1. Definitions
Capitalized terms which are not defined herein shall have the meaning provided in the Agreement. In addition, the following defined terms apply solely with respect to this DPA.
1.1 “Applicable Law” means any statute, regulation, executive order, and other rule or rules issued by a government office or agency that have binding legal force and are generally applicable to Personal Data or the provision of the Services with respect to Personal Data, including GDPR, CCPA, and the state and federal laws of the United States.
1.2 “CCPA” means the California Consumer Privacy Act of 2018.
1.3 “Data Subject” means an identified or identifiable natural person whose rights are protected by GDPR or a “Consumer” as defined under CCPA.
1.4 “GDPR” means Regulation 2016/679 of the European Parliament.
1.5 “Personal Data” means any information about a natural person that is identified or identifiable to the natural person, either alone or in combination with other information, that WP Engine will Process or have access to as part of providing the Services, including any such information that is created by means of the Services. Personal Data includes “personal data” as that term is defined under GDPR and “personal information” as defined under CCPA.
1.6 “Process,” when used with respect to Personal Data, means: (i) to record, store, organize, structure, analyze, query, modify, combine, encrypt, display, disclose, transmit, receive, render unusable, or destroy, by automated means or otherwise; (ii) to provide cloud or other remote technology hosting services for applications or services that do any of the foregoing; and (iii) any other use or activity that is defined or understood to be processing under Applicable Law.
1.7 “Security Event” means any of the following: (i) unauthorized Processing or other use or disclosure of Personal Data; (ii) unauthorized access to or acquisition of Personal Data or the systems on which Personal Data is Processed; (ii) any significant corruption or loss of Personal Data that WP Engine is unable to repair within a minimal period of time; (iii) any event that has or is reasonably likely to significantly disrupt the Processing of the Personal Data as part of the Services; and (iv) any material unsuccessful attempt to gain unauthorized access to, or to destroy or corrupt, the Personal Data, but not including any routine, unsuccessful events such as pings, port scans, blocked malware, failed log in attempts, or denial of service attacks.