Data Processing Addendum

This Data Processing Addendum (“DPA”) forms part of the Terms of Service or other written agreement (“Agreement”) between Middle Ga Colo (“Processor”) and the customer (“Controller”) and applies to the processing of Personal Data under applicable data protection laws, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”), where applicable.

This DPA applies only to the extent Middle Ga Colo processes Personal Data on behalf of the Controller.

1. Definitions

• Personal Data: Any information relating to an identified or identifiable natural person, as defined under applicable data protection laws.
• Processing: Any operation performed on Personal Data, including storage, transmission, or deletion.
• Controller: The entity that determines the purposes and means of Processing Personal Data.
• Processor: The entity that processes Personal Data on behalf of the Controller.

Capitalized terms not defined here have the meanings given in the Agreement or applicable law.

2. Scope of Processing

Middle Ga Colo provides infrastructure and platform services, including but not limited to:

• Website hosting
• Virtual machines
• Gaming servers
• Storage and backup services

Processing of Personal Data by Middle Ga Colo is limited to what is necessary to provide the services, including system operations, maintenance, security, and customer-initiated support.

Middle Ga Colo does not determine the content or purpose of Customer Data stored within hosted systems.

3. Roles of the Parties

• The Customer acts as the Data Controller for Personal Data processed using the services.
• Middle Ga Colo acts as a Data Processor for Customer Data processed on the Controller’s behalf.
• For website visitors, billing contacts, and account holders, Middle Ga Colo acts as a Data Controller as described in its Privacy Policy.

4. Customer Responsibilities

The Customer represents and warrants that:

• It has a lawful basis for processing Personal Data;
• It has provided all required notices and obtained any required consents;
• It will not process or store regulated data prohibited under the Agreement, including but not limited to HIPAA, FINRA, GLBA, PCI-DSS, ITAR, or export-restricted data;
• It will implement appropriate technical and organizational safeguards within its systems.

5. Processor Obligations

Middle Ga Colo agrees to:

• Process Personal Data only on documented instructions from the Customer;
• Limit access to Personal Data to authorized personnel;
• Take commercially reasonable measures to protect Personal Data against unauthorized access, loss, or disclosure;
• Not sell Customer Personal Data.

Middle Ga Colo does not guarantee encryption, compliance certifications, or security controls unless expressly agreed in writing.

6. Confidentiality

Middle Ga Colo ensures that persons authorized to process Personal Data are bound by confidentiality obligations appropriate to their role.

7. Subprocessors

The Customer authorizes Middle Ga Colo to engage subprocessors for the purpose of providing the services (such as infrastructure, networking, monitoring, or support providers).

Middle Ga Colo remains responsible for subprocessors to the extent required by applicable law.

A current list of subprocessors may be made available upon reasonable request.

8. Security Measures

Middle Ga Colo implements commercially reasonable administrative, technical, and physical safeguards designed to protect Personal Data.

The Customer acknowledges that:

• No system is 100% secure;
• Security responsibilities are shared;
• Customer-side configuration, access control, and data protection remain the Customer’s responsibility.

9. Data Breach Notification

Upon becoming aware of a Personal Data breach affecting Customer Data, Middle Ga Colo will notify the Customer without undue delay, consistent with applicable law.

Middle Ga Colo is not responsible for breaches resulting from Customer systems, credentials, or configurations.

10. Data Subject Requests

Where Middle Ga Colo receives a data subject request relating to Customer Data, it will notify the Customer unless legally prohibited.

The Customer is solely responsible for responding to such requests. Middle Ga Colo will provide reasonable assistance where required by law, subject to the Agreement.

11. Data Retention & Deletion

Upon termination of services, Middle Ga Colo will, within a reasonable time:

• Delete or anonymize Customer Personal Data, or
• Make Customer Data available for export, where technically feasible,

unless retention is required by law or necessary for dispute resolution.

12. International Data Transfers

Customer Data may be processed in the United States or other jurisdictions where Middle Ga Colo or its subprocessors operate.

Where required, appropriate safeguards are applied in accordance with applicable data protection laws.

13. Audits

Middle Ga Colo does not provide on-site audits or compliance certifications unless expressly agreed in writing.

The Customer may request reasonable documentation demonstrating compliance with this DPA, subject to confidentiality and security considerations.

14. Limitation of Liability

This DPA is subject to the limitation of liability provisions set forth in the Agreement.

Middle Ga Colo shall not be liable for:

• Regulatory penalties caused by Customer misuse;
• Non-compliant data stored in violation of the Agreement;
• Customer failure to meet legal obligations as Controller.

15. Conflict

In the event of a conflict between this DPA and the Agreement, this DPA governs solely with respect to data protection obligations.

16. Governing Law

This DPA is governed by the laws specified in the Agreement (State of Georgia, USA), without regard to conflict of law principles.

Contact

For DPA or data protection inquiries:

Email: terms@middlegacolo.com