In this Agreement, the following terms shall have the meanings set out below and cognate terms shall be construed accordingly:

The terms used in this Agreement shall have the meanings set forth in this Agreement, and their cognate terms shall be construed accordingly. Capitalised terms not otherwise defined herein shall have the meaning given to them in the Principal Agreement. Except as modified below, the terms of the Principal Agreement shall remain in full force and effect.

The terms CommissionCommissionDefined in clause 1.3, ControllerControllerDefined in clause 1.3, Member StateMember StateDefined in clause 1.3, and Supervisory AuthoritySupervisory AuthorityDefined in clause 1.3 shall have the same meaning as in the GDPRGDPRmeans EU General Data Protection Regulation 2016/679Defined in clause 1.1(g) or UK-GDPRUK-GDPRmeans the GDPR as amended by the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 (SI 2019/419)Defined in clause 1.1(v) as context requires, and their cognate terms shall be construed accordingly.

The word includeincludeDefined in clause 1.4 shall be construed to mean includeincludeDefined in clause 1.4 without limitation, and cognate terms shall be construed accordingly.

SupplierSupplierSupplier Pty Ltd warrants and represents that, before any Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) Processes any Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) on behalf of any Merchant Group MemberMerchant Group Membermeans Merchant or any Merchant AffiliateDefined in clause 1.1(k), SupplierSupplierSupplier Pty Ltd's entry into this Agreement as agent for and on behalf of that Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) will have been duly and effectively authorised (or subsequently ratified) by that Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m).

SupplierSupplierSupplier Pty Ltd is a Processor of Personal DataPersonal Datameans any information relating to an Identifiable Natural Person and includes the terms 'personal data' and 'personal information' under any applicable Data Protection LawsDefined in clause 1.1(o) on behalf of the MerchantMerchantTiny Company Pty Ltd.

SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall:

Each Merchant Group MemberMerchant Group Membermeans Merchant or any Merchant AffiliateDefined in clause 1.1(k):

SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall take reasonable steps to ensure that with respect to any Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l), access is strictly limited to those employees, agents or contractors of SupplierSupplierSupplier Pty Ltd, or any Contracted ProcessorContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c), who need to know or access the relevant Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l), as strictly necessary for the purposes of the Principal Agreement, and to comply with Applicable LawsApplicable Lawsmeans : (i) European Union or Member State laws with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; and (ii) the UK Data…Defined in clause 1.1(a) in the context of that individual's duties to the Contracted ProcessorContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c), ensuring that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of ProcessingProcessingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring,…Defined in clause 1.1(n) as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall in relation to the Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate:

In assessing the appropriate level of security, SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall take account of the risks that are presented by ProcessingProcessingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring,…Defined in clause 1.1(n), in particular from a Personal Data BreachPersonal Data Breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processedDefined in clause 1.1(q).

Each Merchant Group MemberMerchant Group Membermeans Merchant or any Merchant AffiliateDefined in clause 1.1(k) authorises SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) to appoint (and permit each SubprocessorSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t) appointed in accordance with clause 6 to appoint) SubprocessorsSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t) in accordance with clause 6 and any restrictions in the Principal Agreement.

SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) may continue to use those SubprocessorsSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t) already engaged by SupplierSupplierSupplier Pty Ltd or any Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) as at the date of this Agreement, subject to SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) in each case as soon as practicable meeting the obligations set out in clause 3.2(b).

SupplierSupplierSupplier Pty Ltd shall give MerchantMerchantTiny Company Pty Ltd prior written notice of the appointment of any new SubprocessorSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t), including full details of the ProcessingProcessingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring,…Defined in clause 1.1(n) to be undertaken by the SubprocessorSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t). If, within the Objection PeriodObjection Period (schedule)has the meaning given by the ScheduleDefined in clause 1.1(p) of receipt of that notice, MerchantMerchantTiny Company Pty Ltd notifies SupplierSupplierSupplier Pty Ltd in writing of any objections (on reasonable grounds) to the proposed appointment.

Neither SupplierSupplierSupplier Pty Ltd nor any Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall appoint (or disclose any Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) to) that proposed SubprocessorSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t) until reasonable steps have been taken to address the objections raised by any Merchant Group MemberMerchant Group Membermeans Merchant or any Merchant AffiliateDefined in clause 1.1(k) and MerchantMerchantTiny Company Pty Ltd has been provided with a reasonable written explanation of the steps taken.

