Compliance with Data Privacy Laws
- Both parties shall comply with all applicable data privacy and protection laws and regulations, including but not limited to the General Data Protection Regulation (GDPR).
- Each party agrees to process personal data only in accordance with the applicable data privacy laws and solely for the purposes specified in this Agreement. Personal data shall not be processed for any other purpose without the explicit consent of the data subject or as required by law.
- Both parties shall implement and maintain appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.
- Each party shall assist the other in responding to any requests from data subjects to exercise their rights under applicable data privacy laws, including rights of access, rectification, erasure, restriction of processing, data portability, and objection to processing.
- In the event of a data breach affecting personal data processed under this Agreement, the affected party shall notify the other party without undue delay and provide all necessary information and assistance to comply with any legal obligations regarding data breach notifications.
- Personal data shall be retained only for as long as necessary to fulfill the purposes of this Agreement or as required by law. Upon termination of this Agreement, each party shall delete or return all personal data processed on behalf of the other party, unless retention is required by law
