Skip to main content
← Back to Home

Data Processing Addendum

GDPR Compliance

This Data Processing Addendum ("DPA") is entered into by and between CloudByFontos, operated by Fontos Group("Data Controller" or "we"), and you ("Data Subject" or "you"). This DPA supplements and forms part of the agreement for the provision of services through cloudbyfontos.com. In the event of any conflict between any agreement and this DPA, the terms and conditions of this DPA will control.

1. Definitions

"EU GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

"Processing" has the meaning ascribed to it in the EU GDPR, and "Process" will be construed accordingly.

"Personal Data" has the meaning ascribed to it in the EU GDPR.

2. Data Processing and Security Responsibilities

We will each comply with all privacy laws that apply to it (including, where applicable, the EU GDPR) in relation to any Personal Data Processed in connection with this website, as set out in Annex A to this DPA.

3. Data Subject Obligations

You agree that you have:

  • provided accurate and up-to-date Personal Data to the extent you choose to share such information;
  • obtained all necessary consents and provided all necessary notices to permit us to Process your Personal Data in accordance with this DPA;
  • understood that you may withdraw your consent at any time, though this may affect your ability to use certain features of this website.

4. Our Obligations

In the course of Processing Personal Data in connection with this website, we will:

  • only Process Personal Data for the purposes of operating this website and providing our services, and not Process any Personal Data in any other manner unless required to do so by applicable law;
  • immediately inform you if, in our opinion, any instruction received from you infringes the EU GDPR;
  • notify you without undue delay of any request received from individuals relating to the individual's right to access, modify, correct, erase or restrict the Processing of Personal Data;
  • notify you without undue delay of any request or correspondence received from a supervisory authority;
  • implement physical, technical, administrative and organizational measures appropriate to the sensitivity of the Personal Data;
  • ensure personnel who are authorized to Process the Personal Data are bound by confidentiality obligations;
  • provide assistance in connection with data protection impact assessments upon request.

5. Audit Rights

We will provide you (or your representatives) with access to relevant records for the purposes of verifying our compliance with this DPA, subject to reasonable notice and confidentiality obligations.

6. Subcontracting

You acknowledge and agree that we will use sub-processors (as listed in Annex C) to provide services related to this website. We will enter into written agreements with each sub-processor that impose obligations substantially similar to those in this DPA.

7. Security Breach Notification

We will notify you without undue delay upon becoming aware of any loss, theft, damage or unauthorized access to Personal Data ("Privacy Breach"). We will assist you with complying with your notification obligations to the extent required by the EU GDPR.

8. Termination

Upon your request, we will immediately return or securely dispose of all Personal Data in our possession or control unless applicable law requires storage of the Personal Data.

ANNEX A - DATA PROCESSING DESCRIPTION

Subject-matter and duration of the Processing

This website processes Personal Data for the purpose of providing cloud consulting services, enabling contact and communication, processing job applications, and scheduling meetings. The duration of Processing lasts for as long as you interact with this website and as long as any lawful purposes continue to exist.

Nature and purposes of the Processing

Personal Data are Processed for the following purposes:

  • Managing contact form submissions and communications;
  • Processing cloud assessment submissions;
  • Managing job applications;
  • Scheduling meetings via Calendly;
  • CRM management via HubSpot;
  • Sending email notifications (where consented);
  • Analyzing website usage through analytics (where consented).

Data Categories

The following categories of Personal Data are involved:

  • Contact information (name, email, phone number);
  • Professional information (company, role, LinkedIn profile);
  • Business requirements and preferences;
  • Any other information you choose to provide.

ANNEX B - SECURITY MEASURES

The following security measures have been implemented:

  • All data transmission is encrypted using TLS over HTTPS;
  • Sensitive information is encrypted at-rest where applicable;
  • Access to Personal Data is restricted to authorized personnel only;
  • Our hosting provider (Vercel) implements industry-standard security measures;
  • Regular security reviews and updates are performed;
  • Data backup and recovery procedures are in place.

ANNEX C - SUBCONTRACTORS

Below is the list of sub-processors:

Vercel Inc.

Website hosting and infrastructure.

Privacy Policy

Resend

Email delivery service.

Privacy Policy

HubSpot

Customer relationship management (CRM).

Privacy Policy

Calendly

Meeting scheduling service.

Privacy Policy

Google Tag Manager

Website analytics (where consent is provided).

Privacy Policy

Last updated: January 2026

For questions regarding this DPA, please contact us at privacy@cloudbyfontos.com or through the contact form.