Updated at 2024-04-11

Definitions

In the context of Crowd's Data Processing Agreement (DPA), the following terms shall hold the meanings described herein, unless specified otherwise:

• "Customer Personal Data": Refers to the personal data outlined here and any additional personal data processed by Crowd on behalf of the user in connection with their use of the platform's services.
• "Party": Represents both the user and Crowd.
• "Data Protection Laws": Encompasses all relevant legislation safeguarding individuals' fundamental rights and freedoms, particularly concerning privacy regarding the processing of customer personal data. This includes, but is not limited to: (i) the EU General Data Protection Regulation (GDPR); (ii) the UK GDPR; and (iii) any other pertinent data protection regulations.
• "Data Subject Request": Denotes the action by a data subject to exercise their rights under applicable Data Protection Laws concerning their personal data processed by Crowd.
• "GDPR": Refers to the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), including its amendments, as applicable. This also covers the GDPR as integrated into UK law by the European Union (Withdrawal) Act 2018, along with any legislation or regulation derived from it or that modifies, replaces, re-enacts, or consolidates it.
• "Restricted Country": In the UK context, signifies a country or territory beyond the UK's borders, and in the EEA context, it denotes a country or territory outside the EEA, lacking an adequate level of protection for personal data as determined by the Relevant Body under Article 45(1) of the GDPR.
• "Restricted Transfer": Involves the transmission, disclosure, or access provision of customer personal data to any entity situated in a Restricted Country.
• "Sub-processor": Designates any third party designated by or on behalf of Crowd to process customer personal data.
• "Security Incident": Covers any unintentional or illegal destruction, loss, alteration, unauthorized disclosure, or access to customer personal data while under Crowd's or any sub processor's control.
• "Standard Contractual Clauses" or "SCCs": Refers to the standard contractual clauses sanctioned by the European Commission pursuant to implementing Decision (EU) 2021/914.
• "UK Transfer Addendum": Represents the template Addendum B.1.0 issued by the UK Information Commissioner's Office (ICO) as revised under Section 18 of the Mandatory Clauses.

The terms "Personal Data," "Controller," "Processor," "Data Subject," "Process," "Special Category Personal Data," and "Supervisory Authority" carry the same definitions as specified in the EU GDPR.

1. Personal Data Processing

This section outlines the specifics of how Crowd processes Customer Personal Data, as mandated by Article 28(3) of the GDPR and to populate relevant SCCs where applicable.

Crowd's Activities:

Crowd's primary activities include providing Services tailored to your needs.