Processing of personal data by TrafficManager according to GDPR

Contract for personal data processing between the Client and TrafficManager

This annex is accompanied and must be interpreted in conjunction with the Privacy Policy and sets out the specific rules regarding the processing of personal data submitted by the Beneficiary, as Client or Customer, to TrafficManager, as a controller of your personal data in accordance with Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as “GDPR”), as well as any subsequent national legislation on the protection of personal data.

By accessing our Website or using our Services, you become subject to this Contract. Your acceptance of the terms of this Contract, in their entirety, shall be effective to you and your employees, if any.

1. Terms

In this annex the terms used will be interpreted in accordance with the GDPR, and where applicable, the terms used will have the definitions stipulated by art. 4 of the GDPR.

2. Contract Object

The object of personal data processing is the processing by TrafficManager of personal data sent by the Customer in order to provide the services stipulated in the main Customer Agreement but also for customer support services, technical updates or updates on changes in our usage policies.

3. Data Collected

Your Contact and Billing Information. When you register or sign up for the TrafficManager Services, we may collect certain contact information from you, such as your first and last name, organization/company name, company number, banking or other payment information, city, state and zip code, country, email address, and phone number or other similar contact details to process your registration request, to contact you regarding it and for finance purposes (invoicing). More details about how we process the data can be found in the Privacy Policy document located at this page:

4. Specific instructions

Under this contract, the Client gives the following specific instructions to the controller:

  • To collect and process personal data received from the Client directly for the purpose provided in the article 1 from the Privacy Policy page (
  • To send messages by email on behalf of the Client, for the service of sending notifications or documents by email (if this service is used by the Client);
  • To collect and process the information sent by the Client to the TrafficManager Servers via the Website or Platform

5. Duration of data processing

The duration of the processing of personal data is identical to the duration of the main Client Agreement.

6. Nature and purpose of data processing

The nature and purpose of the data processing are those established by the Client under the main Client Agreement, namely the provision of TrafficManager services, depending on the usage plan or package of services chosen.

7. Third Parties

All the Third parties, to whom TrafficManager may transfer the Client Data for processing are listed under the article 2 from the Privacy Policy page (

  • Pursuant to this Article, the Client understands to authorize TrafficManager to process his data thru his third-party partners as listed in the Article 2 from the Privacy Policy Page.
  • For all the future Third Parties that TrafficManager may use to process the Client data, TrafficManager receives a general authorization to subcontract to any other provider in the EU, EEA or country with an adequate level of protection recognized by a decision of the European Commission, which is necessary for certain parts of the data processing under this contract. an adequate level of security, at least at the level of this contract. This authorization includes the obligation to inform the Client, through a message through the account on the TrafficManager Website or by email. The operator has the possibility to object within 2 working days.

8. Rights and Obligations of the Client

  • The right to receive information from TrafficManager or to verify through a mandated auditor whether TrafficManager has and implements appropriate technical and organizational measures so that the processing complies with the requirements of the GDPR; the verification will take place on the basis of a prior written notification, sent at least 14 working days before the verification;
  • The right to receive assistance from the Controller, in particular to fulfill his obligation to respond to the requests of data subjects regarding the exercise of their rights under the GDPR;
  • The right to object to other third parties specified to the article 7.2
  • To comply with its obligations under the GDPR as Client with regard to personal data collected or processed by TrafficManager, on its behalf.
  • Obligation to inform data subjects under the GDPR, including information on the processing of data by TrafficManager under this contract
  • Obligation to be solely responsible for establishing the legal basis for the processing of personal data covered by this contract
  • The obligation to implement appropriate technical and organizational measures under the GDPR, including securing the transfer of data from data subjects to TrafficManager;
  • The Client understands that from the moment of deleting the data after the end of the provision of services by TrafficManager according to the obligations of GDPR and art. 9 of this contract, the data can no longer be recovered, and it is the entire responsibility of the Client to ensure that it has made a complete copy of them.
  • In all situations where the Client is the one who has to perform an obligation, such as, for example, informing the data subject about the breach of personal data security, TrafficManager cannot be held liable by the Client's inactions within the scope of that obligation.

