Skip to main content
Effective Date: April 2, 2026 This Data Processing Addendum (this “DPA”) supplements and forms part of the agreement between Beeble AI Inc. (“Beeble,” “we,” “our,” or “us”) and the customer identified in the applicable Terms of Use, API Terms of Use, Order Form or other agreement (“Customer,” “you,” or “your”) (collectively, the “Agreement”). This DPA applies where Beeble processes Personal Data (as defined below) on your behalf in connection with the Services. By accepting the Agreement, using the Services, or executing an Order Form that references this DPA, Customer agrees to be bound by the terms of this DPA. Customer represents that it has the legal authority to enter into this DPA and, if entering on behalf of an entity, has the authority to bind that entity.

1. Definitions

As used in this DPA, the following terms have the meanings set forth below: “Applicable Data Protection Laws” means applicable privacy and data protection laws and regulations, including General Data Protection Regulation (GDPR), UK Data Protection Act 2018, Swiss Federal Act on Data Protection (FADP), California Consumer Privacy Act (CCPA), and other applicable laws. “Controller” means the person or entity determining the purposes and means of processing, which may include as applicable, equivalent concepts under Applicable Data Protection Laws. “Customer Content” means all images, videos, lighting information, and other digital content or materials uploaded, transmitted, or otherwise provided by Customer to the Services for processing, including but not limited to source footage, reference images, lighting environment maps, and any associated data or parameters. “Customer Data” means Personal Data contained in or derived from Customer Content that Beeble processes on behalf of Customer in connection with the provision of the Services pursuant to the Agreement. “Data Subject” means an identified or identifiable natural person to whom Personal Data relates. This term includes “data subject” as defined under European Data Protection Laws, “consumer” as defined under the CCPA and other U.S. state privacy laws, “individual” under other Applicable Data Protection Laws. “Data Subject Rights” means the rights granted to Data Subjects under Applicable Data Protection Laws, including but not limited to rights of access, rectification, erasure, restriction of processing, data portability, objection, the right not to be subject to automated decision-making (including profiling), the right to opt-out of the sale or sharing of Personal Data, and the right to limit the use of sensitive Personal Data. “Data Transfer” means a transfer, disclosure, or making available of Customer Data by an organization subject to Applicable Data Protection Laws to another organization or jurisdiction where the transferred data will be subject to different data protection laws or where an adequacy decision, appropriate safeguards, or other valid transfer mechanism is required under Applicable Data Protection Laws. “Output” means the processed, modified, enhanced, or generated visual or audio content produced by the Services in response to Customer’s input of Customer Content, including but not limited to re-lit images or videos, composited scenes, background-replaced content, AI-enhanced visuals, and any metadata or technical data associated with such output. “Personal Data” means any information relating to an identified or identifiable natural person which is protected under Applicable Data Protection Laws and processed in connection with your use of the Services. This term includes equivalent concepts as defined by Applicable Data Protection Laws (for example, “personal data” as defined under European Data Protection Laws, “personal information” as defined under the CCPA and other U.S. state privacy laws). “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data transmitted, stored, or otherwise processed by Beeble, its Sub-Processors, or any other parties acting on Beeble’s behalf. Processor” means a natural or legal person, public authority, agency, or other body which processes Personal Data on behalf of a Controller. This term includes “processor” as defined under European Data Protection Laws, “service provider” or “contractor” as defined under the CCPA and other U.S. state privacy laws, and equivalent terms under other Applicable Data Protection Laws. “Services” means Beeble’s VFX and AI-powered visual content processing services, including but not limited to: (i) SwitchLight and SwitchX technology for post-production lighting manipulation; (ii) real-time and batch processing of images and videos; (iii) AI-based background replacement and compositing; (iv) automated object detection, segmentation, and masking; (v) API services for programmatic access to Beeble’s processing capabilities; (vi) web-based applications, desktop applications, and mobile applications; (vii) custom model training services (where offered); and (vii) any other products, services, features, or functionalities provided by Beeble pursuant to the Agreement, whether accessed via website, application, API, plugin, or other interface. “Sub-Processor” means any third-party entity Beeble engages to process Customer Data in order to provide the Services. This includes but is not limited to cloud infrastructure providers, content delivery networks, and other service providers that may have access to Customer Data. The terms “process” or “processing” have the meanings given to them under Applicable Data Protection Laws.

