Data Processing Agreement

Updated: 22 August 2025

This Data Processing Agreement (the “DPA”) forms part of Noiz’s Terms of Service (the “Principal Agreement”) and is incorporated into the Principal Agreement by reference. Noiz reserves the right to amend this DPA and the Principal Agreement at any time. Updated versions will be posted on our website, and continued use of our services constitutes acceptance of any changes.

Table of Contents

1. Introduction

This DPA applies when you subscribe to our services, and Noiz acts as the Processor of your Personal Data. In providing these services, you are the Controller of the Personal Data we Process, as you determine the purpose and means of Processing.

2. Definitions and Interpretations

2.1. The terms defined in this DPA supplement those in the Principal Agreement. Undefined terms shall have the meanings set forth in the Principal Agreement. In case of conflict between the Principal Agreement and this DPA, the provisions of this DPA shall prevail.

  • Controller” means the entity that determines the purpose and means of Processing Personal Data, which in this context is you, our customer.
  • Data Protection Law” means all applicable data protection laws and regulations governing Noiz’s Processing of Personal Data under this DPA, including the GDPR, the Protection of Personal Information Act 4 of 2013 (POPIA), ePrivacy laws, and any other relevant privacy laws.
  • Data Subject” means an identified or identifiable individual whose Personal Data is Processed, such as your customers or site visitors.
  • GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data.
  • Personal Data” means any information relating to an identified or identifiable natural person, including names, email addresses, location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political opinions.
  • Personal Data Breach” means any unauthorized or unlawful Processing of Personal Data, including accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.
  • Process” or “Processing” means any operation performed on Personal Data, whether automated or manual, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
  • Processor” means Noiz, which Processes Personal Data on behalf of the Controller.
  • Standard Contractual Clauses” (SCCs) means the clauses adopted by the European Commission on 4 June 2021 for the transfer of Personal Data to third countries.
  • Subprocessor” means any entity appointed by or on behalf of Noiz to Process Personal Data in connection with the Principal Agreement.

3. Agreement Subject Matter

3.1. Application. This DPA applies when Noiz Processes your Personal Data subject to applicable Data Protection Law.

3.2. Acceptance. By using our services, you are deemed to have read, understood, accepted, and agreed to be bound by the terms of this DPA and the Principal Agreement.

3.3. Duration. Noiz will Process Personal Data for the duration of the Principal Agreement, unless otherwise agreed in writing, subject to clause 4.1.5 below.

3.4. Limitations. This DPA does not apply to Processing activities outside the scope of the Principal Agreement or where Noiz does not act as Processor.

3.5. Details of Processing. The subject matter, nature, purpose, type of Personal Data, categories of Data Subjects, and Controller’s rights are described in the Principal Agreement and our Privacy Policy, which are incorporated herein by reference.

4. Data Processing and Protection

4.1. Processor’s Obligations

4.1.1. Processing of Data

  • Noiz will comply with applicable Data Protection Law in Processing Personal Data and will Process it only on documented instructions from the Controller.
  • The Controller instructs Noiz to Process Personal Data as necessary to provide the services and related technical support under the Principal Agreement.

4.1.2. Data Transfer

  • Noiz may transfer Personal Data to a third country or international organization only on the Controller’s documented instructions, unless required by applicable law.
  • Noiz will inform the Controller of any such legal requirement before Processing, unless prohibited by law on important grounds of public interest. The DPA and Principal Agreement constitute the Controller’s documented instructions for Processing.

4.1.3. Processor’s Personnel

  • Noiz will take reasonable steps to ensure that authorized personnel Processing Personal Data are bound by appropriate confidentiality obligations.
  • Noiz imposes contractual obligations on its personnel regarding confidentiality, data protection, and security. For details, refer to our Privacy Policy.

4.1.4. Security Measures

  • Data Security: Noiz will implement appropriate technical and organizational measures to ensure a level of security commensurate with the risk, as required by Data Protection Law and detailed in Noiz’s Security Statement. In assessing security levels, Noiz will consider risks associated with accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to Personal Data.
  • Audits: Noiz will cooperate with audits (including inspections) by the Controller or an auditor mandated by the Controller, with at least 30 business days’ prior written notice.
  • Access to Information: Where necessary, Noiz will provide reasonable access to records demonstrating compliance with data protection obligations.
  • Personal Data Breach: Noiz will notify the Controller without undue delay upon becoming aware of a Personal Data Breach.
  • Assistance to Controller: Notifications will include information reasonably available to Noiz, considering the nature of Processing and any confidentiality restrictions, to enable the Controller to respond to Data Subject requests and fulfill its obligations under Data Protection Law.

4.1.5. Return or Deletion of Personal Data

  • Upon notification by the Controller or termination of services, Noiz will, and will require its Subprocessors to, securely delete or return all Personal Data (including copies), unless retention is required by applicable law.
  • Noiz will maintain confidentiality of retained Personal Data and limit Processing to compliance with applicable law. These obligations extend to Subprocessors.

4.1.6. Subprocessing

  • Noiz will not engage any Subprocessor without the Controller’s prior specific or general written authorization. For general authorization, Noiz will inform the Controller of intended changes, allowing opportunity to object.

4.1.7. Authorized Subprocessors

  • The Controller authorizes Noiz to engage Subprocessors, primarily located in the European Union, for Processing activities related to services under the Principal Agreement and our Privacy Policy, including:
    • Registrars for domain names;
    • CRM for emails and calls;
    • Hosting services; or
    • Other services necessary to deliver our offerings.

4.1.8. Specific Obligations: Noiz will ensure Subprocessors are bound by data protection obligations consistent with Noiz’s obligations under this DPA.

4.2. Controller’s Obligations

4.2.1. Warranties: The Controller warrants that it has all necessary rights to provide Personal Data to Noiz for Processing.

4.2.2. Responsibilities: The Controller must ensure designated personnel:

  • Provide necessary privacy notices to Data Subjects;
  • Obtain and maintain records of Data Subject consents where required;
  • Notify Noiz promptly if a Data Subject revokes consent.

5. Processing of Personal Data outside of the European Economic Area (the “EEA”)

5.1. Standard Contractual Clauses

5.1.1. When does it apply?: The SCCs apply to Processing involving transfer of Personal Data outside the EEA or to a non-adequate territory, or Processing EEA-originated Personal Data in such territories.

5.1.2. When does it not apply?: The SCCs do not apply to other transfers or where parties use binding corporate rules or equivalent mechanisms for lawful transfers.

5.1.3. Adequate Protection: The parties will assess whether the third country’s protection level meets Data Protection Law requirements and allows compliance with the SCCs. If not, supplementary measures will be implemented per supervisory authority guidance to ensure equivalent protection.

6. General Terms

6.1. Confidentiality: Noiz will maintain the confidentiality of all Personal Data and disclose it only as required by law.

6.2. Notices: All notices under this DPA must be in writing and sent via email. Notices to the Controller will be sent to the address associated with your account. Notices to Noiz should be sent to legal@noiz.ie.

6.3. Liability and Indemnity: Each party indemnifies the other against claims, actions, losses, damages, and expenses arising from the indemnifying party’s breach of this DPA or Data Protection Law, provided:

  • The indemnified party notifies the indemnifying party promptly;
  • The indemnifying party controls the defense;
  • The indemnified party provides reasonable assistance;
  • The indemnified party avoids admitting liability.