Data Processing Addendum

1. Scope

This Data Processing Addendum (DPA) applies when NitroPing processes personal data on behalf of a business customer under an agreement for services.

This DPA supplements the applicable service agreement and governs processor obligations where required by data protection law.

2. Roles and Instructions

Customer acts as controller (or business) for customer personal data, and NitroPing acts as processor (or service provider/contractor) as defined by applicable law.

NitroPing will process customer personal data only on documented instructions from the customer, unless otherwise required by law.

3. Nature and Purpose of Processing

Processing may include hosting, transmission, support, diagnostics, security monitoring, and related operations required to provide and secure the contracted services.

The categories of data subjects and personal data processed under this DPA depend on the customer configuration and use of services.

4. Confidentiality and Personnel

NitroPing ensures persons authorized to process personal data are bound by confidentiality obligations and receive appropriate privacy/security training.

5. Security Measures

NitroPing maintains technical and organizational measures designed to protect personal data against unauthorized access, accidental loss, alteration, disclosure, and destruction.

Security controls are reviewed and updated to reflect evolving risks and operational requirements.

6. Subprocessors

NitroPing may engage subprocessors to provide portions of the services. NitroPing remains responsible for subprocessors' data protection obligations to the extent required by law.

Subprocessors are subject to written obligations that provide data protection standards substantially equivalent to this DPA.

7. International Transfers

Where customer personal data is transferred internationally, NitroPing implements lawful transfer mechanisms and supplementary safeguards as required by applicable law.

8. Assistance and Data Subject Requests

NitroPing provides reasonable assistance for data subject rights requests and regulatory obligations, taking into account the nature of processing and available information.

9. Incident Notification

NitroPing will notify customer without undue delay after becoming aware of a confirmed personal data breach involving customer personal data, and provide information reasonably necessary for customer response obligations.

10. Audits and Compliance Information

Upon reasonable request and subject to confidentiality safeguards, NitroPing provides information reasonably necessary to demonstrate compliance with this DPA and applicable processor obligations.

11. Return and Deletion

Upon termination or expiration of services, NitroPing will delete or return customer personal data as required by the governing agreement and applicable law, unless retention is required by law.

12. Conflict and Precedence

If this DPA conflicts with the governing service agreement solely with respect to personal data processing, this DPA prevails for those processing obligations.

This DPA may be supplemented by region-specific terms as required by law.

13. Contact

For DPA requests or enterprise privacy questions, contact [email protected].

Governing language

This document is provided in English. Where a translation is made available, the English version is the authoritative version and prevails in the event of any discrepancy.