Affiliate: any legal entity which is directly or indirectly owned or controlled by a Party or directly or indirectly owning or controlling a Party or under the same direct or indirect ownership or control as a Party for so long as such ownership or control lasts. Ownership or control shall exist through direct or indirect ownership of more than fifty (50%) per cent of the nominal value of the issued equity share capital or of more than fifty (50%) per cent of the voting rights entitling to vote for the election of directors or persons performing similar functions or right by any other means to elect or appoint directors or persons who collectively can exercise such control.
Data Controller: the Customer, who determines the purposes and means of the Processing.
Data Processor: the Supplier, who processes Personal Data on behalf of the Data Controller.
Laws: EU Data Protection Regulation (2016/679) and the data protection laws under the governing law of the Main Agreement applicable to the Processing hereunder from time to time. The Parties acknowledge and agree that in the time period prior to the EU Data Protection Regulation (2016/679) becoming applicable (expected on 25 May 2018), interpretation of this DPA shall be based on applicable data protection laws under the governing law of the Main Agreement.
Personal Data: any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Personal Data Breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed hereunder.
Processing: any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction, of Personal Data.
Processing Specification Form: the DPA appendix specifying processing activities under the DPA or other specifying appendix agreed between the Parties.
Services: any services provided under or in connection with the Main Agreement.
Sub-Processor: a processor contracted by the Data Processor to perform Processing hereunder, in part or in whole, on the Data Processor's behalf.