1. Each Party agrees to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (hereinafter “the GDPR”) and all acts amending or replacing it. For the purposes of these General Terms of Personal Data Protection, the terms “processing”, “personal data”, “controller”, “personal data breach” and “data subject” have the same meanings as in the GDPR.
  2. In order to conclude and perform the agreement, the Parties, as independent data controllers, process personal data of each other and / or their employees and / or representatives and / or participants (shareholders, etc.) and / or advisers, such as names, surnames, contact details, other personal data necessary for the conclusion of the Agreement and its performance. The Parties undertake to ensure the confidentiality of personal data transferred for processing and upon occurrence of personal data breach that affected the security of the transferred personal data, to immediately notify the other Party whose data have been or may have been affected by the breach.
  3. The Parties can process each other’s contact (employees’ and / or representatives’) personal data for the purposes of direct marketing offering similar services or products. Processing of personal data for that purpose shall be described in the Privacy policy of the processing Party.
  4. Personal data provided for the purposes of concluding and performance the agreement will be processed and stored by the Parties for the duration of the agreement. To ensure the protection of the legitimate interests of the Parties (e.g., legal claims arising from the agreement or defense against such claims), the personal data provided by the Parties will be processed for no longer than is necessary to achieve this purpose. At the end of this period, the Parties shall retain information on the contractual relationship (including the personal data contained on it) for the statutory retention periods required by commercial and fiscal law. During this period, personal data may only be stored and processed only if state-authorized institutions or bodies carry out an audit or other legal process.
  5. The Parties shall properly inform their employees and / or representatives and / or participants and / or advisors whose personal data are processed for the purpose of conclusion and performance of this Agreement and other purpose (if applicable).
  6. If there is a relationship between the Parties regarding the processing of personal data or the regular transfer of personal data, the Parties shall enter into separate agreements on the processing or transfer of data, as appropriate.