DPA (Data Processing Agreement)

Identification of the Parties


This data processing agreement applies between E-Connect Web Communication S.A., acting as the data processor, and the client (hereinafter referred to as the "Data Controller"), identified in any contractual relationship with the agency.

The Data Controller, also referred to as the "Client," is defined in the contractual documents established between the parties and referring to these terms and conditions.


Nature of Processing

 


We process personal data to:

- Provide secure and efficient web hosting services.
- Manage and maintain clients' websites.
- Ensure the security and confidentiality of our clients' data and their users' data.


Categories of Data Processed


General Distinction:


- Visitor Data: Typically collected passively (via browsing) or voluntarily (via forms), mainly used for site activity tracking, responding to inquiries, or marketing campaigns.
- Client Data: More extensive, covering contractual, financial information, and ongoing exchanges with the company. These data are subject to specific retention obligations, especially for billing and service management.


1. Website Visitor Data:


Data concerning individuals browsing your website, filling out forms, or interacting generally without becoming clients.

- Browsing Data:
- IP addresses (stored in server logs)
- Cookies and session data (for preference and navigation management)
- Technical information on the browser and device used


- Data Submitted via Forms:
- First name, last name, email address, phone number
- Content of messages or requests
- Any other information voluntarily provided by visitors via contact or request forms


- Location Data:
- Geographic position inferred from IP addresses or tracking tools (if applicable)


- Marketing Data:
- Consent for marketing communications (opt-in/opt-out)
- Interaction history with emails or newsletters (opens, clicks)

2. Client Data:
Data concerning individuals who have subscribed to a service, made a purchase, or signed a contract with your company.


- Identification Data:
- First name, last name, postal address
- Professional or personal email address
- Professional or personal phone number


- Contractual Data:
- History of subscribed services, purchased products
- History of interactions and communications with the client (email, phone, etc.)

 

- Billing Data:
- Banking details or payment information
- Billing address
- Payment and invoice history


- Technical Data (if applicable):
- Data concerning the use of services provided (e.g., in the context of website management or hosting)
- Client-specific logs (error logs, technical diagnostics related to provided services)


- Marketing Data:
- Interaction history with marketing campaigns (response to offers, newsletters)
- Marketing preferences (opt-in/opt-out for commercial emails)



Legal Basis for Processing



The processing is generally justified by:

- The client's consent for promotional or marketing activities.
- Contractual necessity related to the provision of hosting and website management services.
- Legal obligations, such as compliance with data security standards.

---


Data Retention Period



Data is retained for as long as necessary to fulfill the processing purposes or to comply with applicable legal requirements.

---


Security Measures

 


Technical Measures:

- A robust authentication system is in place to control access to personal data. Access credentials are unique and shared only with authorized personnel.
- Data access rights are configured based on each staff member's roles and responsibilities, following the principle of least privilege.
- Passwords are securely stored and subject to regular renewal policies. Strong passwords are encouraged, and two-factor authentication is used where possible.
- Communications between users and our services are encrypted using standard security protocols such as HTTPS/SSL.
- Personal data is encrypted when transferred to third parties or subcontractors.
- Personal data is stored in secure environments, such as dedicated servers, certified data centers, or reliable cloud services.
- Protective measures, such as encryption of sensitive data, are implemented to ensure the confidentiality and integrity of stored data.
- Regular vulnerability assessments are conducted on systems and applications to identify and resolve security flaws.
- Security patches are proactively applied to keep systems up to date and address known vulnerabilities.
- A traceability system is in place to log and monitor access to personal data. Activity logs are retained for an appropriate period and regularly reviewed to detect suspicious activity.
- Regular backups of personal data are performed to ensure availability in case of data loss, hardware damage, or other incidents.
- Backups are securely stored to prevent data loss due to events like natural disasters or major incidents.
- Firewalls are deployed to protect networks, systems, and applications from unauthorized access, denial-of-service (DDoS) attacks, and other threats.
- Firewall rules are configured to restrict access to sensitive resources and detect suspicious activities.
- Resilience measures are in place to ensure business continuity in case of incidents or disasters.


Organizational Measures:


- Regular data security awareness programs are organized to inform and train our staff on best practices regarding data security.
- Security policies are communicated to employees and regularly updated to reflect legal and technological changes.
- Security incidents are recorded, analyzed, and appropriately addressed according to legal requirements.
- Confidentiality agreements are signed with all employees and subcontractors who have access to personal data.
- Personal data is processed confidentially and is only accessible to authorized personnel.

Continuous Improvement

The technical and organizational measures described in this document are regularly reviewed and updated to ensure their relevance and effectiveness. E-Connect Web Communication S.A. is committed to continuously improving its data security practices to address evolving threats and regulatory requirements.



Data Sharing



Data is only shared with:

- Third-party service providers under confidentiality agreements and exclusively for reasons directly related to site management.
- Legal authorities if such an obligation is imposed.

 



User Rights



Clients and end users have rights including:

- The right to access their hosted data.
- The right to request the correction or deletion of their data.
- The right to object to processing or restrict the use of certain data.

For any questions or requests related to personal data processing or to obtain a list of all our current subcontractors, please contact us at support@e-connect.lu.

Hi there !

We're the
cookies

This website uses cookies to enhance your experience and provide personalized content. If you continue to browse our website, you agree to our use of cookies.

I accept More information