“Affiliate” means an entity that directly or indirectly controls, is controlled by or is under common control with an entity.
“Agent” means any of your employees, contractors or other individuals or entities authorized to interact with the Services on your behalf.
“Content” means any information, text, images, photos, audio, video, data, and any other materials that are sent, uploaded or otherwise transmitted to the Services by you, your Agents, or your Customers.
“controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
“Data Privacy Directive” means Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
“Data Protection Laws” means all data protection and privacy laws applicable to the processing of personal data under this Agreement, including, where applicable, EU Data Protection Law.
“data subject” means an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“EEA” means the European Economic Area.
“e-Privacy Directive” means Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and applicable national implementations of it (as may be amended, superseded or replaced).
“EU Data Protection Law” means, to the extent applicable to User Controlled Data, any data protection or data privacy law or regulation of Switzerland or any country in the European Economic Area, including (i) prior to 25 May 2018, the Data Privacy Directive and, on and after 25 May 2018, the GDPR; and (ii) the e-Privacy Directive.
“GDPR” means Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, which is commonly called the General Data Protection Regulation.
“personal data” means any information relating to a “data subject” (as defined above).
“Privacy Shield” means the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework self-certification program operated by the U.S. Department of Commerce and approved by the European Commission pursuant to Decision C (2016) 4176 of 12 July 2016 and by the Swiss Federal Council on January 11, 2017 respectively.
“Privacy Shield Principles” means the Privacy Shield Principles (as supplemented by the Supplemental Principles) contained in Annex II to the European Commission Decision C(2016)4176 of 12 July 2016 (as may be amended, superseded or replaced).
“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of a controller.
“Security Incident” means any unauthorized or unlawful breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to User Controlled Data.
“Services” means any product or service provided by ExpoIQ pursuant to this Agreement.
“Subprocessors” means the other processors that are used by ExpoIQ to process personal data.
“User Controlled Data” means the personal data in the Content that ExpoIQ processes on your behalf and instructions as part of the Services, but only to the extent that you are subject to EU Data Protection Law in respect of such personal data. User Controlled Data does not include personal data when controlled by us, including without limitation certain data we collect (e.g. IP address and device/browser details) with respect to third parties’ interaction with you on the Services.