Back to Legal Center
Agreement Document

Data Processing Agreement

Updated: Mar 2026

DATA PROCESSING AGREEMENT (DPA)

Effective Date: January 30, 2026 Company: NodeMania
Website: https://www.nodemania.com

1. Introduction

This Data Processing Agreement (“DPA”) forms part of the Terms and Conditions between:

NodeMania (“Processor”)
and
The Customer (“Controller”)

This DPA applies where NodeMania processes Personal Data on behalf of the Customer under the following services:

  • Web Hosting Services
  • WordPress Hosting
  • Business Hosting
  • Cloud VPS
  • Managed Cloud Servers
  • Email Hosting
  • Backup Services
  • Monitoring Services

This DPA is intended to comply with:

  • UK GDPR
  • EU General Data Protection Regulation (GDPR)
  • Applicable data protection laws

2. Definitions

Controller: The entity determining the purposes and means of processing personal data.

Processor: The entity processing personal data on behalf of the Controller.

Personal Data: Any information relating to an identifiable individual.

Processing: Any operation performed on personal data.

Sub-processor: Third party engaged by Processor to process data.

3. Scope of Processing

3.1 Nature of Processing

NodeMania processes data solely to provide hosting and infrastructure services.

Processing may include:

  • Storage of website data
  • Email hosting
  • Backup storage
  • Server logging
  • Security monitoring
  • Technical support access

3.2 Types of Personal Data

Personal data may include:

  • Names
  • Email addresses
  • Contact form data
  • IP addresses
  • Payment metadata
  • Customer account data

NodeMania does not control the type of data customers choose to host.

4. Obligations of the Processor (NodeMania)

NodeMania agrees to:

  • Process personal data only on documented instructions from the Customer
  • Ensure staff are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Assist the Customer with GDPR compliance
  • Notify the Customer of data breaches without undue delay
  • Delete or return personal data upon termination of services (where feasible)

5. Security Measures

NodeMania implements enterprise-grade security, including:

  • Encrypted HTTPS connections
  • Firewalls and Web Application Firewalls (WAF)
  • DDoS mitigation systems
  • Secure data centers
  • Access control restrictions
  • Monitoring systems
  • RAID storage redundancy
  • ISO-standard data center protections (where applicable)

Security measures are continuously updated.

6. Sub-Processors

NodeMania may engage sub-processors, including:

  • Data center providers
  • Domain registrars
  • SSL certificate authorities
  • Payment processors
  • Infrastructure vendors

All sub-processors are contractually obligated to implement adequate data protection measures.

A list of current sub-processors may be requested.

7. International Data Transfers

Data may be processed in multiple jurisdictions depending on:

  • Data center location
  • CDN nodes
  • Infrastructure partners

Where data is transferred outside the UK/EU, NodeMania ensures appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions
  • Equivalent security measures

8. Data Subject Rights Assistance

Upon written request, NodeMania will assist the Controller in responding to:

  • Access requests
  • Erasure requests
  • Rectification requests
  • Restriction requests
  • Data portability requests

Assistance may be subject to reasonable fees if complex.

9. Data Breach Notification

In the event of a confirmed personal data breach affecting customer data:

  • NodeMania will notify the Customer without undue delay
  • Notification will include known details of the breach
  • NodeMania will take corrective action

Customers remain responsible for notifying supervisory authorities where required.

10. Data Retention & Deletion

Upon service termination:

  • Data may remain temporarily for technical reasons
  • Backups may persist for limited retention periods
  • Customers may request data deletion

Deletion requests must be submitted in writing.

11. Audit Rights

Customers may request information regarding security practices.

On-site audits are not permitted without prior written agreement, but documentation may be provided upon reasonable request.

12. Liability

Liability for data protection matters remains subject to limitations stated in the main Terms and Conditions.

NodeMania shall not be liable for issues resulting from:

  • Customer misconfiguration
  • Unsecured applications
  • Vulnerable CMS/plugins
  • Compromised credentials

13. Term

This DPA remains in effect for the duration of the service provision between NodeMania and the Customer.

14. Governing Law

This DPA shall be governed by applicable data protection regulations under the jurisdiction governing the primary agreement.

Have questions about our legal policies?

Our support team is available 24/7 to clarify any of our legal terms.

Contact Legal Support