Appendix A - Terms and Conditions
1	Service Provided
The All-Channel Business Communication Solution (“the Service”) for which we will be responsible for providing and maintaining, will be used by [Name]. We can provide the Service to you in multiple offices and jurisdictions, if required, and in compliance with our Service Level Agreement as set out in Appendix C. You will be responsible for providing broadband communications in the offices and locations serviced under this Agreement and we both agree our joint responsibilities in the delivery of the Service as set out in Appendix D.
2	Duration
This Agreement will be effective as of the date hereof for a period of [Contract Length] from this contract date (“the Minimum Term”) and thereafter will roll over on for a further period of twelve (12) months on each subsequent anniversary. The Agreement can be terminated at the end of the Minimum Term by either party serving the other a minimum of 120 days’ notice in advance in writing if not terminated under Clause 8 or at any time after the initial roll over by either party serving on the other a minimum of 120 days’ notice in advance in writing if not terminated under Clause 8. 
3	Payment and Taxes
3.1.	Payment Options
The Product is available in EUR, GBP, USD, CAD, NZD & AUD and is priced per user per month unless otherwise stated. Once agreed, all your current Service requirements and chosen currency are set out in Clause 2. Any new Service requirements are simply added to your account and billed in the next monthly invoice.  
3.2.	Service Fees
3.2.1.	Once-Off Set Up Fees
Once you sign up as a customer, we extend the global capacity on our cloud platform which incurs a Once-Off Set Up fee which we will charge to you as set out in Clause 2. The Once-Off Set Up Fee will be provided to you as part of your initial invoice and is payable once you accept this Agreement unless otherwise agreed. 
3.2.2.	Service Subscription Fees
Service is payable monthly in advance unless otherwise agreed as set out in Clause 2. Service is live on your account once your users have been provisioned and have received their welcome email (the ‘Services Live Date’). It will be agreed between us within the accompanying statement of work (‘SoW’) when the Services Live Date is. This date is also when your initial service subscription fee will be applied from (the ‘Billing Live Date’). It will be agreed between us in the SoW if the Services Live Date is delayed due to user acceptance testing (‘UAT’) not being completed, then the Billing Live Date will also be delayed. It will also be agreed between us in the SoW if the Services Live Date is delayed by you after User Acceptance Testing has been completed, then the Billing Live Date will remain unchanged. 
3.2.3.	 Call & SMS Charges
o	The call charges per minute per destination and SMS per message per destination are provided separately. 
o	Call charges and SMS are paid as you use monthly in arrears. 
o	Inbound call charges may apply depending on the numbers you are using, and we will advise on any costs when you order the numbers. 
o	It is agreed that the call & SMS charges will not increase, and the price may fall in line with the wholesale market. 
3.2.4.	VAT
In addition to the above charges, VAT at the prevailing rate will be added if applicable. This will depend on your jurisdiction and in some cases, you may need to account for VAT. You must provide your VAT number, if available, as part of the Agreement. 
3.2.5.	Add or Remove Users & Phone Numbers
You can add and delete users as you require. Each user has an extension and in the case of removing a user, their extension will be disabled. You can also add and delete phone numbers as you require. In the case of an extension being disabled or a number being deleted, you must give us one month’s notice and the cost will be removed at the next relevant monthly subscription billing period. If you then add a user after previously removing a user, you will only be charged the subscription fee and not a new user one off provisioning fee. In the case of a user or a number being added, it will be billed immediately as part of the current month’s subscription on a pro rate basis. It may include a new user provisioning fee if you have no spare or previously disabled extensions. If you choose to terminate the Agreement by serving a notice of 120 days in advance, it is agreed that you will pay for a minimum number of users up to the termination date which will equate to the number of live users in the month prior to the notice being served. 
3.3.	IP Phone Delivery
If you require IP Phones, we require 15 business days from the receipt of payment of the first invoice to deliver and provision your IP Phones.  We will provide support for any IP Phones ordered through us. We are not responsible for supporting IP Phones you order through a 3rd party supplier. 
