Big Rig Media®
User Icon

Data Processing Addendum

Last updated April 22, 2026

This Data Processing Addendum (the “Addendum”) is between Big Rig Media LLC and/or its affiliates (“Big Rig,” “we,” “us” or “Company”) with whom you entered into an Agreement or Terms and Conditions of Service for the provision of services (the “T&C’s”) and you (“you” or the “Customer”) and incorporates the terms and conditions set out herein. This Addendum supplements and forms part of the Terms of Service. Unless otherwise defined in this Addendum, all capitalized terms not defined in the Addendum will have the meanings given to them in the T&C’s. Your questions relating to this Addendum may be addressed to us at [email protected].

Standard Terms for Processing Addendum

1. Definitions

“Applicable Data Protection Laws” means any law or regulation applicable to processing of Personal Data under the Agreement or T&C’s, including:

  • Brazil’s General Data Protection Law (LGPD);
  • California Consumer Privacy Act and from January 1, 2023, as amended by the California Privacy Rights Act of 2020 (CCPA) Cal. Civ. Code 1798.100 et seq;
  • Canada’s Federal Personal Information Protection and Electronic Documents Act (PIPEDA);
  • Colorado Privacy Act (CPA);
  • European Union General Data Protection Regulation 2016/679 (GDPR), and the Privacy and Electronic Communications Directive 2002/58/EC;
  • Swiss Federal Data Protection Act of 19 June 1992 and its Ordinance;
  • UK Data Protection Act 2018, UK General Data Protection Regulation as defined by the DPA as amended by the Data Protection, Privacy and Electronic Communications (as amended from time to time “Amendments”) (EU Exit) Regulations 2019 (together with the DPA, the UK GDPR), and the Privacy and Electronic Communications Regulations 2003;
  • India’s Digital Personal Data Protection Act, 2023;
  • Australia’s Privacy Act 1988 (No. 119, 1988) (as amended);
  • New Zealand’s Privacy Act 2020;
  • Hong Kong’s Personal Data (Privacy) Ordinance (Cap. 486) as amended in 2021 (‘PDPO’);
  • Ukraine’s Law of 1 June 2010 No. 2297-VI on Personal Data Protection;
  • Singapore’s Personal Data Protection Act 2012 (No. 26 of 2012);
  • Philippines’ The Data Privacy Act of 2012 (Republic Act No. 10173);
  • Virginia Consumer Data Protection Act (CDPA); and
  • any other relevant law, statute, declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding instrument which implements any of the above or which otherwise relates to data protection, privacy or the use of Personal Data, in each case as applicable and in force from time to time, and as amended, consolidated, re-enacted or replaced from time to time.

“Consumer” has the meaning given in the CCPA, the CPA, and/or the CDPA, as applicable.

“Controller to Controller Clauses” means (i) in respect of transfers of Personal Data and Customer Account Information subject to the GDPR, the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021, specifically including Module 1 (Controller to Controller); and (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner, in each case as amended, updated or replaced from time to time.

“Controller to Processor Clauses” means (i) in respect of transfers of Personal Data subject to the GDPR, the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021, specifically including Module 2 (Controller to Processor); and (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner, in each case as amended, updated or replaced from time to time.

“Customer Account Information” means information created or used by the Company while providing Services, including the Personal Data of the Customer and its employees and representatives and other data relating to the Customer’s account with us including account transaction history and identity verification and subject to Applicable Data Laws.

“Data Subject” means individual identified or identifiable by the Personal Data.

“De-Identified Data” means data that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a specific Data Subject.

“End-User” means the customers of the Customer. For avoidance of doubt, this does not include the Company’s direct contracting customer.

“Independent Controller” means the controller who does not process personal data on behalf of others but does so far for its own purpose.

“Personal Data” has the meaning given under the Applicable Data Protection Laws.

“Process,” “Processed,” or “Processing” have the meaning given in the Applicable Data Protection Laws.

“Processor to Processor Clauses” means (i) in respect of transfers of Personal Data subject to the GDPR, the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021 specifically including Module 3 (Processor to Processor); (ii) in respect of transfers of Personal Data subject to the UK GDPR, the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses (version B.1.0) issued by the UK Information Commissioner, in each case as amended, updated or replaced from time to time.

