Both parties shall comply with all applicable data privacy and protection laws and regulations,
including but not limited to the General Data Protection Regulation (GDPR).
Each party agrees to process personal data only in accordance with the applicable data privacy
laws and solely for the purposes specified in this Agreement. Personal data shall not be
processed for any other purpose without the explicit consent of the data subject or as required
by law.
Both parties shall implement and maintain appropriate technical and organizational measures to
protect personal data against unauthorized or unlawful processing, accidental loss, destruction,
or damage.
Each party shall assist the other in responding to any requests from data subjects to exercise
their rights under applicable data privacy laws, including rights of access, rectification,
erasure, restriction of processing, data portability, and objection to processing.
In the event of a data breach affecting personal data processed under this Agreement, the
affected party shall notify the other party without undue delay and provide all necessary
information and assistance to comply with any legal obligations regarding data breach
notifications.
Personal data shall be retained only for as long as necessary to fulfill the purposes of this
Agreement or as required by law. Upon termination of this Agreement, each party shall delete or
return all personal data processed on behalf of the other party, unless retention is required by
law
