Actions and Access Requests. 8.1. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, where necessary for Controller to comply with its obligations under the Data Protection Laws, conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum.
8.4. Processor shall make available for Controller’s review at xxxxx://xxx.x0x.xxx/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request no more than once per calendar year, reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause to believe that Processor is in material breach of its obligations hereunder, Processor shall allow Controller or its authorised representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept tho...
Actions and Access Requests. 9.1. Company shall provide Subscriber with reasonable cooperation and assistance, where Subscriber must comply with its obligations under the GDPR, conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Subscriber does not otherwise have access to the relevant information. To the extent legally permitted, Subscriber shall be responsible for any costs and expenses arising from any Company assistance.
9.2. Company shall provide Subscriber with reasonable cooperation and assistance with respect to Subscriber’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and required by the GDPR.
9.3. To the extent legally permitted, Subscriber shall be responsible for any costs and expenses arising from any Company assistance.
Actions and Access Requests. 7.1. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance where necessary for Controller to comply with its obligations under the GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
7.2. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
7.3. In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
7.4. In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay. 7.5. The obligations described in Sections 7.3 and 7.4 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller.
Actions and Access Requests. 9.1 Zoom shall, taking into account the nature of the Processing and the information available to Zoom, provide Customer with reasonable cooperation and assistance where necessary for Customer to comply with its obligations under Applicable Data Protection Law to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Customer does not otherwise have access to the relevant information.
9.2 Zoom shall, taking into account the nature of the Processing and the information available to Zoom, provide Customer with reasonable cooperation and assistance with respect to Customer’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by Applicable Data Protection Law.
9.3 Zoom shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum. Customer shall, with reasonable notice to Zoom, have the annual right to review such records at Zoom’s offices during regular business hours.
9.4 Upon Customer’s request, Zoom shall, no more than once per calendar year make available for Customer’s review copies of certifications or reports demonstrating Zoom’s compliance with prevailing data security standards applicable to the Processing of Customer’s Personal Data. (If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), the parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with this Section 9.4.)
9.5 In the event of a Personal Data Breach, Zoom shall, without undue delay but no later than seventy-two (72) hours after confirming that a breach of personal data has occurred, inform Customer of the Personal Data Breach and take such steps as Zoom in its sole discretion deems necessary and reasonable to remediate such violation.
9.6 In the event of a Personal Data Breach, Zoom shall, taking into account the nature of the Processing and the information available to Zoom, provide Customer with reasonable cooperation and assistance necessary for Customer to comply with its obligations under Applicable Data Protection Law with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
9.7 The obligations described in Sections 9.5 and 9.6 shall not apply in the event that a Personal Data Breach results from the ac...
Actions and Access Requests. Workato shall, taking into account the nature of the Processing and the information available to Workato, provide Account Holder with reasonable cooperation and assistance (a) where necessary for Account Holder to comply with obligations applicable to it under the Data Protection Laws to conduct a data protection impact assessment, provided that Account Holder does not otherwise have access to the relevant information; and (b) with respect to Account Holder’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and/or where required by the Data Protection Laws.
Actions and Access Requests. 11.1 Upon AlienVault’s request, Vendor shall make available to AlienVault all information available to Vendor and to Authorized Subcontractors that AlienVault reasonably deems necessary to demonstrate compliance by AlienVault with its obligations under Applicable Laws (including in particular the GDPR, when effective) relating to the Personal Data and the Processing conducted by Vendor and Authorized Subcontractors.
11.2 Upon AlienVault’s request, Vendor shall provide all necessary assistance to AlienVault in connection with any data protection impact assessments (“DPIA(s)”) that AlienVault determines (in its sole discretion) it must conduct or cause to be conducted in order to comply with Applicable Laws, to the extent that such DPIA(s) relate to the Processing.
11.2.1 Upon AlienVault’s request, AlienVault shall provide all necessary assistance to AlienVault in connection with any consultation with a Supervisory Authority that AlienVault determines (in its sole discretion) it must undertake as a result of a DPIA, to the extent that such DPIA relates to the Processing.
11.3 Upon AlienVault’s request, Vendor shall provide all necessary assistance to AlienVault in the event of any investigation, action, or request made by a Supervisory Authority, to the extent that such investigation, action, or request relates to the Personal Data or the Processing.
11.4 Upon AlienVault’s request, Vendor shall provide AlienVault, and any Supervisory Authority with whom AlienVault is consulting or cooperating, with a designated contact for all queries and requests relating to the Processing of Personal Data.
11.5 Upon AlienVault’s request, Vendor shall provide all necessary assistance to AlienVault in connection with any certification or re- certification efforts by AlienVault with respect to the EU-US Privacy Shield Framework.
11.6 In the event Vendor determines that any Processing violates Applicable Laws (including the valid exercise of a Data Subject Right) or this Addendum, it shall immediately inform AlienVault and follow Instructions for stopping such Processing and/or remediating the violation.
11.7 Without limiting the foregoing, in the event of a change in Applicable Laws affecting this Addendum, Vendor agrees to work in good faith with AlienVault to make any amendments to this Addendum pursuant to Section 14.2, and further agrees to make any changes to its Technical and Organizational Security Measures as are reasonably necessary to ensure continued compliance wit...
Actions and Access Requests. 8.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance where necessary for Controller to comply with its obligations under Applicable Data Protection Law to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information.
8.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by Applicable Data Protection Law.
8.3 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum. Controller shall, with reasonable notice to Processor, have the annual right to review such records at Processor’s offices during regular business hours.
8.4 Upon Controller’s request, Processor shall, no more than once per calendar year make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. (If Controller and Processor have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with this Section 8.4.)
8.5 In the event of a Personal Data Breach, Processor shall, without undue delay but no later than forty-eight
Actions and Access Requests. 8.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance where necessary for Controller to comply with its obligations under the GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Processor, have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4 Upon Controller’s request and at Controller’s choice, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data, or
Actions and Access Requests. 9.1 Upon Client’s request, eArcu shall make available to Client all information available to eArcu and available to Subprocessors that are necessary to demonstrate compliance by Client with its obligations under Applicable Data Protection Laws and the Processing conducted by eArcu and Subprocessors.
9.2 Upon Client’s request, eArcu shall provide reasonable assistance to Client in connection with any Data Protection Impact Assessment that Client determines (in its sole discretion) it must conduct or cause to be conducted in order to comply with Applicable Data Protection Laws, to the extent that such DPIA(s) relate to the Processing.
Actions and Access Requests. 9.1. DSI shall provide Subscriber with reasonable cooperation and assistance, where Subscriber must comply with its obligations under the GDPR, conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Subscriber does not otherwise have access to the relevant information. To the extent legally permitted, Subscriber shall be responsible for any costs and expenses arising from any DSI assistance.
9.2. DSI shall provide Subscriber with reasonable cooperation and assistance with respect to Subscriber’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and required by the GDPR.
9.3. To the extent legally permitted, Subscriber shall be responsible for any costs and expenses arising from any DSI assistance.
