.svg)
Data Processing Agreement
Between Customer and European Web Services SG UG (haftungsbeschränkt)
(trading as "euBackups")
Data Processing Agreement
This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer") and European Web Services SG UG (haftungsbeschränkt), trading as "euBackups" ("euBackups", "we", "us") for the provision of backup, security, and IT management services ("Services").
This DPA applies when we process personal data on your behalf in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
1. Definitions
Personal Data means any information relating to an identified or identifiable person contained in your Customer Data.
Customer Data means all data you back up, protect, monitor, or manage using our Services, including files, databases, security telemetry, and system information.
Processing means any operation performed on personal data, including storage, backup, recovery, and security monitoring.
Sub-processor means third parties we use to help provide the Services.
Data Protection Laws means the GDPR, German Federal Data Protection Act (BDSG), and other applicable privacy laws.
2. Our Relationship
You are the Controller. You determine what personal data is backed up and why.
We are the Processor. We process your data only according to your instructions and as necessary to provide the Services.
3. How We Process Your Data
3.1 What We Do
We process your Customer Data to:
- Perform backups and restores
- Provide security services (EDR, XDR, MDR, email security, DLP)
- Provide management services
- Offer technical support
- Monitor service performance
3.2 Your Instructions
We process your data based on:
- Your use of the Services
- Your configuration and settings
- Our Terms of Service and this DPA
- Your support requests
3.3 Types of Data
Your Customer Data may include any personal data you choose to back up, such as:
- Employee information
- Customer records
- Financial data
- Health information
- Any other data in your files, databases, and systems
4. Your Responsibilities
You must:
- Have a legal basis to process the personal data
- Provide privacy notices to your data subjects (employees, customers, etc.)
- Only back up data you're legally allowed to process
- Handle data subject requests (access, deletion, etc.)
- Comply with applicable data protection laws
5. Our Security Measures
We protect your data with:
- Encryption at rest: AES-256 encryption for stored data
- Encryption in transit: TLS 1.3 for all data transmissions
- Customer-managed encryption (optional): You can encrypt your backup data with your own keys before it reaches our systems. This ensures only you can decrypt your backup data, providing maximum privacy protection.
- Access controls: Multi-factor authentication, role-based access
- Secure facilities: EU data centres with physical security
- Monitoring: 24/7 security monitoring and alerts
- Resilient infrastructure: Redundant systems with geo-replication options
Full details are in our Privacy Policy and are available upon request.
6. Data Breaches
If we discover a security breach affecting your personal data, we will:
- Notify you within 72 hours
- Provide details about what happened
- Explain what we're doing to fix it
- Help you meet your own notification obligations
7. Sub-processors
We use the following trusted partners to help provide the Services:
| Partner | What They Do | Location |
|---|---|---|
| Hetzner Online GmbH | Data centre hosting | Germany (EU) |
| Acronis International GmbH | Backup, security, and management platform | Switzerland/EU |
| Stripe, Inc. | Payment processing | USA (with Standard Contractual Clauses) |
You also choose your own storage:
- Our hosted storage: EU data centres (Germany)
- Azure/Google (optional): Your choice of region
We'll notify you 30 days before adding new sub-processors. You can object if you have data protection concerns.
Note: Our website (www.eubackups.com) is hosted by Webflow in the USA, and we use Google Workspace (Google Ireland Limited) for business communications and customer support. These services only process website visitor data and account communications, not your Customer Data. For a complete list of all processors, see our Privacy Policy.
8. International Transfers
Your Customer Data is stored in the EU (Germany). Some partners (like Stripe for payments) are in the USA, but we use Standard Contractual Clauses approved by the EU to protect your data.
9. Your Data Subject Rights
If someone whose data you've backed up asks to access, correct, or delete their information, we'll help you respond by:
- Providing access to your data through our portal
- Helping you find specific information
- Deleting data when you request it
You're responsible for responding to data subjects - we just provide the tools.
10. Data Deletion
When you cancel:
- We keep your data for 30 days so you can retrieve it
- After 30 days, we permanently delete everything
- You can request earlier deletion by contacting us
We may keep billing records for 10 years as required by German tax law.
11. Your Rights
You can:
- Request information about how we process your data
- Audit our practices once per year (with reasonable notice)
- Object to sub-processors within 30 days of notification
- Terminate if we breach this DPA and don't fix it
12. Our Responsibilities
We will:
- Only process data as instructed by you
- Keep your data confidential and secure
- Help you respond to data subject requests
- Notify you of any security breaches
- Delete your data when required
We will NOT:
- Access your data except to provide Services or fix issues
- Share your data except as described in this DPA
- Process your data for our own purposes
- Keep your data longer than necessary
13. Liability
Both parties remain liable under the Terms of Service. Nothing in this DPA limits liability for:
- Data protection law violations
- Gross negligence or wilful misconduct
- Matters that cannot be limited by law
14. How to Contact Us
For questions about this DPA or data processing:
Email: legal@eubackups.com
Address: European Web Services SG UG (haftungsbeschränkt), Scharnhorststraße 24, 10115 Berlin, Germany
15. Changes
We may update this DPA to reflect:
- Changes in data protection laws
- New features or services
- Changes to our sub-processors
We'll notify you at least 30 days before material changes take effect.
16. Governing Law
This DPA is governed by German law. Disputes will be handled in Berlin courts, unless EU data protection laws require otherwise.
Version: 2.0
Last Updated: 06 November 2025
*This DPA forms part of our Terms of Service. For information about how we handle your account data (as opposed to your Customer Data), see our Privacy Policy.*
