Data Processing Agreement

1. Purpose of the Agreement

This Agreement defines the conditions under which Hostchilipepper may process personal data on behalf of the client when the client uses host.nc services to host, store, transmit or process personal data.

It specifies the respective roles of the client and Hostchilipepper, applicable processing instructions, categories of data concerned, security measures, use of subprocessors, assistance to the client, personal data breach management and return or deletion of data at the end of the contract.

2. Roles of the parties

When the client uses host.nc services to host a website, files, databases, forms, applications, online stores, member areas or communication tools, the client generally determines the purposes and means of the processing carried out through its own services.

In this case, the client acts as controller for the personal data it collects or processes through its own websites, applications or services.

Hostchilipepper acts as the client’s technical processor for operations necessary to provide hosting, storage, support, security, technical maintenance and service continuity.

The client remains solely responsible for the compliance of its own personal data processing.

Legal information

Information relating to the publisher, the administrative holder of the host.nc domain name, the HOST.NC partner and support, and the referenced .NC manager is available in the Legal Notice.

4. Description of processing

Processing carried out by Hostchilipepper on behalf of the client may include file hosting, database hosting, content storage, data transmission, technical backups, possible restoration, technical infrastructure management, security monitoring, technical log processing, maintenance, technical support, incident diagnosis, abuse prevention and suspension or intervention in case of technical or security risk.

Processing is carried out only in connection with providing the services ordered by the client.

5. Processing purposes

Hostchilipepper processes personal data on behalf of the client only to provide hosting services, ensure technical operation, maintain availability and security of the infrastructure, allow access to the client’s websites, applications, files or databases, provide technical support, handle incidents, prevent abuse, attacks, spam, malware or unlawful uses, perform backup or restoration operations where possible, and comply with legal obligations or requests from competent authorities where applicable.

Hostchilipepper does not process data hosted by the client for its own commercial purposes, except by specific agreement or legal obligation.

6. Categories of personal data concerned

The personal data processed depends on the client’s use of host.nc services. It may include identification data, first and last names, email addresses, postal addresses, login credentials, user account data, form data, order data, billing data collected by the client’s websites, payment data if the client operates an online store, IP addresses, technical logs, messages, transmitted or stored content, data in the client’s databases, files and documents hosted by the client, and any other personal data the client chooses to host through the services.

Hostchilipepper is not intended to determine or control the exact content of the data that the client chooses to host.

7. Categories of data subjects

Data subjects may include the client’s customers, prospects, website visitors, users of the client’s website or application, members of a private area, newsletter subscribers, employees, providers, business contacts or any person whose data is collected or hosted by the client through host.nc services.

8. Sensitive data

host.nc services are not specifically designed to host sensitive data within the meaning of applicable regulations.

The client undertakes not to host sensitive data, medical data, data relating to offences, biometric data, complete banking data or high-risk data without first verifying that the subscribed offer, security measures and legal framework are suitable.

If the client nevertheless chooses to host this type of data, the client assumes responsibility and must implement appropriate safeguards. Hostchilipepper reserves the right to refuse or suspend any use presenting excessive risk, not complying with the subscribed offer or incompatible with infrastructure security.

9. Client instructions

Hostchilipepper processes personal data only on documented instructions from the client. Client instructions consist of the service order, the Terms and Conditions of Sale and Use, this Agreement, settings configured by the client in the client area, requests sent to support and any specific contractual documents concluded between the parties.

Any additional instruction from the client must be sent in writing. Hostchilipepper may refuse an instruction that is unlawful, technically impossible, contrary to security rules, the Terms, the Acceptable Use Policy, or likely to harm the infrastructure, other clients or third parties.

10. Client obligations

The client undertakes to process personal data in accordance with applicable regulations, inform data subjects of its own processing, collect required consent where necessary, define appropriate retention periods, secure websites, applications, forms, databases and access, limit collected data to what is necessary, respond to rights requests, document processing where required, not use the services for unlawful, abusive or dangerous processing, not transmit unnecessary data to Hostchilipepper for support, make personal backups and keep CMS, plugins, themes, scripts and passwords up to date.