3.4.	Billing 
A monthly invoice will be sent to you at the email address provided on the 1st of every month and are payable within 10 business days. The monthly invoice will include all service subscription fees for Services to be delivered for the following month, quarter, or year if applicable and all Call & SMS charges from the previous month.  
3.5.	Payment
The invoices must be paid automatically by credit card, direct debit, or bank transfer as agreed in Appendix A. We reserve the right to take a deposit equaling 1.5 times your latest monthly invoice. 
3.6.	Termination for Non-Payment 
Any invoices not paid on the terms herein may result in the suspension or termination of the Services with prior notice to you. We shall not be liable to you for any losses whatsoever or howsoever incurred by you arising from such a suspension or termination.
4	Number Porting
4.1.	Number Options
You can use your existing phone numbers or request new phone numbers from us. We will not charge you for the porting of your existing numbers to us, however we will only port numbers on a best effort’s basis. 
4.2.	Porting Process
If the numbers belonging to you are currently ‘on-net’ (that is, aligned with our current global reach) we will undertake the following: 
o	Start the porting process by having you fill in the Customer Authorization Form (CAF) and start the porting journey,
o	Offer you numbers  to which you can forward your current numbers to in order use the Services  immediately.
4.3.	Off-Net Numbers
If the numbers belonging to you are ‘off-net’ then we offer our off-net capability which incurs monthly and minute-rate charges for inbound calls. If you do not want to pay for inbound call charges, then you will need to do one of the following:
o	Take new numbers from us and start using them whilst at the same time, wind down the old numbers use on the company livery.
o	Make the call forwarding position a permanent scenario.
4.4.	Call Forwarding Requirement 
Any number porting required takes place after the Services Live Date. It is envisaged that you will use call forwarding on inbound calls on the Services Live Date until such point as porting has taken place. Any numbers required for call forwarding are billable.
4.5.	Porting Best Efforts 
Due to the nature of porting we cannot give you any warranty as to when numbers will be ported to the us. In the event of a delay in the porting of numbers it shall be a matter for you to contact your previous telecommunications supplier to ensure a timely porting of all numbers.  We do not accept liability in relation to any delay in the porting of numbers.
 
5	Specific Compliance Requirements
Subject to clause 8.5, we shall not compensate you for costs, liabilities and actions arising from or connected with loss or damage suffered by you as a result of our breach of this agreement, negligence or breach of duty. No compensation shall be payable in respect of the Service except as stated in the Service Level Agreement.
6	Security
6.1.	Fraudulent Calls
We take no responsibility for fraudulent calls made from your user extensions. 
6.2.	Responsibility 
It is your responsibility to ensure the security of every user extension.
7	Data Protection and Privacy Policy
We are dedicated to respecting you and your users’ privacy and to complying with all applicable data protection and privacy laws including General Data Protection Regulation (‘GDPR’) for data held in the EU. Our Data Processing Agreement is set out in Appendix E.
8	Termination
8.1.	Circumstances 
Either you or we will be entitled to terminate this Agreement forthwith by written notice to the other ("the defaulting party") if;
o	The defaulting party commits any continuing or material breach of this Agreement, but in the case of a breach which is capable of remedy the defaulting party must have been given a 14 day notice to remedy the breach and have failed to do so;
o	An encumbrancer or administrator takes possession or a receiver or administrative receiver is appointed over any of the defaulting party's property or assets;
o	The defaulting party makes any voluntary arrangement with its creditors or becomes subject to an administration order;
o	The defaulting party goes into liquidation (except for the purposes of an amalgamation, reconstruction or other re-organization approved in writing by the innocent party); 
o	The defaulting party ceases, or threatens to cease, to carry on business.
o	Your actions put us in breach of the terms of our suppliers allowing us to terminate.
o	The Services we provide fail to meet the Service availability as defined in the Service Level Agreement allowing you to terminate provided we are allowed 30 days to rectify any breach. 
