Data Protection Laws covered by the Red Hat Data Processing Addendum
The Red Hat Data Processing Addendum (“DPA”), available at https://www.openshift.com/legal/terms/ or https://www.redhat.com/en/about/agreements, applies to the Processing of Personal Data disclosed to Red Hat by Customer as part of Your Content under the Red Hat Online Services Agreement or Appendix 4, as applicable (“Agreement”), if and to the extent i) the European General Data Protection Regulation (EU/2016/679) (“GDPR”); or ii) any other data protection laws identified below apply. The DPA prevails over any conflicting term of the Agreement
European Economic Area:
European Union Regulations and EEA Member State laws, other than GDPR, requiring a contract governing the processing of personal data, identical to or substantially similar to the requirements specified in Art. 28 of the GDPR.
The Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, as amended, superseded or replaced, once entering into force, and the UK Data Protection Act 2018.
Law on Personal Data Protection (Zakon o zaštiti podataka o ličnosti; Official Gazette of the Republic of Serbia, no 87/2018).
State of California, United States:
The California Consumer Privacy Act of 2018 (“CCPA”) upon entering into force. Red Hat’s obligations to Customer under the DPA are those that the CCPA requires that a "Business" have in place with a "Service Provider" (including new Section 4(i) below), as "Service Provider" and "Business" are defined by the CCPA:
4(i) Red Hat will not further collect, Sell, retain, disclose or use the Personal Information of the Consumer for any purpose other than to perform the Services specified in the Agreement, or as otherwise permitted by CCPA. Red Hat certifies that it understands and will comply with the restrictions set forth in this Section 4(i).
The terms used in the applicable provisions of the DPA shall be replaced as follows: "Personal Data" shall mean "Personal Information"; "Controller" shall mean "Business"; "Processor" shall mean "Service Provider"; and "Data Subject" shall mean "Consumer".
The Brazil’s General Data Protection Law, Lei Geral de Proteção de Dados (“LGPD”) upon entering into force. A new section 4(j) below to the DPA will apply:
4(j) Each party is responsible to fulfil its respective obligations set out in the LGPD, and Customer will only issue Processing instructions, as set forth in Section 4(a) of the DPA, that enable Red Hat to fulfill its LGPD obligations. For the purpose of Section 5, the Standard Contractual Clauses will be used for transfers to Non-Adequate Countries as per the GDPR.