Data Processing Agreement

Processing of Customer Personal Information

Processor designation. The parties acknowledge and agree that with respect to the Customer Personal Information that PESOGATE Processes to provide the Transaction Services, which Processing may include, by way of example and for illustrative purposes the Processing detailed on Details of Processing Customer Personal Information (Exhibit 2), that PESOGATE is a “processor” or “service provider” under Applicable Data Protection Laws acting on Customer’s instructions (referred to as “Processor” for purposes of this DPA).

Compliance with Law

Each of PESOGATE, in its provision of services to Customer, and Customer, in its use of the services, shall Process Customer Personal Information in accordance with Applicable Data Protection Law.

Customer obligations

Processor designation. The parties acknowledge and agree that with respect to the Customer Personal Information that PESOGATE Processes to provide the Transaction Services, which Processing may include, by way of example and for illustrative purposes the Processing detailed on Details of Processing Customer Personal Information (Exhibit 2), that PESOGATE is a  or  under Applicable Data Protection Laws acting on Customer’s instructions (referred to as  for purposes of this DPA).

PESOGATE obligations

Applicable Data Protection Law. To the extent necessary to enable Customer to comply with its obligations under Applicable Data Protection Law, PESOGATE further agrees to comply with any required provisions of the GDPR Schedule (other than when acting in accordance with Section 1.2 (Authorization to Process) of this DPA) and/or CCPA Schedule, each, to the extent applicable.

Miscellaneous

The terms of this DPA shall apply only to the extent required by Applicable Data Protection Law. To the extent not inconsistent herewith, the applicable provisions of the Agreement(s) (including without limitation, indemnifications, limitations of liability, enforcement, and interpretation) shall apply to this DPA. In the event of any conflict between this DPA and the terms of an applicable Agreement, the terms of this DPA shall control solely with respect to data processing terms where required by Applicable Data Protection Law, and, in all other respects, the terms of the applicable Agreement shall control. Notwithstanding any term or condition of the DPA, the DPA does not apply to any data or information that does not relate to one or moreidentifiable individuals, that has been aggregated or de-identified in accordance with Applicable Data Protection Law, or to the extent that Authorize.net and you have entered separate data processing terms that address the subject matter hereof.