1.1 “Anonymous Data” means Personal Data that has been processed in such a manner that it can no longer be attributed to an identified or identifiable natural person.
1.2 “Authorized Employee” means an employee of Processor who has a need to know or otherwise access Personal Data to enable Processor to perform their obligations under this Addendum or the Terms of Service.
1.3 “Authorized Individual” means an Authorized Employee or Authorized Subcontractor.
1.4 “Authorized Subcontractor” means a third-party subcontractor, agent, reseller, or auditor who has a need to know or otherwise access Personal Data to enable Processor to perform its obligations under this Addendum or the Terms of Service, and who is either (1) related to Exhibit C or (2) authorized by Controller to do so under Section 4.2 of this Addendum.
1.5 “Data Subject” means an identified or identifiable person to whom Personal Data relates.
1.6 “Instruction” means a direction, either in writing, in textual form (e.g. by e-mail) or by using a software or online tool, issued by Controller to Processor and directing Processor to Process Personal Data.
1.7 “Personal Data” means any information relating to Data Subject which Processor Processes on behalf of Controller other than Anonymous Data, and includes Sensitive Personal Information.
1.8 “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.
1.9 “Privacy Shield Principles” means the Swiss-U.S. and EU-U.S. Privacy Shield Framework and Principles issued by the U.S. Department of Commerce, both available at https://www.privacyshield.gov/EU-US-Framework.
1.10 “Process” or “Processing” means any operation or set of operations which is performed upon the Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure, or destruction.
1.11 “Sensitive Personal Information” means a Data Subject’s (i) government-issued identification number (including social security number, driver’s license number or state-issued identification number); (ii) financial account number, credit card number, debit card number, credit report information, with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account; (iii) genetic and biometric data or data concerning health; or (iv) Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation or sexual activity, criminal convictions and offences (including commission of or proceedings for any offense committed or alleged to have been committed), or trade union membership.
1.12 “Services” shall have the meaning set forth in the Terms of Service.
1.13 “Standard Contractual Clauses” means the agreement executed by and between Controller and Processor and attached hereto as Exhibit B pursuant to the European Commission’s decision (C(2010)593) of February 5, 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of protection.
1.14 “Supervisory Authority” means an independent public authority which is established by a member state of the European Union, Iceland, Liechtenstein, or Norway.