Relevant Data:

1. Personal Data whose processing is permitted:

• The types of Personal Data that a User (including the Owner) is allowed to process as part of Organization Data are limited to those which the User is legally permitted to process. The Owner undertakes that Organization Data will not include, and neither he nor any other User who accesses the Organization (including any such Guest User) will use the Service for the processing of, Personal Data whose processing is legally prohibited.

1. Personal Data whose processing is restricted:

• The Owner acknowledges that the processing of certain types of Personal Data is restricted or limited under the GDPR and that non-compliance with the relevant restrictions or limitations may result in substantial penalties, including fines, being imposed on, or other punitive, remedial or compensatory measures being taken against, the Owner, the Supplier and the User involved in the processing (if different from the Owner).

• Consequently, the Owner undertakes that, absent the Supplier's prior explicit consent, Organization Data will not include, and neither he nor any other User who accesses the Organization (including any such Guest User) will use the Service for the processing of, Personal Data that fall within either of the following categories: (a) 'special categories of personal data' (also known as 'sensitive information') as described for the time being in Article 9 of the GDPR, including particularly but without limitation genetic data, biometric data and data concerning health; (b) 'personal data relating to criminal convictions and offences or related security measures' as described for the time being in Article 10 of the GDPR.

The Supplier will process Relevant Data only as necessary to carry out the Owner's instructions or as required by law to which the Supplier or the processing is subject (which includes any judicial, arbitral, administrative or otherwise mandatory order or judgment made, recognised or enforceable under that law).

The categories of Data Subjects include but may not be limited to: (a) Users having access to the Organization, including such Guest Users; (b) Users who interact with the Features applied via the Organization; (c) employees, contractors, consultants, associates and agents of (i) the Owner, (ii) the Subscriber of, or payer for, the Service Plan pertaining to the Organization, or (iii) the Users mentioned in the preceding subsections; and (d) parties with whom the Owner or the above Subscriber, payer or User does business or has other relations.

The operations that the Supplier performs on Relevant Data will include storage and such other operations as appropriate in light of this article 3 (e.g., retrieval, transmission, erasure, restriction and disclosure pursuant to the Owner's instructions or as required by law). Certain of these operations have been described in the Privacy Policy.