Definitions
"CCPA" means the California Consumer Privacy Act, Cal. Civ. Code§ 1798.100 et seq., and its
implementing regulations. “Controller” means the entity which determines the purposes and
means of the Processing of Personal Data.
Data Protection Laws and Regulations means all applicable laws and
regulations, including laws and regulations of the European Union, the European Economic
Area and their member states, Switzerland and the United Kingdom and the United States and
its states, applicable to the Processing of Personal Data under the Agreement as amended
from time to time.
Data Subject means the identified or identifiable person to whom Personal
Data relates.
GDPR means the Regulation (EU) 2016/679 of the European Parliament and of
the Council of 27 April 2016 on the protection of natural persons with regard to the
processing of personal data and on the free movement of such data, and repealing Directive
95/46/EC (General Data Protection Regulation).
Personal Data means any information relating to (i) an identified or
identifiable natural person and, (ii) an identified or identifiable legal entity (where such
information is protected similarly as personal data or personally identifiable information
under applicable Data Protection Laws and Regulations), where for each (i) or (ii), such
data is Your Data.
Processing means any operation or set of operations which is performed upon
Personal Data, whether or not by automatic means, such as collection, recording,
organization, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or
combination, restriction, erasure or destruction.
Processor means the Party which Processes Personal Data on behalf of the
Controller, including as applicable any service provider as that term is defined by the
CCPA.
Independent controllers
Each party acts as an independent Controller of Personal Data. The parties individually
determine the purpose and means of Processing. Each party is responsible for processing
Personal Data under the scope of this Addendum in accordance with the applicable Data
Protection Laws and Regulations, including GDPR.
Responsibilities
The party that initially collects the Personal Data is responsible for providing the Data
Subjects with the information required by the applicable Data Protection Laws and
Regulations. It is the responsibility of each party to (a) process Personal Data falling
under the scope of this Addendum in compliance with applicable Data Protection Laws and
Regulations; (b) fulfill its obligations to respond to requests for exercising the Data
Subjects' rights regarding the Processing of their Personal Data; (c) each party will
implement appropriate technical and organizational measures to ensure an appropriate level
of data security; (d) maintain a record of processing activities in accordance with
applicable Data Protection Laws and Regulations, and (e) otherwise fulfill all of the
requirements pertaining to Controllers established by the applicable Data Protection Laws
and Regulations. The parties will assist each other to the extent reasonably appropriate in
complying
With requests or complaints of Data Subjects or data protection supervisory authorities
regarding compliance with the obligations under applicable Data Protection Laws and
Regulations.
Indemnification
EACH PARTY SHALL INDEMNIFY THE OTHER AGAINST ANY AND ALL DAMAGES, CLAIMS, COSTS OR LIABILITIES ARISING FROM OR RELATING TO A PARTY'S BREACH OF THIS ADDENDUM.