Data Processing Agreement
Terms for processing personal data on behalf of our business customers in compliance with GDPR and other data protection regulations.
1. Introduction
This Data Processing Agreement ("DPA") forms part of the agreement between Genie9 Ltd. ("Processor") and the customer ("Controller") for the provision of Genie9 services.
This DPA reflects the parties' agreement on the processing of personal data in accordance with the requirements of applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 ("GDPR").
This DPA automatically applies to all business customers processing personal data through Genie9 services.
2. Definitions
"Personal Data"
Any information relating to an identified or identifiable natural person as defined in applicable data protection laws.
"Processing"
Any operation performed on personal data, including collection, storage, use, disclosure, and deletion.
"Controller"
The entity that determines the purposes and means of processing personal data (the Customer).
"Processor"
The entity that processes personal data on behalf of the Controller (Genie9).
3. Details of Processing
Subject Matter
Provision of cloud backup, data storage, and related services as described in the service agreement.
Duration
Processing continues for the duration of the service agreement and as required for data deletion thereafter.
Nature & Purpose
Backup, storage, synchronization, and recovery of data to provide data protection services.
Categories of Data
Any personal data included in files and data backed up by the Controller.
4. Processor Obligations
Genie9 as Processor shall:
Process personal data only on documented instructions from the Controller, unless required by law.
Ensure persons authorized to process personal data are subject to confidentiality obligations.
Implement appropriate technical and organizational measures to ensure security of personal data.
Assist the Controller in responding to data subject rights requests.
Delete or return all personal data at the end of services, as chosen by Controller.
5. Security of Processing
Genie9 implements comprehensive security measures including:
Technical Measures
- • Encryption of data at rest and in transit
- • Access controls and authentication
- • Regular security testing
- • Backup and recovery procedures
Organizational Measures
- • Staff training and awareness
- • Confidentiality agreements
- • Incident response procedures
- • Regular compliance audits
6. Sub-processors
The Controller authorizes Genie9 to engage sub-processors to assist in providing the services:
Current Sub-processors:
Amazon Web Services
Cloud infrastructure and storage services
Stripe
Payment processing services
Genie9 will notify Controllers of any intended changes concerning sub-processors, giving opportunity to object.
7. International Transfers
Any transfer of personal data outside the EEA will be subject to appropriate safeguards:
- Standard Contractual Clauses (Module 2: Controller to Processor)
- Adequacy decisions where applicable
- Additional technical measures as appropriate
8. Data Breach Notification
In the event of a personal data breach, Genie9 will:
- 1.Notify the Controller without undue delay upon becoming aware of the breach
- 2.Provide all relevant information about the breach
- 3.Cooperate with the Controller to mitigate effects
- 4.Document all breaches and actions taken
9. Audit Rights
The Controller has the right to verify Genie9's compliance with this DPA through:
- Review of Genie9's security certifications and audit reports
- Questionnaires and information requests (reasonable notice required)
- On-site audits (with 30 days notice and at Controller's expense)
10. Contact Information
For questions about this DPA or to exercise audit rights:
Privacy Team
Email: privacy@genie9.com
For DPA and privacy inquiries
Legal Department
Email: legal@genie9.com
For contractual matters
This DPA supplements the Genie9 Terms of Service