“Sell,” “Selling,” “Sale,” or “Sold” have the meaning given in the CCPA.

“Sensitive Personal Data” means (a) social security number, passport number, driver’s license number, or similar identifier; (b) credit or debit card information, financial information, bank account numbers, or account passwords; (c) employment, financial, genetic, biometric, or health information; (d) racial, ethnic, political or religious affiliation, trade union membership, or information about sexual life or orientation; (e) account passwords, mother’s maiden name, date of birth, and other similar information used to authenticate a user’s identity; (f) criminal history; (g) biometric data used to identify a specific person (e.g., fingerprints); or (h) any other information or combination of information that falls within the definitions of “special categories of data” under any Applicable Data Protection Law.

“Share,” “Sharing,” or “Shared” have the meaning given in the CCPA.

“Standard Contractual Clauses” or “SCCs” means the standard data protection clauses for the transfer of personal data from a controller or processor established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR and approved by the European Commission decision 2021/914 of 4 June 2021.

“Sub-processor” means any Processor engaged by Processor or Controller to Process data on behalf of Controller.

“Third Countries” means a country or territory that is not recognized under Applicable Data Protection Laws from time to time as providing adequate protection for Personal Data, including (i) in relation to Personal Data transfers subject to the GDPR, any country outside of the scope of the data protection laws of the European Economic Area, excluding countries approved as providing adequate protection for Personal Data by the European Commission from time to time; and (ii) in relation to Personal Data transfers subject to the UK GDPR, any country outside of the scope of the data protection laws of the UK, excluding countries approved as providing adequate protection for Personal Data by the relevant competent authority of the UK from time to time.

“UK Standard Contractual Clauses” or “UK SCCs” means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the UK GDPR and approved by the European Commission decision 2010/87/EU.

2. Conditions of Processing

2.1 This Addendum governs the terms under which we will Process the Personal Data on behalf of Customer. The Personal Data is processed solely for the purpose of providing you with certain services as part of the Services as set out in Schedule 1 unless described in Schedule 2 or 3. We will Process the Customer Account Information as a Controller. Customer Account Information is processed as determined by Big Rig to administer your accounts while providing you with Services as set out in Schedule 2. Big Rig provides Domain Name Registration services as an Independent Controller as set out in Schedule 3.

2.2 In the event of any conflict or discrepancy between the terms of the Agreement or the T&C’s and this Addendum, the terms of this Addendum will prevail, to the extent of the conflict. In the event of any conflict or discrepancy between this Addendum and any applicable terms of service or the respective standard contractual clauses, the clauses will prevail to the extent of the conflict.

2.3 Customer Obligations.

2.3.1 When you are a Controller, you are solely responsible for determining the purposes and means of processing Personal Data within your control, will have the necessary legal basis, consents, and permissions to provide Personal Data to the Company, and will comply with Applicable Data Protection Laws.

2.3.2 When you are a Processor, you are solely responsible for complying with agreement(s) with your End-Users on whose behalf you are processing Personal Data, will have the necessary legal basis, consents, and permissions from your End-Users, employees, representatives, agents or other individuals to provide Personal Data to the Company, and will comply Applicable Data Protection Laws.

2.4 Company Obligations.

2.4.1 When Big Rig is a Processor, we will only Process the Personal Data on behalf of Controller and in accordance with, and for the purposes set out in, the documented instructions received from Controller, unless required to Process such Personal Data by applicable law to which Processor is subject; in which case, Processor will inform Controller of that legal requirement before Processing, unless such law prohibits such information on important grounds of public interest.

2.4.2 When Big Rig is a Controller, we will process Personal Data in compliance with Applicable Data Protection Laws, and with contractual, legal or regulatory authority to process the Personal Data and Customer Account Information to provide the services described in the Agreement and the T&C’s.

2.4.3 Big Rig will ensure that its personnel who are authorized to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

2.4.4 As a Controller, Big Rig will comply with requests from a Data Subject seeking to exercise any of their rights under Applicable Data Protection Laws as required.

