This addendum (“Addendum”) between the Registrar and you, as a reseller (the “Reseller”), modifies certain Reseller Agreements between the parties (the “Agreement”). Throughout this document, we refer to the Registrar and the Reseller as a “Party” and collectively as the “Parties.” Terms used in this Addendum but not defined herein shall have the meanings given to them in the Agreement.
This Addendum establishes additional data privacy provisions that will be added to the Agreement. These privacy provisions will take precedence over any conflicting provisions regarding the processing of Personal Data currently included in the Agreement. This Addendum will become part of the Agreement, as well as any purchase order, work order, addendum, or local agreement signed as part of or pursuant to the Agreement.
1. Definitions.
a. “ GDPR ” shall refer in this Regulation to Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
b. "Data controller" shall be defined as set out in the GDPR.
c. “Personal Data” shall be defined as defined in the GDPR.
2. Data Processing.
To the extent that Reseller processes Personal Data as Data Controller, Reseller shall:
a. Comply with the GDPR when processing Personal Data. In particular, the Reseller guarantees that it will only process Personal Data for the purpose of carrying out the Reseller's obligations under the Agreement and ensuring that the parties comply with the terms of the Agreement;
b. Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purpose of the processing;
c. Except to countries approved, from time to time, as having equivalent protection for Personal Data by the European Commission, not transfer such Personal Data outside the European Economic Area ("EEA") without the explicit consent of the Registrar and, to the extent that such Personal Data is accessed from or processed in countries outside the EEA, the Reseller shall comply with the data importer obligations set out in the standard contractual clauses for the transfer of Personal Data to data controllers established in third countries, as set out in Commission Decision 2004/915/EC of 27 December 2004, which are hereby incorporated into and made part of this Data Processing Agreement, in the form set out in the Schedule attached to and incorporated herein (the “Controller-to-Controller Model Clauses”) and the Registrar shall comply with the Data Exporter obligations in such Controller-to-Controller Model Clauses;
d. At the request of the Registrar (from time to time), enter into separate Controller-to-Controller Model Clauses with the Registrar;
e. Promptly assist the Registrar in complying with any data subject rights requests under the GDPR that the Registrar may receive from any individual to whom the Personal Data relates; and
f. Promptly assist the Registrar in complying with any duty to cooperate with supervisory authorities under the GDPR.
Except as expressly modified and amended by this Annex, the Parties agree that the Agreement shall continue in full force and effect as provided herein, and the Parties reaffirm all of its provisions.