Common use of Additional Business Terms for Reviews and Audits Clause in Contracts

Additional Business Terms for Reviews and Audits. a. If the European Data Protection Legislation applies to the processing of Customer Personal Data, Customer may exercise its right to audit Upwork under Sections 7.4.1(a) or 7.4.1(b): (1) where there has been a Data Incident within the previous six (6) months or there is reasonable suspicion of a Data Incident within the previous six (6) months or (2) where Customer will pay all reasonable costs and expenses incurred by Upwork in making itself available for an audit. Any third party who will be involved with or have access to the audit information must be mutually agreed to by Customer and Upwork and must execute a written confidentiality agreement acceptable to Upwork before conducting the audit. b. To request an audit under Section 7.4.1(a) or 7.4.1(b), Customer must submit a detailed audit plan to Upwork’s Privacy Contact as described in Section 12 (Privacy Contact; Processing Records) at least thirty (30) days in advance of the proposed audit date, describing the proposed scope, duration, and start time of the audit. The scope may not exceed a review of Upwork’s compliance with the Model Contract Clauses or its compliance with the European Data Protection Legislation, in each case with respect to the Customer Data. The audit must be conducted during regular business hours at the applicable facility, subject to Upwork policies, and may not interfere with Upwork business activities. c. Following receipt by Upwork of a request for an audit under Section 7.4.1(a) or 7.4.1(b), Upwork and Customer will discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any review of documentation; and (ii) the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit under Section 7.4.1(a) or 7.4.1(b). d. Customer will be responsible for any fees it incurs, including any fees charged by any auditor appointed by Customer to execute any such audit. e. Customer will provide Upwork any audit reports generated in connection with any audit under this section, unless prohibited by law. Customer may use the audit reports only to meet its regulatory audit requirements and to confirm compliance with the requirements of the Model Contract Clauses or European Data Protection Legislation. The audit reports, and all information and records observed or otherwise collected in the course of the audit, are Confidential Information of Upwork under the terms of the Agreement. f. Upwork may object in writing to an auditor appointed by Customer if the auditor is, in Upwork’s reasonable opinion, not suitably qualified or independent, a competitor of Upwork, or otherwise unsuitable. Any such objection by Upwork will require Customer to appoint another auditor or conduct the audit itself. g. Nothing in this DPA will require Upwork either to disclose to Customer or its auditor, or to allow Customer or its auditor to access: i. any data of any other customer of Upwork; ii. Upwork’s internal accounting or financial information; iii. any trade secret of Upwork; iv. any information that, in Upwork's reasonable opinion, could: (A) compromise the security of Upwork systems or premises; or (B) cause Upwork to breach its obligations under applicable law or its security and/or privacy obligations to Customer or any third party; or v. any information that Customer or its third party auditor seeks to access for any reason other than the good faith fulfilment of Customer’s obligations under the Model Contract Clauses or European Data Protection Legislation.

