Privacy Policy - RabbitLoader

RabbitLoader belongs to Yogi Network, hereinafter referred to as the "Company" or "we". The Company respects your privacy rights and recognizes the importance of protecting the Personal Data (as defined below) provided by you.

This Privacy Policy describes how the Company processes the Personal Data you provide to us through the Company's website and it also describes your rights pursuant to the data protection regulations, including the choices available regarding the Company's use of Personal Data or the actions you can take to access this information and request the correction or deletion of such personal information.

The data controller for the processing of personal data through the website RabbitLoader.com (the "Website") is Yogi Network and can be contacted at:

Address: 418 Jawpur Road, Dum Dum, Kolkata, West Bengal, INDIA 700074
E-mail: support@rabbitloader.com

1. GENERAL INFORMATION

ACKNOWLEDGMENT: By using the Website, you acknowledge that you have read this Privacy Policy and that you understand the practices described herein with respect to the Company's processing of your Personal Data. Also, when creating an account on the Website, you expressly declare that you acknowledged the provisions of this Privacy Policy. This is the Company's entire and exclusive Privacy Policy of RabbitLoader and it supersedes any earlier version.

Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC - the GDPR - is the European law that regulates the data protection processing operations performed through the Website.

Terms used in this document:

"User/you" - the individual or entity who registered on the Website and thus owns a RabbitLoader account.
"Visitor" - the individual or entity who visits the Website without creating an account.
"Customers" - Users that purchased paid plans or installed the product.
"Third Parties" - are other companies and the services they provide us.
"Data Subject" - any identified or identifiable, directly or indirectly, natural person. The Users and Visitors defined above may act as data subjects should they be an identified or identifiable natural person.
"Processor" - the entity acting under the authority and instructions of the controller. For example, the Company acts as a processor for our Customers defined supra.
"Personal Data" - all information which relates to an identified or identifiable natural person. This includes, e.g., items like the name, postal address, e-mail address or telephone number, but also usage data like your IP address.
"Processing" - every process carried out with or without automated assistance or every sequence of such processes in connection with personal data, e.g. obtaining, capturing, organizing, ordering, saving, adjusting or modifying, sorting, accessing, using, disclosing by transmission, distributing or any other form of making available, comparing or connecting, limiting, deleting or destroying.

We Process all personal data in accordance with GDPR principles, as follows:

"Lawfulness, fairness and transparency": the personal data is Processed fairly in relation to the data subject, based on a legal basis provided by GDPR at art. 6, and the data subject is informed on the Processing as requested by art. 13 and art. 14 GDPR.
"Purpose limitation": the purpose for which we Process the personal data is specific, explicit, and legitimate. We do not collect and use data for other purposes than the ones we informed the data subject about.
"Data minimization": we Process the minimum amount of personal data we need; the personal data we collect are adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed.
"Accuracy": the personal data Processed is accurate and where necessary kept up to date. We do not retain old and outdated data in our system.
"Storage limitation": we established and documented the necessary retention period for the personal data we collect and Process for specific objectives. After the retention period is met, the personal data shall be deleted, destroyed, or anonymized.
"Integrity and confidentiality": we handle personal data in a manner ensuring appropriate security, which include protection against unlawful Processing or accidental loss, destruction or damage.
"Accountability": as data controller, we are responsible for proving compliance with the principles of the GDPR mentioned above.

CALIFORNIA-RESIDENT SPECIFIC RIGHTS

If you are located in California, and/or (as applicable) to the extent you are a "consumer" as defined under the California Consumer Privacy Act as amended (CCPA) and RabbitLoader is a "business" as defined under CCPA, following would be applicable for you. Subject to the provisions of the CCPA, you have the right to request in the manner provided herein:

