JDH

5.2 to the extent that you provide us with personal data from the United Kingdom, Switzerland or the EEA in a country or territory outside the EEA that has not received a binding adequacy decision from the European Commission or a national data protection authority, the parties are considered to have subscribed to the EU`s (transformer) standard contractual clauses relating to such a transfer, you are the “data exporter,” we are the “data importer,” the optional clause is removed and the contents of the annexes correspond to the respective content of that data protection authority and the agreement, unless the parties can invoke other appropriate safeguards under data protection legislation (including Article 46 of the RGPD). 1.2. “Data protection laws” are all applicable laws, regulations, ordinances and other state data protection requirements, including the provisions of the European Union (“Eu”), the United Kingdom and the United States. “RGPD”, the European Parliament and Council Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). The terms “person concerned,” “personal data,” “violation of personal data,” “processing” and “subcontractor” have the meanings attributed to them in data protection laws and, when such laws use the term “personal data,” they are read as personal data. 8.1. We record all records required by data protection legislation (including Article 30, paragraph 2, of the RGPD) and make you available if necessary for the processing of personal data. Brexit: On 31 January 2020, the UK ceased its activities as an EU member state and entered a period of implementation during which it remains subject to EU legislation. During this period, the RGPD applies to the UK and the UK generally remains treated as an EU state (and EEA) for data protection purposes in the EEA and the UK. For more information on this period, its duration and data protection legislation, which should apply after the end, see the practice note: Brexit – implications for data protection. 2.7. At the expiry or end of your use of the Services, we will delete or return personal data in accordance with the terms and deadlines set out in the Agreement, unless the EU, the United Kingdom, the Member State or any other applicable law requires continuous storage of personal data. 2.3.

Our processing is subject to this data protection authority. We will be: 5.1. We will ensure that personal data from your country, when transferred to another country, is subject to appropriate safeguards under data protection legislation (including Chapter V of the RGPD). 6.3. The parties take appropriate measures to ensure that any natural person acting under the control of a party has access to personal data only on your advice, unless required by EU, UK or Member State legislation. 6.2. When assessing the appropriate level of security, we consider the risks associated with treatment, including accidental destruction, loss, modification, unauthorized disclosure or access to personal data transmitted, stored or otherwise processed.