1. The Parties may perform personal data processing within the framework of this Agreement in accordance with Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
  2. The Parties confirm and shall undertake to ensure that the information (data) they acquire from the other party (including - information, data from this webpage, B2B system) shall not be delivered to third persons without the consent of the other party.
  3. The Parties shall implement appropriate technical and organisational measures in order to ensure that by default only such personal data, which are required for activities of the parties within the framework of this Agreement, are processed, and for each particular purpose of processing. The above mentioned obligation shall refer to the scope of collected and transferred personal data, degree of processing, period of storage and availability thereof.
  4. The Parties shall ensure, review on a regular basis and improve protection measures in order to protect personal data from unauthorised access, accidental loss, disclosure or destruction. One Party shall not be held liable for any unauthorised access to personal data and/or personal data loss if it is not dependent on the Party, for example due to the fault and/or negligence of the other Party or third person.
  5. In the case of a personal data protection breach the Party shall immediately notify the other Party of such, but shall not notify the competent supervisory authority (State Data Inspectorate -, of the personal data protection breach without unjustified delay, not later than within 72 hours from the moment when the Party has become aware of the breach, except for in cases when it is unlikely that the personal data protection breach could cause a risk to the rights and freedoms of natural persons.