This DPA sets out the terms that apply as between us and you when processing and/or transferring Personal Data, as defined below in connection with this Agreement between both Parties.
a. "controller," "processor," "data subject," and "processing" (and "process") shall have the meanings given to them in Applicable Data Protection Law;
b. "Applicable Data Protection Law" means any and all privacy and data protection laws and regulations applicable to the Personal Data in question (in each case, as may be amended, superseded or replaced from time to time);
c. "Personal Data" means any information relating to an identified or identifiable natural person to the extent that such information is protected as personal data under Applicable Data Protection Law.
2. Purposes of processing. The parties acknowledge that in connection with the obligations and undertakings set forth in Clause 2 of this Agreement, both Parties may provide or make available to the other Party Personal Data. Both Parties shall process such Personal Data:
(i) for the purposes described in this Agreement and the PropSpace Real Estate CRM Terms and Conditions (hereinafter “Master Terms”); and/or
(ii) as may otherwise be permitted under Applicable Data Protection Law.
3. Relationship of the parties. Both Parties will process the copy of the Personal Data in its possession or control as an independent controller (not as a joint controller with the other party). For the avoidance of doubt and without prejudice to the foregoing, we shall be an independent controller of any Personal Data that it shares or otherwise makes available to you in connection with the Services being provided by us to you pursuant to the Contract.
4. Compliance with law. Both Parties shall separately comply with its obligations under Applicable Data Protection Law and this DPA when processing Personal Data. Neither party shall be responsible for the other party's compliance with Applicable Data Protection Law.
5. International transfers. Where Applicable Data Protection Law applies to the Personal Data, then neither party shall process any Personal Data (nor permit any Personal Data to be processed) in a territory outside of the area that the Applicable Data Protection Law permits, unless it has taken such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law.
6. Security: Both Parties shall implement and maintain appropriate technical and organizational measures to protect any copies of the Personal Data in their possession or control from (i) accidental or unlawful destruction, and (ii) loss, alteration, or unauthorised disclosure or access (a "Security Incident") and to preserve the security and confidentiality of such Personal Data.
7. Cooperation and data subjects' rights: In the event that both Parties receive: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure, restriction or data port ability, as applicable); or (ii) any other correspondence, enquiry or complaint from a data subject, regulator or other third party in connection with the processing of the Personal Data (collectively, "Correspondence"), then where such Correspondence relates to processing conducted by the other Party, it shall promptly inform the other party and both parties shall cooperate in good faith as necessary to respond to such Correspondence and fulfil their respective obligations under Applicable Data Protection Law.
8. General Provisions:
a. This DPA forms part of the Contract.
b. Capitalized terms used in this Addendum shall have the meanings given to them in Clause 1 of this DPA or the Master Terms.
c. Where there is a discrepancy between any definition or provision of this DPA. And the Master Terms, then the Master Terms shall prevail.
d. This DPA shall survive termination or expiry of the Contract.