The Data Processor pursuant to Article 28 of the Personal Data Protection Code (the EU “GDPR”) is an external party that processes personal data on behalf of the Data Controller. The Data Processor must be appointed by way of a contract/legal deed that binds it to the Controller. The Data Processor is expressly obliged to guarantee transparency and security of data and must adopt suitable technical and organizational measures.