Right to request for information about the:
1. Categories of Personal Data RabbitLoader has collected about you.
2. Specific pieces of Personal Data RabbitLoader has collected about you.
3. Categories of sources from which the Personal Data is collected.
4. Business or commercial purpose for collecting Personal Data.
5. Categories of third parties with whom the business shares Personal Data.
Right to request for deletion of any Personal Data collected about you by us:
1. Data added by you, such as domains you have added under your account can be deleted whenever you like.
2. If you wish to remove your personally identifiable information stored with us, you can do it yourself either by visiting the profile page under My Account or by sending an email to us at support@rabbitloader.com.
3. A details instructions is available here to follow if you wish to delete your data stored with us - https://rabbitloader.com/kb/deleting-profile-and-data/
Right to correct inaccurate personal information that we have about you: To access your account login to the portal. If you would like to update your Personal Data which constitutes "personal information" as defined in CCPA, please go to Dashboard => Profile and update your information and save it.

For any other questions please email to support@rabbitloader.com

We respond to all such requests within a reasonable timeframe in accordance with applicable data protection laws. Also by writing to us, you agree to receive communication from us, which may include, seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Data and any other information as reasonably required to enable us to honor your request.

The type of data and information we collect and use about you are explained in the following sections.

2. WHAT PERSONAL DATA WE COLLECT, HOW WE COLLECT IT AND WHAT WE DO WITH THE COLLECTED PERSONAL DATA

2.1. Creating your account

When the Visitors of our Website sign-up for a RabbitLoader account, we collect their email, their IP address.

The legal ground for this Processing is the performance of a contract, in accordance with Art. 6 (1) b GDPR.

2.2. Running the Services

We Process the Personal Data for taking the necessary actions to offer our Customers the Company's products (e.g. for the proper running of our Web services and of our performance optimization service, to connect our servers to our users/customers servers, where the users website needing optimization are hosted, for maintenance and for building appropriate tools for our clients, etc.), pursuant to Art. 6 (1) b GDPR, for the performance of a contract and Art. 6 (1) f GDPR, on the basis of our legitimate interest.

From the Users of our WordPress plugins and from those who use our API tools, we process the following Personal Data: name and surname, identification data, email, processed images and CDN traffic data, CSS, JS, HTML codes, plugins, themes & tools being used by the website.

From the Customers of web-optimization service, we process the following Personal Data: name and surname, identification data, email, domain name.

We also process data regarding the browser, IP address, timestamp, IP location and also operating system when you access RabbitLoader or any web site that is owned by RabbitLoader.

All the information that is so collected is used for secure logging & website data analytics and preventing fraud.

2.3. Customer Support

The Personal Data is also processed for offering support to Customers, at their request, pursuant to Art. 6 (1) (b) GDPR for the performance of a contract and to Art. 6 (1) (f) GDPR, on the basis of our legitimate interest. In order to help our Customers, we need to use their Personal Data for user identification, for debugging reasons and in order to communicate with the Customers that need assistance. For this purpose, we use a helpdesk & live chat software for helping the Users of our RabbitLoader services. This feature is made by a Third Party service provider we use for customer support. Through this feature we gather the following Personal Data: name, e-mail address, other information provided by clients during the support operations.

The Personal Data Processed for the above scopes consists of: name, e-mail address, domain name and other information provided by the Customer.

2.4. Marketing information

We send emails to inform our Users about new features, service changes, and interruptions of our service, possible errors or bugs. These messages are an important part of our communication with our Users.

The Company may, but is not obliged, to send you strictly service-related announcements on rare occasions, when it is necessary to do so. For example, if our service is temporarily suspended for maintenance, we might send you an e-mail.

The legal basis for this Processing is the performance of the contract (consisting of the Website and Services Terms & Conditions) according to Art. 6 (1) (b) GDPR and our legitimate interest to organize the requests (Art. 6 (1) (f) GDPR).

Generally, you may not opt-out of these communications since they are not promotional in nature. If you do not wish to receive them, you may have the option to deactivate your account.

2.6. Blog management

We also Process Personal Data when we communicate with our blog readers and give them the opportunity to express certain points of view/ questions. In this regard, we are using the services of Third-party for hosting our blog.

