This Data Processing Agreement ****(“DPA”) is entered into between the Buyer (“Buyer”) and Katanox, with each of the Buyer or Katanox referred to as a Party and collectively as the Parties.
This DPA shall form part of and is incorporated into the Buyer Agreement entered into between the parties hereto (“Agreement”) and is effective from the date of last signature of that Agreement (the “Effective Date”).
Buyer enters into this DPA on behalf of itself and, to the extent required under Applicable Law (defined hereinafter), in the name and on behalf of its Affiliates, if and to the extent Katanox Processes Personal Data for such Affiliates. For the purposes of the GDPR, Buyer and its Affiliates qualify as the data controller of the Processing activities under this DPA. For the purposes of the GDPR, Katanox is the data processor of the Processing activities under this DPA.
All capitalized terms not defined herein shall have the meaning set forth in the Agreement. While providing the Services to Buyer pursuant to the Agreement, Katanox may Process Personal Data on behalf of Buyer and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
This DPA is an addendum to and forms part of the Agreement entered into between the Buyer and Katanox.
In the event of a conflict between this DPA and any other terms or conditions regarding the Processing of Personal Data contained in the Agreement (including any existing data processing addendum to the Agreement), this DPA shall prevail.
The terms herein apply to the Processing of Personal Data for the purposes set forth in the Agreement and this DPA.
“Affiliate” means an entity that controls, is directly or indirectly controlled by, or is under common control of the relevant Party;
“Applicable Law” means (i) applicable data protection laws or regulations in the jurisdiction in which the Personal Data is hosted; (ii) Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (the “GDPR”);
“Buyer Data” ****means the Personal Data provided by Buyer and Processed through Buyer's use of the Services, including Guest Data;
“Data Subject” means “data subject” as defined under the GDPR;
“Data Subject Request” refers to a request from a Data Subject in accordance the GDPR and/or other Applicable Law;
“Guest Data” means Personal Data of Guests as defined in the Agreement;
“Instructions” means (i) instructions from Buyer as embodied in the Agreement, the applicable ordering documents and this DPA for the purpose of providing the Services, and (ii) those as may be additionally communicated in writing by Buyer to Katanox from time-to-time;
“Personal Data” means “personal data” as defined under the GDPR, under the control of Buyer and Processed by Katanox in connection with the performance of the Services;