Last Updated: January 01, 2025
This Data Processing Agreement (“DPA”) forms part of the service agreement between Netcen Teknoloji Limited Şirketi (“Netcen”, “Processor”) and the customer (“Customer”, “Controller”) using Netcen infrastructure or hosting services.
This agreement governs the processing of personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”).
- DEFINITIONS
For the purposes of this agreement:
Controller
means the entity that determines the purposes and means of processing personal data.
Processor
means the entity that processes personal data on behalf of the controller.
Personal Data
means any information relating to an identified or identifiable natural person.
Processing
means any operation performed on personal data such as collection, storage, transmission, or deletion.
Data Subject
means the individual to whom the personal data relates.
- ROLES OF THE PARTIES
For the purposes of GDPR:
The Customer acts as the Data Controller.
Netcen acts as a Data Processor when providing services such as:
- Shared web hosting
- Virtual private servers (VPS/VDS)
- Email hosting services
For infrastructure services such as:
- Dedicated servers
- Server colocation
- Data center rack space
Netcen acts as an Infrastructure Provider and does not determine the purposes or means of processing personal data stored by the Customer.
The Customer remains fully responsible for the legality of personal data processed within its systems.
- SUBJECT MATTER AND DURATION
The subject matter of this DPA is the processing of personal data necessary to provide infrastructure and hosting services.
Processing will continue for the duration of the service agreement between Netcen and the Customer.
Upon termination of services, data will be deleted or returned in accordance with applicable policies.
- NATURE AND PURPOSE OF PROCESSING
Processing activities may include:
- Storage of customer-hosted data
- Transmission of data through network infrastructure
- Backup operations
- System monitoring and security logging
The purpose of processing is to enable the operation, maintenance, and security of hosting and infrastructure services.
- TYPES OF PERSONAL DATA
Depending on the Customer’s use of the services, personal data processed may include:
- Names
- Email addresses
- Contact details
- IP addresses
- Customer database records
- Website visitor information
- Email communications
Netcen does not control or determine the categories of personal data stored by the Customer.
- CATEGORIES OF DATA SUBJECTS
Personal data processed may relate to:
- Customer employees
- Customer end users
- Website visitors
- Business contacts
- PROCESSOR OBLIGATIONS
Netcen shall:
- Process personal data only on documented instructions from the Customer
- Ensure personnel authorized to process personal data are bound by confidentiality
- Implement appropriate technical and organizational security measures
- Assist the Customer in fulfilling GDPR obligations where applicable
- Notify the Customer of any data breach affecting personal data without undue delay
- SECURITY MEASURES
Netcen implements security measures including:
- Network security controls
- Access management and authentication systems
- Infrastructure monitoring and logging
- Physical data center security
- Incident detection and response procedures
These measures aim to protect the confidentiality, integrity, and availability of personal data.
- SUBPROCESSORS
Netcen may engage subprocessors necessary to provide services, including:
- Data center infrastructure providers
- Network operators
- Payment processors
- Domain registrars
- Cloud infrastructure partners
Netcen ensures that subprocessors are bound by data protection obligations equivalent to those set out in this agreement.
- DATA BREACH NOTIFICATION
In the event of a personal data breach affecting data processed on behalf of the Customer, Netcen will notify the Customer without undue delay after becoming aware of the breach.
The notification will include available information about:
- the nature of the breach
- categories of affected data
- potential consequences
- mitigation measures
- DATA SUBJECT RIGHTS
Where a data subject exercises rights under GDPR, including:
- access requests
- rectification
- erasure
- data portability
the Customer remains responsible for responding to such requests.
Netcen will provide reasonable assistance where technically feasible.
- DATA RETURN OR DELETION
Upon termination of services, Netcen may delete or return personal data stored within its systems according to the Customer’s instructions, unless retention is required by law.
- AUDIT RIGHTS
Customers may request information regarding Netcen’s security and data protection practices.
Where required by law or contractual agreement, reasonable audit or compliance verification procedures may be arranged.
- INTERNATIONAL DATA TRANSFERS
Where personal data is transferred outside the European Economic Area, appropriate safeguards will be implemented in accordance with applicable data protection laws.
- INFORMATION SECURITY AND COMPLIANCE
Netcen maintains operational processes aligned with internationally recognized standards including:
- ISO/IEC 27001 – Information Security Management System
- ISO 9001 – Quality Management System
These frameworks support the implementation of risk management, security controls, and continuous improvement processes.
- LIMITATION OF LIABILITY
Netcen’s liability under this agreement shall be limited to the extent permitted by applicable law and the primary service agreement between the parties.
- GOVERNING LAW
This agreement shall be governed by the laws of Türkiye, unless otherwise required by applicable data protection regulations.
- CONTACT
For data protection inquiries regarding this agreement:
Netcen Teknoloji Limited Şirketi
Email: info@netcen.com