This Data Processing Agreement ****(“DPA”) is entered into between the Seller (“Seller”) and Katanox, with each of the Seller or Katanox referred to as a Party and collectively as the Parties. This DPA shall form part of and is incorporated into the Seller Agreement entered into between the parties hereto (“Agreement”) and is effective from the date of last of that Agreement (the “Effective Date”).
Seller enters into this DPA on behalf of itself and, to the extent required under Applicable Law (defined hereinafter), in the name and on behalf of its Affiliates, if and to the extent Katanox Processes Personal Data for such Affiliates. For the purposes of the GDPR, Seller and its Affiliates qualify as the data controller of the Processing activities under this DPA. For the purposes of the GDPR, Katanox is the data processor of the Processing activities under this DPA.
All capitalized terms not defined herein shall have the meaning set forth in the Agreement. While providing the Services to Seller pursuant to the Agreement, Katanox may Process Personal Data on behalf of Seller and the Parties agree to comply with the following provisions with respect to any Personal Data, each acting reasonably and in good faith.
This DPA is an addendum to and forms part of the Agreement entered into between the Seller and Katanox.
In the event of a conflict between this DPA and any other terms or conditions regarding the Processing of Personal Data contained in the Agreement (including any existing data processing addendum to the Agreement), this DPA shall prevail.
The terms herein apply to the Processing of Personal Data for the purposes set forth in the Agreement and this DPA.
“Affiliate” means an entity that controls, is directly or indirectly controlled by, or is under common control of the relevant Party;
“Applicable Law” means (i) applicable data protection laws or regulations in the jurisdiction in which the Personal Data is hosted; (ii) Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (the “GDPR”);
“Seller Data” ****means the Personal Data provided by Seller and Processed through Seller's use of the Services, including Guest Data;
“Data Subject” means “data subject” as defined under the GDPR;
“Data Subject Request” refers to a request from a Data Subject in accordance the GDPR and/or other Applicable Law;
“Guest Data” means Personal Data of Guests as defined in the Agreement;
“Instructions” means (i) instructions from Seller as embodied in the Agreement, the applicable ordering documents and this DPA for the purpose of providing the Services, and (ii) those as may be additionally communicated in writing by Seller to Katanox from time-to-time;
“Personal Data” means “personal data” as defined under the GDPR, under the control of Seller and Processed by Katanox in connection with the performance of the Services;
“Process”, “Processed” or “Processing” means “processing” of Personal Data as defined under the GDPR, the details of which are outlined on Schedule 1;
“Regulator” means the data protection supervisory authority which has jurisdiction over the Seller’s Processing of Personal Data;