8.2.	Termination by Law
We may terminate this Agreement if the Services are prohibited by applicable law, or become impractical or unfeasible for any technical, legal or regulatory reason, provided it is within our Service Level Agreement, by giving you as much prior notice as reasonably practicable.
8.3.	No Prejudice
Termination of this Agreement on any of the terms of this clause will not prejudice any right or remedy of either party in respect of the breach concerned (if any) or any antecedent breach.
8.4.	Survival
Upon termination of this Agreement for any cause or reason whatsoever, neither party shall have any further rights or obligations under this Agreement, except as expressly set forth herein. The provisions of Clauses 5, 7 and 9 of this Agreement shall survive the expiration or termination of this Agreement for any cause or reason whatsoever, and, notwithstanding the expiration or termination of this Agreement, the parties shall each remain liable to the other for any indebtedness or other liability theretofore arising under this Agreement. Termination of this Agreement and retention of Subscription Fees paid in advance shall be in addition to, and not be in lieu of, any other legal or equitable rights or remedies to which we may be entitled. 
8.5.	Refund
If we terminate the Agreement under Clause 8.3 or you terminate the Agreement under Clause 8.1 or 8.2, we shall return to you, and you shall accept, as your sole and exclusive remedy for our breach of the Agreement, any Subscription Fees paid in advance by you hereunder attributable to the Service not yet rendered as of the date of termination.
9	Modifications, New Releases and Maintenance 
9.1.	Process
You may make suggestions to us for modifications to the Service that we may, at our sole discretion, incorporate in future new releases. Where modifications are made to Service at your suggestion, we reserve the right to charge for the modification and you agree to pay us any fees for modifications made to the Service where agreed. Throughout the term of this Agreement we at our sole discretion may from time to time make maintenance releases to the Service. Throughout the term of this Agreement we at our sole discretion may from time to time make new releases of the Service available to you. We will give you no less than 10 days advanced notice of any modification, maintenance release or new release etc.
10	General
10.1.	Assignment 
This Agreement (or any part of it) will not be assigned or sub-contracted by either of us without the written consent of the other, which will not be unreasonably withheld. 
10.2.	Waiver
A waiver by a party of any breach of this Agreement will not be considered as a waiver of any subsequent breach of the same or any other provision.
10.3.	Entire Agreement 
This Agreement contains the entire agreement between you and us with respect to its subject matter and supersedes all previous agreements including any contradictory terms set out in any previous correspondence.
10.4.	Changes
Changes to this Agreement will only be made in writing signed by authorized signatories of you and us.
10.5.	Continuing Effect
The provisions of this Agreement that are clearly intended to have continuing effect will continue in full force and effect following its termination (e.g. confidentiality).
11	Exclusion of Warranties and Liability
11.1.	No Warranties 
We make no warranties, express or implied, concerning the Services or associated documentation including, but not limited to, warranties of merchantability or fitness for a particular purpose and all warranties and conditions that might but for this clause have effect, either expressly or impliedly, between you and us are agreed to be excluded to the fullest extent permitted by law. 
11.2.	No Liability
Neither party shall be liable to the other for any indirect or consequential damages, including, without limitation, loss of business or profits, whether arising from negligence, breach of contract or otherwise.
12	Notices
We or you may serve a notice under this Agreement at either the registered office or nominated business address of the other party, and notice will be deemed to have been served once sent by email. 
13	Applicable Law
This Agreement is governed by Irish Law and the parties hereby submit the exclusive jurisdiction of the Irish Courts.
Appendix B - Payment Method
Confirmed payment method is [ctt_PaymentMethod].
For any monthly subscriptions of less than €1,500 or equivalent, payment method must be by Credit Card or SEPA direct debit. 
Credit Card Payment
Once you receive your first invoice, you will be able to login to our billing system and provide your credit card details to allow automatic payments. 
SEPA Direct Debit
Please print and complete the Direct Debit mandate that is sent separately and please return the original signed copy to us at our address.