2. Scope, Roles, and Customer Responsibilities

2.1. Scope. This DPA applies to the extent that we process Customer Data on behalf of Customer in connection with the provision of the Services under the Agreement. The parties acknowledge and agree that Beeble is a Processor, and Customer is a Controller or Processor in relation to such Customer Data, as applicable, under Applicable Data Protection Laws. The subject matter, nature, purpose, and duration of the processing, as well as the types of Personal Data and categories of Data Subjects, are set out in Annex I (Details of processing) to this DPA. 2.2. Roles. Customer as the Controller decides what content to upload and how to use the Services. Beeble as the Processor processes Customer Data only as instructed by Customer through the Services. 2.3. Customer Responsibilities. Customer represents and warrants that:
(a) Customer has provided all necessary notices and obtained all necessary consents, permissions, and authorizations required under Applicable Data Protection Laws to: (i) provide Customer Content and Customer Data to Beeble; (ii) authorize Beeble to process Customer Data as contemplated by the Agreement and this DPA; and (iii) allow Beeble to use artificial intelligence and machine learning technologies to analyze and process visual content that may contain images of individuals;
(b) Customer’s instructions to Beeble for the processing of Customer Data, including the types of content uploaded and the processing operations requested, comply with all Applicable Data Protection Laws;
(c) Customer shall comply with all obligations applicable to Controllers (or Processors, as applicable) under Applicable Data Protection Laws with respect to Customer Data and the processing thereof; and
(d) If Customer is a Processor acting on behalf of a third-party Controller, Customer: (i) has obtained all necessary authorizations from such third-party Controller to enter into this DPA; (ii) is authorized to issue instructions to Beeble on behalf of such third-party Controller; and (iii) will ensure that the third-party Controller provides all necessary notices and obtains all required consents.

3. Processing of Customer Data

3.1. Processing Instructions. Beeble shall process Customer Data only: (a) in accordance with Customer’s documented instructions as set forth in the Agreement (including this DPA) and as provided through: (i) the Services’ user interface, configuration settings, and feature selections; (ii) API calls and parameters; (iii) uploaded Customer Content and associated metadata; and (iv) any other instructions provided by Customer through the Services or in writing; or (b) as required by applicable law to which Beeble is subject, in which case Beeble shall inform Customer of such legal requirement prior to processing, unless prohibited by law. The parties agree that this DPA and the Agreement, together with Customer’s use of the Services’ functionality, constitute Customer’s complete documented instructions regarding the processing of Customer Data. 3.2. No Identification. Beeble shall process visual content solely for the purpose of providing the Services (e.g., lighting reconstruction). Beeble shall not use any technical means to identify or attempt to identify any natural person contained within the Customer Data. 3.3. Prohibited Instructions. If Beeble reasonably believes that any instruction from Customer violates Applicable Data Protection Laws or would require Beeble to engage in unlawful processing, Beeble will promptly notify Customer and may suspend performance until the issue is resolved. Beeble shall have no liability to Customer for any suspension or non-performance of instructions that Beeble reasonably believes violates Applicable Data Protection Laws. 3.4. Legal Obligation to Process. If Beeble is required by applicable law (including court orders, legal process, or government requests) to process Customer Data in a manner that conflicts with Customer’s instructions, Beeble will, to the extent legally permitted: (a) inform Customer of the legal requirement before processing the Customer Data, including the legal basis, the data requested, and the requesting authority; (b) challenge or seek to narrow the request if appropriate; and (c) comply with the legal requirement in a manner that minimizes any impact on Customer and protects Customer Data to the maximum extent possible. If Beeble is legally prohibited from notifying Customer, Beeble will use reasonable efforts to obtain a waiver of such prohibition. 3.5. No Obligation to Monitor. Beeble has no obligation to monitor Customer Content or Customer Data for compliance with Applicable Data Protection Laws, the Agreement, or this DPA. However, Beeble reserves the right, but assumes no obligation, to review Customer Content to: (a) prevent or address technical or security issues; (b) investigate potential violations of the Agreement or applicable law; (c) respond to user support requests; or (d) comply with legal obligations.

