DATA PROCESSING AGREEMENT (DPA)

Effective Date: May 5, 2025
Website: https://mazalacloud.com

This Data Processing Agreement (“Agreement”) is entered into between:

Mazala Limited

(“Company,” “Mazala,” or “Data Controller”)

and any Service Provider, Vendor, Subcontractor, or Client (the “Data Processor”) that receives or processes personal data on behalf of Mazala or its business unit Mazala Cloud, which provides web hosting, domain registration, and digital infrastructure services globally.

1. PURPOSE OF THIS AGREEMENT

This Agreement governs how personal data is handled by the Data Processor in connection with services provided to Mazala Cloud and ensures compliance with applicable privacy and data protection laws in Hong Kong and globally, including:

  • Hong Kong’s Personal Data (Privacy) Ordinance (PDPO)
  • Applicable provisions under the EU GDPR for international partners
  • General industry standards and security best practices

2. DEFINITIONS

  • Personal Information: Any data that directly or indirectly identifies an individual or organization, such as name, contact information, domain registration records, billing details, and IP addresses.
  • Data Controller: Mazala Limited and its operating division Mazala Cloud, which determines the purposes and means of processing personal data.
  • Data Processor: Any party processing data on Mazala’s behalf under this Agreement.
  • Processing: Includes collection, use, access, transfer, storage, or deletion of personal information.

3. ROLES AND OBLIGATIONS

a. Mazala Limited (Data Controller) will:

  • Share only necessary personal data for service execution
  • Establish legal grounds for data collection and use
  • Handle data subject requests and privacy-related inquiries

b. The Data Processor agrees to:

  • Act strictly on Mazala’s documented instructions
  • Not disclose or use data for unrelated purposes
  • Implement strong security measures to protect data
  • Ensure all staff are trained and bound by confidentiality
  • Cooperate fully with audits or regulatory inquiries

4. SUBPROCESSORS

The Data Processor may not use any subcontractor for data-related activities without Mazala’s prior written consent. Approved subprocessors must meet equivalent privacy and security obligations.

5. SECURITY MEASURES

The Data Processor shall adopt appropriate technical and organizational safeguards, including:

  • Data encryption at rest and during transmission
  • Role-based access control and secure authentication
  • Patch management and vulnerability mitigation
  • Secure handling and deletion of sensitive data
  • Physical security measures for infrastructure and storage

6. DATA BREACH NOTIFICATION

In the event of a data breach or security incident, the Data Processor must:

  • Notify Mazala within 72 hours of discovery
  • Provide incident details, scope, and remediation steps
  • Support Mazala in any necessary notifications to authorities or affected users

7. DATA SUBJECT REQUESTS

If the Data Processor receives a request to:

  • Access, correct, or delete personal data
  • Object to or restrict processing
  • Obtain data portability

It must:

  • Forward the request to Mazala within 5 business days
  • Not respond directly unless instructed by Mazala
  • Assist with legal compliance under the PDPO and other applicable laws

8. RETENTION AND DELETION

At the end of the service agreement:

  • The Data Processor must return or securely delete all personal data
  • Certification of deletion or anonymization must be provided if requested

9. CROSS-BORDER DATA TRANSFERS

The Data Processor shall not transfer personal data outside Hong Kong unless:

  • Approved in writing by Mazala
  • Subject to appropriate safeguards such as Standard Contractual Clauses (SCCs), Binding Corporate Rules, or local adequacy decisions

10. LIABILITY AND INDEMNIFICATION

The Data Processor shall:

  • Be fully liable for any unauthorized disclosure, access, or breach
  • Indemnify Mazala Limited for losses, fines, or claims arising from violations of this Agreement

11. TERM AND TERMINATION

This Agreement remains effective as long as the Data Processor continues to process data on Mazala’s behalf. Either party may terminate it with 30 days’ written notice. Key clauses such as confidentiality, liability, and data return will remain in effect after termination.

12. GOVERNING LAW

This Agreement is governed by the laws of the Hong Kong Special Administrative Region. Any disputes will be subject to the jurisdiction of Hong Kong courts.

13. CONTACT INFORMATION

For inquiries regarding this Agreement:

Mazala Limited
📧 Email: compliance@mazalacloud.com

Scroll to Top