2.4.5 As a Processor, Big Rig will notify Controller without undue delay upon receipt by Processor of a request from a Data Subject seeking to exercise any of their rights under Applicable Data Protection Laws (without responding to such request). Processor will, at Controller’s expense, assist Controller by appropriate technical and organizational measures, for the fulfillment of Controller’s obligations to respond to any such requests by Data Subjects to exercise their rights under Applicable Data Protection Laws (including the right to transparency and information, the Data Subject access right, the right to rectification and erasure, the right to the restriction of processing, the right to data portability and the right to object to processing). Processor will carry out a request from Controller to amend or correct any of the Personal Data to the extent necessary to allow Controller to comply with its responsibilities under Applicable Data Protection Laws. Further, Processor will carry out a request from Controller to block, transfer or delete any of the Personal Data to the extent necessary to allow Controller to comply with its responsibilities as a Controller.

2.4.6 As a Processor, Big Rig will, insofar as possible and at Controller’s expense, assist Controller in carrying out its obligations under Applicable Data Protection Laws, including Articles 32 to 36 of the GDPR and the UK GDPR, with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators. Processor will without undue delay notify Controller about any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data or any accidental or unauthorized access or any other event affecting the integrity, availability or confidentiality of Personal Data, to the extent required by Applicable Data Protection Laws.

2.4.7 Upon termination of the Processing of Personal Data by us, and at the choice and expense of the Customer, we will either (i) delete all Personal Data and any copies thereof; or (ii) return all Personal Data to the Customer and delete existing copies, in each case unless otherwise permitted or required by applicable law to which Customer is subject. To the extent any Personal Data is “deidentified” or in the “aggregate” as those terms are defined or understood under Applicable Data Protection Laws, we may use such information for any commercial purpose in accordance with Applicable Data Protection Laws, including but not limited to developing analytics, and may retain, use and disclose such information for such purpose, without restriction.

2.4.8 Big Rig will, upon written request from Customer from time to time, provide you with such information as is reasonably necessary to demonstrate compliance with the obligations laid down in this Addendum. Big Rig will, subject to reasonable advance notice, permit you or a third-party auditor authorized by you and which is not a competitor of ours to carry out an audit and inspection of the processing of Personal Data by us during normal Processor business hours. We may require a third-party auditor to enter into a confidentiality agreement before permitting it to carry out an audit or inspection. The auditing party will bear its own costs in relation to such audit. The obligations set forth in this Section 2 will only apply to the Company to the extent required by Applicable Data Protection Laws.

2.4.9 If and to the extent Customer is a “business” and a Controller, and provides “personal information” to Big Rig as a Processor (business and personal information, each as defined by the CCPA), the Parties acknowledge and agree that some information provided to Processor in connection with the Agreement and the T&C’s may constitute “Personal Information” as defined under the CCPA. Terms defined and used under the CCPA and used in the applicable provisions of this Addendum will be replaced as follows:

  • “Personal Data” will mean “Personal Information”;
  • “Controller” will mean “Business”;
  • “Processor” will mean “Service Provider” or “Contractor” as the case may be;
  • “Data Subject” will mean “Consumer”; and
  • “Process,” “Processed,” or “Processing,” will have the meaning as defined under the CCPA.

Processor will Process Personal Data in accordance with the CCPA where applicable, and solely for the purpose of providing the Services as specified in the Agreement and the T&C’s to Controller. If and to the extent Controller is a “business” and Controller provides any “personal information” to Processor (business and personal information, each as defined by the CCPA) subject to the CCPA, Processor will not otherwise (i) Process Personal Data for purposes other than those set forth in the Agreement and the T&C’s or as instructed by Controller’s documented written instruction, to the extent feasible or required by CCPA; (ii) retaining, using, or disclosing the Personal Data for any purpose other than for the business purpose as specified in the Agreement and the T&C’s, except as otherwise permitted by the CCPA; (iii) sell or share Personal Data; (iv) retain, use, or disclose Personal Data outside of the direct business relationship between Processor and Controller, except as otherwise permitted by the CCPA; or (v) from January 1, 2023, combining the Personal Data with any other information it receives from or on behalf of a third party or collects from its own interaction with a Data Subject except as otherwise permitted under the CCPA and regulations adopted by the California Privacy Protection Agency. Processor certifies that it understands these restrictions and will comply with them. If Processor must Process Personal Data as otherwise required by applicable law, Processor will inform Controller of that legal requirement before Processing Personal Data, unless that law prohibits such disclosure on important grounds of public interest.