The client warrants that it has all necessary authorizations to entrust personal data to Hostchilipepper.

11. Hostchilipepper LLC obligations

Hostchilipepper undertakes to process data only for the purposes provided by the contract, process data only on documented instructions from the client, implement reasonable technical and organizational measures, limit access to persons or providers who need to know, ensure confidentiality of authorized persons, inform the client in case of data breach under this Agreement, reasonably assist the client with certain obligations where possible and proportionate, delete or return data at the end of the contract under applicable conditions, and make available certain information needed to demonstrate compliance under reasonable conditions.

12. Confidentiality

Hostchilipepper ensures that persons authorized to process personal data are subject to an appropriate confidentiality obligation.

Access to data is limited to persons or providers whose intervention is necessary for service provision, support, security, maintenance, billing, abuse prevention or legal compliance.

13. Security measures

Hostchilipepper implements reasonable technical and organizational measures intended to protect personal data against loss, destruction, alteration, unauthorized access or unauthorized disclosure.

These measures may include access control, account authentication, technical access restrictions, technical logging, infrastructure monitoring, protection against certain abuses, anti-spam, anti-phishing or anti-malware measures, logical separation where applicable, technical backups according to applicable offers and policies, connection security where available, technical infrastructure updates, internal incident management procedures and access limitation to strictly necessary needs.

The client acknowledges that security also depends on its own practices, including passwords, updates, plugins, scripts, permissions, backups and website configuration.

14. Security limits

No IT infrastructure can guarantee absolute security. Hostchilipepper cannot be held responsible for incidents resulting from a weak or compromised password, an outdated CMS, a vulnerable plugin, a compromised theme, a dangerous script installed by the client, access granted by the client to a third party, misconfiguration, an application flaw in the client’s website, lack of independent backup, an external malicious action not attributable to Hostchilipepper or a third-party provider used by the client.

15. Subprocessors

The client authorizes Hostchilipepper to use subprocessors where necessary to provide the services. These subprocessors may intervene for server infrastructure, technical hosting, domain names, SSL certificates, email, payments, security, support, backups, administration tools, client communication and technical maintenance.

Hostchilipepper ensures that subprocessors are subject to obligations compatible with this Agreement. The client may request the list of main categories of subprocessors through the Personal data section.

16. Objection to a subprocessor

When Hostchilipepper adds or replaces a subprocessor likely to have a significant impact on entrusted processing, it may inform the client by any appropriate means, including email, client area notification or update to applicable documentation.

The client may submit a reasoned objection within a reasonable period. If the objection makes service provision impossible, the parties may terminate the relevant service under the Terms.

17. International data transfers

As Hostchilipepper is a company registered in the United States, certain data may be transferred, stored or accessed from countries outside New Caledonia, the European Union or the European Economic Area.

Transfers may also occur when technical, hosting, payment, support, security or domain name providers are located in third countries.

Where necessary, Hostchilipepper ensures that personal data transfers are governed by appropriate safeguards, which may include an applicable adequacy decision, certification to a recognized framework where the provider is eligible, standard contractual clauses, complementary contractual, organizational or technical measures, or the necessity of the transfer for performance of the contract requested by the client.

The client acknowledges that certain transfers may be necessary to provide the services, especially where the main contractual provider or certain technical providers are located outside the European Union or European Economic Area.

18. Assistance to the client

Where possible and taking into account the nature of the services, Hostchilipepper may reasonably assist the client in responding to rights requests, searching for certain hosted data, providing useful technical information, handling deletion or return requests, understanding security incidents, documenting certain hosting-related elements or restoring certain data where possible and provided by the offer.

This assistance may be limited by the shared nature of the service, available access rights, technical constraints, security obligations, confidentiality of other clients, absence of usable backup or scope of the subscribed offer.

Certain complex, repeated or specific assistance requests may incur additional fees after prior information to the client.

19. Data subject requests

When Hostchilipepper directly receives a rights request concerning data hosted by the client, it may, where possible, forward the request to the client or invite the data subject to contact the controller directly.

The client remains responsible for handling access, rectification, erasure, objection, restriction, portability or consent withdrawal requests concerning data collected or hosted through its own services.

