Last updated: April 3, 2023

This Data Protection Addendum, henceforth referred to as the "Addendum", is entered into by and between BRILL MEDIA, henceforth referred to as "Agency Accelerator", and the customer agreeing to this Addendum, henceforth referred to as the "Customer".

This Addendum will be effective from the Addendum Effective Date (as defined below) and replace any previously applicable data protection addendum.

If you are accepting this Addendum on behalf of Customer/Affiliate, you represent and warrant that:

You have read and understood this Addendum

You have the full legal authority to bind yourself, or the applicable entity, to these Terms

You agree, on behalf of the party you represent, to this Addendum.

If you do not have the legal authority to bind Customer, please do not "Sign/Accept/Opt IN".

Intro:This Addendum sets out terms that will apply to Agency Accelerator's processing of the Customer’s Personal Data under the Privacy Policy Agreement executed by Agency Accelerator and the Customer.

Definitions:Terms Defined by the General Data Protection Regulation (GDPR):

A. "Addendum Effective Date" is defined as the date on which Customer clicked to accept or opt-in to this Addendum.

B. "Adequate Country" is defined as a country that is deemed adequate by the European Commission under Article 25(6) of Directive 95/46/EC or Article 45 of GDPR.

C. "Data Subject" is defined as the identified or identifiable person who is the subject of Personal Data.

D. "Personal Data" is defined as any information included in the Customer Data relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural, or social identity.

E. "Processing" is defined by the applicable EU Data Protection Law and "process", "processes" and "processed" will be interpreted accordingly.

F. "Data Controller" is defined as the party that determines the purposes and means of the Processing of Personal Data.

G. "Data Processor" is defined as the party that Processes Personal Data on behalf of or under the instruction of, the Data Controller.

H. "Data Transfer Mechanism" is defined as an alternative data export solution for the lawful transfer of Customer Data (as recognized under EU Data Protection Law) outside the EEA.

I. "Data Protection Laws" are defined with respect to a party, all privacy, data protection, information security-related, and other laws and regulations applicable to such party, including, where applicable, EU Data Protection Law.

J. "Data Protection Authority" is defined as the competent body in the jurisdiction charged with enforcement of applicable Data Protection Law.

K. "EEA" means the European Economic Area, United Kingdom, and Switzerland.

L. "EU Data Protection Law" meansPrior to 25th May 2018, European Union Directive 95/46/EC; and on and after 25th May 2018, European Union Regulation 2016/679 ("GDPR")

M. References to "written instructions" and related terms mean Data Controller’s instructions for Processing of Customer Data, which consist of the terms of the Agreement and this Addendum,
Processing enabled by Data Controller through the Service, and other reasonable written instructions of the Data Controller consistent with the terms of the Agreement.

N. "Model Contracts" are defined as the Standard Contractual Clauses for Processors as approved by the European Commission under Decision 2010/87/EU in the form made accessible in the Agency Accelerator Workspace.

O. "Security Incident" is defined as any unauthorized or unlawful confirmed breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data in the Data Processor’s control.

P. "Sub-processor" is defined as any Third Party engaged by Data Processor or its affiliates to process any Customer Data pursuant to the Agreement or this Addendum.

Q. "Third Party" shall mean any natural or legal person, public authority, agency, or any other body other than the Data Subject, Data Controller, Data Processor, Sub-processors, or other persons who, under the direct authority of the Data Controller or Data Processor, are authorized to Process the data.

R. Other capitalized terms not defined herein have the meanings given in the Agreement.

Terms Defined by Agency Accelerator with Respect to GDPR:

A. "Data Subjects" are defined to include the individuals about whom data is provided to Agency Accelerator via the Services by (or at the direction of) the Customer.

B. "Details of Processing Subject Matter" is defined as the subject matter of the data processing under this Addendum as the Customer Data.