Bank Transfer Payment
If paying by bank transfer, please note the terms of Clause 3 in relation to late payment of invoices. We recommend you choose Direct Debit or Credit Card for automatic payment.
EURO	Bank: Bank of Ireland Business Banking
Account Number: 22244700
National Sort Code: 90-00-84
IBAN: IE23BOFI90008422244700
GBP	Bank: Bank of Ireland 
Account Number: 5949 3292
National Sort Code: 90-48-86
IBAN: GB93 BOFI 9048 8659 4932 92
USD	Bank: Bank of Ireland Global Markets
Account Number: 71826002	
IBAN: IE48BOFI90139471826002
AUD	Bank: Bank of Ireland Global Markets
Account Number: 71826003
BIC: BOFI IE 2D
IBAN: IE21BOFI90139471826003
CAD	Bank: Bank of Ireland Global Markets
Account Number: 71826005
BIC: BOFI IE 2D
IBAN: IE64 BOFI 9013 9471 8260 05
NZD	Bank: Bank of Ireland Global Markets
Account Number: 71826006
BIC: BOFI IE 2D
IBAN: IE37 BOFI 9013 9471 8260 06
Appendix C - Service Level Agreement
Our Commitment to You
o	We commit that the core call flow processing will be available for a minimum of 99.9999% of the time 24/7. 
o	We commit that the our global communications network will be available for a minimum 99.9% of the time 24/5 and a minimum 95% of the time at the weekend (to reflect wholesale network provider commitments). Whilst the network SLA is 99.9%, it can be 95% out-of-hours if reach into troublesome areas (war, disasters etc) is needed.
o	We commit to making enough capacity available to you so that the scheduled number of expected communications can be processed simultaneously.
o	All availability commitments are contingent upon your required IT services being available. Performance will not be measured whilst your systems are unavailable to us or where changes that impact our interface have been made without our prior knowledge. Notice of changes that affect our interfaces to your systems must be made to us at least 14 days in advance.
o	We will give at least 72 hours-notice of any planned down time of the service that is likely to last for more than 5 minutes and that the system will never be intentionally taken down during normal business hours.
o	We commit to upgrading our technology infrastructure within 28 days if more than 80% of our capacity is used on any two days in an eight-day period.
o	We will use our reasonable commercial efforts to rectify any bug that you report to us via email within 48 hours but we cannot guarantee that every bug will be capable of being rectified within this period or at all.
o	Support hours are 09:00 - 17:00 Monday - Friday local time excluding bank holidays, when 24/7 support is not included in the contract.
o	We will address any fault that you report to us according to the following schedule on a best efforts basis with the initial response time based on when we are first informed by you of the issue and the priority response level has been agreed:
Incident Management Response Agreement
  Severity 	  Response	  Update frequency*
  1 - Urgent	  1 hour	  30 minutes 
  2 - High	  2 hours	  1 hour
  3 - Normal	  4 hours	  8 hours
  4 - Low	  8 hours	24 hours
* To be followed when no other schedule has been agreed with the contact person for the ticket in question.
Incident Severity Matrix
All Sites	One Site	One User
Complete Failure
This is a major fault which is business affecting such as complete loss of service, severe errors, or data loss.	1 Urgent	2
High	3
Normal
Partial Failure
This is a major fault which is not business affecting, such as the loss of an inbound or outbound service and for which a backup exists.	2
High	3 Normal	4
Low
Reporting / Enquiry
This is an enquiry about an issue which is not service affecting or a configuration change.	3 Normal	4
Low	4
Low

If the service availability from Monday to Friday for a specific calendar month is below the guaranteed level, excluding Scheduled Maintenance time, we will credit your account as per the grid below. 
