evroc - Data Processing Addendum

1. Introduction

1.1 This Data Processing Addendum (“DPA”) supplements the evroc – General Terms and Conditions and forms an integral part of the Agreement (as defined in the evroc – General Terms and Conditions) between the Customer and evroc regarding the Customer’s access to and use of the Services.

1.2 This DPA applies to the extent Customer Content contains personal data and such personal data is processed by evroc on behalf of the Customer. In this context, evroc will act as processor to the Customer, who can act either as controller or processor of personal data included in Customer Content.

1.3 Description of the data processing covered by this DPA: Subject matter and nature of processing: Compute, storage and such other Services as described in the Agreement with respect to personal data included in Customer Content.

Categories of data subjects: Data subjects may include employees, customers, business contact persons and other data subjects whose personal data is included in Customer Content by the Customer.

Categories of personal data: Personal data may include name, contact details and other personal data included in Customer Content by the Customer.

Purpose of the processing: Provision of the Services to the Customer.

Duration of the processing: During the term of the Agreement.

2. Definitions

2.1 The terms used in this DPA shall have the same meaning as used in the Agreement, unless this DPA assigns a different meaning.

2.2 The term “Data Protection Laws” shall mean the EU General Data Protection Regulation (EU 2016/679) (“GDPR”) and laws, rules and regulations issued pursuant to or under the GDPR and which are directly applicable to the processing of personal data within the scope of this DPA.

2.3 Expressions used in this DPA, e.g. ‘controller’, ‘processor’, ‘data subject’, ‘personal data’, ‘processing’, ‘personal data breach’ etc., shall be construed in accordance with the meaning given to them in the Data Protection Laws.

3. General obligations of the Customer

3.1 The Customer is responsible for ensuring that the processing of personal data takes place in accordance with the Data Protection Laws.

3.2 The Customer confirms that this DPA constitute all the Customer’s documented instructions regarding evroc’s processing of personal data on behalf of the Customer.

4. General obligations of evroc

4.1 evroc may process personal data for purposes necessary for the performance of its obligations under the Agreement and in accordance with the Customer’s documente instructions set out in this DPA, unless otherwise provided by the Data Protection Laws.

4.2 If evroc considers that it has insufficient instructions for the processing of personal data according to this DPA or considers that an instruction infringes the Data Protection Laws, evroc shall notify the Customer and await further instructions. If the Customer provides additional instructions in addition to what is expressly stated in this DPA, evroc is entitled to compensation for costs and additional work performed in order to comply with such instructions.

4.3 evroc shall ensure that persons authorized to process personal data under this DPA have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and will process personal data in accordance with the instructions from the Customer set out in this DPA, unless otherwise provided by the Data Protection Laws.

5. Assistance

5.1 evroc shall, upon written request, taking into account the nature of the processing assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer’s obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III of the GDPR.

5.2 evroc shall, upon written request, assist the Customer in ensuring compliance with the Customer’s obligations pursuant to Articles 32 to 36 of the GDPR taking into account the nature of processing and the information available to evroc.

5.3 evroc shall be entitled to compensation for any assistance which evroc provides to the Customer in accordance with this Section 5.

6. Sub-processors and international data transfers

6.1 The Customer provides general authorization to evroc’s use of sub-processors to provide processing activities on personal data on behalf of the Customer. evroc will provide information on sub-processors that are currently engaged by evroc on evroc’s Website. evroc shall ensure that sub-processors are bound by written agreements that require them to comply with corresponding obligations to those contained in this DPA. Where a sub-processor fails to fulfil its data protection obligations, evroc shall remain fully liable to the Customer for the performance of the sub-processor’s obligations.

6.2 evroc will inform the Customer of any intended changes concerning the addition or replacement of sub-processors on evroc’s Website, thereby giving the Customer the opportunity to object to such changes. evroc will provide the Customer with a mechanism to obtain notice of any changes regarding sub-processors. In case the Customer objects to such changes, the Customer shall either terminate the Agreement, subject to the notice of termination period which is set forth in the Agreement, or cease using the Service for which evroc has engaged the sub-processor.

6.3 If personal data will be transferred to a sub-processor located in a country outside the EU/EEA, evroc will ensure that such transfer will be permitted under the Data Protection Laws e.g. by ensuring that EU Standard Contractual Clauses will be part of the agreement entered into with the sub-processor.

7. Security

The Parties shall implement appropriate technical and organisational measures to protect personal data taking into account the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. For evroc, this means that evroc shall maintain the technical and organizational measures set out in the Service Terms. The Customer confirms that the security measures set out in the Service Terms fulfill the Customer’s requirements and the requirements of the Data Protection Laws. In the event the Customer requests a change of the security measures set out in the Service Terms, evroc shall be entitled to compensation for costs and additional work performed in order to comply with such request.

8. Audits

8.1 evroc shall upon written request and at the Customer’s expense provide the Customer with all information necessary to demonstrate compliance with evroc’s obligations under this DPA.

8.2 Upon thirty (30) day written notice and at the Customer’s expense, the Customer or any third-party auditor mandated by the Customer shall have the right to audit the processing of personal data under this DPA. Any on-site inspection will be conditional upon compliance with evroc’s work rules, security requirements and confidentiality standards and must not interrupt evroc’s day-to-day business activities.

9. Liability

Each Party shall be liable for any administrative fines imposed on it by supervisory authorities that are intended to punish that Party for its violations of the Data Protection Laws. Otherwise, evroc’s liability shall be limited in accordance with the terms of the Agreement.

10. Term

This DPA will continue in force until the termination of the Agreement.

11. Effects of termination

Upon written request by Customer made within 30 days after the effective date of termination of the Agreement, evroc shall at the Customer’s expense return all personal data to the Customer in accordance with the General Terms. In the absence of any such request, evroc shall without undue delay delete all such personal data following termination of the Agreement, unless evroc is required to store the personal data under applicable law.

12. Miscellaneous

12.1 In the event of any conflicts between this DPA and the Agreement, this DPA shall prevail.

12.2 The provisions set forth in the Agreement regarding governing law and dispute resolution shall apply to this DPA.

The European Cloud

A better cloud. Built for AI.

Evroc logo

The European Cloud

© 2025 evroc AB
Cloud 1Cloud 2