3.1 Confidentiality. LinuxGuard shall ensure that persons authorised to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
3.2 Security. LinuxGuard shall implement and maintain appropriate technical and organisational measures as described in Annex 2 to protect Customer Personal Data against Security Incidents and to ensure a level of security appropriate to the risk.
3.3 Sub-processors. LinuxGuard shall not engage Sub-processors to Process Customer Personal Data without general or specific prior written authorisation from the Customer. LinuxGuard shall maintain a list of Sub-processors (as set out in Annex 3) and shall notify the Customer of any intended changes (additions or replacements). The Customer may object to new Sub-processors on reasonable grounds within 14 days of notification. If the Customer objects to a new Sub-processor on reasonable grounds and the parties are unable to resolve the objection within 30 days, the Customer may terminate the relevant Services on written notice, and LinuxGuard shall provide a pro-rata refund of any prepaid fees for the terminated Services for the period following the effective date of termination.
3.3a Sub-processor Liability. LinuxGuard shall ensure that each Sub-processor is subject to data protection obligations equivalent to those in this DPA, whether through the Sub-processor's own published data processing terms, standard contractual clauses, or other legally recognised mechanism. LinuxGuard shall remain liable to the Customer for the acts and omissions of its Sub-processors to the extent LinuxGuard would be liable if performing the relevant services directly under the terms of this DPA. This liability is subject to the limitations and caps set out in the Agreement.
3.4 Data Subject Rights. LinuxGuard shall assist the Customer (by appropriate technical and organisational measures) in fulfilling the Customer's obligations to respond to requests from Data Subjects exercising their rights under Data Protection Laws, taking into account the nature of the Processing.
3.5 Security Assistance. LinuxGuard shall assist the Customer in ensuring compliance with its security obligations under Data Protection Laws, taking into account the nature of the Processing and the information available to LinuxGuard.
3.6 Data Protection Impact Assessment. LinuxGuard shall provide reasonable assistance to the Customer in conducting data protection impact assessments and prior consultations with Supervisory Authorities, to the extent required by Data Protection Laws.
3.7 Security Incidents. LinuxGuard shall notify the Customer without undue delay (and in any event within 72 hours) after becoming aware of a Security Incident affecting Customer Personal Data. Notification shall include: (a) description of the Security Incident; (b) categories and approximate number of Data Subjects and Personal Data records affected; (c) likely consequences of the Security Incident; and (d) measures taken or proposed to address the Security Incident.
3.8 Deletion or Return. Upon termination of the Agreement or upon written request of the Customer, LinuxGuard shall: (a) within 30 days, delete or return all Customer Personal Data held in active production systems; and (b) within 90 days, securely delete all Customer Personal Data from backup systems and archives. LinuxGuard shall provide written confirmation of deletion upon request. Notwithstanding the foregoing, LinuxGuard may retain Customer Personal Data for longer periods where required by applicable law, in which case LinuxGuard shall notify the Customer and restrict Processing to only that required by such legal obligation.
3.9 Audit Rights. LinuxGuard shall make available to the Customer all information reasonably necessary to demonstrate compliance with this DPA. Audit rights shall be subject to the following conditions: (a) the Customer shall provide at least 30 days' prior written notice of any audit; (b) audits shall be conducted no more than once per 12-month period, unless required by a Supervisory Authority or following a confirmed Security Incident; (c) the Customer shall reimburse LinuxGuard's reasonable costs incurred in supporting an audit, charged at LinuxGuard's standard professional services rates then in effect; (d) any auditor shall be subject to confidentiality obligations no less protective than those in this DPA; and (e) LinuxGuard may satisfy audit requests in whole or in part by providing relevant third-party audit reports or certifications (including ISO 27001, SOC 2 Type II, or equivalent) — where such reports are provided and reasonably address the Customer's audit scope, a separate on-site audit shall not be required for that scope.
3.10 Sovereign Deployment Option. Where a Customer requires a Sovereign Deployment, LinuxGuard shall, upon written request, configure the Services to operate using exclusively the EU/EEA+UK-sovereign Sub-processors and infrastructure listed in Annex 4. LinuxGuard shall confirm in writing the activation of a Sovereign Deployment within 14 days of receipt of a Customer's written request.
3.11 Infrastructure Sovereignty Roadmap. LinuxGuard's current production infrastructure operates on Amazon Web Services standard commercial infrastructure, with all Customer Personal Data hosted in AWS eu-west-1 (Dublin, Ireland) and AWS eu-central-1 (Frankfurt, Germany) as set out in Annex 1. LinuxGuard acknowledges that, as a US-headquartered company, Amazon Web Services, Inc. may be subject to compelled disclosure obligations under United States law (including the Clarifying Lawful Overseas Use of Data Act, Pub. L. 115-141 (the "CLOUD Act")), notwithstanding the EU location of the data. LinuxGuard mitigates this risk through Standard Contractual Clauses and supplementary technical measures as set out in Section 5 and Annex 2. LinuxGuard confirms that a transition to the AWS European Sovereign Cloud (as defined in Section 1) is technically feasible and commercially viable as a near-term decision, given LinuxGuard's existing AWS infrastructure and the architectural compatibility of AWS ESC with LinuxGuard's current stack. LinuxGuard shall complete such a migration upon: (a) a Customer's written request made pursuant to Section 3.10 where Infrastructure Sovereignty is required; or (b) a decision by LinuxGuard's board to complete an Infrastructure Sovereignty Migration as a standard platform upgrade. LinuxGuard shall notify all Customers of the completion of any Infrastructure Sovereignty Migration within 30 days of its completion.