Data Processing Addendum

GDPR Data Processing Addendum (DPA)

Version 1.0 · Last updated: April 5, 2025

This Data Processing Addendum (“DPA”) forms part of the Hostis Terms of Service and applies when Hostis processes personal data on behalf of a customer acting as a “controller” under Regulation (EU) 2016/679 (General Data Protection Regulation, “GDPR”).

By creating a Hostis account and using the platform to process personal data of data subjects in the EU/EEA or other GDPR jurisdictions, you accept this DPA on behalf of your organization.

1. Definitions

  • “Controller” means you, the customer, who determines the purposes and means of processing personal data.
  • “Processor” means Hostis – Radivoje Đokić s.p., which processes personal data on behalf of the Controller.
  • “Personal Data” means any information relating to an identified or identifiable natural person that you upload, store, or process through the Hostis platform.
  • “Subprocessor” means any third party engaged by Hostis to process personal data as part of providing the services, as listed and updated at hostis.cloud/legal/subprocessors.
  • “Services” means the Hostis platform, including PaaS hosting, deployments, databases, storage, and gaming infrastructure.

2. Roles and scope of processing

For the purposes of this DPA, you are the Controller and Hostis is the Processor. The subject matter of processing is the provision of the Services. The duration of processing is the duration of your use of the Services, unless otherwise required by law. The nature and purpose of processing includes hosting, storage, transmission, backup, and other operations necessary to operate the platform.

Types of personal data and categories of data subjects are determined by you and may include your customers, users, or staff whose data you process via Hostis.

3. Hostis obligations as Processor

Process personal data only on your documented instructions, including with regard to transfers of personal data to a third country, unless required to do so by applicable law.
Ensure that persons authorized to process personal data are under an appropriate obligation of confidentiality.
Implement appropriate technical and organizational measures to protect personal data, taking into account the state of the art, implementation costs, and the nature, scope, context, and purposes of processing.
Assist you, as far as reasonably possible, with your obligations to respond to data subject requests (e.g., access, deletion, rectification) where those requests relate to data stored on Hostis systems.
Notify you without undue delay after becoming aware of a personal data breach affecting your personal data, and provide information reasonably required for you to meet your legal obligations.
Upon your request, delete or return all personal data after the end of the provision of Services relating to processing, unless storage is required by applicable law.
Make available to you information necessary to demonstrate compliance with this DPA and Article 28 GDPR.
Allow for and contribute to reasonable audits or inspections, carried out by you or an auditor mandated by you, subject to reasonable notice, frequency limits, and confidentiality obligations.

4. Subprocessors

You authorize Hostis to engage Subprocessors to support the delivery of the Services. Hostis will:

  • • Only use Subprocessors that provide sufficient guarantees to implement appropriate technical and organizational measures.
  • • Ensure Subprocessors are bound by written data protection obligations no less protective than those set out in this DPA.
  • • Remain responsible for the acts and omissions of its Subprocessors to the same extent as if Hostis performed the services itself.

Hostis maintains an up-to-date list of Subprocessors at hostis.cloud/legal/subprocessors. You may subscribe to updates or periodically review this page for changes.

5. Data location and international transfers

Hostis primarily uses infrastructure located in the European Union or European Economic Area (“EEA”), such as data centers in countries like Germany, Finland, or other EEA locations. Where personal data is transferred outside the EEA, Hostis will ensure that such transfers are made in compliance with GDPR, including the use of appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) or equivalent mechanisms.

6. Controller responsibilities

You are responsible for ensuring that you have a valid legal basis for processing personal data and for providing all necessary notices to data subjects. You are also responsible for the accuracy of personal data, for configuring the Services in a privacy-appropriate way, and for complying with all applicable data protection laws in your use of Hostis.

7. Data protection contact

For questions regarding this DPA or data protection matters, please contact:

Email: privacy@hostis.info

Legal entity: Hostis – Radivoje Đokić s.p.
Address: Crnjelovo Gornje, Bijeljina, Bosnia and Herzegovina

8. Execution and precedence

This DPA is incorporated by reference into the Hostis Terms of Service and becomes effective between you and Hostis when you first use the Services to process personal data. In case of conflict between this DPA and the Terms of Service, this DPA will prevail to the extent of the conflict regarding the processing of personal data.

© 2025 Hostis · GDPR-ready by design.