Modern Musician, StreetTeam & Music Relic Marketplace

Effective June 22, 2022

This Data Protection Addendum (“Addendum”) forms part of the agreement between Customer and Modern Musician covering Customer’s use of the Services (as defined below) (“Agreement”).

I. Introduction

1. Definitions.

1. “Applicable Data Protection Law” refers to all laws and regulations applicable to Modern Musician’s processing of personal data under the Agreement.

1. “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

1. “Customer Account Data” means personal data that relates to Customer’s relationship with Modern Musician, including the names or contact information of individuals authorized by Customer to access Customer’s account, and billing information of individuals that Customer has associated with its account. Customer Account Data also includes any data Modern Musician may need to collect for the purpose of identity verification (including providing the MFA Services, as defined below), or as part of its legal obligation to retain Subscriber Records (as defined below).

1. “Customer Content” means (a) personal data exchanged as a result of using the Services (as defined below), such as text message bodies, voice and video media, images, email bodies, email recipients, sound, and, where applicable, details Customer submits to the Services from its designated software applications and services and (b) data stored on Customer’s behalf such as communication logs within the Services or marketing campaign data that Customer has uploaded to the Services (as defined below).

1. “Customer Data” has the meaning given in the Agreement. Customer Data includes Customer Account Data, Customer Usage Data, Customer Content, and Sensitive Data, each as defined in this Addendum.

1. “Customer Usage Data” means data processed by Modern Musician for the purposes of transmitting or exchanging Customer Content utilizing phone numbers either through the Public Switched Telephone Network (PSTN) or by way of other communication networks. Customer Usage Data includes data used to identify the source and destination of a communication, such as (a) individual data subjects’ telephone numbers, data on the location of the device generated in the context of providing the Services, and the date, time, duration and the type of communication and (b) activity logs used to identify the source of Service requests, optimize and maintain performance of the Services, and investigate and prevent system abuse.

1. “Multi Factor Authentication Services” or “MFA Services” means the provision of a portion of the Services under which Customer adds an additional factor for verification of Customer’s end users’ identity in connection with such end users’ use of Customer’s software applications or services.

1. “personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1. “Modern Musician Privacy Policy” means the Privacy Policy for the Services, the current version of which is available at https://go.modernmusician.me/privacy-policy

1. “processor” means the entity which processes personal data on behalf of the controller.

1. “processing” (and “process”) means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1. “Security Incident” means a confirmed or reasonably suspected accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data.

1. “Sensitive Data” means (a) social security number, passport number, driver’s license number, or similar identifier (or any portion thereof); (b) credit or debit card number (other than the truncated (last four digits) of a credit or debit card), financial information, banking account numbers or passwords; (c) employment, financial, genetic, biometric or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or sexual orientation; (e) account passwords, mother’s maiden name, or date of birth; (f) criminal history; or (g) any other information or combinations of information that falls within the definition of “special categories of data” under GDPR or any other applicable law or regulation relating to privacy and data protection.

1. “Services” means the products and services provided by Modern Musician or its Affiliates, as applicable, that are (a) used by Customer, including, without limitation, products and services that are on a trial basis or otherwise free of charge or (b) ordered by Customer under an Order Form. Services include products and services that provide both (x) platform services, including access to any application programming interface (“Modern Musician API”) and (y) where applicable, communications services used in connection with the Modern Musician APIs.

1. “Subscriber Records” means Customer Account Data containing proof of identification and proof of physical address necessary for Modern Musician to provide Customer or Customer’s end users with phone numbers in certain countries (“telephone number assignments”). When required by law or regulation, Subscriber Records are shared with local telecommunications providers, which provide local connectivity services, or local government authorities.

1. “Third Party Request” means any request, correspondence, inquiry, or complaint from a data subject, regulatory authority, or third party.

Capitalized terms not defined in this Section 1 will have the meaning given to them in this Addendum or the Agreement.

II. Controller and Processor

2. Relationship of the Parties

2.1 Modern Musician as a Processor. The parties acknowledge and agree that with regard to the processing of Customer Content, Customer may act either as a controller or processor and Modern Musician is a processor. Modern Musician will process Customer Content in accordance with Customer’s instructions as set forth in Section 5 (Customer Instructions).