SA=	(Total Minutes in the Month – Minutes of Service Outage)
	Total Minutes in the month
 Service availability is calculated as follows:
SA (Monthly)	Penalty (Monthly)
< 97.0%	15% of monthly cost of service
97.9% - 97.0%	10% of monthly cost of service
98.9% - 98%	5% of monthly cost of service

To receive a refund for downtime, you must be in good standing with us (i.e. all accounts are up to date and you are not in breach of the Agreement). Monthly penalties will be applied to the following month’s invoice. If you have terminated this Agreement in accordance with Clause 8.1 or 8.2, and the SLA is breached in the month prior to the termination, we will make a payment to you in line with the monthly penalty payable. 
Appendix D - Responsibilities
Service provisioning & set up responsibilities
Our Responsibility
o	We will provision and provide the Service as described above.
o	We will deliver the IP Desk Phones, if required, pre-configured for each user extension. 
o	We will support you remotely during the set-up process including following the customer on-boarding protocol.
o	We will provide technical and customer support as per the SLA and the support protocol document.
o	We will provide online training or onsite training as requested by you as part of your requirements.
Your Responsibility
o	You will provide the network capability including enough bandwidth to 92KB per concurrent call and 250KB per concurrent video call. 
o	You will provide an in-house or external IT resource who will be responsible for the following: 
o	Setting Quality of Service and turning off any NAT Helper such as ALG on the network
o	Unboxing, setting up and plugging in the delivered IP Desk Phones
Appendix E - Data Processing Agreement
1	Instructions 
In this Data Processing Agreement you shall act as Data Controller and we shall act as Data Processor, regarding any Personal Data.  You hereby instruct us to carry out the Processing Services. When carrying out the Processing Services, we shall only process Personal Data in accordance with the instructions from you and only for the purposes authorized by you.  Data will only be kept for clear and legal purposes.  All Data will be processed fairly and in keeping with the purpose for which it was obtained.  The Data collected by us shall only be the Data provided by you which can include employee names, extension numbers, DDI, email addresses and how you or your employees use the services including recorded communication data relating to SMS, Calls, Chat and Video.  
You shall make available the appropriate power of attorney, for us to act on your behalf regarding the signing of the standard contractual clauses, after you approve specifically and in writing any relevant sub-processor.  You shall ensure that you have the proper authority to furnish Data to us relating to you or your employees.
We will use the Data for administering and managing the service provided to you which shall include quality of service monitoring, providing you with information about the service, conducting market research and analysis to enhance the service on offer, sending you communications and newsletters, notifying you about changes to products and services and verifying your identity.
Certain non-personal Data collected may be transferred to third parties in connection with operating our business.  By submitting Data (including personal Data) you agree to the transfer, storing and processing of this Data by us.  Data may be disclosed by us to our professional advisors to seek advice, service providers such as payment processors, delivery service providers, technology providers and our business partners.
2	Applicable Law
2.1.	
When carrying out the obligations under the Agreement, we shall comply with all Applicable Data Protection Laws including the General Data Protection Regulation (GDPR) (EU) (2016/679) and further with Applicable Data Processor Laws.
2.2.	
We shall deal promptly and appropriately with your requests for assistance to ensure compliance of the processing of the Personal Data with Applicable Data Protection Laws.  
If we:
a.	determine we are unable for any reason to comply with our obligations under this Agreement and we cannot cure this inability to comply; or;
b.	become aware of any circumstance or change in the Applicable Data Protection Laws, that is likely to have a material adverse effect on our ability to meet our obligations under this Data Processing Agreement;
2.3.	
We shall promptly, but within 24 hours if possible, notify you thereof, in which case you will have the right to temporarily suspend the Processing Services until such time the Processing Services are adjusted in such a manner that the non-compliance is remedied. To the extent such adjustment is not possible within thirty (30) days, you shall have the right to terminate the relevant part of the Processing Services by us.
3	Security
We shall implement appropriate technical, physical and organizational security measures to protect Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, and against all other forms of unlawful Processing Services (including, but not limited to, unnecessary collection or further Processing Services). These measures shall, taking into account the state of the art and the costs of the implementation and execution of the measures, ensure an adequate level of protection taking into account the risks involved in the Processing Services and the nature of the Personal Data to be secured. 
