Verwerkersovereenkomst
Hoe wij uw gegevens verwerken als infrastructuurprovider.
Laatste update: 2026-03-14
This Data Processing Agreement ("DPA") forms part of the Terms of Servicebetween VIRTUA SYSTEMS ("Virtua.Cloud", "we", "us", "our")and the Customer ("you", "your") and governs the processing of personaldata by Virtua.Cloud on behalf of the Customer in accordance with theGeneral Data Protection Regulation (EU) 2016/679 ("GDPR").
By using our services, you agree to the terms of this DPA. This agreement supplements our Privacy Policy and Terms of Service.
1. Definitions
- Personal Data: Any information relating to anidentified or identifiable natural person, as defined in Article 4(1)of the GDPR.
- Processing: Any operation performed on personal data,as defined in Article 4(2) of the GDPR.
- Controller: The natural or legal person whichdetermines the purposes and means of the processing of personal data.In this DPA, the Customer acts as the Controller.
- Processor: The natural or legal person which processespersonal data on behalf of the Controller. In this DPA, Virtua.Cloudacts as the Processor.
- Sub-processor: A third party engaged by the Processorto process personal data on behalf of the Controller.
- Data Subject: An identified or identifiable naturalperson whose personal data is processed.
- Supervisory Authority: An independent public authorityresponsible for monitoring the application of the GDPR.
2. Scope and Roles
Virtua.Cloud provides Infrastructure as a Service (IaaS) hosting. Ourcustomers receive full administrative access to their virtual privateservers and are solely responsible for the data they store and process onthat infrastructure.
Virtua.Cloud does not access, monitor, or process data stored on customerservers. We act as a data processor only for customer account datanecessary to deliver our services (such as contact information, billingdetails, and support communications).
For any personal data that customers choose to store or process on theirVirtua.Cloud servers, the customer is the data controller and bears fullresponsibility for compliance with applicable data protection laws.
3. Processing Details
| Element | Description |
|---|---|
| Nature of processing | IaaS hosting, account management, billing, customer support |
| Categories of personal data | Customer contact information (name, email, phone), billing data(address, payment references), support ticket content, server accesslogs |
| Categories of data subjects | Customer employees and authorized contacts |
| Purpose of processing | Service delivery and contract fulfillment |
| Duration | For the duration of the service agreement, plus applicableretention periods as described in our Privacy Policy |
4. Obligations of Virtua.Cloud
As a data processor, Virtua.Cloud shall:
- Process personal data only on documented instructions from theCustomer, unless required by law.
- Ensure that persons authorized to process personal data are bound byconfidentiality obligations.
- Implement appropriate technical and organizational measures to ensurea level of security appropriate to the risk, including:
- Physical security of owned and leased rack space with controlledaccess
- Network security including DDoS protection and firewalls
- Encryption of data in transit
- Strict access controls and authentication
- Self-hosted monitoring and alerting systems
- Assist the Customer in responding to requests from data subjectsexercising their rights under Chapter III of the GDPR.
- Assist the Customer in ensuring compliance with obligations relatingto security, breach notification, and data protection impactassessments.
- At the choice of the Customer, delete or return all personal dataupon termination of the service agreement.
- Make available to the Customer all information necessary todemonstrate compliance with this DPA.
5. Obligations of the Customer
As a data controller, the Customer shall:
- Ensure that a valid lawful basis exists for all processing of personaldata.
- Comply with all applicable data protection laws and regulations.
- Be solely responsible for any personal data stored or processed ontheir Virtua.Cloud servers.
- Provide processing instructions that are consistent with applicablelaw.
6. Sub-processors
Virtua.Cloud uses the following sub-processors. All other services(monitoring, ticketing, email) are operated entirely in-house on our owninfrastructure.
| Sub-processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Stripe | Payment processing | Billing data, card details | EU / US |
| PayPal | Payment processing | Billing data, email address | EU / US |
| Mollie | Payment processing | Billing data | EU |
We will notify you of any intended changes to sub-processors, giving youthe opportunity to object within 30 days. If you object and we cannotreasonably accommodate your objection, either party may terminate theaffected services.
7. Data Breach Notification
In the event of a personal data breach affecting data processed on behalfof the Customer, Virtua.Cloud will notify the Customer without unduedelay, and in any event within 72 hours of becoming aware of the breach.The notification will include:
- The nature of the personal data breach
- The categories and approximate number of data subjects and recordsconcerned
- The likely consequences of the breach
- The measures taken or proposed to address the breach
Virtua.Cloud will cooperate with the Customer to fulfill the Customer'sown notification obligations under Articles 33 and 34 of the GDPR.
8. Data Location
All customer account data (contact information, billing, support tickets)is stored exclusively in our European Union datacenters. There are nointernational transfers of customer personal data.
Customers may choose to deploy servers in any of our available locations,including locations outside the EU. The choice of server location and anyresulting data transfers are the sole responsibility of the Customer asdata controller.
9. Data Retention and Deletion
Virtua.Cloud retains customer account data in accordance with the retention schedule described in our Privacy Policy.
Upon termination of the service agreement, customer account data will bedeleted in accordance with the retention periods set out in the PrivacyPolicy. Customers are responsible for retrieving or deleting any datastored on their servers prior to termination.
10. Audit Rights
The Customer may audit Virtua.Cloud's compliance with this DPA, subjectto the following conditions:
- The Customer must provide at least 30 days' advance writtennotice.
- Audits shall be conducted during normal business hours.
- No more than one audit per calendar year, unless required by asupervisory authority.
- The Customer shall bear the costs of the audit, unless the auditreveals a material breach of this DPA by Virtua.Cloud.
11. Governing Law
This DPA shall be governed by and construed in accordance with the lawsof France. Any disputes arising from or in connection with this DPA shallbe submitted to the exclusive jurisdiction of the courts of Paris,France.
12. Contact
For questions about this Data Processing Agreement or to exercise your rights, please contact us: