Unless where otherwise stated, definitions used in this clause shall have the meanings set out in the Agreement;

“Agreement” means this TPA; 

“Agreed Purpose” means the performance by Licensor of its obligations under this Agreement including the promotion of the Licensed Products by Licensor as further described in the Privacy Policy;

“Customer Data” means the Third Party personal data in whatever form or medium which is supplied, or in respect of which access is granted, to Licensor under this Agreement which shall be confined to the following categories of personal data: the first and last name, email address, location, phone number, job title and where necessary the bank account details of the Third Party or where relevant its employees or contractors who wish to access the Licensed Products;

“Data Protection Law” means where applicable, the General Data Protection Regulation ((EU) 2016/679) (GDPR), the European Privacy and Electronic Communications Directive (Directive 2002/58/EC), as amended or replaced from time to time and all other national, international, regional, federal or other laws related to data protection and privacy that are applicable to any territory where Licensor processes personal data or is established;

“personal data”, “controller”, “processor”, “processing”, “data subject” and “supervisory authority” shall have the meanings ascribed to them under the GDPR, as applicable;

“Privacy Policy” means the privacy policy available on the website of the Licensed Product;

“Reportable Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data transmitted, stored or otherwise processed; and

“Third Party Recipient” means any contractor, subcontractor or other party engaged by Licensor in relation to its performance of the Agreement who is or will be processing Customer Data, whether as a controller or processor and who may be located outside of the European Economic Area. 

1. acts as a controller in respect of the Customer Data;
2. shall only process the Customer Data in compliance with Data Protection Law and shall not cause itself or the other party to be in breach of Data Protection Law;
3. shall provide the other party with reasonable details of any enquiry, complaint, notice or other communication it receives from any supervisory authority relating to its processing of the Customer Data, and act reasonably in co-operating with the other party in respect of its response to the same; and
4. shall act reasonably in providing such information and assistance as the other party may reasonably request to enable it to comply with its own obligations under Data Protection Law, including in the event of a Reportable Breach.

1. use the Customer Data for the Agreed Purpose only or as necessary to comply with its requirements under any applicable law;
2. maintain all appropriate technical and organizational measures to ensure security of the Customer Data including protection against unauthorized or unlawful processing (including, without limitation, unauthorized or unlawful disclosure of, access to and/or alteration of the Customer Data); and
3. be authorized to transfer and/or disclose Customer Data to Third Party Recipients, subject to the Licensor entering into a written agreement with such Third Party Recipients containing obligations which are no less onerous than those set out in this clause and provide details of such Third Party Recipients in the Privacy Policy.