4	Non-Disclosure & Confidentiality 
We shall keep Personal Data confidential and shall not Disclose Personal Data in any way to any Third Party without your prior written approval, except where in accordance with the Agreement, (i) the Disclosure is necessary for the normal and expected performance of the Processing Services, or (ii) where Personal Data need to be Disclosed to a competent public authority to comply with a legal obligation.
4.1.	
We shall for a minimum period of six (6) months, unless Applicable Data Protection Laws provides otherwise, keep a record of any Disclosure that is made, including, but not limited to:
a.	Name and address of the third Party to which Personal Data was Disclosed;
b.	Personal Data which was Disclosed;
c.	Date and time on which Personal Data was Disclosed; and
d.	Purpose of Disclosure. 
We shall provide staff access to Personal Data only to the extent necessary to perform the Processing. We shall provide our staff (employees and if applicable hired personnel) access to Personal Data only to the extent necessary to perform the Processing Services. We shall ensure that any staff we authorise to have access to Personal Data Processed on our behalf, shall respect, and maintain the confidentiality and security of such Personal Data.
5	Sub-Processors
We shall not permit sub-processors to Process Personal Data without your prior written consent. Any authorisation by you to use any sub-processor, is on the condition that we remain fully liable to you for the sub-processor's performance of the contract, as well as for any acts or omissions of the sub-processor in regard of its Processing Services.  
6	Notifications
6.1.	
We shall promptly, and in any case within twenty-four (24) hours where possible, inform you if: 
a.	we receive an inquiry, a subpoena or a request for inspection or audit from a competent public authority relating to the Processing Services, unless we are otherwise prohibited by law from making such disclosure.
b.	we intend to Disclose Personal Data to any competent public authority. 
c.	if we detect or reasonably suspects that a material data Security Breach has occurred. 
Such notice shall be sent per e-mail to the Customer Contract Manager, with a copy to your Legal Department. In case of a Data Security Breach, we shall take adequate remedial measures as soon as possible. Furthermore, we shall without undue delay , provide you with all relevant information (that can be provided in that time frame, due to the difficulty and complexity of the breach) as requested by you regarding the any relevant Data Security Breach but at all times regarding any Security Breach. We shall fully cooperate with you to develop and execute a response plan to address the relevant Security Breach. We shall at your request cooperate adequately, informing the Individuals involved. 
7	Co-operation, Complaints, Requests & Inquiries
We shall use our best endeavours to deal promptly and appropriately with your inquiries related to the Processing Services.In the event we have direct contact with a client of yours, we shall promptly inform you of any complaints, requests or inquiries received from Individuals, including but not limited to requests to correct, delete or block Personal Data. We shall not respond to the individuals directly unless specifically instructed by you, in which case we shall respond within a reasonable period of time, and in any case within three (3) weeks after receipt of the respective complaint, request or inquiry. In any event we shall cooperate with you to address and resolve any such complaints, requests or inquiries. We shall maintain in place procedures to enable compliance with such complaints, requests, or inquiries. 
8	Return & Erasure of Personal Data 
8.1.	
All Personal Data shall be immediately returned to you upon your first request. We shall not retain Personal Data any longer than necessary for the purposes of performing its obligations under the Data Processing Agreement and the Agreement. 
8.2.	
Upon termination of the Agreement, we shall, at your option return the Personal Data and copies thereof to you or shall securely destroy such Personal Data, except to the extent the Data Processing Agreement or Applicable Processor Law provides otherwise. In that case, we shall no longer process the Personal Data, except to the extent required by the Agreement or Applicable Data Processor Law.  You may require us to promptly, confirm and warrant in writing that we have returned, deleted, or destroyed all copies of Personal Data. 
 
9	Transfer of Personal Data
9.1.	
We shall not transfer Personal Data to any Non-adequate Country outside EEA or make such Personal Data accessible from any such Non-adequate Country without your prior written approval. 
9.2.	
