6.1 Data Center Sites. Subject to Section 6.2, Customer acknowledges that Mailchimp may transfer and process its Customers` Data in the United States and the United States and anywhere else in the world where Mailchimp, its related companies, or subcontractors perform data processing operations. Mailchimp ensures at all times that these transfers are made in accordance with the requirements of data protection law and this DPA. In light of the mutual obligations set forth herein, the parties agree that the CCPA-DPA will be added in addition to the Agreement to regulate 3DNA`s processing of Customer Data subject to the California Consumer Privacy Act, Cal, code 1798.100 et seq. (« CCPA »), including all amendments and terms of application that will come into effect on or after the effective date of this CCPA DPA. At a high level, the « controller » determines which personal data is processed and for what purposes (i.e. « the purposes and means of the processing » and the « processor » carries out this processing on the basis of the controller`s instructions. their contract must contain certain provisions referred to in Article 28, including compliance with the GDPR by the processor (1); and (2) the controller`s assistance in compliance with the GDPR. These provisions include, inter alia, a commitment to process personal data only on the documented instruction of the controller, to provide « appropriate security », to support the rights of data subjects and to disregard appropriate infringements. In addition, the contract requires the processor to pass all these obligations to its subcontractors in similar data processing services. Until two years ago, the concept of an IT addendum did not exist for many companies. Now, the addition to the data processing is inscribed in the lexicon of any data protection practitioner worldwide and constitutes the contractual basis on which the data is processed by one party on behalf of another.
As companies continue to obtain these add-ons for GDPR purposes, industry lawyers are increasingly enthusiastic about the need or necessity of data processing to comply with the CCPA. Among the most frequently asked questions are « data protection laws », all data protection laws and regulations applicable to the processing of customer data by a party under the agreement, including, where applicable, EU data protection legislation and non-European data protection legislation. . . .