2.4.10 From January 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the Virginia Consumer Data Protection Act (CDPA) subject to the CDPA, the Parties acknowledge and agree that some information provided to Processor in connection with the Agreement and the T&C’s may constitute “Personal Data” as defined under the CDPA. Terms defined and used under the CDPA and used in the applicable provisions of this Addendum will be replaced as follows:

  • “Controller” will mean “Controller”;
  • “Processor” will mean “Processor”;
  • “Data Subject” will mean “Consumer”; and
  • “Process,” “Processing,” or “Personal Data” will have the meaning as defined under the CDPA.

From January 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the CDPA) subject to the CDPA, Processor will Process Personal Data in accordance with Annex I, except as otherwise permitted by the CDPA and to the extent feasible or required by the CDPA. From January 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the CDPA) subject to the CDPA, Processor will (i) ensure that each person Processing Personal Data is subject to a duty of confidentiality with respect to the Personal Data; (ii) at Controller direction, delete or return (at Controller’s sole cost and expense) all Personal Data to the Controller as requested at the end of the provision of Services, unless retention of the Personal Data is required by law; (iii) upon the reasonable request of the Controller, but in no event once annually, make available to the Controller all information in Processor’s possession necessary to demonstrate Processor’s compliance with the obligations herein; and (iv) in so far as reasonably practicable and taking into account the information available to Processor and the nature of the Processor’s nature of Processing: (1) reasonably assist Controller with response to Data Subject requests pursuant to the CDPA, (2) reasonably assist the Controller in meeting the Controller’s obligations in relation to (a) the security of Processing the Personal Data and (b) the notification of a breach of security of the system of the Processor pursuant to the CDPA, and (3) provide necessary information to enable the Controller to conduct and document data protection assessments pursuant to the CDPA. Processor certifies that it understands these restrictions and will comply with them. If Processor must Process Personal Data as otherwise required by applicable law, Processor will inform Controller of that legal requirement before Processing Personal Data, unless that law prohibits such disclosure on important grounds of public interest.

2.4.11 From July 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the Colorado Privacy Act (CPA) subject to the CPA, the Parties acknowledge and agree that some information provided to Processor in connection with the Terms of Service may constitute “Personal Data” as defined under the CPA. Terms defined and used under the CPA and used in the applicable provisions of this Addendum will be replaced as follows:

  • “Controller” will mean “Controller”;
  • “Processor” will mean “Processor”;
  • “Data Subject” will mean “Consumer”; and
  • “Process,” “Processing,” or “Personal Data” will have the meaning as defined under the CPA.

From July 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the CPA) subject to the CPA, Processor will Process Personal Data in accordance with Annex I, except as otherwise permitted by the CPA and to the extent feasible or required by the CPA. From July 1, 2023, if and to the extent Controller is a “controller” and Controller provides any “personal data” to Processor (controller and personal data, each as defined by the CPA) subject to the CPA, Processor will (i) ensure that each person Processing Personal Data is subject to a duty of confidentiality with respect to the Personal Data; (ii) at Controller direction, delete or return (at Controller’s sole cost and expense) all Personal Data to the Controller as requested at the end of the provision of Services, unless retention of the Personal Data is required by law; (iii) upon the reasonable request of the Controller, but in no event once annually, make available to the Controller all information in Processor’s possession necessary to demonstrate Processor’s compliance with the obligations herein; and (iv) in so far as reasonably possible and taking into account the information available to Processor and the nature of the Processor’s nature of Processing: (1) reasonably assist Controller with response to Data Subject requests pursuant to the CPA, (2) reasonably assist the Controller in meeting the Controller’s obligations in relation to (a) the security of Processing the Personal Data and (b) the notification of a breach of security of the system of the Processor pursuant to the CPA, and (3) provide necessary information to enable the Controller to conduct and document data protection assessments pursuant to the CPA. Processor certifies that it understands these restrictions and will comply with them. If Processor must Process Personal Data as otherwise required by applicable law, Processor will inform Controller of that legal requirement before Processing Personal Data, unless that law prohibits such disclosure on important grounds of public interest.