For this scope, the following data may be Processed: name and surname (if available), profile picture (if available), comment content. The legal basis for this Processing lays in the performance of our Website's Terms and Conditions (Art. 6 (1) letter (b) GDPR), and in our legitimate interest to communicate, interact and receive feedback from you (Art. 6 (1) letter (f) GDPR).

2.7. Cookies

At the same time, we use both session ID cookies and persistent cookies as part of our Website's interaction with your browser. For more information on the use of cookies and when your prior consent is required, please refer to our Cookie Policy available here.

2.8. Accounting records

For keeping our accounting records and complying with accountability and fiscal legislation, we collect your name, address, purchased services and payment data. The legal basis for this Processing is the performance of the contract (consisting of the Website and Services Terms & Conditions) according to Art. 6 (1) (b) GDPR and our legitimate interest to organize our accounting records (Art. 6 (1) (f) GDPR).

2.9. No sell or share

We will never sell your data and share your data for marketing purposes or for any purpose.

2.10. Location

The data that we collect from you is stored in Singapore and USA and will be processed by staff operating inside India who work for us or for one of our suppliers. Our staff may be engaged in, among other things, the fulfillment of your order and the provision of support services. Your website data will be kept until it is no longer required for the purpose of its collection.

2.11. Data retention & deletion

We will keep your website data saved during using of RabbitLoader services for maximum 90 days after you have cancelled your account as a backup measure in case you want to come back. There are cases when we remove this data much faster if we do usual maintenance work to save disk space. Your account is created once you sign up for our services and add your domain on the Console page afterwards. However, we keep the name & email of the user on our email list until the user is unsubscribed from the list.

Data added by you, such as domains you have added under your account can be deleted whenever you like. If you wish to remove your personally identifiable information stored with us, you can do it yourself either by visiting the profile page under My Account or by sending an email to us at support@rabbitloader.com. A details instructions is available here to follow if you wish to delete your data stored with us - https://rabbitloader.com/kb/deleting-profile-and-data/

Please note that when we receive such request either upon your action, or via other channels such as support email, your personally identifiable information is either deleted or anonymized. If not deleted, data is anonymized when necessary for legitimate business or legal purposes, such as security, fraud and abuse prevention, or financial record-keeping.

3. DATA RECIPIENTS AND DATA TRANSFERS

3.1. Data recipients

Services providers: We may employ third party companies and individuals to perform service-related activities. These Third Parties may access your Personal Data only to perform these tasks on our behalf and are compelled not to disclose or use it for any other purpose.

Also, where these recipients qualify as data processors, they will be contractually bound to respect the same obligations in what regards the protection of Personal Data as that incumbent to us and shall implement adequate technical and organizational measures for the protection of Personal Data, at least at the same level as those implemented by the data controller.

Third parties: Your Personal Data may be provided to governmental and regulatory agencies (e.g. tax authorities), courts or other governmental authorities, in accordance with the provisions of the applicable legislation and in line with art. 6 (1) (c) GDPR, as well as to external consultants acting as data controllers (e.g. lawyers, accountants, auditors, etc.), based on art. 6 (1) (f) GDPR.

3.2. Data transfers

We may transfer your Personal Data abroad, both to countries located within the EU/EEA and to countries outside EU/EEA.

For some of these countries located outside EU/EEA, the transfer of data is recognized by the European Commission as ensuring an adequate level of protection for the Personal Data, in accordance with art. 45 GDPR.

In what regards the recipients located in other countries, by executing Data Transfer Agreements based on Model Contractual Clauses (Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries), in accordance with art. 46 (5) GDPR or by using other adequate means for the transfer of Personal Data, we ensured that all such recipients offer an adequate level of protection for the Personal Data and that adequate technical and organizational measures have been implemented for the protection of Personal Data against unlawful destruction, loss, alteration or unauthorized disclosure.

4. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

The Personal Data provided by you to us is only stored for as long as it is required to perform the respective purpose for which you have transmitted your data, or inasmuch as it is required for conformity with statutory or official requirements.