Additional Business Terms for Reviews and Audits. a. If the European Data Protection Legislation applies to the processing of Customer Personal Data, Customer may exercise its right to audit Upwork under Sections 7.4.1(a) or 7.4.1(b): (1) where there has been a Data Incident within the previous six (6) months or there is reasonable suspicion of a Data Incident within the previous six (6) months or (2) where Customer will pay all reasonable costs and expenses incurred by Upwork in making itself available for an audit. Any third party who will be involved with or have access to the audit information must be mutually agreed to by Customer and Upwork and must execute a written confidentiality agreement acceptable to Upwork before conducting the audit. b. To request an audit under Section 7.4.1(a) or 7.4.1(b), Customer must submit a detailed audit plan to Upwork’s Privacy Contact as described in Section 12 (Privacy Contact; Processing Records) at least thirty (30) days in advance of the proposed audit date, describing the proposed scope, duration, and start time of the audit. The scope may not exceed a review of Upwork’s compliance with the Model Contract Standard Contractual Clauses or its compliance with the European Data Protection Legislation, in each case with respect to the Customer Data. The audit must be conducted during regular business hours at the applicable facility, subject to Upwork policies, and may not interfere with Upwork business activities. c. Following receipt by Upwork of a request for an audit under Section 7.4.1(a) or 7.4.1(b), Upwork and Customer will discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any review of documentation; and (ii) the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit under Section 7.4.1(a) or 7.4.1(b). d. Customer will be responsible for any fees it incurs, including any fees charged by any auditor appointed by Customer to execute any such audit. e. Customer will provide Upwork any audit reports generated in connection with any audit under this section, unless prohibited by law. Customer may use the audit reports only to meet its regulatory audit requirements and to confirm compliance with the requirements of the Model Contract Standard Contractual Clauses or European Data Protection Legislation. The audit reports, and all information and records observed or otherwise collected in the course of the audit, are Confidential Information of Upwork under the terms of the AgreementtheAgreement. f. Upwork may object in writing to an auditor appointed by Customer if the auditor is, in Upwork’s reasonable opinion, not suitably qualified or independent, a competitor of Upwork, or otherwise unsuitable. Any such objection by Upwork will require Customer to appoint another auditor or conduct the audit itself. g. Nothing in this DPA will require Upwork either to disclose to Customer or its auditor, or to allow Customer or its auditor to access: i. any data of any other customer of Upwork; ii. Upwork’s internal accounting or financial information; iii. any trade secret of Upwork; iv. any information that, in Upwork's reasonable opinion, could: (A) compromise the security of Upwork systems or premises; or (B) cause Upwork to breach its obligations under applicable law or its security and/or privacy obligations to Customer or any third party; or v. any information that Customer or its third party auditor seeks to access for any reason other than the good faith fulfilment of Customer’s obligations under the Model Contract Standard Contractual Clauses or European Data Protection Legislation.

Additional Business Terms for Reviews and Audits. a. If the European Data Protection Legislation applies to the processing of Customer Personal Data, Customer may exercise its right to audit Upwork under Sections 7.4.1(a) or 7.4.1(b): (1) where there has been a Data Incident within the previous six (6) months or there is reasonable suspicion of a Data Incident within the previous six (6) months or (2) where Customer will pay all reasonable costs and expenses incurred by Upwork in making itself available for an audit. Any third party who will be involved with or have access to the audit information must be mutually agreed to by Customer and Upwork and must execute a written confidentiality agreement acceptable to Upwork before conducting the audit. b. To request an audit under Section 7.4.1(a) or 7.4.1(b), Customer must submit a detailed audit plan to Upwork’s Privacy Contact as described in Section 12 (Privacy Contact; Contact; Processing Records) at least thirty (30) days in advance of the proposed audit date, describing the proposed scope, duration, and start time of the audit. The scope may not exceed a review of Upwork’s compliance with the Model Contract Clauses or its compliance with the European Data Protection Legislation, in each case with respect to the Customer Data. The audit must be conducted during regular business hours at the applicable facility, subject to Upwork policies, and may not interfere with Upwork business activities. c. Following receipt by Upwork of a request for an audit under Section 7.4.1(a) or 7.4.1(b), Upwork and Customer will discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any review of documentation; documentation; and (ii) the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit under Section 7.4.1(a) or 7.4.1(b). d. Customer will be responsible for any fees it incurs, including any fees charged by any auditor appointed by Customer to execute any such audit. e. Customer will provide Upwork any audit reports generated in connection with any audit under this section, unless prohibited by law. Customer may use the audit reports only to meet its regulatory audit requirements and to confirm compliance with the requirements of the Model Contract Clauses Clause or European Data Protection Legislation. The audit reports, and all information and records observed or otherwise collected in the course of the audit, are Confidential Information of Upwork under the terms of the Agreement. f. Upwork may object in writing to an auditor appointed by Customer if the auditor is, in Upwork’s reasonable opinion, not suitably qualified or independent, a competitor of Upwork, or otherwise unsuitable. Any such objection by Upwork will require Customer to appoint another auditor or conduct the audit itself. g. Nothing in this DPA these Data Processing Terms will require Upwork either to disclose to Customer [or its auditor], or to allow Customer [or its auditor auditor] to access: i. any data of any other customer of Upwork;Upwork; ii. Upwork’s internal accounting or financial information;information; iii. any trade secret of Upwork;Upwork; iv. any information that, in Upwork's reasonable opinion, could: (A) compromise the security of Upwork systems or premises; premises; or (B) cause Upwork to breach its obligations under applicable law or its security and/or privacy obligations to Customer or any third party; party; or v. any information that Customer [or its third party auditor auditor] seeks to access for any reason other than the good faith fulfilment of Customer’s obligations under the Model Contract Clauses or European Data Protection Legislation.