4. Personnel and Confidentiality

Personnel Security. Beeble shall ensure that all persons authorized to process Customer Data on Beeble’s behalf (including Beeble’s employees, contractors, agents, and personnel of Sub-Processors) are: (a) subject to appropriate contractual or statutory obligations of confidentiality with respect to Customer Data; (b) provided with appropriate training regarding the protection of Personal Data, compliance with Applicable Data Protection Laws, and the specific requirements of this DPA; (c) trained on the proper handling of visual content that may contain images of individuals and Biometric Data; (d) granted access to Customer Data only to the extent strictly necessary to perform their duties under the Agreement and this DPA; and (e) subject to disciplinary action for unauthorized access to or disclosure of Customer Data.

5. Security Measures

5.1. Security Obligations. We implement and maintain reasonable commercially available technical and organizational measures to protect Customer Data against unauthorized or unlawful processing and against accidental loss, destruction, damage, theft, alteration, or disclosure. These measures are designed to provide a level of security appropriate to the risk presented by processing. 5.2. Documentation. The specific security measures implemented by Beeble are detailed in Annex II (Technical and Organizational Security Measures) to this DPA. Beeble may update these measures from time to time, provided that such updates do not materially decrease the overall security of the Services.

6. International Data Transfers

6.1. International Data Transfers. Customer acknowledges and agrees that Beeble may transfer and process Customer Data internationally as necessary to provide the Services. Beeble shall take all such measures as are necessary to ensure such transfers are made in compliance with Applicable Data Protection Laws. 6.2. Transfer Mechanisms. Beeble shall ensure that all Restricted Transfers are conducted pursuant to one or more of the following valid transfer mechanisms, as applicable:
(a) Adequacy decisions issued by relevant authorities (e.g., EU-U.S. Data Privacy Framework);
(b) Standard Contractual Clauses (SCCs) approved by the EU Commission, UK ICO, or Swiss authorities (subject to any necessary modification);
(c) Other appropriate safeguards recognized under Applicable Data Protection Laws.
6.3. Standard Contractual Clauses. To the extent that Beeble relies on the SCCs as the data transfer mechanism, the parties hereby incorporate by reference and agree to comply with the following SCCs:
(a) EU Standard Contractual Clauses: For transfers of Customer Data from the EEA, the parties incorporate the Standard Contractual Clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 (Commission Implementing Decision (EU) 2021/914 of 4 June 2021), as completed in accordance with Annex III;
(b) UK International Data Transfer Addendum: For transfers of Customer Data from the United Kingdom, the parties incorporate the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B1.0, issued by the UK Information Commissioner under Section 119A(1) of the UK Data Protection Act 2018), as completed in accordance with Annex III;
(c) Swiss Amendments: For transfers of Customer Data from Switzerland, the parties agree that the EU SCCs apply with the modifications set forth in Annex III to comply with the FADP;
(d) Other Standard Clauses: For transfers subject to other Applicable Data Protection Laws (such as Brazilian LGPD or Canadian PIPEDA provincial laws), the parties will execute any required standard contractual clauses or model contracts approved by the relevant authorities upon request.

7. Sub-Processors

7.1. Authorization. Customer provides a general authorization to Beeble to engage Sub-Processors to process Customer Data in connection with the Services. Beeble’s list of general Sub-Processors is available at https://beeble.ai/subprocessors (“Sub-Processor List”). Beeble’s Services necessarily involve cloud infrastructure providers, content delivery networks, and AI processing providers. 7.2. Changes to Sub-Processors. Beeble will notify Customer of new or replacement Sub-Processors at least 30 days in advance via email or website update. Customer may object on reasonable data protection grounds to our engagement of any new or replacement Sub-Processor by informing us in writing fifteen (15) days after receiving notice. The parties shall discuss the objections in good faith with a view to achieving commercially reasonable resolution. If no such resolution can be reached, Beeble will, at its sole discretion, either not appoint the Sub-Processor or permit you to terminate that affected part of the Services in accordance with the termination provisions under the Agreement without liability to either party (but without prejudice to any fees incurred by you prior to such termination). This termination right is your sole and exclusive remedy if you object to any new or replacement Sub-Processor. If you do not exercise your right to object within the period provided, your silence shall be deemed to constitute an approval of such engagement. 7.3. Sub-Processor Obligations. Beeble will enter into a written agreement with each Sub-Processor imposing data protection obligations substantially equivalent to this DPA. Beeble will remain liable for acts and omissions of our Sub-Processors that causes us to breach our obligations under this DPA.