With respect to each SubprocessorSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t), SupplierSupplierSupplier Pty Ltd or the relevant Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall:

SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall ensure that each SubprocessorSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t) performs the obligations under clause 3, clause 4, clause 5, clause 7.1, clause 8.2, clause 9.1 and clause 10.1, as they apply to ProcessingProcessingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring,…Defined in clause 1.1(n) of Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) carried out by that SubprocessorSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t), as if it were party to this Agreement in place of SupplierSupplierSupplier Pty Ltd.

SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) will make available technical and organisational measures for the fulfilment of the Merchant Group MembersMerchant Group Membermeans Merchant or any Merchant AffiliateDefined in clause 1.1(k)' obligations to respond to requests to exercise any Data SubjectData Subjectmeans an Identifiable Natural Person about whom the Merchant or Supplier holds Personal Data and who is subject to the Data Protection LawsDefined in clause 1.1(d) rights under the Applicable LawsApplicable Lawsmeans : (i) European Union or Member State laws with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; and (ii) the UK Data…Defined in clause 1.1(a).

The MerchantMerchantTiny Company Pty Ltd authorises SupplierSupplierSupplier Pty Ltd, each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m), and each Contracted ProcessorContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c) to comply with any request from a Data SubjectData Subjectmeans an Identifiable Natural Person about whom the Merchant or Supplier holds Personal Data and who is subject to the Data Protection LawsDefined in clause 1.1(d) under any Data Protection LawsData Protection Lawsmeans to the extent applicable: (i) the EU Data Protection Laws; (ii) the UK Data Protection Laws; (iii) the US Data Protection Laws; (iv) any data protection or privacy laws of: (A) The Commonwealth…Defined in clause 1.1(e) in respect of Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l).

SupplierSupplierSupplier Pty Ltd shall notify the MerchantMerchantTiny Company Pty Ltd if SupplierSupplierSupplier Pty Ltd, any Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m), or any Contracted ProcessorContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c) receives a request from a Data SubjectData Subjectmeans an Identifiable Natural Person about whom the Merchant or Supplier holds Personal Data and who is subject to the Data Protection LawsDefined in clause 1.1(d) under any Data Protection LawsData Protection Lawsmeans to the extent applicable: (i) the EU Data Protection Laws; (ii) the UK Data Protection Laws; (iii) the US Data Protection Laws; (iv) any data protection or privacy laws of: (A) The Commonwealth…Defined in clause 1.1(e) in respect of Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l).

SupplierSupplierSupplier Pty Ltd shall notify MerchantMerchantTiny Company Pty Ltd without undue delay upon SupplierSupplierSupplier Pty Ltd or any SubprocessorSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t) becoming aware of a Personal Data BreachPersonal Data Breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processedDefined in clause 1.1(q) affecting Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l), providing MerchantMerchantTiny Company Pty Ltd with sufficient information to allow each Merchant Group MemberMerchant Group Membermeans Merchant or any Merchant AffiliateDefined in clause 1.1(k) to meet any obligations to report or inform Data SubjectsData Subjectmeans an Identifiable Natural Person about whom the Merchant or Supplier holds Personal Data and who is subject to the Data Protection LawsDefined in clause 1.1(d) of the Personal Data BreachPersonal Data Breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processedDefined in clause 1.1(q) under the Applicable LawsApplicable Lawsmeans : (i) European Union or Member State laws with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; and (ii) the UK Data…Defined in clause 1.1(a).

SupplierSupplierSupplier Pty Ltd shall co-operate with MerchantMerchantTiny Company Pty Ltd and each Merchant Group MemberMerchant Group Membermeans Merchant or any Merchant AffiliateDefined in clause 1.1(k) and take such reasonable commercial steps as are directed by MerchantMerchantTiny Company Pty Ltd to assist in the investigation, mitigation and remediation of each such Personal Data BreachPersonal Data Breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processedDefined in clause 1.1(q).

