You (“Customer”), have contracted with GooseChase Adventures Inc., (“GooseChase”), for GooseChase to perform certain data processing functions on behalf of the Customer pursuant to a GOOSECHASE ADVENTURES SERVICE AGREEMENT entered into between them, including the processing of Personal Data (as defined in the Definitions section below).

  1. Introduction

This Agreement is made in light of the requirements set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the “GDPR”), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable Data Protection Legislation in the United States, including but not limited to the Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and Nevada Privacy Law (collectively referred to as the “Applicable Data Protection Laws”).

Definitions used in this Agreement shall have the same meaning as set out in the GDPR and Applicable Data Protection Laws. In the event of a conflict in definitions, if an individual is protected by a specific Applicable Data Protection Law, the definitions in that law shall take precedence. If no specific law applies to protect the individual, then the definitions set forth in the GDPR shall prevail.

This Data Processing Agreement (this “Agreement”) is based on the requirements set out in Article 28 of the GDPR and corresponding provisions in the Applicable Data Protection Laws. The purpose of this Agreement is to ensure that Goosechase provides the services under the Services Agreement (“Services”) to the Customer in a manner that complies with the Applicable Data Protection Laws.

  1. Definitions

For the purposes of this Agreement, the following terms shall have the meanings assigned to them below:

  1. "Applicable Data Protection Laws" means all privacy laws applicable to any Personal Data processed under or in connection with this Agreement, including, without limitation, the GDPR, CCPA, CPRA, VCDPA, CPA, UCPA, and Nevada Privacy Law, as amended, re-enacted, or replaced from time to time.
  2. "CCPA" means the California Consumer Privacy Act of 2018, as amended.
  3. "CPA" means the Colorado Privacy Act.
  4. "CPRA" means the California Privacy Rights Act of 2020, as amended."VCDPA" means the Virginia Consumer Data Protection Act.
  5. "Data Controller" has the meaning set forth in the Applicable Data Protection Laws, referring to the entity that determines the purposes and means of processing Personal Data.
  6. "Data Processor" has the meaning set forth in the Applicable Data Protection Laws, referring to the entity that processes Personal Data on behalf of the Data Controller.
  7. "Data Subject" means an identified or identifiable person to whom Personal Data relates.
  8. “European Data” means Customer Personal Data that is subject to the protection of European Data Protection Laws.
  9. "European Data Protection Laws" means data protection laws applicable in Europe, including:(i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) ("GDPR"); (ii) Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector; and (iii) applicable national implementations of (i) and (ii); or (iii) GDPR as it forms parts of the United Kingdom domestic law by virtue of Section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR"); and (iv) Swiss Federal Data Protection Act and its Ordinance ("Swiss DPA"); in each case, as may be amended, superseded, or replaced.
  10. "GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.