Data Processing Agreement (DPA)

Version: 1.0Effective Date: 2025-11-01
Ver en Español

1. Purpose and Scope

This Data Processing Agreement ("DPA") forms part of the Terms of Service and governs the processing of personal data in compliance with the General Data Protection Regulation (GDPR) EU 2016/679 and other applicable data protection laws.

This DPA applies to the processing of personal data by GPU Platform (the "Data Processor") on behalf of the Client (the "Data Controller") when using our GPU rental services.

2. Definitions

  • Personal Data: means any information relating to an identified or identifiable natural person.
  • Processing: means any operation performed on personal data, including collection, recording, storage, adaptation, retrieval, use, disclosure, erasure, or destruction.
  • Data Controller: the entity that determines the purposes and means of processing personal data (the Client).
  • Data Processor: the entity that processes personal data on behalf of the Data Controller (GPU Platform).
  • Data Subject: an identified or identifiable natural person whose personal data is processed.

3. Data Processing Principles

As Data Processor, GPU Platform shall:

  • Process personal data only on documented instructions from the Data Controller;
  • Ensure that persons authorized to process personal data are committed to confidentiality;
  • Implement appropriate technical and organizational measures to ensure security;
  • Not engage another processor without prior authorization from the Data Controller;
  • Assist the Data Controller in responding to data subject requests;
  • Assist the Data Controller in ensuring compliance with data protection obligations;
  • Delete or return all personal data at the end of the provision of services;
  • Make available all information necessary to demonstrate compliance with this DPA.

4. Nature and Purpose of Processing

The Data Processor processes personal data for the following purposes:

  • Providing GPU computing resources for data processing workloads;
  • Maintaining and supporting the platform infrastructure;
  • Ensuring security and preventing unauthorized access;
  • Billing and payment processing;
  • Compliance with legal obligations.

5. Type of Personal Data and Categories of Data Subjects

Types of personal data that may be processed:

  • Account information (name, email, company);
  • Payment and billing information;
  • Usage data and logs;
  • Technical data (IP addresses, device information);
  • Any data uploaded or processed by the Client on our GPU resources.

Categories of data subjects:

  • Clients and their authorized users;
  • End users of the Client's services;
  • Any individuals whose data is processed using our GPU resources.

6. Security Measures

GPU Platform implements the following security measures:

  • Encryption of data in transit and at rest;
  • Access controls and authentication mechanisms;
  • Regular security audits and vulnerability assessments;
  • Incident response procedures;
  • Data backup and disaster recovery procedures;
  • Physical security of data centers;
  • Staff training on data protection.

7. Sub-Processors

The Data Controller authorizes the use of the following types of sub-processors:

  • Cloud infrastructure providers (for hosting and storage);
  • Payment processors (for billing and transactions);
  • Email service providers (for notifications);
  • Analytics and monitoring services.

GPU Platform shall inform the Data Controller of any intended changes concerning sub-processors and provide an opportunity to object to such changes.

8. Data Subject Rights

GPU Platform shall assist the Data Controller in fulfilling requests from data subjects exercising their rights under GDPR, including:

  • Right of access;
  • Right to rectification;
  • Right to erasure;
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object.

9. Data Breach Notification

In the event of a personal data breach, GPU Platform shall notify the Data Controller without undue delay and within 72 hours of becoming aware of the breach. The notification shall include all relevant information about the breach and measures taken to mitigate its effects.

10. International Data Transfers

Any transfer of personal data to third countries or international organizations shall be conducted in accordance with Chapter V of the GDPR, using appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

11. Audit Rights

GPU Platform shall make available to the Data Controller all information necessary to demonstrate compliance with this DPA and allow for audits, including inspections, conducted by the Data Controller or an authorized auditor.

12. Term and Termination

This DPA shall remain in effect for as long as GPU Platform processes personal data on behalf of the Data Controller. Upon termination of services, GPU Platform shall delete or return all personal data to the Data Controller and delete existing copies, unless required by law to retain the data.

13. Contact Information

For questions about this DPA or data protection matters, please contact our Data Protection Officer:

Email: dpo@gpuplatform.eu

← Back to Home
Terms of ServiceDPAPrivacy Policy