1.1 For the purposes of this Data Protection Agreement

• GDPR and Equivalent Laws: Terms such as Binding Corporate Rules, Controller, Data Subject, Personal Data, Personal Data Breach, Processing, Processor, and Supervisory Authorities have the meanings given under the European Parliament Regulation (EU) 2016/679 (the "GDPR") or equivalent terms in other applicable Data Protection Laws.
• TPI Personal Data: All Personal Data supplied by or on behalf of Nuitee's clients ("TPI") to Nuitee's suppliers or subcontractors in connection with this Agreement.
• Data Protection Laws: Any applicable law relating to the Processing, privacy, and use of Personal Data, including the GDPR, corresponding national laws or regulations, and related guidance or codes issued by relevant regulatory authorities.
• Including: Means "including without limitation."
• Data Protection Losses:Includes all liabilities, costs, claims, demands, actions, settlements, losses, damages, regulatory fines, penalties, Data Subject compensation, and costs of rectification or restoration of Personal Data.

1.2 References to laws include all corresponding subordinate legislation and any amendments or re-enactments. Performing "in accordance with Data Protection Laws" means complying with the applicable Data Protection Laws in force at the time of performance.

1.3 The parties (Nuitee's contracted clients and suppliers) acknowledge and agree that they act as Independent Controllers with respect to the Processing of Personal Data under this Agreement. Each party will comply with their separate Controller responsibilities in accordance with Data Protection Laws.

2.1 In respect of Processing Personal Data, the parties shall:

• Implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, access, or Processing in accordance with Data Protection Laws.
• Promptly notify the other party if contacted by a Supervisory Authority regarding the Processing of Personal Data.
• Promptly notify the other party of any actual or suspected Personal Data Breach. This includes:
  • Assisting the other party in mitigating the effects of the breach.
  • Implementing measures to restore the security of any compromised Personal Data.
  • Collaborating to make required notifications to Supervisory Authorities and affected Data Subjects in accordance with Data Protection Laws.
  • Avoiding any actions that could damage the reputation of the other party or its relationships with relevant Data Subjects, unless required by Data Protection Laws.

2.2 Each party shall protect and indemnify the other party against all Data Protection Losses arising directly or indirectly from or in connection with any breach of its obligations under this Agreement, to the fullest extent permitted by applicable law.