SupplierSupplierSupplier Pty Ltd shall maintain a register of all Personal Data BreachesPersonal Data Breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processedDefined in clause 1.1(q) and provide reasonable access to such records as is necessary for the MerchantMerchantTiny Company Pty Ltd to comply with any Applicable LawsApplicable Lawsmeans : (i) European Union or Member State laws with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; and (ii) the UK Data…Defined in clause 1.1(a).

Subject to clause 9.2 and clause 9.4, SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall:

Subject to clause 9.4, MerchantMerchantTiny Company Pty Ltd may in its absolute discretion by written notice to SupplierSupplierSupplier Pty Ltd within 14 days of the Cessation DateCessation Date (inline)Defined in clause 9.1 require SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) to return a complete copy of all Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) to MerchantMerchantTiny Company Pty Ltd by secure file transfer in such format as is reasonably notified by MerchantMerchantTiny Company Pty Ltd to SupplierSupplierSupplier Pty Ltd, or delete and procure the deletion of all other copies of Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) Processed by any Contracted ProcessorContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c). SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall comply with any such written request within 90 days of the Cessation DateCessation Date (inline)Defined in clause 9.1.

Where the Cessation DateCessation Date (inline)Defined in clause 9.1 occurs prior to the expiry of a prepaid term under the Principal Agreement, SupplierSupplierSupplier Pty Ltd shall refund to the MerchantMerchantTiny Company Pty Ltd a pro-rata amount of any prepaid fees, calculated as follows:

Each Contracted ProcessorContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c) may retain Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) to the extent required by Applicable LawsApplicable Lawsmeans : (i) European Union or Member State laws with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; and (ii) the UK Data…Defined in clause 1.1(a) and only to the extent and for such period as required by Applicable LawsApplicable Lawsmeans : (i) European Union or Member State laws with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; and (ii) the UK Data…Defined in clause 1.1(a) and always provided that SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall ensure the confidentiality of all such Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) and shall ensure that such Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) is only Processed as necessary for the purpose(s) specified in the Applicable LawsApplicable Lawsmeans : (i) European Union or Member State laws with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; and (ii) the UK Data…Defined in clause 1.1(a) requiring its storage and for no other purpose.

SupplierSupplierSupplier Pty Ltd shall provide written certification to MerchantMerchantTiny Company Pty Ltd that it and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) has fully complied with clause 9 within 90 days of the Cessation DateCessation Date (inline)Defined in clause 9.1.

Subject to clause 10.2, SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall:

The MerchantMerchantTiny Company Pty Ltd or the relevant Merchant AffiliateMerchant Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Merchant, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(j) undertaking an audit shall give SupplierSupplierSupplier Pty Ltd or the relevant Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) reasonable notice of any audit or inspection to be conducted under clause 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavours to avoid causing (or, if it cannot avoid, to minimise) any damage, injury or disruption to the Contracted ProcessorsContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c)' premises, equipment, personnel and business while its personnel are on those premises in the course of such an audit or inspection. A Contracted ProcessorContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c) need not give access to its premises for the purposes of such an audit or inspection:

If SupplierSupplierSupplier Pty Ltd transfers any Personal DataPersonal Datameans any information relating to an Identifiable Natural Person and includes the terms 'personal data' and 'personal information' under any applicable Data Protection LawsDefined in clause 1.1(o) to SubprocessorsSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t) in countries which do not ensure an adequate level of data protection within the meaning of the Applicable LawsApplicable Lawsmeans : (i) European Union or Member State laws with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; and (ii) the UK Data…Defined in clause 1.1(a), SupplierSupplierSupplier Pty Ltd will take such measures as are necessary to ensure the transfer is in compliance with the Applicable LawsApplicable Lawsmeans : (i) European Union or Member State laws with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; and (ii) the UK Data…Defined in clause 1.1(a).

Addendum 1 to this Agreement sets out certain information regarding the Contracted ProcessorsContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c)' ProcessingProcessingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring,…Defined in clause 1.1(n) of the Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) as required by article 28(3) of the GDPRGDPRmeans EU General Data Protection Regulation 2016/679Defined in clause 1.1(g) (and equivalent requirements of other Data Protection LawsData Protection Lawsmeans to the extent applicable: (i) the EU Data Protection Laws; (ii) the UK Data Protection Laws; (iii) the US Data Protection Laws; (iv) any data protection or privacy laws of: (A) The Commonwealth…Defined in clause 1.1(e)). Nothing in Addendum 1 (including as amended pursuant to clause 12) confers any right or imposes any obligation on any party to this Agreement.

