Lastline performs malware analytics services for Customer (“Services“) as agreed between the Parties in the Lastline End User License Agreement between Customer and Lastline. In the course of providing the Services, Lastline will process personal data for which, pursuant to EU data privacy laws, Customer, Customer’s affiliates located in the European Union and/or European Economic Area or Customer’s Customers located in the European Union and/or European Economic Area (“Customer’s Customers”) are responsible as provided under Art. 4 no 7 GDPR (“Customer’s personal data”). Customer’s Customers are companies that render services to their end-customers and who engage Lastline as sub-processor.
This Lastline DPA regulates the data protection obligations of the Parties when processing Customer’s or Customer’s Customers personal data is done under the End User License Agreement and will reasonably ensure that such processing will only be rendered on behalf of and under the Instructions of Customer or Customer’s Customers and in accordance with the EU Standard Contractual Clauses for Processors pursuant to European Commission Decision of 5 February 2010 (“SCC”) and Art. 28 et seq. of the General Data Protection Regulation (“GDPR”). See the Lastline DPA for the up-to-date subprocessor list.