Any transfer of Personal Data outside the EEA to a Third Party in a Non-adequate Country shall be governed by the terms of a data transfer agreement, which will contain standard contractual clauses as published in the Decision of the European Commission of February 5, 2010 (Decision 2010/87/EC). We and you will work together to apply for and obtain any permit, authorization or consent that may be required under Applicable Local Law in respect of the implementation of the solution described in this Clause.
10	Obligation to Renegotiate Agreement
10.1.	
Each year, or sooner if so dictated by circumstances, parties shall evaluate the Processing Services in line with the regular SLA governance and meeting structure. If changes are required in the Processing Services by us, parties shall amend the Data Processing Agreement to comply with Applicable Data Protection Law and Applicable Data Processor Law. 
10.2.	
We shall immediately inform you of any circumstances which may be relevant in this respect, including, but not limited to: 
a.	material changes in the services provided by a sub-processor;
b.	a take-over or merger of Supplier or any of its sub-processors.
11	Rights of Individuals 
This clause is applicable in the following situations:
a.	We are permitted by you to use sub-processors situated outside the EEA and the transfer is based on Safe Harbour; and
b.	where the standard contractual clauses as referenced in Clause 9.2 should have been applicable in accordance with this Agreement, but were not met of not rightfully met for whichever reason. If the EU clauses would have been applicable, this clause would have been applicable as well.
The Individual can enforce our data protection obligations under this Data Processing Agreement directly against us in cases where you have factually disappeared or have ceased to exist in law unless any successor entity has assumed the our entire legal obligations by contract or by operation of law, as a result of which it takes on your rights and obligations, in which case the individual can enforce them against such entity.
If an Individual is not able to bring a claim for compensation against you, arising out of a breach by us (or his sub-processor) of any of its obligations under this Data Processing Agreement, because you have factually disappeared or ceased to exist in law or has become insolvent, We agree that the individual may issue a claim against us as if it were you, unless any successor entity has assumed the entire of your legal obligations by contract or by operation of law, in which case the Individual can enforce its rights against such entity. We may not rely on a breach by a sub-processor of its obligations to avoid its own liabilities.
 
Annex: Definitions 
"Applicable Data Processor Law" shall mean the Data Protection Laws that are applicable to Supplier as the Data Processor of the Personal Data;
“Applicable Data Protection Law” means all laws, rules, regulations, governmental requirements, codes as well as international, federal, state, provincial laws applicable to Customer as the Data Controller of the Personal Data;
"Data Controller" shall mean the entity or natural person which alone or jointly with others determines the purposes and means of the Processing of Personal Data.
"Data Processor" shall mean the entity or natural person which Processes Personal Data on behalf of a Data Controller.
"Data Security Breach" shall mean the unauthorized acquisition, access, use or Disclosure of Personal Data. 
“Disclosure” or “Disclose” or “Disclosed” shall mean any form of disclosure of Personal Data to (including remote access by) an unauthorised Employee or any unauthorised Third Party;. 
“EEA” (European Economic Area) shall mean all Member States of the European Union, Norway, Iceland, Liechtenstein and, for purposes of this Annex, Switzerland. 
"Employee" shall mean any employee, agent, contractor, work-for-hire or any other person working on behalf of, or under the instruction or supervision of, Supplier.
“GDPR” means General Data Protection Regulation (GDPR) (EU) (2016/679)
“Individual” shall mean any individual whose Personal Data is Processed by Data Processor during the performance of the Agreement.
“Non-adequate Country” means a country that is deemed not to provide an adequate level of protection for Personal Data within the meaning of  General Data Protection Regulation (GDPR) (EU) (2016/679); 
“Personal Data” means data which relate to a living individual who can be identified: from those date, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual (as defined in the Data Protection Act 1998 and GDPR).
“Processing Services” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage , adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available (including the granting of remote access), alignment or combination, blocking, erasure or destruction.
“Processing”, “Process” or “Processed” shall mean any operation that is performed on Personal Data, regarding the Processing Service.
.