2.2 Modern Musician as a Controller of Customer Account Data. The parties acknowledge that, with regard to the processing of Customer Account Data, Customer is a controller and Modern Musician is an independent controller, not a joint controller with Customer. Modern Musician will process Customer Account Data as a controller in order to (a) manage the relationship with Customer; (b) carry out Modern Musician’s core business operations, such as accounting and filing taxes; (c) detect, prevent, or investigate security incidents, fraud, and other abuse or misuse of the Services; (d) perform identity verification; (e) comply with Modern Musician’s legal or regulatory obligation to retain Subscriber Records; and (f) as otherwise permitted under Applicable Data Protection Law and in accordance with this Addendum, the Agreement, and the Modern Musician Privacy Policy.

2.3 Modern Musician as a Controller of Customer Usage Data. The parties acknowledge that, with regard to the processing of Customer Usage Data, Customer may act either as a controller or processor and Modern Musician is an independent controller, not a joint controller with Customer. Modern Musician will process Customer Usage Data as a controller in order to carry out the necessary functions as a communications service provider, such as: (a) Modern Musician’s accounting, tax, billing, audit, and compliance purposes; (b) to provide, optimize, and maintain the Services, platform and security; (c) to investigate fraud, spam, wrongful or unlawful use of the Services; (d) as required by applicable law or regulation; or (e) as otherwise permitted under Applicable Data Protection Law and in accordance with this Addendum, the Agreement, and the Modern Musician Privacy Policy.

3. Purpose Limitation. Modern Musician will process personal data in order to provide the Services in accordance with the Agreement. "Details of Processing" of this Addendum further specifies the nature and purpose of the processing, the processing activities, the duration of the processing, the types of personal data and categories of data subjects.

4. Compliance. Customer is responsible for ensuring that (a) it has complied, and will continue to comply, with Applicable Data Protection Law in its use of the Services and its own processing of personal data and (b) it has, and will continue to have, the right to transfer, or provide access to, personal data to Modern Musician for processing in accordance with the terms of the Agreement and this Addendum.

III.Modern Musician as a Processor – Processing Customer Content

5. Customer Instructions. Customer appoints Modern Musician as a processor to process Customer Content on behalf of, and in accordance with, Customer’s instructions (a) as set forth in the Agreement, this Addendum, and as otherwise necessary to provide the Services to Customer, and which includes investigating security incidents and preventing spam, fraudulent activity, and violations of the Modern Musician Acceptable Use Policy, and detecting and preventing network exploits or abuse; (b) as necessary to comply with applicable law or regulation, including Applicable Data Protection Law; and (c) as otherwise agreed in writing between the parties (“Permitted Purposes”).

5.1 Lawfulness of Instructions. Customer will ensure that its instructions comply with Applicable Data Protection Law. Customer acknowledges that Modern Musician is neither responsible for determining which laws or regulations are applicable to Customer’s business nor whether Modern Musician’s provision of the Services meets or will meet the requirements of such laws or regulations. Customer will ensure that Modern Musician’s processing of Customer Content, when done in accordance with Customer’s instructions, will not cause Modern Musician to violate any applicable law or regulation, including Applicable Data Protection Law. Modern Musician will inform Customer if it becomes aware, or reasonably believes, that Customer’s instructions violate any applicable law or regulation, including Applicable Data Protection Law.

5.2 Additional Instructions. Additional instructions outside the scope of the Agreement or this Addendum will be agreed to between the parties in writing, including any additional fees that may be payable by Customer to Modern Musician for carrying out such additional instructions.

6. Confidentiality

6.1 Responding to Third Party Requests. In the event any Third Party Request is made directly to Modern Musician in connection with Modern Musician’s processing of Customer Content, Modern Musician will promptly inform Customer and provide details of the same, to the extent legally permitted. Modern Musician will not respond to any Third Party Request without Customer’s prior consent, except as legally required to do so or to confirm that such Third Party Request relates to Customer.

