Schedule 2 to TOS
SCOPE OF PROCESSING
The purpose(s) of the processing to be carried out by Company for Customer in respect of the Data include(s) the following:
To perform the Services pursuant to the MSA as further instructed by Customer.
PERSONAL DATA TO BE PROCESSED
The Data to be processed by Company on behalf of Customer includes the following categories of personal data:
Any Personal Data that the Customer decides to submit as part of its use of the Services which is determined and controlled by Customer is its sole discretion. However, Customer acknowledges that Company has no knowledge of the Personal Data that is received, stored, or transmitted using the Services by Customer.
The Data to be processed by Company on behalf of Customer relates to the following categories of data subjects:
Any Personal Data that the Customer decides to submit as part of its use of the Services which is determined and controlled by Customer is its sole discretion including Personal Data relating to the following data subjects: (i) prospects, customers and prior customers of the Customer, (ii) vendors of the Customer, (iii) employees, consultants, advisors, agents and officers of the Customer.
TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
Company has implemented the following technical and organizational security measures:
1. Security– Company employs multi-level systems and processes to ensure that Customer’s Data remains secure.
2. SSAE 16 Certified Data Centers– All of the data centers owned by Company are externally audited to ensure compliance with Standards for Attestation Engagements 16 (“SSAE 16”), which confirms that the facilities meet the strictest standards. The standard covers all aspects of data center management including, “processes, policies, procedures, personnel, and operational activities.”
3. PCI DSS Compliant Platforms– Company’s environments are designed and externally audited to conform to the stringent requirements of the Payment Card Industry Data Security Standards (“PCI DSS”). These standards are required of all organizations who receive, process, or store credit card data. As a hosting provider, the Company gives the security of cardholder data the highest priority and constantly monitors our network and business processes in order to meet PCI DSS requirements. Company’s PCI DSS compliance does not apply to customers that utilize Company’s colocation services.
4. Firewalls– All of Company’s shared and dedicated server hosting plans sold by Company for use in e-commerce include the Advanced Policy Firewall (“APF”) stateful iptables based software firewall to protect our networks from outside intrusion. Company also utilizes web application firewalls in every e-commerce environment to provide an additional layer of application security.
5. Regular Security Testing– We regularly subject our networks to external and internal penetration testing in order to verify network and server integrity.
6. OS Security Management– Company proactively patches and upgrades all of our servers where Customer purchases Company’s “managed” services. In the event of a vulnerability being discovered, Company will immediately apply patches or implement solutions to protect Customer when possible.
7. Audit Trails– Company keeps comprehensive records of each parties that has access to the Data that we process and the occasions on which said parties actually access said Data. All work by Company on our servers and networks is carefully logged, and access is only granted to our stringently vetted and security-trained system engineers.