Hostchilipepper responds directly to these requests only where legally required or when acting on its own behalf.

20. Personal data breach

In case of a personal data breach affecting data processed on behalf of the client and of which Hostchilipepper becomes aware, Hostchilipepper informs the client within the best reasonable timeframe.

The information may include, insofar as known, the nature of the incident, services concerned, categories of data potentially affected, likely consequences, measures taken or proposed and possible recommendations to limit the effects of the incident.

The client remains responsible for determining whether the incident must be notified to a competent authority or communicated to data subjects, except where Hostchilipepper acts as controller for its own data.

21. Client-related incidents

Where an incident results from a compromised website, outdated CMS, vulnerable plugin, compromised password, third-party access or client misconfiguration, the client remains responsible for corrective actions and any notification obligations.

Hostchilipepper may temporarily suspend or limit the relevant service in order to protect the infrastructure, other clients or third parties.

22. Audit and information

Hostchilipepper makes available to the client, upon reasonable request, the information necessary to demonstrate compliance with this Agreement, within the limits compatible with infrastructure security, confidentiality of other clients, business secrets, contractual obligations toward providers, technical constraints and system protection.

Any audit requested by the client must be reasonable, proportionate, announced in advance and must not disrupt service operation. Hostchilipepper may refuse a physical or technical audit that presents a risk to security, confidentiality, availability or other clients, and instead propose documentary information or written answers. Costs related to a specific audit may be borne by the client.

23. Return or deletion of data

At the end of the contract or relevant service, the client must retrieve data before termination, expiration or effective deletion of the service.

After service end, Hostchilipepper may delete associated data within applicable technical or contractual periods. Where possible, Hostchilipepper may allow the client to export or retrieve certain data before deletion.

Hostchilipepper may retain certain data where necessary to comply with a legal obligation, manage an invoice, retain contractual proof, handle a dispute, prevent fraud, ensure security or respect technical backup or archiving periods. Residual backups may temporarily remain until deletion or automatic rotation according to applicable backup cycles.

24. Backups

Certain data may be included in technical backups. Backup, restoration, retention and deletion conditions are specified in the host.nc Backup and Restoration Policy.

Unless specifically agreed in writing, backups do not constitute a guarantee of complete or permanent restoration. The client remains responsible for keeping independent personal backups.

25. Records and documentation

The client is responsible for maintaining its own processing records where required. Hostchilipepper may maintain internal documentation relating to processing carried out for clients, categories of services provided, subprocessors used and security measures implemented.

26. Client account data

Data collected directly by Hostchilipepper to manage the commercial relationship with the client, including client account, billing, orders, support tickets and payments, is processed by Hostchilipepper as controller.

These processing operations are described in the host.nc Privacy Policy.

This Agreement mainly concerns personal data processed by Hostchilipepper on behalf of the client in connection with hosting services or associated technical services.

27. Third-party services used by the client

When the client installs, connects or uses third-party services on its website, such as payment modules, analytics tools, marketing plugins, CRM, emailing services, external forms, advertising scripts or API integrations, the client remains responsible for verifying their compliance.

Hostchilipepper is not responsible for processing carried out by third-party services chosen, installed or configured by the client.

28. Term of the Agreement

This Agreement applies for the duration of the relevant services.

It ceases to apply when Hostchilipepper no longer processes personal data on behalf of the client, subject to retention, deletion, archiving or proof obligations provided by contractual documents or applicable regulations.

29. Order of priority

In case of contradiction between this Agreement and the Terms and Conditions of Sale and Use, this Agreement prevails only for matters relating to personal data processing on behalf of the client.

For all other matters, the Terms and Conditions of Sale and Use remain applicable.

30. Changes to the Agreement

Hostchilipepper reserves the right to modify this Agreement in order to adapt it to changes in services, infrastructure, providers, security measures or applicable regulations.

The applicable version is the version published on host.nc or accepted under the current contract. In case of important changes, the client may be informed by email, client area notification or publication on the website.

31. Contact

For any question relating to this Agreement or personal data processing, the client may contact:

Additional legal information is available in the Legal Notice.