6.2 Confidentiality Obligations of Modern Musician Personnel. Modern Musician will ensure that any person it authorizes to process Customer Content has agreed to protect personal data in accordance with Modern Musician's confidentiality obligations in the Agreement

7. Data Subject Rights. As part of the Services, Modern Musician provides Customer with a number of self-service features, including the ability to delete, obtain a copy of, or restrict use of Customer Content. Customer may use these self-service features to assist in complying with its obligations under Applicable Data Protection Law with respect to responding to requests from data subjects via the Services at no additional cost. To the extent Customer does not have the ability to resolve a data subject request through the self-service features, upon Customer’s request, Modern Musician will provide reasonable additional and timely assistance to assist Customer in complying with its data protection obligations with respect to data subject rights under Applicable Data Protection Law.

8. Impact Assessments and Consultations. Modern Musician will provide reasonable cooperation to Customer in connection with any data protection impact assessment (at Customer’s expense only if such reasonable cooperation will require Modern Musician to assign significant resources to that effort) or consultations with regulatory authorities that may be required in accordance with Applicable Data Protection Law.

9. Return or Deletion of Customer Content. Modern Musician will, in accordance with Section 3 (Duration of the Processing) of “Details of Processing” of this Addendum, delete or return to Customer any Customer Content stored within the Services.

9.1 Extension of Addendum. Upon termination of the Agreement, Modern Musician may retain Customer Content in storage for the time periods set forth in "Details of Processing" of this Addendum, provided that Modern Musician will ensure that Customer Content (a) is processed only as necessary for the Permitted Purposes and (b) remains protected in accordance with the terms of the Agreement, this Addendum, and Applicable Data Protection Law.

9.2 Retention Required by Law. Notwithstanding anything to the contrary in this Section 10, Modern Musician may retain Customer Content, or any portion of it, if required by applicable law or regulation, including Applicable Data Protection Law, provided such Customer Content remains protected in accordance with the terms of the Agreement, this Addendum, and Applicable Data Protection Law.

IV. Security and Audits

10. Security

10.1 Security Measures. Modern Musician has implemented and will maintain the technical and organizational security measures as set forth in the Agreement.

10.2 Determination of Security Requirements. Customer acknowledges the Services include certain features and functionalities that Customer may elect to use which impact the security of Customer Data processed by Customer’s use of the Services, such as, but not limited to, encryption of voice recordings, availability of multi-factor authentication on Customer’s account, or optional Transport Layer Security (TLS) encryption. Customer is responsible for reviewing the information Modern Musician makes available regarding its data security, including its audit reports, and making an independent determination as to whether the Services meet the Customer’s requirements and legal obligations, including its obligations under Applicable Data Protection Law. Customer is further responsible for properly configuring the Services and using features and functionalities made available by Modern Musician to maintain appropriate security in light of the nature of Customer Data processed as a result of Customer’s use of the Services.

10.3 Security Incident Notification. Modern Musician will provide notification of a Security Incident in the following manner:

1. (a) Modern Musician will, to the extent permitted by applicable law, notify Customer without undue delay, but in no event later than seventy-two (72) hours after Modern Musician’s discovery of a Security Incident impacting Customer Data of which Modern Musician is a processor;
2. (b) Modern Musician will, to the extent permitted and required by applicable law, notify Customer without undue delay of any Security Incident involving Customer Data of which Modern Musician is a controller; and
3. (c) Modern Musician will notify Customer of any Security Incident via email to the email address(es) designated by Customer in Customer’s account.

Modern Musician will make reasonable efforts to identify a Security Incident, and to the extent a Security Incident is caused by Modern Musician’s violation of this Addendum, remediate the cause of such Security Incident. Modern Musician will provide reasonable assistance to Customer in the event that Customer is required under Applicable Data Protection Law to notify a regulatory authority or any data subjects impacted by a Security Incident.

V. International Provisions

11. Jurisdiction Specific Terms. To the extent Modern Musician processes personal data originating from and protected by Applicable Data Protection Law in one of the jurisdictions listed in "Jurisdiction Specific Terms" of this Addendum, the terms specified in "Jurisdiction Specific Terms" with respect to the applicable jurisdiction(s) apply in addition to the terms of this Addendum.

VI. Miscellaneous

12. Cooperation and Data Subject Rights. In the event that either party receives (a) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure, and data portability, as applicable) or (b) any Third Party Request relating to the processing of Customer Account Data or Customer Usage Data conducted by the other party, such party will promptly inform such other party in writing. The parties agree to cooperate, in good faith, as necessary to respond to any Third Party Request and fulfill their respective obligations under Applicable Data Protection Law.

