This Data Processing Agreement (“DPA”) describes how Cloudventors processes personal data when providing DevOps and cloud infrastructure consulting services to clients.
This agreement aligns with the requirements of the General Data Protection Regulation (GDPR) (EU) 2016/679, particularly Article 28 governing the relationship between data controllers and data processors.
Cloudventors is committed to handling personal data responsibly and implementing appropriate technical and organizational safeguards when interacting with client infrastructure environments.
This agreement applies between:
Client (Data Controller)
The company or organization using Cloudventors services and determining the purposes and means of personal data processing.
Cloudventors (Data Processor)
Cloudventors provides infrastructure consulting and DevOps services that may involve access to systems containing personal data.
Cloudventors acts only on documented instructions provided by the client.
Cloudventors provides services including:
During these services, Cloudventors may have limited technical access to systems operated by the client.
Cloudventors does not collect, store, or process personal data independently outside the client’s infrastructure environment.
Depending on the client’s systems, personal data may include:
Cloudventors does not determine which data is processed and does not use the data for any purpose other than providing the contracted services.
Data subjects may include:
Cloudventors processes such data only to the extent technically necessary to perform DevOps and infrastructure services.
Cloudventors processes personal data only based on documented instructions from the client.
Typical activities may include:
Cloudventors does not use personal data for analytics, marketing, or any purpose outside the scope of the client’s instructions.
All individuals working with Cloudventors who may access client systems are subject to confidentiality obligations.
Access to client infrastructure is restricted to authorized personnel involved in delivering services.
Cloudventors implements security practices designed to protect access to client systems, including:
Infrastructure modifications are typically managed through version-controlled infrastructure processes to maintain transparency and auditability.
Cloudventors primarily delivers services directly and does not typically rely on subprocessors that process client personal data.
If a subprocessor is required for service delivery, the client will be informed and appropriate safeguards will be implemented.
Cloudventors does not store personal data belonging to clients outside their infrastructure environment.
Any temporary access or diagnostic data used during troubleshooting is handled only for the duration necessary to perform the service.
Because Cloudventors does not independently determine the purpose of personal data processing, requests from data subjects must be directed to the client as the data controller.
Cloudventors will assist the client in fulfilling GDPR obligations where technically possible.
If Cloudventors becomes aware of a potential security incident affecting client infrastructure systems, the client will be informed without undue delay.
Cloudventors will assist the client in investigating and resolving such incidents where relevant to the services provided.
Cloudventors operates remotely and may access infrastructure systems hosted in different geographic regions.
All access is performed using secure communication channels and in accordance with applicable data protection laws.
This Data Processing Agreement remains valid for the duration of the service relationship between the client and Cloudventors.
Upon termination of services, Cloudventors will cease all access to client infrastructure environments.
For questions regarding this Data Processing Agreement, please contact:
Cloudventors
DevOps & Cloud Infrastructure Consulting
Website
https://cloudventors.com