3. International Data Transfers

3.1 Controller acknowledges and agrees that the other Party may, or may appoint an affiliate or third-party subprocessor to, Process the Personal Data in a Third Country, provided that it ensures that such Processing takes place in accordance with the requirements of Applicable Data Protection Laws.

3.2 To the extent the party does Process the Personal Data subject to the GDPR or the UK GDPR in a Third Country or permit any third party including its subcontractors to Process such Personal Data in any Third Country, and it or they are acting as data importer, Controller will comply with the data exporter’s obligations set out in the Controller to Processor Clauses, and Controller to Controller Clauses, which are hereby incorporated into and form part of this Addendum, and Processor will comply with the data importer’s obligations set out in the Clauses, and:

  • for the purposes of Annex I or Part 1 (as relevant) of such Controller to Processor Clauses and Controller to Controller Clauses (“Clauses”) the parties and processing details set out in Schedule 1, 2, and 3 (Processing Details) will apply, and the Start Date is the Effective Date;
  • if applicable, for the purposes of Part 1 of such Clauses, the relevant Addendum EU SCCs (as such term is defined in the applicable Clauses) are the standard contractual clauses for the transfer of Personal Data to third countries set out in Commission Decision 2021/914 of 4 June 2021 (Modules 1, 2 and 3) as incorporated into this Agreement by virtue of this Clause; and
  • for the purposes of Annex II or Part 1 (as relevant) of such Clauses, the technical and organizational security measures set out in the Security Policy will apply; and if applicable, for the purposes of: (i) Clause 9 of such Clauses, Option 2 (“General written authorization”) is deemed to apply and a notice period of 10 days will apply; (ii) Clause 11(a) of such Clauses, the optional wording in relation to independent dispute resolution is deemed to be omitted; (iii) Clause 13 and Annex I.C, the competent supervisory authority will be the Dutch Supervisory Authority (Autoriteit Persoonsgegevens); (iv) Clause 17, Option 1 is deemed to be selected and the governing law will be Dutch laws; (v) Clause 18, the competent courts will be the courts of the Netherlands; (vi) Part 1 of such Clauses, Processor as importer may terminate the Clauses pursuant to Section 19 of such Controller to Processor Clauses.

3.3 Customer acknowledges and agrees that Processor may appoint an affiliate or third party subcontractor to Process the Personal Data in a Third Country, in which case the Company will execute the Processor to Processor Clauses or Controller to Processor Clauses with any relevant subcontractor (including affiliates) it appoints.

3.4 Controller acknowledges and agrees that the other party relies solely on Controller for direction as to the extent to which party is entitled to access, use, Process and Sell the Personal Data. Consequently, subject to applicable law, a party is not liable for any claim brought by Controller or a Data Subject arising from any action or omission to the extent that such action or omission resulted from Controller’s instructions.

4. Controller’s Obligations

4.1 Controller warrants that it has complied and continues to comply with the Applicable Data Protection Laws, in particular that it has obtained any necessary consents or given any necessary notices, and otherwise has a legitimate ground to disclose Personal Data to Processor and enable the Processing of Personal Data as set out in this Addendum and as envisaged by the Agreement and the T&C’s.

4.2 Controller agrees that it will indemnify and hold harmless the other party on demand from and against all claims, liabilities, costs, expenses, loss or damage (including consequential losses, loss of profit and loss of reputation and all interest, penalties and legal and other professional costs and expenses) incurred by Processor arising directly or indirectly from a breach of this Section 4 or any Applicable Data Protection Laws.