13. Conflict. In the event of any conflict or inconsistency among the following documents, the order of precedence will be: (1) the applicable terms set forth in "Jurisdiction Specific Terms" of this Addendum; (2) the terms of this Addendum outside of "Jurisdiction Specific Terms"; (3) the Agreement; and (4) the Modern Musician Privacy Policy. Any claims brought in connection with this Addendum will be subject to the terms and conditions, including, without limitation, the exclusions and limitations set forth in the Agreement.

14. Failure to Perform. In the event that changes in law or regulation render performance of this Addendum impossible or commercially unreasonable, the parties may renegotiate this Addendum in good faith. If renegotiation would not cure the impossibility or the parties cannot reach an agreement, the parties may mutually agree to terminate the Agreement for convenience.

15. Updates. Modern Musician may update the terms of this Addendum from time to time; provided, however, Modern Musician will provide at least thirty (30) days prior written notice to Customer when an update is required as a result of (a) changes in Applicable Data Protection Law; (b) a merger, acquisition, or other similar transaction; or (c) the release of new products or services or material changes to any of the existing Services. The then-current terms of this Addendum are available at https://go.modernmusician.me/data-protection-addendum.

DETAILS OF PROCESSING

1. Nature and Purpose of the Processing. Modern Musician will process personal data as necessary to provide the Services under the Agreement. Modern Musician does not sell Customer’s personal data or Customer end users’ personal data and does not share such end users’ information with third parties for compensation or for those third parties’ own business interests.

1.1 Customer Content. Modern Musician will process Customer Content as a processor in accordance with Customer’s instructions as set forth in Section 5 (Customer Instructions) of this Addendum.

1.2 Customer Account Data. Modern Musician will process Customer Account Data as a controller for the purposes set forth in Section 2.2 (Modern Musician as a Controller of Customer Account Data) of this Addendum.

1.3 Customer Usage Data. Modern Musician will process Customer Usage Data as a controller for the purposes set forth in Section 2.3 (Modern Musician as a Controller of Customer Usage Data) of this Addendum.

2. Processing Activities.

2.1 Customer Content. Personal data contained in Customer Content will be subject to the following basic processing activities:

1. (a) the provision of programmable communication products and services, primarily offered in the form of application programming interfaces (APIs), to Customer, including transmittal to or from Customer’s software applications, services and designated third parties as directed by customer, from or to the publicly-switched telephone network (PSTN) or by way of other communications networks. Storage of personal data on Modern Musician’s network.

1. (b) the provision of products and services which allow the transmission and delivery of email communications on behalf of Customer to its recipients. Modern Musician will also provide Customer with analytic reports regarding the email communications it sends on Customer's behalf. Storage of personal data on Modern Musician’s network.

1. (c) the provision of products and services which allow Customers to integrate, manage and control their data relating to end users. Storage of personal data on Modern Musician’s network.

2.2 Customer Account Data. Personal data contained in Customer Account Data will be subject to the processing activities of providing the Services.

2.3 Customer Usage Data. Personal data contained in Customer Usage Data will be subject to the processing activities of providing the Services.

3. Duration of the Processing. The period for which personal data will be retained and the criteria used to determine that period is as follows:

3.1 Customer Content.

Services. Prior to the termination of the Agreement, (x) Modern Musician will process stored Customer Content for the Permitted Purposes until Customer elects to delete such Customer Content via the Services and (y) Customer agrees that it is solely responsible for deleting Customer Content via the Services. Modern Musician will (i) provide Customer thirty (30) days after the termination effective date to obtain a copy of any stored Customer Content via the Services; (ii) automatically delete any stored Customer Content thirty (30) days after the termination effective date; and (iii) automatically delete any stored Customer Content on Modern Musician’s back-up systems sixty (60) days after the termination effective date. Any Customer Content archived on Modern Musician’s back-up systems will be securely isolated and protected from any further processing, except as otherwise required by applicable law or regulation.

3.2 Customer Account Data. Modern Musician will process Customer Account Data as long as required (a) to provide the Services to Customer; (b) for Modern Musician’s legitimate business needs; or (c) by applicable law or regulation. Customer Account Data will be stored in accordance with the Modern Musician Privacy Policy.