Your Personal Data for taking the necessary actions to offer Customers the Company's products are kept by us for additional 3 years as of the termination of our contractual relation.

As regards your website data saved during using of RabbitLoader services, we will keep this data for maximum 90 days after you have cancelled your account as a backup measure in case you want to come back. There are cases when we remove this data much faster if we do usual maintenance work to save disk space.

We also keep your Personal Data for the duration of our contractual relation for providing you support services and for the purpose of offering you the possibility to formulate your requests to the Company or regarding the Company's products.

For commercial communications transmitted by electronic means, we keep your Personal Data until the moment of transmission of the communication or until you withdraw your consent, in case the request for transmission of commercial communications concerned recurrent communications.

We keep your Personal Data in relation to blogging activities during the existence of the blog or until the deletion of the comment by you.

For the use of cookies for which your prior consent is required, please refer to the Cookie Policy mentioned above in the document.

5. LINKS TO OTHER WEBSITES

The Company's website uses interfaces with social media websites such as Facebook, LinkedIn, Twitter and others. If you choose to "like" or share information from the Website through these services, you should review the privacy policy of that service. If you are a member of a social media website, the interfaces may allow the social media website to connect your site visit to your Personal Data.

We are not responsible for the collection, usage and disclosure policies and practices of other organizations, such as Facebook, Twitter, Google, or any other developer, provider, social media platform, operating system provider, wireless service provider, including any personal information you disclose to other organizations through or in connection with our social media functionalities, therefore we recommend you examine the privacy statements for all Third Party websites, to understand their procedures for collecting, using, and disclosing your Personal Data.

6. DATA SECURITY

We have taken appropriate technical and organizational measures to guarantee data security, in particular to protect your Personal Data against access by Third parties, as well as accidental or intentional modification, loss or destruction.

The Personal Data are kept in safe conditions in accessible electronic format, using the authentication systems of the internal domain, access rights for each User for the allocated resources and in printed format.

The Company protects the privacy and integrity of the information it collects by employing appropriate administrative protocols, technical safeguards, and physical security controls, designed to limit access, detect and prevent the unauthorized access, improper disclosure, alteration, or destruction of the information under its control. The Company transmits the information used by its external service providers for the specific outsourced operations listed above, across public and private networks via recognized encryption technologies, such as by using Secure Sockets Layer (SSL) software, which encrypts the information you input.

7. RIGHTS OF OUR USERS REGARDING THE PERSONAL DATA

Pursuant to the legal requirements established by GDPR, Data Subjects have specific legal rights relating to the personal data we collect from them, as follows:

Right to withdraw consent: Where you have given consent for the Processing of your Personal Data, you may withdraw your consent at any moment.
Right to rectification: You may obtain from us rectification of Personal Data concerning you. We make reasonable efforts to keep Personal Data in our possession or control which are used on an ongoing basis, accurate, complete, current, and relevant, based on the most recent information available to us.
Right to restriction: You may obtain from us restriction of Processing of your Personal Data, if you contest the accuracy of your Personal Data and the legal requirements for the exercising of this right are met.
Right to erasure: You have the right to request that we delete the Personal Data we Process about you. Please note that the deletion of Personal Data can lead to the termination of the service we provide due to technical reasons.

8. INTERNET FRAUD

The Company has a ZERO TOLERANCE policy for Internet fraud or any attempt to access or acquire Customer or other information on its Website via illegal or surreptitious means. The Company works with local, national, and international fraud investigation agencies and employs a variety of electronic and other means to discourage, detect, and intercept fraudulent activities.

9. CHILDREN'S PRIVACY

The Company's Website is not intended for or directed to persons under the age of 16. The Company does not buy or sell products or services from or to children. Any person who provides their information to the Company through the Company's Website attests that they are 18 years of age or older.

If we become aware that a child under the age of 18 has provided us with personally identifiable data, we will delete such information from our servers/databases.

