“Applicable Data Protection Laws” means any applicable privacy or data protection legislation or regulations, including but not limited to European Data Protection Laws, and the California Consumer Privacy Act, as amended by the California Privacy Rights Act and its implementing regulations as amended or superseded from time to time (“CCPA”) as well as similar laws adopted in other states. In the event of a conflict in the meanings of defined terms in the Applicable Data Protection Laws, the meaning from the law applicable to the region of residence of the relevant Data Subject applies;

“Controller” shall be interpreted consistent with Applicable Data Protection Laws and includes, at a minimum and where applicable “controller” as that term is defined under European Data Protection Laws and Applicable Data Protection Laws in the U.S. and “business” as the term is defined under the CCPA;

Customer Personal Data means any Personal Data Processed by my-buddy as a Processor on behalf of Customer or Third-Party Controller pursuant to the Agreement;

Data Subject shall be interpreted consistent with Applicable Data Protection Laws, and includes at a minimum and where applicable “data subject” as that term is defined under European Data Protection Laws and “consumer” as the term is defined under the CCPA and Applicable Data Protection Laws in the U.S.;

Data Subject Rights means all rights granted to Data Subjects under Applicable Data Protection Laws, which may include, as applicable, rights to information, access, rectification, erasure, restriction, portability, objection, the right to withdraw consent, and the right not to be subject to automated individual decision-making in accordance with Applicable Data Protection Laws;

Data Transfer means a disclosure of Customer Personal Data by an organization subject to European Data Protection Laws to another organization located outside the EEA, the UK, or Switzerland;

DPA means this Data Processing Agreement;

EEA means the European Economic Area;

European Data Protection Laws means the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the e-Privacy Directive 2002/58/EC (as amended by Directive 2009/136/EC), their national implementations in the EEA, including the European Union, and all other data protection laws of the EEA, the United Kingdom (“UK”), and Switzerland, each as applicable, and as may be amended or replaced from time to time;

EU-US Data Privacy Framework means the adequacy decision laid down in the Commission Implementing Decision of July 10, 2023, pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework, C(2023) 4745 final;

Personal Data shall be interpreted consistent with Applicable Data Protection Laws, and includes at a minimum and where applicable “personal data” as that term is defined under European Data Protection Laws and “personal information” as the term is defined under the CCPA;

Process and Processing shall be interpreted consistent with Applicable Data Protection Laws;

Processorshall be interpreted consistent with Applicable Data Protection Laws, and includes at a minimum and where applicable a “processor” as the term is defined under European Data Protection Laws and “service provider” or “contractor” as those terms are defined under the CCPA;

SCCs means the clauses annexed to the EU Commission Implementing Decision 2021/914 of June 4, 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council as amended or replaced from time to time;

Services means the services provided by my-buddy to the Customer under the Agreement.

Subprocessor means any person appointed by my-buddy to Process Personal Data on behalf of the Customer in connection with the Agreement;

Third-Party Controller means a Controller for which the Customer is a Processor; and

UK Addendum means the addendum to the SCCs issued by the UK Information Commissioner under Section 119A(1) of the UK Data Protection Act 2018 (version B1.0, in force March 21, 2022)