Hosting by Ampersand
Start hosting

Legal

DPA & FADP statement

A complete Data Processing Agreement plus our FADP / GDPR posture. Swiss-only residency, sub-processor list, breach notice, deletion guarantees.

Last updated · 28 April 2026 · Version 1.0 · Module: Customer DPA · Framework: FADP / GDPR.

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Ampersand Labs GmbH (“Processor”) and the Customer (“Controller”) using Hosting by Ampersand. It governs the processing of personal data on the Controller's behalf in accordance with the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR).

1. Scope & roles

The Customer is the Controller of personal data uploaded to or generated by their hosted website(s). Ampersand acts as the Processor and processes such data only on the documented instructions of the Controller, namely the use of the Service as described in the Terms of Service.

2. Processing details

  • Subject matter: managed WordPress hosting and related support services.
  • Duration: for the term of the Service contract plus 30 days for migration/deletion.
  • Categories of data subjects: Controller's website visitors, users, customers, employees, contributors.
  • Categories of personal data: as configured by the Controller in their WordPress instance — typically names, emails, IPs, login data, comments, e-commerce orders, and any custom fields.
  • Special categories: may be processed only if the Controller deliberately stores them in their WordPress installation.

3. Processor obligations

Ampersand will:

  • Process personal data only on the Controller's documented instructions.
  • Ensure that personnel authorised to process personal data are bound by confidentiality.
  • Implement appropriate technical and organisational measures (Section 4).
  • Assist the Controller in fulfilling data-subject requests and DPIA obligations.
  • Make available all information necessary to demonstrate compliance.

4. Security measures

Ampersand maintains, at a minimum:

  • Encryption of customer data at rest (LUKS / dm-crypt) and in transit (TLS 1.3).
  • Network isolation per customer at the VLAN and PHP-FPM pool level.
  • Brute-force protection, WAF, malware scanning and rate limiting on every site.
  • Access controls following the principle of least privilege; 2FA mandatory for staff.
  • Centralised, append-only audit logging of administrative actions, retained 90 days.
  • Daily encrypted off-site backups stored in a second Swiss datacenter.
  • Annual penetration testing; ISO-27001-certified hosting facilities.

5. Sub-processors

The Controller authorises Ampersand to engage the following sub-processors:

  • Akenes SA / Exoscale — Lausanne, Switzerland — IaaS infrastructure (compute, storage, network, backups).
  • Stripe Payments Europe Ltd. — Dublin, Ireland — billing & payment processing for the Customer's subscription with Ampersand (does not process the Customer's end-user data).
  • ActiveCampaign LLC / Postmark — transactional email delivery for system messages.

Ampersand will inform the Controller of any new or replacement sub-processor at least 30 days in advance, giving the Controller the opportunity to object on legitimate grounds. If unresolved, the Controller may terminate the Service without penalty for the unused portion of any prepaid term.

6. International transfers

Customer-uploaded personal data is stored exclusively in Switzerland. No customer-uploaded data is transferred outside Switzerland under this DPA. Where ancillary services (e.g. transactional email) involve data movement within the EEA, transfers are covered by adequacy and the EU Standard Contractual Clauses where applicable.

7. Breach notification

Ampersand will notify the Controller without undue delay, and in any event within 72 hours, after becoming aware of a personal data breach affecting the Controller's data. The notice will describe the nature of the breach, categories and approximate number of records affected, likely consequences and the measures taken or proposed.

8. Audit rights

The Controller may, no more than once per calendar year and on reasonable notice, audit Ampersand's compliance with this DPA. Audits will be conducted during business hours, at the Controller's expense, and subject to Ampersand's reasonable confidentiality and security requirements. Independent third-party audit reports may be provided in lieu of an on-site audit.

9. Termination & deletion

Upon termination of the Service, Ampersand will, at the Controller's choice, return or irreversibly delete all personal data within 30 days, including all backup copies, unless retention is required by Swiss law (e.g. accounting records).

Need a counter-signed DPA on company letterhead? Email privacy@ampersand.ch.