Processing of Personal Data 1.1. With regard to the Processing of Personal Data, You are the controller and determine the purposes and means of Processing of Personal Data You provide to Us (“Controller”) and You appoint Us as a processor (“Processor”) to process such Personal Data (hereinafter, “Data”) on Your behalf (hereinafter, “Processing”). 1.2. The details of the type and purpose of Processing are defined in the Exhibits attached hereto. Except where the DPA stipulates obligations beyond the Term of the Agreement, the duration of this DPA shall be the same as the Agreement Term. 1.3. You shall be solely responsible for compliance with Your obligations under the applicable Data Protection Laws, including, but not limited to, the lawful disclosure and transfer of Personal Data to Us by upload of source data into the Cloud Service or otherwise. 1.4. Processing shall include all activities detailed in this Agreement and the instructions issued by You. You may, in writing, modify, amend, or replace such instructions by issuing such further instructions to the point of contact designated by Us. Instructions not foreseen in or covered by the Agreement shall be treated as requests for changes. You shall, without undue delay, confirm in writing any instruction issued orally. Where We believe that an instruction would be in breach of applicable law, We shall notify You of such belief without undue delay. We shall be entitled to suspend performance on such instruction until You confirm or modify such instruction. 1.5. We shall ensure that all personnel involved in Processing of Customer Data and other such persons as may be involved in Processing shall only do so within the scope of the instructions. We shall ensure that any person Processing Customer Data is subject to confidentiality obligations similar to the confidentiality terms of the Agreement. All such confidentiality obligations shall survive the termination or expiration of such Processing.
Personal Data Registry Operator shall (i) notify each ICANN-‐accredited registrar that is a party to the registry-‐registrar agreement for the TLD of the purposes for which data about any identified or identifiable natural person (“Personal Data”) submitted to Registry Operator by such registrar is collected and used under this Agreement or otherwise and the intended recipients (or categories of recipients) of such Personal Data, and (ii) require such registrar to obtain the consent of each registrant in the TLD for such collection and use of Personal Data. Registry Operator shall take reasonable steps to protect Personal Data collected from such registrar from loss, misuse, unauthorized disclosure, alteration or destruction. Registry Operator shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars.
Customer Data 7.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 7.2 The Supplier will ensure that there are regular back ups of Customer Data. In the event of any loss or damage to Customer Data caused by the Supplier, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). If recovery of Customer Data is required as a result of an issue resulting from the Customer, the Supplier will use all reasonable endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier provided that the Customer pays the Supplier’s reasonable additional Fees for such recovery. 7.3 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under this Contract, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: 7.3.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under this Contract; 7.3.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this Contract on the Customer's behalf; 7.3.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; 7.3.4 the Supplier shall process the personal data only in accordance with the terms of this Contract and any lawful instructions reasonably given by the Customer from time to time; and 7.3.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Customer The agency or eligible user that purchases commodities or contractual services pursuant to the Contract.