5. Information Security Programs

5.1 Big Rig maintains a risk-based information security program to implement appropriate technical and organizational security measures which are detailed at [insert link to security policy], as amended, updated or replaced from time to time (the “Security Policy”).

5.2 You are solely responsible for taking appropriate risk-based steps to ensure the security of your account, and the Personal Data of its End-Users within your control. You are responsible for independently determining whether the data security provided by us adequately meets your obligations under Applicable Data Protection Laws. Customer is responsible to use the security features and functions provided by us or finding an alternative for your websites. You are responsible for ensuring all content that you place within our network is free from vulnerabilities that could result in a compromise of Big Rig systems or the Personal Data of your End-Users. Big Rig is not responsible for backing up your Personal Data or the Personal Data of your End-Users. You are also responsible for your secure use of the services, including protecting the security of your Personal Data in transit to and from the including to securely backup or encrypt any such Personal Data. For more information on your responsibility for account and network security see the T&C’s.

6. Sub-Processing

You consent to our engaging the third-party Subprocessors listed at [insert link to list of third party subprocessors] (which may be updated from time to time in accordance with this Addendum), elsewhere on the Big Rig website or as otherwise notified to you by us, to process the Personal Data. We will provide you with 10 days prior notice of any intended changes to our subprocessors (including by posting such notice on our website), during which time you may object to any such amendment. To the extent required by Applicable Data Protection Law, we will ensure that we have a written agreement in place with all subprocessors which contains obligations on such subprocessors which are no less onerous than the obligations on the parties under this Addendum.

7. Term and Termination

7.1 We may amend this Addendum from time to time due to changes in Applicable Data Protection Laws or as otherwise determined by us in our commercially reasonable discretion. Any amendment will become effective upon notification to you (by email or by posting on our website) and, if you do not agree to any such amendment, you should stop using the Services and contact us to cancel your account.

7.2 Termination of this Addendum will be governed by the T&C’s.

8. Law and Jurisdiction

This Addendum and any dispute or claim (including non-contractual disputes or claims) arising out of or in connection with it or its subject matter or formation will be governed by and construed in all respects in accordance with the T&C’s.

Schedule 1

Processing Details for Terms of Service

List of Parties

Data exporter(s): the Customer under the Agreement entered into between the Data Importer and Data Exporter. Activities relevant to the data transferred under this Addendum are as identified in the Agreement, the T&C’s and other relevant agreements applicable to the Services provided to the Data Exporter by the Data Importer. Role: Controller.

Data importer(s): Big Rig Media LLC and/or the relevant Big Rig affiliate.
Address: 10153 1/2 Riverside Dr Suite 119, Toluca Lake, CA 91602, U.S.A.
Contact: Data Protection Officer, [email protected]Role: Processor.

Description of Transfer

The subject matter of the data processing covered by this Addendum is the Personal Data, which is processed for the purposes of the Agreement, the T&C’s and this Addendum. The Personal Data is processed solely for the purpose of providing the services described in the Agreement for the duration thereof. The nature of the processing consists of that which is required in order to provide the Services requested by the Data Exporter. The categories of Personal Data transferred and categories of data subjects whose personal data is transferred include identification and contact information (such as name, email address, address, title and contact details) of Controller and End-Users and other contacts; and information gathered in connection with the provision of Services to Controller, including analytics, social networking information, device information, and browser information of both Controller and Controller’s customers and other contacts.

The frequency of the transfer is ongoing and according to the T&C’s. The subject matter, the nature, and duration of processing by relevant subprocessors is as set out in this Schedule 1 and as permitted by this Addendum. For example, this includes providing you with customer service, fraud detection and deterrence or access to advertising assets and providing us with information technology and storage services or to assist us in our own marketing and advertising activities (including providing us with analytic information and search engine optimization services). Additional information about certain third-party service providers we share Personal Information with is available here: https://www.getindio.com/privacy-policy/. Our contracts with such third parties prohibit them from using any of your Personal Data for any purpose beyond the purpose for which it was shared. If you purchase a product or service from a third-party through one of our brands, we will pass your Personal Data to such third-party in order for them to fulfill your order. Data retention period is defined by the T&C’s.