SupplierSupplierSupplier Pty Ltd and each Supplier AffiliateSupplier Affiliatemeans an entity that owns or controls, is owned or controlled by or is or under common control or ownership with Supplier, where control is defined as the possession, directly or indirectly, of the…Defined in clause 1.1(m) shall provide reasonable assistance to each Merchant Group MemberMerchant Group Membermeans Merchant or any Merchant AffiliateDefined in clause 1.1(k) with any data protection impact assessments, and prior consultations with Supervisory AuthoritiesSupervisory AuthorityDefined in clause 1.3 or other competent data privacy authorities, which MerchantMerchantTiny Company Pty Ltd reasonably considers to be required of any Merchant Group MemberMerchant Group Membermeans Merchant or any Merchant AffiliateDefined in clause 1.1(k) by article 35 or 36 of the GDPRGDPRmeans EU General Data Protection Regulation 2016/679Defined in clause 1.1(g) or equivalent provisions of any other Data Protection LawsData Protection Lawsmeans to the extent applicable: (i) the EU Data Protection Laws; (ii) the UK Data Protection Laws; (iii) the US Data Protection Laws; (iv) any data protection or privacy laws of: (A) The Commonwealth…Defined in clause 1.1(e), in each case solely in relation to ProcessingProcessingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring,…Defined in clause 1.1(n) of Merchant Personal DataMerchant Personal Datameans any Personal Data Processed by a Contracted Processor on behalf of a Merchant Group Member pursuant to or in connection with the Principal AgreementDefined in clause 1.1(l) by, and taking into account the nature of the ProcessingProcessingmeans any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring,…Defined in clause 1.1(n) and information available to, the Contracted ProcessorsContracted Processormeans Supplier or a SubprocessorDefined in clause 1.1(c).

To the extent that SupplierSupplierSupplier Pty Ltd processes any personal data under this Agreement that originates from a GDPR ZoneGDPR Zonemeans : (i) The European Economic Area with respect to any Merchant Personal Data in respect of which any Merchant Group Member is subject to EU Data Protection Laws; or (ii) The United Kingdom of…Defined in clause 1.1(h) to a country that has not been designated by the CommissionCommissionDefined in clause 1.3 as providing an adequate level of protection for personal data, the parties agree to enter into the Standard Contractual ClausesStandard Contractual Clausesmeans : (i) the European Commission's Standard Contractual Clauses for the transfer of personal data from the European Union to processors established in third countries (controller-to-processor…Defined in clause 1.1(s), which are hereby incorporated into and form part of this Agreement. The parties hereby agree that:

SupplierSupplierSupplier Pty Ltd is a "Service Provider" for the purpose of any relevant US Data Protection LawsUS Data Protection Lawsmeans the CCPA, the Colorado Privacy Act, Colorado Rev. Stat. 6-1-1301 et seq. (the CPA); the Connecticut Act Concerning Personal Data Protection and Online Monitoring, Conn. PA 22-15 § 1 et seq.…Defined in clause 1.1(w). The MerchantMerchantTiny Company Pty Ltd discloses personal data to SupplierSupplierSupplier Pty Ltd solely for:

To the extent that any US Data Protection LawsUS Data Protection Lawsmeans the CCPA, the Colorado Privacy Act, Colorado Rev. Stat. 6-1-1301 et seq. (the CPA); the Connecticut Act Concerning Personal Data Protection and Online Monitoring, Conn. PA 22-15 § 1 et seq.…Defined in clause 1.1(w) apply, SupplierSupplierSupplier Pty Ltd will not, and will not authorise its SubprocessorsSubprocessormeans any person (including any third party and any Supplier Affiliate, but excluding an employee of Supplier or any of its sub-contractors) appointed by or on behalf of Supplier or any Supplier…Defined in clause 1.1(t) to, re-identify any de-identified, anonymized, or pseudonymized data derived from personal data that is Processed by SupplierSupplierSupplier Pty Ltd on behalf of the MerchantMerchantTiny Company Pty Ltd, unless instructed by MerchantMerchantTiny Company Pty Ltd in writing.