This Data Processing Agreement ("Agreement") pertains to the processing of personal information by miHost ("Processor") on behalf of its customers ("Controller") in accordance with the requirements of the Protection of Personal Information Act, 2013 ("POPI Act"). The POPI Act is intended to protect the personal information processed by organizations and stipulates how such information should be collected, handled, stored, and shared. This Agreement sets forth the obligations and conditions under which the Processor shall process personal information provided by the Controller.
Purpose of Processing: The Processor agrees to process personal information exclusively for the purpose of fulfilling its duties under the service agreements entered with the Controller and not for any other purpose unless explicitly instructed by the Controller in writing.
Compliance with Laws: The Processor shall ensure that in processing personal information, it complies with the POPI Act and any other applicable data protection laws. The Processor shall implement appropriate technical and organizational measures to secure personal information against unauthorized or unlawful processing, accidental loss, destruction, or damage.
Data Subject Rights: The Processor shall assist the Controller, to the extent legally possible, in fulfilling the Controller’s obligations to respond to requests for exercising the data subject's rights under the POPI Act.
Sub-processing: The Processor may not subcontract any of its processing operations performed on behalf of the Controller under this Agreement without the prior written consent of the Controller. Where the Processor contracts with a third party for the purposes of processing personal information, it shall do so only with the express consent of the Controller and under a written contract that imposes the same data protection obligations as those imposed on the Processor under this Agreement.
Transfer of Personal Information: The Processor shall not transfer personal information to a third country or international organization without the prior written consent of the Controller and ensuring that the third country or international organization provides an adequate level of protection for the personal information.
Confidentiality: Any third parties to whom the personal information is transferred must agree to confidentiality provisions and data handling practices that meet the standards of the POPI Act and this Agreement.
Liability: The parties agree that the Controller remains liable for any acts, errors, or omissions by the Processor that may cause damage to individuals due to the unlawful processing of their personal information, as per the terms of the POPI Act.
Termination: The obligations regarding the processing of personal information shall survive the termination of this Agreement.
This Agreement is intended to ensure the lawful and correct treatment of personal information and protect the rights of individuals whose personal information is processed. Both parties agree to adhere to this Agreement and the principles of the POPI Act.