1. Definitions 1.1 “Controller” and “Processor” each have the meaning given to it in the GDPR. 1.2 “Customer Data” is defined in the Agreement as “Customer Data” or “Your Data.” 1.3 “Data Protection Laws and Regulations” means all laws and regulations, including laws and regulations of the European Union, the European Economic Area and their member states, Switzerland and the United Kingdom, applicable to the Processing of Personal Data under the Agreement. 1.4 “Data Subject” means the identified or identifiable person to whom Personal Data relates. 1.5 “GDPR” means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 1.6 “Personal Data” means personal data (as defined in the GDPR) that is uploaded or submitted to the Services by Customer. 1.7 “Processing” has the meaning given in the GDPR. 1.8 “Security Documentation” means RELAYTO LIMITED’s security documentation applicable to the Services, as updated from time to time. 1.9 “Standard Contractual Clauses” or “SCC” means the agreement executed by and between Customer and Service Provider and attached hereto pursuant to the Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (Module Two). 1.10 “Sub-processor” means any Processor engaged by RELAYTO LIMITED. 1.11 “Supervisory Authority” means an independent public authority which is established by an EU Member State pursuant to the GDPR. 2. Processing of personal data 2.1 Roles. Customer is the Controller and RELAYTO LIMITED is the Processor with regard to the Processing of Personal Data under the Agreement. 17 of 52