8. Data Subject Rights Requests

Beeble will, to the extent legally permitted, inform Customer if Beeble receives a request from Data Subjects to exercise their Data Subject Rights under Applicable Data Protection Laws in respect of Customer Data. Other than to request further information or identify the Data Subject, Beeble will not respond to any such request without Customer’s prior written authorization.

9. Personal Data Breaches

Beeble shall notify Customer without undue delay after becoming aware of any Personal Data Breach affecting Customer Data. Beeble will provide reasonable assistance to Customer to help Customer comply with its obligations under Applicable Data Protection Laws in respect of such Personal Data Breach.

10. Audits and Compliance

10.1. Audit Reports. Upon Customer’s reasonable request, and no more than once per year unless required by law or following a breach, Beeble will provide Customer with: (a) summaries of Beeble’s current audit report or equivalent; (b) relevant security certifications; and/or (c) other documentation necessary to demonstrate compliance. All audit information is Beeble’s confidential information. 10.2. On-Site Audits. If required by law and the above reports are insufficient, Customer may conduct an on-site audit (or engage a qualified auditor) at Customer’s expense, subject to: (a) 60 days’ advance notice; (b) mutually agreed scope and timing; (c) confidentiality agreements; (d) minimal disruption to Beeble’s operations; and (e) no more than once per year. 10.3. Data Protection Impact Assessments. Where required by law, Beeble will provide reasonable assistance to Customer in conducting data protection impact assessments and consulting with supervisory authorities, taking into account the nature of processing and information available to Beeble.

11. Return and Deletion of Customer Data

Upon termination or expiration of the Agreement, Beeble will, at Customer’s instruction, delete or return Customer Data and existing copies, unless retention of Customer Data is required under applicable laws. In such cases, Beeble will isolate and protect Customer Data from any further processing, except to the extent required by such laws, and will remain subject to the confidentiality and security obligations of this DPA until such time as it is no longer required by applicable law.

12. U.S. State Privacy Laws

To the extent Beeble acts as a ‘service provider’ or ‘contractor’ under U.S. state privacy laws, Beeble shall: (a) not sell or share Customer Data; (b) not retain, use, or disclose Customer Data except as necessary to provide the Services or as otherwise permitted by applicable law; (c) not combine Customer Data with data from other sources except as authorized; and (d) notify Customer if it can no longer meet its obligations.

13. Liability and Indemnification

Each party’s liability arising out of or related to this DPA (whether in contract, tort, or otherwise) shall be subject to the exclusions and limitations of liability set forth in the Agreement. Any reference in the Agreement to the liability of a party shall be deemed to include the aggregate liability of that party and its Affiliates under the Agreement and this DPA together.

14. General Provisions

14.1. Relationship to the Agreement. This DPA is incorporated into and forms part of the Agreement. For data protection matters, this DPA takes precedence over conflicting provisions in the Agreement. 14.2. Term. This DPA commences on the effective date of the Agreement and continues until termination of the Agreement. 14.3. Updates. Beeble may update this DPA to reflect changes in Applicable Data Protection Laws, guidance from authorities, or changes to Services. Material changes will be notified via email or through the Services at least thirty (30) days before taking effect. 14.4. Governing Law. This DPA shall be governed by the laws specified in the Agreement, except where Applicable Data Protection Laws require otherwise. 14.5. Contact Information. For questions regarding this DPA or data protection matters:
Beeble AI Inc. Email: support@beeble.ai DPO Email: support@beeble.ai

ANNEX I

DETAILS OF PROCESSING

This Annex I describes the processing of Customer Data by the parties in connection with the Services and form integral part of the Agreement. Unless otherwise defined herein, capitalized terms in this Annex have the same meaning as ascribed to them in the Agreement.

A. Parties to Processing

Data Exporter (Customer): Name: the entity identified as Customer in the Agreement Address: As specified in Customer’s account or Agreement Contact: As specified in Customer’s account Role: Controller or Processor (as applicable) Activities: Processing activities in receiving the Services as set out in the Agreement such as use of Beeble AI Services for visual content processing, lighting reconstruction, and VFX integration within the Customer’s applications or workflows. Data Importer (Beeble): Name: Beeble AI Inc. Contact: support@beeble.ai Address: 1000 N West Street, Suite 1200, Wilmington DE 19801 Role: Processor or Sub-Processor (as applicable) Activities: Processing activities in providing the Services as set out in the Agreement such as the provision of AI-powered lighting reconstruction, VFX, and cinematic compositing services via API and Website.

