These Snap General Data Requirements form a legally binding contract between you and Snap, govern the processing of any Snap Data by you, and are incorporated by reference into the Snap General Commercial Terms (the “Terms”).  Any terms not defined herein will have the meanings provided in the Terms.

If you receive, process, or otherwise have access to any Snap Data, you will, at all times: (a) comply with your obligations under Applicable Law related to your processing of Snap Data; (b) only process Snap Data in accordance with the Agreement, which includes these General Data Requirements; and (c) implement and maintain all appropriate technical, administrative, physical, and organizational measures, including the Minimum Security Requirements, required to (i) ensure a level of confidentiality and security appropriate to the risks represented by the processing and the nature of Snap Data; and (ii) prevent unauthorized or unlawful processing of, accidental loss of, disclosure or destruction of, or damage to, Snap Data. 

Each party agrees that it will comply with its obligations under Applicable Law in respect of any Snap Data it processes under or in relation to these General Data Requirements. Without prejudice to the foregoing, you will not process Snap Data in a manner that will, or is likely to, result in Snap breaching its obligations under Applicable Law.

You acknowledge that Snap may disclose all relevant data protection and privacy provisions, including on any Statement of Work, to the U.S. Department of Commerce, the Federal Trade Commission, European data protection authority, or any other judicial or regulatory body upon their request.

You will not commingle or aggregate Snap Data with other data or information that is not Snap Data without Snap’s prior written consent in each instance, except that Snap Data may be stored on shared servers so long as it is logically separated and cannot be accessed by any third party in violation of these General Data Requirements. If Snap provides such written consent, the obligations with respect to Snap Data under these General Data Requirements will still apply even if Snap Data is commingled or aggregated with other data or information that is not Snap Data or if Snap Data is otherwise provided to you in a manner that commingles or aggregates Snap Data with other data or information that is not Snap Data.

If you receive, process, or otherwise have access to Snap Data in hashed or otherwise obfuscated format, you will: (a) not attempt to reverse engineer or otherwise try to re-identify the hashed or obfuscated Snap Data unless Snap instructs you to do so; and (b) only share the Snap Data in the format you received it from Snap.

You are prohibited from (a) selling or sharing, and will not sell or share, any Snap Data, as the terms “sell” and “share” are defined by Applicable Laws; (b) retaining, using, or disclosing any Snap Data for any purpose other than for the business purposes specified in the Statement of Work (or similar written description of the Services), or as otherwise permitted by Applicable Laws; (c) retaining, using, or disclosing Snap Data outside of the direct business relationship between you and Snap; and (d) combining Snap Data that you receive from, or on behalf of, Snap with personal data that you receive from, or on behalf of, another person(s), or collect from your own interaction with the consumer, except as permitted by Applicable Laws. You certify that you understand the restrictions set forth herein and under applicable laws and will comply with them. You will notify Snap immediately if you are unable to comply with Applicable Laws or your obligations herein. Snap will have the right, upon notice to you, to take reasonable and appropriate steps to stop and remediate unauthorized use of Snap Data, including termination of these Terms.

You will, unless prohibited by the Applicable Law, inform Snap promptly, and in any event within two business days, of any enquiry, legal process, or complaint received from a data subject or supervisory, judicial, legal or government authority relating to Snap Data (“Data Inquiry”) and will not respond to the Data Inquiry unless required by law or expressly authorized by Snap. If Snap is unable to or does not receive a protective order or other remedy for the Data Inquiry, you may disclose only that portion of Snap Data that it is legally required to disclose and will use reasonable efforts to ensure the disclosed Snap Data is handled in accordance with the Terms and accorded confidential treatment. 

You will, at no additional cost to Snap, provide reasonable cooperation and assistance to Snap as Snap may reasonably require to allow Snap to respond to, object to, or challenge any Data Inquiry and to comply with its obligations under Applicable Law, including in relation to data security, data breach notification, data protection impact assessments, prior consultation with supervisory authorities, the fulfilment of data subjects’ rights, and any enquiry, notice or investigation by a supervisory authority.

In accordance with Applicable Law, you will notify Snap without undue delay and, where feasible, no more than 48 hours after becoming aware of a Data Breach. You will also provide Snap with a description of the Data Breach, the type of data that was the subject of the Data Breach, and (to the extent known to you) the categories of data subjects affected, as soon as that information can be collected or otherwise becomes available. You will cooperate with any reasonable request made by Snap relating to the Data Breach. You agree to immediately take action to investigate the Data Breach, to identify, prevent, and mitigate the effects of the Data Breach, and with Snap’s prior agreement, to carry out any recovery or other action necessary to remedy the Data Breach. You may not issue, publish, or make available to any third party any press release or other communication concerning a Data Breach without Snap’s prior approval. “Data Breach” means an accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Snap Data on systems managed or controlled by you or your Subcontractors (including Subprocessors).