Data Processing Agreement

In the course of providing hosting services, we make available the infrastructure within which our business customers may store and otherwise process personal data relating to their own customers, users or end clients. To the extent that Apefo Ltd processes personal data on a customer’s behalf in connection with those services, the parties are required to enter into a Data Processing Agreement (“DPA”) in accordance with Article 28 of the General Data Protection Regulation (“GDPR”) and, where applicable, the UK GDPR.

What the Agreement Covers

Our standard DPA has been prepared for business customers in line with applicable EU and UK data protection requirements. It is designed to provide a clear contractual framework governing the processing of personal data and to ensure transparency, accountability and legal certainty in relation to our hosting services. The agreement includes, among other things, the following core provisions

• Subject Matter and Duration of Processing a description of the services supplied by us, the scope of the processing undertaken in connection with those services, and the period for which personal data may be processed or stored within our infrastructure.
• Nature and Purpose of Processing confirmation that we act only on the documented instructions of the customer, and only to the extent necessary to provide the contracted services and maintain the underlying hosting environment.
• Categories of Personal Data and Data Subjects a description of the categories of personal data that may be hosted or transmitted through our systems, together with the relevant categories of data subjects.
• Technical and Organisational Measures (TOMs) a detailed overview of the technical and organisational safeguards implemented by us to protect personal data against unauthorised or unlawful access, accidental loss, destruction, alteration or disclosure.
• Sub-processors information regarding the infrastructure providers and authorised service partners engaged by us in connection with the delivery of the services, together with the applicable safeguards governing their involvement.

How to Enter into the Agreement

We have structured the DPA signing process to be straightforward and operationally practical for corporate and professional customers. You may choose the execution method that best suits your organisation’s internal compliance procedures

Electronic Acceptance
You may log in to your client control panel and navigate to the legal documents section, where the current version of the DPA is made available for review. The agreement may then be accepted electronically by means of a digital signature or equivalent confirmation mechanism. Such acceptance constitutes a legally binding method of execution, subject to applicable law.

PDF or Hard Copy Execution
If your internal governance or procurement procedures require the DPA to be reviewed, signed and retained in PDF or paper form, please contact our support team. Upon request, we will provide a version of the agreement signed on our behalf for countersignature by your authorised representative or legal department.