10. CHANGES TO THIS PRIVACY STATEMENT

The Company will, from time-to-time, update this Privacy Policy and notify Users and Visitors of material changes to this statement.

Data subject's use of the Website after such changes have been made constitutes his agreement to such changes.

Last Updated: This document was last updated on Fri Dec 01 2023.

APPENDIX 1. - RabbitLoader DATA PROTECTION ADDENDUM

This Data Processing Addendum ("DPA") is concluded between you ("Customer") and RabbitLoader ("Company") and it regulates the data processing activities performed within your use of RabbitLoader Services. Unless otherwise defined in this DPA or in other applicable agreements (i.e. Terms & Conditions - the "Agreement"), all capitalized terms used in this DPA will have the meaning given to them in Section 2 of this DPA.

1. SCOPE

This DPA applies to the processing operations performed on Customer data for the provision of RabbitLoader Services, as detailed in Appendix 2 below. In this context, RabbitLoader will act as a data processor to Customer.

This DPA serves as an amendment to the Terms and Conditions - the Agreement.

2. DEFINITIONS

In this DPA the bolded terms which are not otherwise defined shall have the meaning described to them below:

"Services" means all the Services provided through RabbitLoader, as detailed at Section 4 of the Terms and Conditions;
"Personal Data" means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
"Processor" or "the Company" or "RabbitLoader" means the entity acting in the name of the Controller;
"Controller" or "the Customer" means the entity determining the purposes and means of the Personal Data processing;
"Processing" shall mean any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
"Subprocessor" or "Partner" or "Subcontractor" means a third party, partner of RabbitLoader, designated to provide the Services or part of the Services and / or processing of Customer's Personal Data;
"Purpose of Processing" means the reasons for which the Personal Data are being processed or the goal to be achieved through the Processing;
"Data Subjects" mean the natural persons using the Services and the Customers of any of the Customer's websites hosted through the Services provided by RabbitLoader.
"Data Protection Authority" or "DPA" means a supervisory authority controlling the processing of personal data because: (a) the Controller or Processor is established on the territory of the Member State of that supervisory authority; (b) data subjects residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the Processing; or (c) a complaint has been lodged with that supervisory authority;
"Data Protection Officer" or "DPO" means the person designated by the Controller or the Processor in compliance with Article 37 of the GDPR;
"Transfer of Personal Data" means any transfer of Personal Data from an entity to another entity. A transfer can be carried out via any communication, copy, transfer or disclosure of Personal Data through a network, including remote access to a database or transfer from one medium to another, whatever the type of medium (for instance from a computer hard disk to a server).
"GDPR" means Regulation (EU) 2016/679 dated April 27, 2016, as amended from time to time.

3. OBLIGATIONS OF THE PROCESSOR

3.1. General obligations

RabbitLoader shall:

comply with all obligations incumbent upon the data processors, as provided by the GDPR and the Relevant Data Protection Legislation;

comply with the documented Customer's instructions, in particular without limitation those instructions which are necessary to ensure the Customer is in compliance with the GDPR and the Relevant Data Protection Legislation;

process the Personal Data solely in order to perform its obligations under the T&C for provision of the Services, only pursuant to the terms and conditions of this Agreement and/or in accordance with the instructions of the Customer, except where RabbitLoader is required to have a specific conduct pursuant to GDPR or the Relevant Data Protection Legislation. In such a case, RabbitLoader shall inform the Customer of the relevant legal requirement before Processing unless the relevant law prohibits such notification on important grounds of public interest;

promptly inform the Customer i) of its inability to comply with the provisions of this DPA and/or ii) if, in its opinion, an instruction of the Customer infringes the GDPR or any other Relevant Data Protection Legislation; and

Any notification related to protection of Personal Data under this DPA shall be send to: support@rabbitloader.com

3.2. Security and Confidentiality Obligations

RabbitLoader shall preserve the security and confidentiality of the Personal Data and implement all adequate measures to ensure the level of security of the Customer's Personal Data are appropriate.

