LAST UPDATED: 02/06/2024
This Data Processing Addendum along with the exhibits thereto (collectively referred to as “DPA”) supplements the agreement signed by and between ATLAS LABS LIMITED, a company incorporated in England and Wales under company number 13988976 and having its registered offices at 71-75 Shelton Street Shelton Street, London, England, WC2H 9JQ (“Popp AI”) and the Customer, defined in the (“Agreement”) and is incorporated by reference.
This DPA contains terms to ensure that adequate safeguards are in place with respect to the protection of Personal Data to be processed by Popp AI in the delivery of the Service for the Purpose pursuant to the Agreement, as required by the Applicable Data Protection Laws. Any terms not defined in this DPA shall have the meaning set forth in the Agreement. Except as modified below, this DPA automatically expires upon deletion of all Personal Data as described herein. Popp AI reserves the right to modify or update this DPA in its sole discretion. Customer’s acceptance of such modifications and/or updates shall be indicated by Customer’s continued use of the Service and shall be effective immediately.
THIS DATA PROCESSING ADDENDUM will take effect as of the Effective Date of the Agreement, between Customer and Popp AI.
1.1. The following expressions are used in this DPA:
(a) "Non-Adequate Country" means a country or territory that is not recognized under the GDPR or the UK GDPR, as applicable, as providing adequate protection for personal data;
(b) “CCPA” means including the California Consumer Privacy Act of 2018 and any binding regulations promulgated thereunder;
(b) "Data Protection Laws" means any applicable local, national or international laws, rules and regulations related to privacy, security, data protection, and/or the processing of Personal Information, as amended, replaced or superseded from time to time, including but not limited to EU/UK Data Protection Laws and United States Data Protection Laws;
(c) EU/UK Data Protection Laws” means the GDPR and the UK GDPR and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them;
(d) "GDPR" means the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679);
(e) "Personal Data" means all data which is defined and regulated as ‘Personal Data’ in the EU Data Protection Laws and that Popp AI processes on behalf of Customer in connection with the Service;
(f) "UK GDPR" means the United Kingdom General Data Protection Regulation;
(g) "United States Data Protection Laws" means any United States’ state or federal data protection law as such law may be amended, replaced, or consolidated from time to time, including but not limited to the CCPA;
(h) "processing", "data controller", "data subject", "supervisory authority" and "data processor" will have the meanings ascribed to them in the UK GDPR.
2.1 The Agreement(s) determines the subject matter and the duration of Popp AI’s processing of Personal Data, as well as the nature and purpose of any collection, use and other processing of Personal Data (collectively, the “Particulars”) and the rights and obligations of Customer. Appendix 1 to the Standard Contractual Clauses specifies the Particulars and will apply to all processing of Personal Data subject to this DPA, regardless of whether such processing is subject to Section 8 of this DPA.
2.2 In respect of the parties' rights and obligations under this DPA regarding the Personal Data, the parties hereby acknowledge and agree that (a) for Customer Personal Data, Customer is the Data Controller and Popp AI is the Data Processor and accordingly, (b) for End Customer Personal Data, End Customer is the Data Controller, Customer is the Data Processor and Popp AI is the Data Processor or subprocessor. For the avoidance of doubt Partner(s) will be a Data Processor of End Customer Personal Data.
2.3 Popp AI agrees that it will process all Personal Data in accordance with its obligations pursuant to this DPA.
2.4 Each of Popp AI and Customer will notify each other of one or more individuals within its organisation authorised to respond from time to time to enquiries regarding Personal Data and each of Popp AI and Customer will deal with such enquiries promptly.