B. Description of Processing

Subject Matter

Processing of Customer Data in connection with the Services, including lighting manipulation, compositing, background replacement, and AI-based image/video enhancement.

Nature and Purpose

Beeble processes Customer Data to:
  • Provide the Services, including AI-powered analysis and transformation of uploaded images and videos;
  • Perform lighting manipulation using SwitchLight and SwitchX technology;
  • Execute compositing and background replacement (segmentation, masking, blending);
  • To provide, maintain, and improve the Services as requested by the Customer. For the avoidance of doubt, Beeble processes visual content solely for visual effect synthesis and does not perform technical processing for the purpose of uniquely identifying any natural person;
  • Generate outputs including processed images/videos, depth maps, and metadata;
  • Process API requests and deliver results;
  • Provide customer support and manage accounts;
  • Monitor service performance; and
  • Detect fraud, abuse, and comply with legal obligations.

Duration

The Customer Data will be processed for the duration of the Agreement and will be retained until such data is deleted or returned upon the Customer’s request or the termination of the Services, in accordance with Beeble’s retention policy and applicable laws.

Categories of Personal Data

Customer may submit Personal Data to the Services, the categories of which will depend upon Customer’s use of the Services which is determined and controlled by Customer in its sole discretion. The personal data transferred concerns the following categories of data:
(a) Contact Information: Name and email address of Customer representatives.
(b) Multimedia Content: Visual content (images/videos) uploaded for processing and any visual data contained therein.
(c) Metadata: Technical information associated with multimedia files (e.g., file size, format, and timestamps).
(d) Financial Data: Payment card information (processed by third-party payment processors), billing addresses;
(e) Usage Data: Logs of API calls, service interactions, and technical diagnostic data.
(f) Technical Data: IP addresses, device identifiers, browser information, operating system.

Frequency

Continuous, based on Customer’s use of the Services throughout the Agreement term.

Competent Supervisory Authority

(a) For EU/EEA: Data Protection Commission of Ireland (or Supervisory Authority of Member State where Customer is established)
(b) For UK: UK Information Commissioner’s Office (ICO)
(c) For Switzerland: Swiss Federal Data Protection and Information Commissioner (FDPIC)
(d) For Brazil: Brazilian National Data Protection Authority (ANPD)

ANNEX II

TECHNICAL AND ORGANIZATIONAL MEASURES

  • Organizational management and dedicated staff responsible for the development, implementation and maintenance of Beeble’s information security program.
  • Audit and risk assessment procedures for the purposes of periodic review and assessment of risks to Beeble’s organization, monitoring and maintaining compliance with Beeble’s policies and procedures, and reporting the condition of its information security and compliance to internal senior management.
  • Data security controls which include, at a minimum, logical segregation of data, restricted (e.g., role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for Customer Data that is transmitted over public networks (i.e., the internet) or when transmitted wirelessly or at rest or stored on portable or removable media (i.e., laptop computers, CD/DVD, USB drives, back-up tapes).
  • Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review and revoking/changing access promptly when employment terminates or changes in job functions occur).
  • Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that the Provider’s passwords that are assigned to its employees: (1) be at least eight (8) characters in length, (2) not be stored in readable format on the Provider’s computer systems; (3) must have defined complexity; (4) must have a history threshold to prevent reuse of recent passwords; and (5) newly issued passwords must be changed after first use.
  • System audit or event logging and related monitoring procedures to proactively record user access and system activity.
  • Physical and environmental security of data centers, server room facilities and other areas containing Customer Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor and log movement of persons into and out of Beeble’s facilities, and (iii) guard against environmental hazards such as heat, fire and water damage.
  • Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from Beeble’s possession.
  • Change management procedures and tracking mechanisms designed to test, approve and monitor all material changes to Beeble’s technology and information assets.
  • Incident management procedures design to allow Beeble to investigate, respond to, mitigate and notify of events related to Beeble’s technology and information assets.
  • Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.
  • Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
  • Business resiliency/continuity and disaster recovery procedures designed to maintain service and/or recovery from foreseeable emergencies or disasters.

