Data Processing Agreement

VisitorTracking.com Data Processing Agreement
Last updated: September 16, 2024

If you’re a customer and would like to sign our DPA, you can download it here, sign it, and send it back to [email protected].

1. Introduction

These Data Processing Terms (“Data Processing Terms”) are an integral part of, and should be read within the context of, VisitorTracking.com’s terms and conditions (“Terms and Conditions”), accessible at: visitortracking.com/terms. VisitorTracking.com is operated by CV Ventures LLC (“us”, “we”, or “our”).

These Data Processing Terms apply when you, as a subscriber to the Service:

  • Are subject to Regulation 2016/679 The General Data Protection Regulation (“GDPR”), and
  • Use the Service with an active account in accordance with the Terms and Conditions.

These Data Processing Terms govern our processing of personal data as a processor on behalf of you, the controller. All terms used herein which coincide with terms used in the GDPR shall have the meaning assigned to them in the GDPR.

2. Purpose and Subject Matter

We process personal data on your behalf as the controller to provide the Service in accordance with the Terms and Conditions. The data we process includes IP addresses, User-Agent, page visits, location, device type, browser type, and similar metadata. This data is processed for the purposes of delivering, improving, and securing the Service, including protecting against DDoS attacks.

We will soon offer an option to anonymize data, including IP addresses, upon request.

The categories of data subjects include visitors to websites where you have incorporated our Service.

3. Your Rights and Obligations as Controller

You agree and warrant that:

  • You have a legal basis to submit personal data to us for processing and are responsible for the accuracy, integrity, content, and legality of the personal data processing, including the legality of any third-country transfers or additional instructions.
  • The processing of personal data does not violate the GDPR or any other applicable law.
  • You, as the controller, are responsible for notifying regulatory authorities and/or data subjects in case of a personal data breach, pursuant to the GDPR and other applicable data protection regulations.
  • You have verified that the Service’s security measures are appropriate and proportionate to the processing activities.
  • We have provided sufficient guarantees regarding logical, technical, and organizational security measures.

4. Our Obligations as Processor

We will:

  • Process personal data only in accordance with these Data Processing Terms, the Terms and Conditions, or pursuant to your written instructions.
  • Ensure that persons authorized to process the personal data are subject to confidentiality obligations.
  • Offer the option to anonymize data, such as IP addresses, once available.
  • Implement appropriate security measures to protect personal data, following GDPR Article 32.
  • Assist you, to the extent possible, with fulfilling your obligations under GDPR Articles 32 to 36, as well as responding to data subjects’ requests under GDPR Chapter III.
  • In the case of a personal data breach, notify you without undue delay and assist in providing the necessary information for you to comply with your obligations under GDPR Articles 33 and 34.
  • Unless prohibited by law, notify you of any government access requests, and disclose personal data to government authorities only when necessary to comply with a legally binding request.

5. Audit

You acknowledge that regular self-audits on our data processing activities and systems are performed. We do not currently offer third-party audits but are committed to reviewing and improving our security measures regularly. You may request additional information related to our internal audits to ensure compliance with data protection regulations.

6. Use of Sub-processors

We will ensure that any processing of personal data by a sub-processor is governed by the same obligations as those set out in these Data Processing Terms. Currently, we use Microsoft Azure as our sub-processor for infrastructure hosting.

You also provide us with general written authorization to add or change a sub-processor. We will notify you 14 days in advance of any planned changes. If you object to such changes, you may terminate your use of the Service.

7. Deletion of Data

We retain personal data indefinitely, unless otherwise agreed upon or required by law. However, at your request or upon account termination, we will delete any personal data in a secure manner. We also offer an option to anonymize data, which can be applied at any point during the retention period.

8. Duration and Termination

These Terms come into effect upon execution. The termination or expiration of this Agreement does not relieve the data processor of their confidentiality obligations.

9. Governing Law and Jurisdiction

These Terms are governed by the laws of United States, and any disputes will be subject to the exclusive jurisdiction of the courts in United States.

10. Severability

If any provision of these Terms is found by a court of competent jurisdiction to be illegal, invalid, or unenforceable, that provision will be severed, and the remaining provisions will continue in full force and effect.


Appendix 1: Sub-processors

Sub-processor Purpose Location
Microsoft Azure Infrastructure hosting Northern Europe

Table of Contents