Skip links
Contact us

AltroPlus sets the standard for intelligent cloud compute and rendering. Every workload optimized.

AltroPlus

DATA PROCESSING AGREEMENT (DPA)

This Data Processing Agreement (“Agreement” or “DPA”) forms part of any agreement, contract, or service arrangement between AltroPlus (“Processor”) and the customer (“Controller”) under which AltroPlus processes Personal Data on behalf of the Controller.

This Agreement is intended to ensure compliance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and other applicable data protection laws.

1. Definitions

For the purposes of this Agreement, the following terms shall have the meanings set out below:

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • “Controller” means the entity that determines the purposes and means of Processing Personal Data.
  • “Processor” means AltroPlus, which processes Personal Data on behalf of the Controller.
  • “Sub-Processor” means any third party engaged by the Processor to process Personal Data.

Terms not defined herein shall have the meanings assigned under the GDPR.

2. Scope and Purpose of Processing

2.1 AltroPlus shall process Personal Data solely for the purpose of providing AI-driven cloud computing, GPU infrastructure, cloud rendering, and related services as instructed by the Controller.

2.2 Processing activities may include, but are not limited to:

  • Storage and hosting of data
  • Transmission of data
  • Compute and rendering operations
  • System monitoring and optimization
  • Support and maintenance activities

3. Nature of the Data and Data Subjects

3.1 Categories of Personal Data

Depending on the services used, the Processor may process:

  • Names and business contact details
  • User identifiers and credentials
  • IP addresses and technical metadata
  • Client-provided datasets (as determined by the Controller)

3.2 Categories of Data Subjects

  • Employees, contractors, and representatives of the Controller
  • End users of the Controller’s applications
  • Other individuals whose data is lawfully provided by the Controller

4. Duration of Processing

4.1 Personal Data shall be processed for the duration of the contractual relationship, unless otherwise required by law or agreed in writing.

4.2 Upon termination of services, Personal Data shall be deleted or returned to the Controller in accordance with Section 10 of this Agreement.

5. Processor Obligations

AltroPlus agrees to:

5.1 Process Personal Data only on documented instructions from the Controller, including with respect to transfers of Personal Data to third countries.

5.2 Ensure that persons authorized to process Personal Data are subject to confidentiality obligations.

5.3 Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Access control mechanisms
  • Encryption where applicable
  • Monitoring and logging
  • Incident response procedures

5.4 Assist the Controller in complying with data subject rights requests and regulatory obligations where reasonably possible.

6. Sub-Processing

6.1 The Controller grants AltroPlus general authorization to engage Sub-Processors for service delivery.

6.2 AltroPlus shall ensure that Sub-Processors are bound by data protection obligations equivalent to those set out in this Agreement.

6.3 A current list of Sub-Processors may be provided upon request.

7. International Data Transfers

7.1 Where Personal Data is transferred outside the European Economic Area (EEA), AltroPlus shall ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)
  • Contractual confidentiality obligations
  • Security controls

8. Data Subject Rights

8.1 AltroPlus shall assist the Controller, to the extent legally permitted and technically feasible, in responding to requests from data subjects to exercise their rights under GDPR.

8.2 If AltroPlus receives a data subject request directly, it shall notify the Controller without undue delay.

9. Personal Data Breach

9.1 AltroPlus shall notify the Controller without undue delay upon becoming aware of a Personal Data Breach.

9.2 The notification shall include:

  • Description of the nature of the breach
  • Likely consequences
  • Measures taken or proposed to mitigate the breach

10. Deletion or Return of Data

10.1 Upon termination of the services, AltroPlus shall, at the choice of the Controller:

  • Return all Personal Data, or
  • Securely delete all Personal Data

unless retention is required by applicable law.

10.2 Deletion shall include backups and residual copies where technically feasible.

11. Audit and Compliance

11.1 AltroPlus shall make available reasonable information necessary to demonstrate compliance with this Agreement.

11.2 Audits shall be subject to reasonable notice, confidentiality obligations, and shall not unreasonably disrupt operations.

12. Confidentiality

12.1 All Personal Data processed under this Agreement shall be treated as confidential.

12.2 Confidentiality obligations shall survive termination of this Agreement.

13. Liability

13.1 Each party shall be liable for damages caused by its own violation of applicable data protection laws.

13.2 Liability under this Agreement shall be subject to the limitations set out in the main service agreement.

14. Governing Law and Jurisdiction

14.1 This Data Processing Agreement shall be governed by the laws of Hong Kong Special Administrative Region.

14.2 Exclusive jurisdiction shall lie with the courts of Hong Kong SAR, unless mandatory law provides otherwise.

15. Final Provisions

15.1 If any provision of this Agreement is held invalid, the remaining provisions shall remain in full force.

15.2 This Agreement forms an integral part of the contractual relationship between AltroPlus and the Controller.

This website uses cookies to improve your web experience.