The Company undertakes to implement all reasonably necessary and appropriate technical and organizational measures using generally accepted technology to protect the Personal Data it processes under the T&C for providing the Services and this DPA against unauthorized or accidental access, alteration, transmission, disclosure, deletion or destruction.

RabbitLoader shall review and adapt such measures regularly to comply with the state of the art and applicable regulations, namely security measures necessary to ensure the conservation and integrity of the Personal Data processed during the performance of the Agreement (for instance to secure the access to computers, to install antivirus, to perform regular backups on removable media and to increase the employees and suppliers' awareness to security measures);

Without limiting the generality of the foregoing, the Company shall comply with the following obligations and shall ensure that its employees and/or its suppliers / Partners will also comply with them:

RabbitLoader shall process the Personal Data only in accordance with the Customer's instructions and to the extent such processing is necessary to carry out the Company's obligations in connection with the performance of the Services;

RabbitLoader will not use the Personal Data for any other purposes, nor will retain this data for any longer than required by the Customer;

RabbitLoader will use personnel who: (i) has a need to process the Personal Data in order to fulfill the Company's obligations in relation to the Services, (ii) has entered into confidentiality agreement; (iii) has received adequate training regarding the protection of Personal Data and (iv) has been informed of any special data protection requirements arising from this DPA and of the limitation of the use of the Personal Data for specific purposes as instructed;

The Personal Data shall not be disclosed to any third party, whether individual or legal person, public or private entity without prior approval of the Customer;

RabbitLoader shall not sell, assign, rent and more generally transfer the Personal Data for any reason without the prior written approval of the Customer;

RabbitLoader shall not make copies or duplicate of the Personal Data without the prior written consent of the Customer, unless such copies or duplicates are necessary for the fulfillment of its obligations in relation to the Services.

3.3. Personal Data Breach Notification

The Company shall notify the Customer of any Personal Data Breach without undue delay and in writing after it becomes aware of such Personal Data Breach. Such notification shall at least contain the following information:

the nature of the Personal Data Breach including where possible, the data categories and approximate number of Data Subjects concerned and the categories and approximate number of personal data records concerned;

the name and contact details of the contact point where additional information can be obtained;

a description of the likely consequences of the Personal Data Breach;

a description of the measures taken or proposed to be taken to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects.

Where, and in so far as, it is not possible to provide the relevant information at the same time, the information may be provided in phases as soon as possible.

The Company also undertakes to provide the Customer with reasonable assistance and co-operation to notify the Personal Data Breach to the competent Data Protection Authority and to communicate such Personal Data Breach to the Data Subjects, in compliance with Articles 33 and 34 of the GDPR and any Relevant Data Protection Legislation.

The Company shall design and implement procedures for managing and reporting such Personal Data Breach to the Controller.

3.4. Exercise of Data Subjects' rights

RabbitLoader shall provide the Controller, taking into account the nature of the Processing, with reasonable assistance and co-operation, to allow the Customer to respond (i) to requests presented by Data Subjects for exercising their rights, or (ii) to requests of the competent Data Protection Authorities in relation with the Processing of Personal Data. In particular, the Company shall implement appropriate technical and organizational measures in order to promptly satisfy, within 5 working days, any request for information from the Customer.

RabbitLoader may only grant access to, correct, delete, block, restrict the Processing of, or communicate to the Data Subject the Personal Data processed on behalf of the Customer in a structured, commonly used and machine-readable format, when instructed to do so by the Controller.

If a Data Subject would apply directly a request or a complaint to the Company, RabbitLoader shall forward this request or complaint to the Customer without undue delay, at the contact email provided by the Customer.

3.5. Subcontracting

RabbitLoader may disclose, assign, or otherwise communicate Personal Data to any subcontractor (whether located within the EU or outside the EU) when necessary for providing the Services for the Customer.

The Customer gives its consent for RabbitLoader to disclose, assign, or otherwise communicate Personal Data to its subcontractors.

