This Data Processing Agreement (the "Agreement") is entered into by and between:

Datazone, a company registered under the laws of United Kingdom, having its registered office at 27 Old Gloucester Street WC1N 3AX, London, UK ("Processor")

Visitor or Customer, a company registered under the laws of Customer's Country, having its registered office at Customer's Address ("Controller").

(hereinafter collectively referred to as the "Parties").

Background

1. The Controller is a user of Datazone, a data platform, and processes personal data of individuals ("Data Subjects") within the platform.

2. The Processor provides the Datazone platform to the Controller and processes personal data on behalf of the Controller as part of its services.

3. The Parties desire to ensure that personal data is processed in compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR).

Definitions

• "GDPR" means the General Data Protection Regulation (EU) 2016/679.

• "Personal Data" shall have the meaning as defined in the GDPR.

• "Processing" shall have the meaning as defined in the GDPR.

Data Processing Terms

1. Scope and Purpose of Processing

   The Processor shall process Personal Data on behalf of the Controller solely for the purpose of providing the services specified in the applicable agreement between the Parties.

2. Data Subject Rights

   The Processor shall provide assistance to the Controller in responding to Data Subjects' requests to exercise their rights under the GDPR, including access, rectification, erasure, and data portability.

3. Data Security

   The Processor shall implement appropriate technical and organizational measures to ensure the security and confidentiality of Personal Data. These measures shall comply with the requirements of the GDPR.

4. Data Transfers

   Any transfer of Personal Data outside the European Economic Area (EEA) shall comply with the requirements of the GDPR and shall only be performed with the Controller's prior consent.

5. Sub-processors

   The Processor may engage sub-processors to perform specific processing activities. The Processor shall ensure that such sub-processors are bound by data protection obligations consistent with the terms of this Agreement.

6. Confidentiality

   The Processor shall ensure that all personnel processing Personal Data are subject to confidentiality obligations.

7. Data Breach Notification

   The Processor shall promptly notify the Controller in case of a Personal Data breach.

Duration and Termination

This Agreement shall remain in effect for the duration of the processing activities as specified in the underlying agreement between the Parties. Upon termination or completion of processing, the Processor shall delete or return all Personal Data to the Controller, as specified in the underlying agreement.

Governing Law

This Agreement shall be governed by and construed in accordance with the laws of United Kingdom.

Execution

This Agreement may be executed in any number of counterparts, each of which shall be deemed an original and all of which together shall constitute one and the same instrument.