This DPA applies when Blazbyte processes personal data on behalf of a business customer as part of Windows RDP, Ubuntu RDP or private VPN services.
Processing continues for the duration of the customer contract and any lawful retention period after termination.
Providing remote access, VPN, support, billing, backup and related operational services. Blazbyte does not access customer content except where needed for support, security, abuse handling or legal compliance.
The controller determines the personal data placed on or transmitted through the service. Typical categories include user identifiers, business data, files, remote desktop usage data, VPN profile data and support correspondence.
Blazbyte processes data only on documented instructions from the controller unless law requires otherwise. Personnel with access are bound by confidentiality obligations.
Blazbyte applies appropriate measures for the service scale, including protected admin access, audit logging, HTTPS, access control, backup procedures and incident response. Additional managed security controls can be agreed through support.
The customer authorizes Blazbyte to use sub-processors needed for payment, infrastructure, email, support and accounting. Blazbyte remains responsible for imposing data protection obligations on sub-processors.
Blazbyte assists the controller with reasonable requests relating to data subject rights, security incidents, DPIAs and regulatory consultation, taking into account the nature of processing.
Blazbyte notifies the controller without undue delay after becoming aware of a personal data breach affecting controller data.
After service termination, Blazbyte deletes or returns personal data where reasonably possible, unless legal retention or security obligations require continued storage.
Where international transfers are required, the parties rely on appropriate safeguards such as Standard Contractual Clauses where applicable.
Questions about this DPA should be sent to privacy@blazbyte.com.