Unless where otherwise stated, definitions used in this clause shall have the meanings set out in the Agreement;
“Agreement”: the Order Confirmation Form and Terms and Conditions (including this Data Protection clause) between Licensor and Customer;
“personal data”, “controller”, “processor”, “processing”, “data subject” and “supervisory authority” shall have the meanings ascribed to them under the GDPR, as applicable;
“Customer Data” means the personal data in whatever form or medium which is supplied, or in respect of which access is granted, to Licensor under this Agreement which shall be confined to the following categories of personal data: the first and last name, email address, location, phone number, job title and where necessary the bank account details of the Customer or where relevant its employees or contractors who wish to access the Licensed Products;
“Data Protection Law” means where applicable, the General Data Protection Regulation ((EU) 2016/679) (GDPR), the European Privacy and Electronic Communications Directive (Directive 2002/58/EC), as amended or replaced from time to time and all other national, international, regional, federal or other laws related to data protection and privacy that are applicable to any territory where Licensor processes personal data or is established;
“Reportable Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Data transmitted, stored or otherwise processed;
“Third Party Recipient” means any contractor, subcontractor or other party engaged by Licensor in relation to its performance of the Agreement who is or will be processing Customer Data, whether as a controller or processor and who may be located outside of the European Economic Area.
For the purposes of this Agreement, the Customer and Licensor agree that each party:
(a) acts as a controller in respect of the Customer Data;
(b) shall only process the Customer Data in compliance with Data Protection Law and shall not cause itself or the other party to be in breach of Data Protection Law;
(c) shall provide the other party with reasonable details of any enquiry, complaint, notice or other communication it receives from any supervisory authority relating to its processing of the Customer Data, and act reasonably in co-operating with the other party in respect of its response to the same; and
(d) shall act reasonably in providing such information and assistance as the other party may reasonably request to enable it to comply with its own obligations under Data Protection Law, including in the event of a Reportable Breach.
As the recipient of the Customer Data, Licensor shall:
(a) use the Customer Data for the Agreed Purpose only or as necessary to comply with its requirements under any applicable law;
(b) maintain all appropriate technical and organisational measures to ensure security of the Customer Data including protection against unauthorised or unlawful processing (including, without limitation, unauthorised or unlawful disclosure of, access to and/or alteration of the Customer Data);
Subject to the limitation of liability provisions in this Agreement, to the extent that Customer has an entitlement under Data Protection Law to claim from Licensor compensation paid by the Customer to a data subject as a result of a breach of Data Protection Law to which Licensor contributed, Licensor shall be liable only for such amount as it directly relates to its responsibility for any damage caused to the relevant data subject.