Additional Business Terms for Reviews and Audits. a. If the European Data Protection Legislation applies to the processing of Customer Personal Data, Customer may exercise its right to audit Upwork under Sections 7.4.1(a) or 7.4.1(b): (1) where there has been a Data Incident within the previous six (6) months or there is reasonable suspicion of a Data Incident within the previous six (6) months or (2) where Customer will pay all reasonable costs and expenses incurred by Upwork in making itself available for an audit. Any third party who will be involved with or have access to the audit information must be mutually agreed to by Customer and Upwork and must execute a written confidentiality agreement acceptable to Upwork before conducting the audit. b. To request an audit under Section 7.4.1(a) or 7.4.1(b), Customer must submit a detailed audit plan to Upwork’s Privacy Contact as described in Section 12 (Privacy Contact; Processing Records) at least thirty (30) days in advance of the proposed audit date, describing the proposed scope, duration, and start time of the audit. The scope may not exceed a review of Upwork’s compliance with the Model Contract Clauses or its compliance with the European Data Protection Legislation, in each case with respect to the Customer Data. The audit must be conducted during regular business hours at the applicable facility, subject to Upwork policies, and may not interfere with Upwork business activities. c. Following receipt by Upwork of a request for an audit under Section 7.4.1(a) or 7.4.1(b), Upwork and Customer will discuss and agree in advance on: (i) the reasonable date(s) of and security and confidentiality controls applicable to any review of documentation; and (ii) the reasonable start date, scope and duration of and security and confidentiality controls applicable to any audit under Section 7.4.1(a) or 7.4.1(b). d. Customer will be responsible for any fees it incurs, including any fees charged by any auditor appointed by Customer to execute any such audit. e. Customer will provide Upwork any audit reports generated in connection with any audit under this section, unless prohibited by law. Customer may use the audit reports only to meet its regulatory audit requirements and to confirm compliance with the requirements of the Model Contract Clauses Clause or European Data Protection Legislation. The audit reports, and all information and records observed or otherwise collected in the course of the audit, are Confidential Information of Upwork under the terms of the Agreement. f. Upwork may object in writing to an auditor appointed by Customer if the auditor is, in Upwork’s reasonable opinion, not suitably qualified or independent, a competitor of Upwork, or otherwise unsuitable. Any such objection by Upwork will require Customer to appoint another auditor or conduct the audit itself. g. Nothing in this DPA these Data Processing Terms will require Upwork either to disclose to Customer [or its auditor], or to allow Customer [or its auditor auditor] to access: i. any data of any other customer of Upwork; ii. Upwork’s internal accounting or financial information; iii. any trade secret of Upwork; iv. any information that, in Upwork's reasonable opinion, could: (A) compromise the security of Upwork systems or premises; or (B) cause Upwork to breach its obligations under applicable law or its security and/or privacy obligations to Customer or any third party; or v. any information that Customer [or its third party auditor auditor] seeks to access for any reason other than the good faith fulfilment of Customer’s obligations under the Model Contract Clauses or European Data Protection Legislation.