Last Updated: 3 December 2025
This Data Processing Agreement (“DPA”) forms part of the agreement (“Main Agreement”) between Astronova Host (“Astronova”, “Processor”, “we”, “our”, or “us”) and the customer identified in the Main Agreement (“Customer”, “Controller”, “you”, or “your”) (together, the “Parties”).
1. Subject Matter and Duration
This DPA governs Astronova’s processing of personal data on behalf of Customer in connection with the provision of the Services under the Main Agreement. Processing will continue for the duration of the Main Agreement, unless otherwise required by law.
2. Roles of the Parties
Customer acts as the controller (or equivalent term under applicable data protection law) and determines the purposes and means of processing personal data. Astronova acts as the processor, processing personal data on behalf of Customer and in accordance with documented instructions.
3. Categories of Data and Data Subjects
The types of personal data and categories of data subjects processed depend on how Customer uses the Services. Typical examples include:
- Customer account and contact data (e.g., names, email addresses, billing details).
- End-user data stored in applications hosted on Astronova’s infrastructure.
- Log and usage data associated with end-users or systems.
4. Instructions
Astronova will process personal data only:
- On documented instructions from Customer, including as set out in the Main Agreement and this DPA.
- To provide, maintain, secure, and improve the Services.
- To comply with applicable law or a binding order from a competent authority (in which case Astronova will, where lawful, inform Customer of the requirement).
5. Confidentiality
Astronova ensures that personnel authorized to process personal data are subject to appropriate confidentiality obligations and receive training on data protection and security where relevant to their role.
6. Security Measures
Astronova will implement and maintain appropriate technical and organizational measures (“TOMs”) designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures may include:
- Access control and authentication.
- Encryption in transit and, where applicable, at rest.
- Network security, including firewalls and segmentation.
- Backup and recovery processes.
- Logging, monitoring, and incident response procedures.
7. Subprocessors
Customer authorizes Astronova to engage subprocessors to support the provision of the Services, including data center providers, payment processors, and support tools. Astronova will:
- Impose data protection obligations on subprocessors that are no less protective than those in this DPA.
- Remain responsible for the performance of its subprocessors.
Upon request, Astronova will make available a list of current subprocessors. Customer may subscribe to notifications of material changes where such functionality is offered.
8. International Transfers
Where personal data is transferred across borders, Astronova will implement appropriate safeguards required by applicable data protection laws, which may include standard contractual clauses or other lawful transfer mechanisms.
9. Data Subject Rights
Taking into account the nature of the processing, Astronova will provide reasonable assistance to Customer in responding to requests from data subjects to exercise their rights (such as access, correction, or deletion), to the extent Customer cannot fulfil such requests independently using the Services.
10. Assistance with Compliance
Astronova will provide reasonable assistance to Customer in ensuring compliance with obligations regarding security of processing, data protection impact assessments, and prior consultations with supervisory authorities, in each case as required by applicable law and considering the nature of processing and information available to Astronova.
11. Security Incidents
In the event of a personal data breach affecting personal data processed by Astronova on behalf of Customer, Astronova will notify Customer without undue delay after becoming aware of the breach. The notification will include information reasonably available to Astronova to help Customer meet its legal obligations.
12. Data Return and Deletion
Upon termination or expiry of the Main Agreement, Astronova will, at Customer’s choice and subject to technical feasibility, either delete or return personal data processed on behalf of Customer, unless retention is required by law. Aggregated or anonymized data that no longer relates to an identified or identifiable individual may be retained.
13. Audits and Information
Upon Customer’s reasonable request, Astronova will make available information necessary to demonstrate compliance with this DPA and applicable data protection laws. Astronova may satisfy audit requests by providing current security documentation, certifications, or independent audit reports (e.g., SOC or ISO reports), where available.
14. Liability
The Parties’ liability under this DPA is subject to the limitations and exclusions set out in the Main Agreement, unless otherwise required by applicable law.
15. Precedence
If there is any conflict between this DPA and the Main Agreement, this DPA will control with respect to the subject matter of data protection and processing, unless expressly stated otherwise.
16. No Legal Advice
This DPA is provided as a template and may need to be adapted based on Customer’s regulatory requirements. It does not constitute legal advice.