Effective Date: January 17, 2026
This Data Processing Agreement ("DPA") is entered into between INUX Cloud s.r.o. ("Processor" or "FastStats") and the customer ("Controller") who uses the FastStats analytics service.
This DPA forms part of the Terms of Service and governs the processing of data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
INUX Cloud s.r.o.
Company ID: 50103016
VAT: SK2120189005
Galvaniho 12B
Bratislava 82104
Slovakia
European Union
Contact: [email protected]
The customer or organization that has subscribed to FastStats services and who determines the purposes and means of processing personal data (if any) through the use of FastStats analytics.
For the purposes of this DPA, the following terms have the meanings set out below:
"Controller" means the entity that determines the purposes and means of the processing of Personal Data.
"Processor" means the entity that processes Personal Data on behalf of the Controller.
"Personal Data" means any information relating to an identified or identifiable natural person as defined in the GDPR.
"Processing" means any operation performed on Personal Data, such as collection, recording, organization, storage, adaptation, alteration, retrieval, consultation, use, disclosure, or erasure.
"Data Subject" means an identified or identifiable natural person.
"Sub-processor" means any processor engaged by the Processor to process Personal Data.
"Services" means the FastStats web analytics platform and related services.
The Processor shall process data on behalf of the Controller for the purpose of providing web analytics services through the FastStats platform.
Processing shall continue for the duration of the service agreement between the parties, plus any additional period required to delete or return data as specified in this DPA.
The Processor collects and processes aggregated, anonymized analytics data to provide website traffic statistics and insights to the Controller. The purpose is to enable the Controller to understand website usage patterns and improve user experience.
| Category | Description |
|---|---|
| Page Views | URLs visited (without personal parameters) |
| Referrer Data | Source of traffic (search engines, referring websites) |
| Technical Data | Browser type, device type, operating system (aggregated) |
| Geographic Data | Country/region (derived from IP, never stored) |
| Behavioral Data | Visit duration, page interactions (aggregated) |
Important: FastStats does NOT collect or process:
Visitors to the Controller's website(s). Given the anonymized nature of data collection, individual data subjects cannot be identified.
The Processor shall process data only on documented instructions from the Controller, unless required to do so by EU or Member State law. The Processor shall immediately inform the Controller if it believes an instruction infringes the GDPR or other data protection laws.
The Processor shall ensure that persons authorized to process data are subject to confidentiality obligations.
The Processor implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
The Controller provides general authorization for the Processor to engage sub-processors. Current sub-processors:
| Sub-processor | Service | Location |
|---|---|---|
| Infrastructure Provider | Cloud hosting and infrastructure | European Union |
| Backup Services | Data backup and disaster recovery | European Union |
The Processor shall inform the Controller of any intended changes concerning the addition or replacement of sub-processors at least 30 days in advance, giving the Controller the opportunity to object.
Given that FastStats does not collect personal data, requests from data subjects regarding access, rectification, erasure, restriction, or portability are typically not applicable. However, the Processor shall:
The Processor shall assist the Controller with:
In the unlikely event of a personal data breach, the Processor shall:
All data processing and storage occurs exclusively within the European Union. Data centers are located in EU member states with high data protection standards.
The Processor does not transfer data outside the European Economic Area (EEA). This eliminates the need for:
The Processor commits to maintaining EU-only data residency and shall notify the Controller immediately if circumstances change that would require international data transfers.
Analytics data is retained for a maximum of 24 months from the date of collection, unless the Controller specifies a shorter retention period.
Data older than the retention period is automatically and permanently deleted from all systems, including backups.
Upon termination of services, the Processor shall, at the Controller's choice:
Upon request, the Processor shall provide written certification that all data has been deleted or returned.
The Controller has the right to conduct audits and inspections to verify the Processor's compliance with this DPA, subject to:
The Processor maintains independent third-party security certifications and audit reports (ISO 27001, SOC 2 Type II) which may be provided to the Controller upon request.
The Controller shall bear all costs associated with audits, unless the audit reveals material non-compliance by the Processor.
Each party's liability under this DPA is subject to the limitations and exclusions set out in the Terms of Service.
The Processor shall indemnify the Controller against claims arising from the Processor's breach of this DPA or applicable data protection laws, subject to:
This DPA remains in effect for the duration of the service agreement and any period necessary to fulfill data deletion or return obligations.
Sections relating to confidentiality, data deletion, liability, and dispute resolution shall survive termination.
This DPA is governed by the laws of Slovakia and the European Union, including the GDPR.
Any disputes shall be subject to the exclusive jurisdiction of the courts of Bratislava, Slovakia.
The competent supervisory authority for the Processor is the Office for Personal Data Protection of the Slovak Republic.
This DPA may only be amended by written agreement between both parties. The Processor may update this DPA to reflect changes in data protection laws, provided that such changes do not:
Controllers will be notified of material changes at least 30 days in advance.
INUX Cloud s.r.o.
Company ID: 50103016
VAT: SK2120189005
Galvaniho 12B
Bratislava 82104
Slovakia
European Union
Email: [email protected]
DPA Requests: [email protected]
By using FastStats services, the Controller accepts and agrees to be bound by this Data Processing Agreement.
For organizations requiring a signed DPA with specific terms or amendments, please contact us at [email protected]
We can provide:
Document Version: 1.0
Last Updated: January 17, 2026
Effective Date: January 17, 2026