In this DPA, capitalized terms and phrases have the meanings indicated below, which are applicable to both the singular and the plural thereof. Any other term not defined in this DPA shall have the same meaning as that attributed to it in the main body of the Terms above or else in the GDPR or in other Applicable Data Protection Laws.
“2021 SCCs” means, in relation to the Processing of personal data pursuant to the EU Data Protection Law, the standard contractual clauses for the transfer of personal data established in Third Countries, as approved by the European Commission from time to time, the approved version of which is the one set out in the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, available here.
“Applicable Data Protection Laws”: means any and all applicable privacy and data protection laws and regulations, including without limitation, where applicable, EU Data Protection Law, the California Consumer Privacy Act of 2018 (“CCPA”) and similar state laws in effect at any time during the Term, the Brazilian General Personal Data Protection Law (“LGPD”), etc., as amended, complemented or superseded from time to time.
“EU Data Protection Law”: means the (i) EU General Data Protection Regulation (Regulation 2016/679) (“GDPR”); (ii) the EU e-Privacy Directive (Directive 2002/58/EC), as amended (“e-Privacy Law”); (iii) the Data Protection Act 2018 (“UK GDPR”); (iv) the Swiss Federal Act on Data Protection (“LPD”), and (v) any national or European data protection laws made under, pursuant to, amending, replacing or succeeding (i), (ii), (iii) or (iv).
“Personal Data”: means any information relating to an identified or identifiable natural person (hereinafter, a “Data Subject”), directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, or as such term or its equivalent may be otherwise defined under the Applicable Data Protection Laws. In particular, any reference to Personal Data shall include reference to Personal Information as the latter is defined under the CCPA.
“Processing” means the Third-Party Personal Data processing entrusted to Dailymotion and described in Section 3 of this DPA.
“Sub-Processor” has the definition attributed to it in the GDPR, and in this case means specifically any Sub-Processor engaged by Dailymotion (or any of their Sub-Processors) who, receives from Dailymotion any Third-Party Personal Data exclusively intended for carrying out data Processing operations entrusted by You under the present DPA. Additionally, any company that is member of the group of companies to which Dailymotion belongs and which may be involved such Processing of Third-Party Personal Data shall also be considered as a Sub-Processor under this DPA.
“Supervisory Authority” means the independent public authority responsible for monitoring the application of Applicable Data Protection Laws in each applicable country in order to protect the fundamental rights and freedoms of natural persons with respect to data Processing and to facilitate the free flow of data within the applicable country. In France, the competent supervisory authority is the “Commission Nationale de l’Informatique et des Libertés” (CNIL).
“Third Countries” means (a) for the purpose of application of the EU Data Protection Law: a country which: (i) is not part of the European Economic Area (“EEA”); and (ii) is not subject of a formal adequacy decision of the European Commission (“EC”) taken in accordance with Art. 25 (6) of Directive 95/46/EC of the European Parliament and the Council of the European Union or Art. 45 (3) of GDPR, recognizing that the country ensures an adequate level of protection of Personal Data; and (iii) is not subject to a formal Swiss adequacy decision, and (iv) is not subject to UK adequacy decision, and b) for the purpose of application of the LGPD: a country outside of Brazil and not considered as providing adequate protection.When Personal Data is transferred to the US, and during the validity of the DPF under the applicable EC adequacy decision, the term “Third Country” refers to transfers to entities that do not participate in the Data Privacy Framework (“DPF”).
“UK Addendum” means the terms complementing the 2021 SCCs as adapted under the UK GDPR and available here.
沒有留言:
張貼留言