4.1. For the purposes of this Section:
4.1.1. “Data Protection Laws" means the European Union’s General Data Protection Regulation, and all applicable laws and regulations relating to the processing of personal data as amended, reenacted, replaced or superseded from time to time.
4.1.2. “Personal Data“ has the meaning given in the Data Protection Laws.
4.2. Each party will comply with the Data Protection Laws, to the extent applicable.
4.3. For the purposes of these Terms, if and to the extent that MetricFire processes any Personal Data on your behalf when performing your obligations, you shall be the data controller and MetricFire shall be a data processor and in any such case:
4.3.1. Each party acknowledges that MetricFire may process your IP addresses in providing the service. In the case of sent metrics, these may be stored for up to 14 calendar days. In the case of IP addresses whitelisted for authentication purposes, these will be kept until the termination of your agreement with MetricFire.
4.3.2. Each party acknowledges that MetricFire will receive and store any information that you knowingly provide to us. For example, through the registration process for our services and/or through your account settings, we may collect Personal Data such as your name, address, and email address. In addition, we may communicate with you. For example, we may send you product announcements or contact you and about your use of the service.
4.4. MetricFire shall:
4.4.1. process the Personal Data only to the extent necessary for the purposes of performing its obligations under these Terms and otherwise in accordance with your instructions;
4.4.2. ensure that all persons authorised by MetricFire to process the Personal Data are committed to confidentiality obligations which cover the processing;
4.4.3. have at all times during the term of this agreement appropriate technical and organisational measures to secure the Personal Data and protect the rights of the data subject, with particular regard to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the Personal Data;
4.4.4. not engage another processor of the Personal Data without your prior consent, save for the payment processors and service providers needed to provide the Services which are deemed to be approved by you for the purpose of these Terms and such sub-processors shall be required to comply with obligations substantially similar to those in this clause in respect of the Personal Data.
4.4.5. at your election, delete or return all Personal Data to you, and delete all existing copies at the end of this agreement, unless applicable law requires their retention;
4.4.6. make available to you all information reasonably necessary to demonstrate compliance with the obligations set out in this Section, and allow for and contribute to reasonable audits, including inspections, conducted by you or your representative;
4.4.7. provide reasonable assistance to you in respect of responding to requests from data subjects to exercise their rights, ensuring the security of processing Personal Data, notifying data breaches to the supervisory authority and communicating them to the data subject, conducting privacy impact assessments and prior consultation with the supervisory authority if needed ahead of an impact assessment, if necessary and at your expense; and
4.4.8. without undue delay after becoming aware of a Personal Data security breach, notify you and provide reasonable assistance to you in dealing with the breach.
4.5. You shall:
4.5.1. provide clear and comprehensible written instructions to MetricFire for the processing of Personal Data to be carried out under these Terms.