3.3 Customer Usage Data. Upon termination of the Agreement, Modern Musician may retain, use, and disclose Customer Usage Data for the purposes set forth in Section 1.3 (Customer Usage Data) of this "Details of Processing", subject to the confidentiality obligations set forth in the Agreement. Modern Musician will anonymize or delete Customer Usage Data when Modern Musician no longer requires it for the purposes set forth in Section 1.3 (Customer Usage Data) of this "Details of Processing".

4. Categories of Data Subjects.

4.1 Customer Content. Customer’s end users.

4.2 Customer Account Data. Customer’s employees and individuals authorized by Customer to access Customer’s Modern Musician account or make use of the MFA Services or telephone number assignments received from Modern Musician.

4.3 Customer Usage Data. Customer’s end users.

5. Categories of Personal Data. Modern Musician processes personal data contained in Customer Account Data, Customer Content, and Customer Usage Data.

6. Sensitive Data or Special Categories of Data.

6.1 Customer Content. Sensitive Data may, from time to time, be processed via the Services where Customer or its end users choose to include Sensitive Data within the communications that are transmitted using the Services. Customer is responsible for ensuring that suitable safeguards are in place prior to transmitting or processing, or prior to permitting Customer’s end users to transmit or process, any Sensitive Data via the Services.

6.2 Customer Account Data and Customer Usage Data.

1. (a) Sensitive Data may be found in Customer Account Data in the form of Subscriber Records containing passport or similar identifier data necessarily processed in order to receive telephone number assignments.

1. (b) Customer Usage Data does not contain Sensitive Data.

JURISDICTION SPECIFIC TERMS

1. Australia:

1.1 The definition of “Applicable Data Protection Law” includes the Australian Privacy Principles and the Australian Privacy Act (1988).

1.2 The definition of “personal data” includes “Personal Information” as defined under Applicable Data Protection Law.

1.3 The definition of “Sensitive Data” includes “Sensitive Information” as defined under Applicable Data Protection Law.

2. Brazil:

2.1 The definition of “Applicable Data Protection Law” includes the Lei Geral de Proteção de Dados (LGPD).

2.2 The definition of “Security Incident” includes a security incident that may result in any relevant risk or damage to data subjects.

2.3 The definition of “processor” includes “operator” as defined under Applicable Data Protection Law.

3

. California:

3.1 The definition of “Applicable Data Protection Law” includes the California Consumer Privacy Act (CCPA).

3.2 The definition of “personal data” includes “Personal Information” as defined under Applicable Data Protection Law and, for clarity, includes any Personal Information contained within Customer Account Data, Customer Content, and Customer Usage Data.

3.3 The definition of “data subject” includes “Consumer” as defined under Applicable Data Protection Law. Any data subject rights, as set forth in Section 8 (Data Subject Rights) of this Addendum, apply to Consumer rights. In regards to data subject requests, Modern Musician can only verify a request from Customer and not from Customer’s end user or any third party.

3.4 The definition of “controller” includes “Business” as defined under Applicable Data Protection Law.

3.5 The definition of “processor” includes “Service Provider” as defined under Applicable Data Protection Law.

3.6 Modern Musician will process, retain, use, and disclose personal data only as necessary to provide the Services under the Agreement, which constitutes a business purpose. Modern Musician agrees not to (a) sell (as defined by the CCPA) Customer’s personal data or Customer end users’ personal data; (b) retain, use, or disclose Customer’s personal data for any commercial purpose (as defined by the CCPA) other than providing the Services; or (c) retain, use, or disclose Customer’s personal data outside of the scope of the Agreement. Modern Musician understands its obligations under the Applicable Data Protection Law and will comply with them.

3.7 Modern Musician will implement and maintain reasonable security procedures and practices appropriate to the nature of the personal data it processes as set forth in Section 11 (Security) of this Addendum.

4. Canada:

4.1 The definition of “Applicable Data Protection Law” includes the Federal Personal Information Protection and Electronic Documents Act (PIPEDA).

4.2 Modern Musician will implement technical and organizational measures as set forth in Section 11 (Security) of this Addendum.

5. European Economic Area (EEA):

5.1 The definition of “Applicable Data Protection Law” includes the General Data Protection Regulation (EU 2016/679) (“GDPR”).

