2.4 Dig­i­talO­cean pro­cess­ing of per­son­al data. As a proces­sor, Dig­i­talO­cean process­es per­son­al data only for the fol­low­ing pur­pos­es: (i) pro­cess­ing for the pro­vi­sion of ser­vices in accor­dance with the agree­ment; (ii) pro­cess­ing for the imple­men­ta­tion of all steps nec­es­sary for the exe­cu­tion of the agree­ment; and (iii) to com­ply with oth­er appro­pri­ate instruc­tions from Cus­tomer, to the extent that they com­ply with the terms of this Agree­ment and only in accor­dance with Customer‘s doc­u­ment­ed legal instruc­tions. The par­ties agree that this DPA and the agree­ment con­tain the customer‘s com­plete and final instruc­tions to Dig­i­talO­cean regard­ing the pro­cess­ing of per­son­al data and pro­cess­ing out­side the scope of these instruc­tions (if any), which require pri­or writ­ten con­sent between the cus­tomer and Dig­i­talO­cean. ‘Union data pro­tec­tion leg­is­la­tion‘ means (i) Reg­u­la­tion 2016/679 of the Euro­pean Par­lia­ment and of the Coun­cil on the pro­tec­tion of nat­ur­al per­sons with regard to the pro­cess­ing of per­son­al data and on the free move­ment of such data (Gen­er­al Data Pro­tec­tion Reg­u­la­tion) (“GDPR”); and (ii) Direc­tive 2002/58/EC con­cern­ing the pro­cess­ing of per­son­al data and the pro­tec­tion of pri­va­cy in elec­tron­ic com­mu­ni­ca­tions and the applic­a­ble nation­al trans­po­si­tions of such data (amend­ed, replaced or replaced respec­tive­ly). ‘instruc­tions‘ means writ­ten and doc­u­ment­ed instruc­tions that a con­troller gives to a proces­sor and has instruct­ed them to car­ry out a par­tic­u­lar or gen­er­al act con­cern­ing per­son­al data (includ­ing, but not lim­it­ed to, de-iden­ti­fi­ca­tion, block­ing, era­sure, mak­ing avail­able). Where a proces­sor is entrust­ed with trans­for­ma­tion activ­i­ties, the con­troller should only use proces­sors that offer suf­fi­cient guar­an­tees, includ­ing exper­tise, reli­a­bil­i­ty and resources, to take tech­ni­cal and organ­i­sa­tion­al mea­sures in accor­dance with the require­ments of this Reg­u­la­tion, includ­ing the secu­ri­ty of pro­cess­ing. The proces­sor shall pro­vide the con­troller with a writ­ten state­ment in which the proces­sor guar­an­tees that all the per­son­al data men­tioned above or oth­er data men­tioned above have been returned or erased in accor­dance with the instruc­tions of the con­troller and that the proces­sor has not kept copies, print­outs or data on any medi­um. 4.2 Con­fi­den­tial­i­ty of pro­cess­ing. Dig­i­talO­cean ensures that any per­son autho­rised by Dig­i­talO­cean to process per­son­al data (includ­ing its employ­ees, rep­re­sen­ta­tives and sub­con­trac­tors) is sub­ject to an appro­pri­ate oblig­a­tion of con­fi­den­tial­i­ty (whether a con­trac­tu­al or legal obligation).…