This Data Processing Addendum (“DPA”) forms part of the Terms of Service between the customer (“Controller”) and EactiveNet, Inc. (“Processor,” operating Ratel). It applies where we process personal data on your behalf and is intended to support compliance with the GDPR, UK GDPR, and similar laws.

1. Scope & roles

You are the Controller of personal data contained in Customer Content; we are the Processor. We process such data only on your documented instructions (including via your configuration and use of the Service), except where law requires otherwise.

2. Processing details

• Subject matter: provision of the Ratel platform.
• Duration: the term of your subscription plus any retention period.
• Nature & purpose: hosting, compute, storage, email, and related processing you configure.
• Data subjects & categories: as determined by you; we do not control what you upload.

3. Processor obligations

• Process personal data only per your instructions and applicable law;
• Ensure personnel are bound by confidentiality;
• Implement appropriate technical and organizational security measures (encryption in transit, isolation, access controls, audit logging);
• Assist you, taking into account the nature of processing, with data-subject requests and with your obligations for security, breach notification, and impact assessments;
• Notify you without undue delay after becoming aware of a personal-data breach affecting your data.

4. Sub-processors

You authorize us to engage sub-processors to provide the Service. Current categories include: cloud/colocation infrastructure, payment processing (Stripe, Inc.), and transactional email relay. We impose data-protection terms on sub-processors no less protective than this DPA and remain responsible for their performance. We will give notice of new sub-processors and a reasonable opportunity to object on legitimate grounds.

5. International transfers

Where personal data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, the parties agree to the applicable Standard Contractual Clauses, which are incorporated by reference.

6. Return & deletion

On termination, we will delete or return personal data within a reasonable period, except where retention is required by law. You are responsible for exporting Customer Content before deletion.

7. Audits

On reasonable prior written request and subject to confidentiality, we will make available information necessary to demonstrate compliance with this DPA. Audits are limited to once per year unless required by a supervisory authority.

Questions about this document? Contact [email protected]. Ratel is operated by EactiveNet, Inc. See all Legal documents in the footer.