify the "Security Measures" from time to time provided that such updates and modifications do not result in the degradation of the overall security of the services.

7.2 Customer’s Security Responsibilities and Assessment
The customer agrees that, without prejudice to Bellinetti’s obligations under section 7 (Security Responsibilities of Bellinetti) and other relevant sections in this DPA:

  1. The customer is solely responsible for its use of the services, including:
    • making appropriate use of the services to ensure a level of security suitable to the risk in respect of the Customer Data and the content of its hosting account;
    • securing the account authentication credentials, systems, and devices the customer uses to access the services;
    • ensuring that all programs, scripts, addons, plugins and other software installed on its hosting account are secure, properly configured and regularly maintained, and their use does not impose any security risk in respect to the Customer Data and the account itself;
  2. Bellinetti has no obligation to protect Customer Data which the customer stores or transfers outside of Bellinetti’s and its Sub - processors’ systems (for example, offline or on-premise storage), or to provide additional paid security services except to the extent that Bellinetti offers and respectively the customer orders and pays such services.
  3. The customer is solely responsible for reviewing the documentation and evaluating whether the services, the Security Measures, Bellinetti’s commitments under this section and the following meet the customer’s needs, including any security obligations of the customer under the applicable Data Protection Regulations.
  4. The customer acknowledges and agrees that (taking into account the costs of implementation and the nature, scope, context and purpose of processing of customer data as well as the risks to individuals) the Security Measures implemented and maintained by Bellinetti as set out in Section 7.1 provide the needed level of security appropriate to the risk in respect to the Customer Data.
  5. It is the customer's responsibility to backup Customer Data and all data and content stored within its hosting account in order to prevent potential data loss. Bellinetti Backup Services are provided "as-is" and are subject to all limitations of liability set out in the applicable Agreement. In the event of partial or full data loss or corruption and in case that the customer is not satisfied with the outcome of the restore by the Bellinetti Backup Services or Bellinetti’s backup copy is not recent or suitable for restore, it shall be the customer's obligation to restore any and all data and content stored within its hosting account from customer's own backup.

8. Review and Audits of compliance

Under the applicable Data Protection Regulations:

  1. The customer has the right to verify Bellinetti's compliance with its obligations under this DPA, by conducting a review of documentation or an audit, conducted by the customer or an independent auditor appointed by the customer, by making a specific request to Bellinetti in a written form to the address set in the respective Terms of Service.
  2. Bellinetti shall further provide written responses to all reasonable requests by the customer and may charge a fee for any review or audit. Bellinetti will provide details of any applicable fee in advance of any such audit and the customer will be responsible for any fees charged by any auditor and any fees associated with executing an audit. The reports of any such audit will be made available to Bellinetti without restrictions of the purposes for its further usage by Bellinetti.
  3. Bellinetti may object and decline in writing to the customer or an auditor appointed by the customer to conduct any audit if the customer or the auditor is, in Bellinetti’s reasonable opinion, not suitably qualified or independent, a competitor of Bellinetti, or otherwise manifestly unsuitable.
  4. If Bellinetti declines to follow any instruction requested by the customer or an auditor regarding a properly requested and scoped audit or review, the customer is entitled to terminate this DPA and the Agreement.
  5. Nothing in this Section 8 (Review and Audits of compliance) varies or modifies any rights or obligations of customer or Bellinetti under the Standard Contractual Clauses entered into as described in Section 5.

9. Security Breach Notification

9.1 Bellinetti maintains security incident management policies and procedures and shall notify the customer without undue delay after becoming aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data, including Customer Data transmitted, stored or otherwise processed by Bellinetti or its Sub-processors of which Bellinetti becomes aware and which affects the rights and freedoms of any Data Subjects (“Customer Data Incident”). Bellinetti shall make reasonable efforts to identify the cause of such Customer Data Incident and take the steps as Bellinetti deems necessary and reasonable in order to remediate the cause of such a Customer Data Incident to the extent the remediation is within Bellinetti’s reasonable control. The obligations herein shall not apply to incidents that are caused by the customer, customer’s usage of the services, customer’s actions or activities or customer’s users.

9.2 Notifications made pursuant to this section shall describe, to the extent possible, details of the Customer Data Incident, including steps taken to mitigate the potential risks and steps Bellinetti recommends the customer to undertake in order to address the Customer Data Incident.

9.3 Notification(s) of any Customer Data Incident(s) shall be delivered to the Notification Email Address. The customer is solely responsible for ensuring that the Notification Email Address and its contact information specified in ‘Owner Profile Details’ section of its Client Area is correct and valid.

9.4 Bellinetti shall not assess the content of the Customer Data in order to identify information subject to any specific legal requirements. Customer is solely responsible for complying with incident notification laws applicable to the customer and for fulfilling any third party notification obligations related to any Customer Data Incident(s).

9.5 Bellinetti’s notification of or response to a Customer Data Incident under this Section 9 shall not be construed as an acknowledgement by Bellinetti of any fault or liability with respect to the Customer Data Incident.

10. Liability and indemnity

10.1 The customer shall indemnify and keep indemnified Bellinetti with respect to all data protection breaches and losses suffered or incurred by, arising from or in connection with:

  1. any non-compliance by the customer with data protection laws and regulations;
  2. any breach by the customer of its data protection and other obligations under this DPA and the Agreement;

10.2 Bellinetti shall be liable for data protection breaches and losses caused by processing of Customer Data only to the extent directly resulting from Bellinetti’s failure to comply with its obligations as Data Processor under Data Protections Laws and Regulations. Bellinetti’s liability under the DPA will be subject to the exclusions and limitations of liability set out in the Agreement.

11. Termination

This DPA will take effect from the Effective Date until the end of Bellinetti's provisioning of the services under the applicable Agreement, including, if applicable, any period during which the services may have been suspended and any post-termination period (namely maximum 60 calendar days) during which Bellinetti may continue processing Customer Data for transitional purposes (“Term”). Nothing in this Section 11 varies or modifies any obligation of Bellinetti to retain some or all Customer Data as necessary to comply with the applicable legislation or with a valid and binding order (such as a subpoena or a court order) of a law enforcement agency and/or any other competent authority/state body. The DPA will automatically be terminated upon termination of the Agreement and deletion of all Customer Data by Bellinetti.

12. Legal Effect. Amendments

12.1 To the extent of any conflict or inconsistency between the terms of this DPA and the ones of the applicable Agreement related to the Processing of Customer Data, the terms of this DPA shall prevail. For clarity, if the customer has entered more than one Agreement, this DPA shall amend each of the Agreements separately.

12.2 Bellinetti may modify the terms of this DPA at any time. If we make material changes to this DPA, we will notify you here, by email, or by means of a notice via our website or via your Client Area, at least ten (10) calendar days before the changes take effect. Non-material changes of this DPA shall have immediate effect.