This Data Processing Agreement ("DPA") applies to customers who are subject to the European Union General Data Protection Regulation ("GDPR") or other applicable data protection laws and who process personal data using Galaxy Cloud Solutions LLC services.
1. Definitions
- Controller — the customer who determines the purposes and means of processing personal data
- Processor — Galaxy Cloud Solutions LLC, which processes personal data on behalf of the Controller
- Personal Data — any information relating to an identified or identifiable natural person
- Processing — any operation performed on personal data
- GDPR — the European Union General Data Protection Regulation (EU) 2016/679
- Services — the VPS hosting services provided by Galaxy Cloud Solutions LLC
2. Scope and Purpose
This DPA applies where the customer (Controller) uses Galaxy Cloud Solutions LLC services to process personal data of individuals in the European Economic Area (EEA), United Kingdom, or other jurisdictions with applicable data protection laws. Galaxy Cloud Solutions LLC acts as a data Processor on behalf of the Controller.
3. Controller Obligations
The Controller agrees to:
- Ensure that personal data is processed in accordance with applicable data protection laws
- Have a lawful basis for processing personal data
- Provide necessary privacy notices to data subjects
- Ensure that instructions given to Galaxy Cloud Solutions LLC comply with applicable laws
- Be responsible for the accuracy and legality of personal data submitted to the services
4. Processor Obligations
Galaxy Cloud Solutions LLC agrees to:
- Process personal data only on documented instructions from the Controller
- Ensure that authorized personnel are subject to confidentiality obligations
- Implement appropriate technical and organizational security measures
- Assist the Controller in fulfilling data subject rights requests
- Delete or return all personal data upon termination of services
- Provide all information necessary to demonstrate compliance with this DPA
- Notify the Controller without undue delay of any personal data breach
5. Security Measures
Galaxy Cloud Solutions LLC implements the following security measures to protect personal data:
- Encrypted communications (SSL/TLS) for all data in transit
- Access controls and authentication for all systems
- Network isolation between customer VMs using VLANs
- Regular security monitoring and alerting
- Physical security controls for server infrastructure
6. Sub-processors
The Controller authorizes Galaxy Cloud Solutions LLC to engage the following sub-processors:
- Cloudflare — DDoS protection and DNS services (United States)
- PayPal — Payment processing (United States)
- Stripe — Payment processing (United States)
- Google — Analytics and advertising services (United States)
Galaxy Cloud Solutions LLC will notify the Controller of any changes to sub-processors with reasonable advance notice.
7. Data Subject Rights
Galaxy Cloud Solutions LLC will assist the Controller in responding to data subject rights requests including access, rectification, erasure, restriction, portability, and objection, to the extent technically feasible given the nature of the services.
8. Data Breach Notification
In the event of a personal data breach affecting customer data, Galaxy Cloud Solutions LLC will notify the Controller without undue delay and in any case within 72 hours of becoming aware of the breach. The notification will include the nature of the breach, categories of data affected, likely consequences, and measures taken or proposed to address the breach.
9. International Data Transfers
Galaxy Cloud Solutions LLC is located in the United States. Personal data processed through our services is stored and processed in the United States. For transfers of personal data from the EEA or United Kingdom, the Controller is responsible for ensuring that appropriate transfer mechanisms are in place, such as Standard Contractual Clauses.
10. Audit Rights
Galaxy Cloud Solutions LLC will provide the Controller with all information necessary to demonstrate compliance with this DPA and allow for audits conducted by the Controller or an authorized auditor, with reasonable advance notice and subject to confidentiality obligations.
11. Term and Termination
This DPA remains in effect for the duration of the customer's use of Galaxy Cloud Solutions LLC services. Upon termination, Galaxy Cloud Solutions LLC will delete or return all personal data within 30 days, unless retention is required by law.
12. Contact
For DPA inquiries: [email protected]