Data Processing Addendum

This Data Processing Addendum ("DPA") is incorporated into and is a part of the Terms of Service between you and us (the "Agreement").

Purpose and Scope. This DPA governs the processing of Personal Data on behalf of you in connection with the Subscription Services.
Definitions
1. "Personal Data" means the personal data that Cellarfront collects from Consumers in connection with providing the Subscription Services.
2. "Security Breach" means a confirmed breach of security that results in unauthorized destruction, loss, alteration, disclosure of or access to Personal Data where the breach is likely to result in a significant risk of harm to a Consumer or where Cellarfront is required to notify a Consumer thereof.
Processing of Personal Data
1. Each party shall comply with their own obligations under applicable data protection laws.
2. We will process Personal Data solely to provide the Subscription Services in accordance with your Order unless otherwise required by applicable law.
3. We are not responsible for compliance with any data protection laws applicable to you or your industry that are not generally applicable to us.
4. We will implement and maintain appropriate technical and organizational measures to protect Personal Data.
5. We will notify you without undue delay after we become aware of any breach regarding the security of Personal Data.
6. We will delete all Personal Data processed pursuant to this DPA upon the end of the Subscription Term except where retention is required by law.
General. All other terms and conditions of the Agreement remain in full effect. In the event of any inconsistencies between this DPA and the Agreement, this DPA shall prevail as it relates to the processing of Personal Data only.