9. Rights and Obligations of TrafficManager

  • The obligation to inform the Customer within a maximum of 10 days, if, in the opinion of TrafficManager, an instruction violates GDPR and / or other legal provision regarding the processing of personal data;
  • The obligation to ensure the security of personal data processed on behalf of the Client in accordance with Article 32 of the GDPR and Article 10 of this Annex;
  • Obligation to inform the Client without undue delay of a breach of the security of the Client's personal data during the processing performed by TrafficManager;
  • Obligation to assist the Client with all information necessary for the notification, if any, to the Competent Authority for Data Security Infringement, but without substituting for the Client his obligation to notify;
  • Obligation to assist the Client in ensuring compliance with the obligations set out in Articles 32-36 of the GDPR;
  • The obligation to assist the Client in solving the requests of the data subjects or to send to the Client any request received from the data subjects, in connection with the personal data that have been collected and processed by TrafficManager, within maximum 5 calendar days from its receipt. This assistance does not apply if the Customer already has in the technical tools provided by TrafficManager the possibility to directly solve the request of the data subject (eg the platform Account access - where the Customer already has all the information about what data he collects);
  • Obligation not to transmit personal data and / or confidential information, which may be personal data, of which he became aware during the performance of the contract
  • The obligation to provide training to authorized personnel to process personal data, regarding the confidentiality of such data;
  • The obligation to include confidentiality obligations towards employees and third parties;
  • The right to disclose certain personal data by virtue of a legal obligation or other condition provided by law at the request of an authority, public institution or court.
  • The right to recruit third parties according to article 7 of this Contract;
  • The right to cover the costs generated by ensuring the assistance of the Client, by the Client, in the situations provided by GDPR according to art. 9, if they exceed the monthly cost of the services provided by TrafficManager;
  • The right to use anonymized statistical information as a result of activities performed as a result of this contract or its entire activity;
  • TrafficManager cannot establish purposes or means of processing personal data, these being established exclusively by the Client.

10. Security

TrafficManager must comply with appropriate technical and organizational measures to ensure appropriate risk-related security measures in line with good industry practice. In determining the appropriate level of security, TrafficManager must take into account the current state of development, implementation costs and the nature, scope, context and purposes of the processing, as well as the risk with varying degrees of probability and seriousness to the rights and freedoms of individuals. and the risks that arise as a result of the processing, in particular those that may lead to, accidentally or illegally, the destruction, loss, alteration, or unauthorized disclosure of personal data transmitted, stored or processed in a otherwise, or to unauthorized access to them.

In this context, TrafficManager has established the internal application of the following organizational and technical security measures for the security of personal data, taking into account the type of activity performed:

  • implementation of ISO27001 / ISO27017 / ISO27018 security standards
  • periodic security audit performed by cybersecurity experts
  • limited access to the database for a very small number of employees of TrafficManager
  • permanent monitoring of access to the database
  • encryption of the connection used by the Client to access the service using SSL
  • encrypted client passwords
  • regular backups

Voluntarily, TrafficManager may send summaries of the conclusions of security auditors (after deletion of commercial or confidential information) made periodically to Customers to demonstrate its ongoing activities on this subject.

11. Limitation of liability

The Client agrees to exonerate TrafficManager from any liability for damages that may arise from:

  • non-compliance with the contract due to events that exceed any responsibility of TrafficManager;
  • compliance with the Client's instructions or non-compliance with the Client's instructions justified in advance by a notification regarding its illegality;
  • the lack or vitiation of the consent of the data subjects or of the use of a wrong legal basis by the Client;
  • non-compliance with the contract due to some actions of the Client.

12. Delimitation of liability

The Customer and TrafficManager define their responsibilities for ensuring the protection of personal data (e.g. ensuring the confidentiality or security of processing), depending on the access and effective control exercised over the data, both contractually and technically.

13. Entry into force and amendments

This annex enters into force on May 20, 2018 and is valid until modified by TrafficManager and informing the Clients accordingly. Using the Account, Platform and/or our Services after the Clients informing means their consent to this document.