This Global Data Privacy Addendum (this “Privacy Addendum”) is attached and made part of the agreement that references these Global Data Privacy terms (the “Master Agreement”) between Customer (as identified on the Quote), including all affiliates, if any, and the Service Provider which processes Personal Data on behalf of Customer pursuant to the Master Agreement (as identified on the Quote).

The Privacy Addendum is divided into two separate addendums setting forth the privacy provisions applicable to the Master Agreement. Unless otherwise stated, the terms of this Privacy Addendum will apply to all processing of Personal Data in relation to the Services provided under the terms of the Master Agreement.

PART A: EU/UK GDPR and Swiss Addendum

 

1.          DEFINITIONS

 

• “Adequate Country” means a country or territory recognised as providing an adequate level of protection for Personal Data under an adequacy decision made, from time to time, by (as applicable) (i) the Information Commissioner’s Office and/or under applicable UK law (including the UK GDPR), or (ii) the European Commission under the GDPR, or (iii) the Swiss Federal Data Protection Authority under Swiss Data Protection Law.

• “Data Subject Request” means a request from a Data Subject to exercise the Data Subject’s right of access, right to rectification, restriction of Processing, erasure, data portability, object to the processing, or its right not to be subject to an automated individual decision making.

 

• “EEA” means the European Economic

• “EU Clauses” means the standard contractual clauses for international transfers of personal data to third countries set out in the European Commission’s Decision 2021/914 of 4 June 2021 incorporating Module Two for Controller to Processor transfers and Module Three for Processor to Processor transfers (as applicable), or its valid successor, and which form part of this DPA in accordance with Schedule 4.

• “EU/UK Rules” means (a) in the European Union, the General Data Protection Regulation 2016/679 (the “GDPR“),

(b) in the UK, the UK General Data Protection Regulation 2016/679, as implemented by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 and the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2020 (the “UK GDPR“) and the Data Protection Act 2018.

• “Personal Data” means any information relating to an identified or identifiable natural person (‘Data Subject’) located in the EEA, United Kingdom (“UK”) or Switzerland; an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; and is processed by Service Provider on behalf of the Customer within the scope of the Master Agreement.

• “Services” means the services and other activities to be supplied to or carried out by or on behalf of Service Provider for the Customer pursuant to the Master Agreement.

• “Standard Contractual Clauses” means the EU Clauses, the Swiss Addendum and/or the UK Approved

• “Supervisory Authority” means in the UK, the Information Commissioner’s Office (“ICO”) (and, where applicable, the Secretary of State or the government), and in the EEA, an independent public authority established pursuant to the GDPR.

• “Swiss Addendum” means the addendum set out in Schedule

• “Swiss Data Protection Law” means the Swiss Federal Data Protection Act of 19 June 1992 and, when in force, the Swiss Federal Data Protection Act of 25 September 2020 and its corresponding ordinances as amended, superseded or replaced from time to time.

• “UK Approved Addendum” means the template Addendum B.1.0 issued by the UK’s Information Commissioner’s Office and laid before Parliament in accordance with s119A of the Data Protection Act 2018 of the UK on 2 February 2022, and expected to be in force on 21 March 2022, or its valid successor.

• “UK Mandatory Clauses” means the Mandatory Clauses of the UK Approved Addendum, as updated from time to time and/or replaced by any final version published by the Information Commissioner’s Office.