In this Policy:
Controller means Restore plc or any Controller Group Member with whom the Processor has contracted
Controller Affiliate means any company under common control with the Controller
Controller Group Member means the Controller or any Controller Affiliate
Controller Personal Data means any Personal Data processed by a Contracted Processor on behalf of a Controller Group Member pursuant to or in connection with the Principal Agreement
Contracted Processor means the Processor or a Sub-Processor appointed by the Processor
Data means all Personal Data and Special Categories of Data (as defined under GDPR) collected, generated or otherwise processed by Supplier as a result of, or in connection with, the provision of the Services.
Data Protection Laws means:
(a) the General Data Protection Regulation (EU Regulation 2016/679) (GDPR) and any legislation which amends, re enacts or replaces it in England and Wales;
(b) the Privacy and Electronic Communications (EC Directive) Regulations 2003, together with any legislation which replaces them; and
(c) any other data protection laws and regulations applicable in England and Wales from time to time.
Data Protection Officer has the meaning given to it under Article 37 of GDPR.
Data Subject(s) means the identified or identifiable living individual(s) to whom the Data relates and who is the subject of such Data.
EEA means the European Economic Area.
Losses means claims, demands, actions, awards, judgments, settlements, costs, expenses, liabilities, damages and losses (including all interest, fines, penalties, management time and legal and other professional costs and expenses).
Personal Data has the meaning given to it under the Data Protection Laws.
Processor means the Supplier providing services to the Controller
Processor Affiliate means any company under common control with the Processor.
Records means the records referred to in Clause 1.7.1.
Sub Processor means any person (including any third party and any Processor Affiliate, but excluding an employee of the Processor or any of its sub-contractors) appointed by or on behalf of the Processor or any Processor Affiliate to process Data on behalf of the Controller or a Controller Group Member in connection with the Principal Agreement.
Supervisory Authority means any data protection authority with jurisdiction over the processing of the Data.
Technical and organisational security measures mean those measures aimed at protecting Data against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of Data over a network, and against all other unlawful or unnecessarily high-risk forms of processing.