5.2 Notwithstanding anything to the contrary in this Addendum or in the Agreement (including, without limitation, either party’s indemnification obligations), neither party will be responsible for any GDPR fines issued or levied under Article 83 of the GDPR against the other party by a regulatory authority or governmental body in connection with such other party’s violation of the GDPR.

5.3 Customer acknowledges that Modern Musician, as a controller, may be required under Applicable Data Protection Law to notify a regulatory authority of Security Incidents involving Customer Usage Data. If a regulatory authority requires Modern Musician to notify impacted data subjects with whom Modern Musician does not have a direct relationship (e.g., Customer’s end users), Modern Musician will notify Customer of this requirement. Customer will provide reasonable assistance to Modern Musician to notify the impacted data subjects.

6. Israel:

6.1 The definition of “Applicable Data Protection Law” includes the Protection of Privacy Law (PPL).

6.2 The definition of “controller” includes “Database Owner” as defined under Applicable Data Protection Law.

6.3 The definition of “processor” includes “Holder” as defined under Applicable Data Protection Law.

6.4 Modern Musician will require that any personnel authorized to process Customer Content comply with the principle of data secrecy and have been duly instructed about Applicable Data Protection Law. Such personnel sign confidentiality agreements with Modern Musician in accordance with Section 6 (Confidentiality) of this Addendum.

6.5 Modern Musician must take sufficient steps to ensure the privacy of data subjects by implementing and maintaining the security measures as specified in Section 11 (Security) of this Addendum and complying with the terms of the Agreement.

7. Japan:

7.1 The definition of “Applicable Data Protection Law” includes the Act on the Protection of Personal Information (APPI).

7.2 The definition of “personal data” includes “Personal Information” as defined under Applicable Data Protection Law.

7.3 The definition of “controller” includes “Business Operator” as defined under Applicable Data Protection Law. As a Business Operator, Modern Musician is responsible for the handling of personal data in its possession.

7.4 The definition of “processor” includes a business operator entrusted by the Business Operator with the handling of personal data in whole or in part (also a “trustee”), as defined under Applicable Data Protection Law. As a trustee, Modern Musician will ensure that the use of the entrusted personal data is securely controlled.

8. Mexico:

8.1 The definition of “Applicable Data Protection Law” includes the Federal Law for the Protection of Personal Data Held by Private Parties and its Regulations (FLPPIPPE).

8.2 When acting as a processor, Modern Musician will:

1. (a) treat personal data in accordance with Customer’s instructions set forth in Section 5 (Customer Instructions) of this Addendum;

1. (b) process personal data only to the extent necessary to provide the Services;

1. (c) implement security measures in accordance with Applicable Data Protection Law and Section 11 (Security) of this Addendum;

1. (d) keep confidentiality regarding the personal data processed in accordance with the Agreement;

1. (e) delete all personal data upon termination of the Agreement in accordance with Section 10 (Return or Deletion of Customer Content) of this Addendum

9. Singapore:

9.1 The definition of “Applicable Data Protection Law” includes the Personal Data Protection Act 2012 (PDPA).

9.2 Modern Musician will process personal data to a standard of protection in accordance with the PDPA by implementing adequate technical and organizational measures as set forth in Section 11 (Security) of this Addendum and complying with the terms of the Agreement.

10. Switzerland:

10.1 The definition of “Applicable Data Protection Law” includes the Swiss Federal Act on Data Protection.

11. United Kingdom (UK):

11.1 References in this Addendum to GDPR will to that extent be deemed to be references to the corresponding laws of the United Kingdom (including the UK GDPR and Data Protection Act 2018).

11.2 Notwithstanding anything to the contrary in this Addendum or in the Agreement (including, without limitation, either party’s indemnification obligations), neither party will be responsible for any UK GDPR fines issued or levied under Article 83 of the UK GDPR against the other party by a regulatory authority or governmental body in connection with such other party’s violation of the UK GDPR.

11.3 Customer acknowledges that Modern Musician, as a controller, may be required under Applicable Data Protection Law to notify a regulatory authority of Security Incidents involving Customer Usage Data. If a regulatory authority requires Modern Musician to notify impacted data subjects with whom Modern Musician does not have a direct relationship (e.g., Customer’s end users), Modern Musician will notify Customer of this requirement. Customer will provide reasonable assistance to Modern Musician to notify the impacted data subjects.