Data Processing Agreement
Last updated: April 2026
1. Scope and purpose
This Data Processing Agreement ("DPA") governs the processing of personal data by PixelServe ("Processor") on behalf of customers ("Controller") in connection with the GPU server rental services provided at pixelserve.eu. It supplements the general Terms of Service and applies where the Controller's use of PixelServe services involves the processing of personal data subject to the EU General Data Protection Regulation (GDPR).
2. Roles
For data related to the customer's own account and billing, PixelServe acts as the data controller. For any personal data the customer processes on infrastructure provided by PixelServe (e.g. data stored or processed on rented servers), PixelServe acts solely as the data processor and processes that data only on the customer's documented instructions.
3. Nature of processing
Where PixelServe acts as Processor, processing is limited to:
- Hosting data on provisioned bare-metal hardware
- Maintaining physical and logical security of infrastructure
- Providing SSH access credentials to the authorised Controller
PixelServe does not access, analyse, or transfer any data stored on customer servers except as required for maintenance or as explicitly instructed by the Controller.
4. Security measures
PixelServe implements appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or destruction. These include physical access controls at data centre level, network isolation per customer node, and encrypted credential delivery.
5. Sub-processors
PixelServe may engage sub-processors (e.g. data centre operators, payment processors) to support delivery of the service. All sub-processors are bound by contractual obligations no less protective than those in this DPA. The current list of sub-processors is available on request.
6. Data subject rights
PixelServe will assist the Controller in responding to data subject rights requests (access, rectification, erasure, portability, restriction, objection) to the extent technically feasible and within the scope of the services provided.
7. Data breaches
PixelServe will notify the Controller without undue delay — and in any event within 72 hours — upon becoming aware of a personal data breach affecting customer data hosted on PixelServe infrastructure.
8. Deletion on termination
Upon termination of services, PixelServe will securely delete or return all customer data stored on provisioned infrastructure, at the Controller's election, unless retention is required by applicable law.
9. Governing law
This DPA is governed by the laws of the European Union and the member state in which PixelServe is established. Any disputes shall be subject to the jurisdiction of the competent courts in that member state.
10. Contact
For DPA-related enquiries or to request a signed copy: info@pixelserve.eu