ANNEX III

TRANSFER CLAUSES

PART 1: POPULATION OF THE SCCs

SIGNATURE OF THE SCCs

Where the SCCs apply, each Party’s signature to the Agreement is hereby deemed its signature to the SCCs.

MODULES

The following modules of the SCCs apply in the manner set out below (having regard to the role(s) of Customer), with each such module incorporated herein by reference and subject to the modifications set forth in this Annex: Module Two of the SCCs applies to any EU Restricted Transfer and/or Swiss Restricted Transfer involving Processing of Personal Data in respect of which Customer is a Controller of such Personal Data; and/or Module Three of the SCCs applies to any EU Restricted Transfer and/or Swiss Restricted Transfer involving Processing of Personal Data in respect of which Customer is itself acting as a Processor on behalf of any other person.

POPULATION OF THE BODY OF THE SCCs

For each Module of the SCCs, the following applies as and where applicable to that Module and the Clauses thereof: The optional ‘Docking Clause’ in Clause 7 is not used and the body of that Clause 7 is left intentionally blank. In Clause 9: OPTION 2: GENERAL WRITTEN AUTHORISATION applies, and the minimum time period for advance notice of the addition or replacement of Subprocessors shall be the advance notice period set out in Section 7 of the DPA; and OPTION 1: SPECIFIC PRIOR AUTHORISATION is not used and that optional language is deleted; as is, therefore, Annex III to the Appendix to the SCCs. In Clause 11, the optional language is not used and is deleted. In Clause 13, all square brackets are removed and all text therein is retained. In Clause 17: OPTION 1 applies, and the Parties agree that the SCCs shall be governed by the law of Ireland in relation to any EU Restricted Transfer; and OPTION 2 is not used and that optional language is deleted. For the purposes of Clause 18, the Parties agree that any dispute arising from the SCCs in relation to any EU Restricted Transfer shall be resolved by the courts of Ireland, and Clause 18(b) is populated accordingly. In this Paragraph 3, references to “Clauses” are references to the Clauses of the SCCs.

POPULATION OF ANNEXES TO THE APPENDIX TO THE SCCs

Annex I to the Appendix to the SCCs is populated with the corresponding information detailed in Annex 1 (Details of Processing) to the DPA, with:
Customer being ‘data exporter’; and
Beeble being ‘data importer’. Annex II to the Appendix to the SCCs is populated with the information detailed in Annex II (Technical and Organizational Measures) to the DPA.

PART 2: UK RESTRICTED TRANSFERS

UK TRANSFER ADDENDUM

Where relevant in accordance with Section 6(b) of the DPA, the SCCs also apply in the context of UK Restricted Transfers as varied by the UK Transfer Addendum in the manner described below: Part 1 to the UK Transfer Addendum. As permitted by Section 17 of the UK Transfer Addendum, the Parties agree: Tables 1, 2 and 3 to the UK Transfer Addendum are deemed populated with the corresponding details set out in Annex 1 (Details of Processing) and the foregoing provisions of this Annex III (subject to the variations effected by the Mandatory Clauses described in (b) below); and Table 4 to the UK Transfer Addendum is completed by the box labelled ‘Data Importer’ being deemed to have been ticked. Part 2 to the UK Transfer Addendum. The Parties agreed to be bound by the Mandatory Clauses of the UK Transfer Addendum. In relation to any UK Restricted Transfer to which they apply, where the context permits and requires, any reference in the DPA to the SCCs, shall be read as a reference to those SCCs as varied in the manner set out in Paragraph 1.1 of this Part 2.

PART 3: SWISS RESTRICTED TRANSFERS

VARIATIONS FOR SWISS RESTRICTED TRANSFERS

Where applicable in accordance with Section 6(c) of the DPA, the SCCs also apply in the context of Swiss Restricted Transfers with the following terms deemed to have the following substituted meanings: GDPR” means the FADP; European Union”, “Union” and “Member State(s)” each mean Switzerland; and supervisory authority” means the FDPIC. In relation to any Swiss Restricted Transfer to which they apply, where the context permits and requires, any reference in the DPA to the SCCs, shall be read as a reference to those SCCs as varied in the manner set out in Section 1.1 of this Part 3.