The Company shall impose on its subcontractor by way of a contract or other legal act, the same legal requirements as the Company itself undertakes under the DPA, in particular the obligation to provide sufficient guarantees in relation with the Processing by implementing appropriate technical and organizational measures. Where the subcontractor fails to fulfil its data protection obligations, the Company shall remain fully liable towards the Controller for the performance of that subcontractor's obligations.

3.6. Data transfers

RabbitLoader may transfer Personal Data abroad, both to countries located within the EU/EEA and to countries outside EU/EEA.

In what regards the recipients located in other countries, by executing Data Transfer Agreements based on Model Contractual Clauses (Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries), in accordance with art. 46 (5) GDPR or by using other adequate means for the transfer of Personal Data, the Company ensures that all such recipients offer an adequate level of protection for the Personal Data and that adequate technical and organizational measures have been implemented for the protection of Personal Data against unlawful destruction, loss, alteration or unauthorized disclosure.

4. OBLIGATIONS OF THE CONTROLLER

The Customer undertakes to comply to its obligations as Controller under GDPR. The Customer shall ensure that the Data Subjects have consented to any disclosure of Personal Data to the Company. Also, the Customer shall provide on request all justification for each transmission of such Personal Data and its decisions regarding Processing of such Personal Data on its behalf.

5. AUDIT RIGHTS OF THE CONTROLLER

Under a prior written notice sent to the Company, the Customer may request to perform an audit of the technical and organizational measures implemented by the Customer in order to verify whether the Company complies with the provisions of this Agreement.

Any issues, errors or irregularities that are identified, and brought to the Company's attention, will be promptly remedied by the Company without delay. The Customer undertakes to comply with any confidentiality provisions, policies and/or rules the Company may notify to the Customer in the context of the audit. The Company will assist the Controller with any data protection audits or controls enforced by a Data Protection Authority or other competent public authority if these audits or controls concern data Processing within the scope of the DPA.

6. RETENTION, RETURN OR DELETION OF DATA

During the execution of the Agreement, the Company shall implement adequate technical and organizational measures to comply with data retention periods applicable to Customer's Personal Data processed under the Agreement where requested by the Customer.

7. LIABILITY AND INDEMNIFICATION

Pursuant to the provisions of Article 82 of the GDPR, Company shall indemnify the Customer from the claims asserted by Data Subjects, Data Protection Authority and third parties with respect to a breach of the Company's obligations under this DPA. The Company shall be exempt from liability under paragraph 1 if it proves that it is not in any way responsible for the event giving rise to the damage.

8. TERMINATION

This Agreement shall automatically terminate upon the termination of the Services. The Company shall continue to process the Personal Data for an additional period of 90 days after termination. During this period, the Company shall keep a copy of the Customer's data for security purposes as back up.

Processing of these data by the Company is considered to be compliant to Customer's instructions.

The Company shall erase all Personal Data processed on behalf of the Customer for providing RabbitLoader not later than 90 days following expiry or termination, subject however to any regulatory obligations concerning the retention of the Personal Data applicable to the Company. In such a case the Company shall inform the Customer about such obligations.

BY ADHERING TO THE PROVISIONS OF THE AGREEMENT, the terms of this DPA are also deemed accepted by the Controller and will regulate the data processing activities performed for the scope of the Agreement.

APPENDIX 2

Personal Data Processing activities

Purpose(s) of Processing

Provision of hosting/CDN for the benefit of the Customer.

Category/ies of Personal Data:

- Name and surname, e-mail address, domain name, IP, chat logs, support requests, server logs: connections, authentications, access, errors, timestamp, IP location and also operating system when you access RabbitLoader services or any web site that is owned by RabbitLoader, address, purchased services and payment data. - Data stored and processed by the Customer as: source code, WordPress database, site backups, and folders and files in server directories, CDN etc.

Category/ies of Data Subjects:

- Customers and users of the Customer services.

Provision of Performance optimization services for the benefit of the Customer.