Additional Safeguards. 1. In the event of an EEA Transfer, a UK Transfer, or a Swiss Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate: a. The data importer as defined in Part 1 of this Schedule 2 shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from the data exporter as defined in Part 1 of this Schedule 2 to the data importer and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data. b. The data importer will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, or the AFDP, including under section 702 of the United States Foreign Intelligence Surveillance Act (“FISA”); c. If the data importer becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise: I. The data importer shall inform the relevant government authority that Riverside is a processor of the Personal Data and that the data exporter, as the controller, has not authorized Riverside to disclose the Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Personal Data should therefore be notified to or served upon the Controller in writing; II. The data importer will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under the data importer’s control. Notwithstanding the above, (a) the data exporter acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Personal Data, the data importer has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(II) shall not apply. In such event, the data importer shall notify the data exporter, as soon as possible, following the access by the government authority, and provide the data exporter with relevant details of the same, unless and to the extent legally prohibited to do so. 2. Once in every 12-month period, the data importer will inform the data exporter, at the data exporter’s written request, of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA.
Appears in 1 contract
Samples: Data Processing Addendum
Additional Safeguards. 1. In the event of an EEA Transfer, Transfer or a UK Transfer, or a Swiss Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate:
a. The data importer as defined in Part 1 of this Schedule 2 Company shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from the data exporter as defined in Part 1 of this Schedule 2 Partner to the data importer Company and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data.
b. The data importer Company will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, or the AFDP, including under section 702 of the United States Foreign Intelligence Surveillance Act (“FISA”);
c. If the data importer Company becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise:
I. The data importer Company shall inform the relevant government authority that Riverside Company is a processor of the Personal Data and that Partner, the data exporter, as the controllerController, has not authorized Riverside Company to disclose the Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Personal Data should therefore be notified to or served upon the Controller Partner in writing;
II. The data importer Partner will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under the data importerCompany’s control. Notwithstanding the above, (a) the data exporter Partner acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Personal Data, the data importer Company has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(II) shall not apply. In such event, the data importer Company shall notify the data exporterPartner, as soon as possible, following the access by the government authority, and provide the data exporter Partner with relevant details of the same, unless and to the extent legally prohibited to do so.
2. Once in every 12-month period, the data importer Company will inform the data exporterPartner, at the data exporterPartner’s written request, request of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA.
A. Identification of Parties
Appears in 1 contract
Samples: Data Processing Addendum
Additional Safeguards. 1. In the event of an EEA Transfer, a UK Transfer, or a Swiss any Cross-Border Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate:
a. The data importer as defined in Part 1 of this Schedule 2 Data Importer shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from the data exporter as defined in Part 1 of this Schedule 2 Data Exporter to the data importer Data Importer and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data.
b. The data importer Data Importer will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR GDPR, FADP or the UK GDPR, or the AFDP, including under section 702 of the United States Foreign Intelligence Surveillance Act (“FISA”);
c. If the data importer Data Importer becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Customer’s Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise:
I. The data importer Data Importer will notify the Data Exporter immediately after first becoming aware of such demand for access to Customer’s Personal Data and provide the Data Exporter with all relevant details of the same, unless and to the extent legally prohibited to do so;
II. The Data Importer shall inform the relevant government authority that Riverside the Data Importer is a processor of the Customer’s Personal Data and that the data exporter, as the controller, Data Exporter and/or Controller has not authorized Riverside the Data Importer to disclose the Customer’s Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Customer’s Personal Data should therefore be notified .
III. to or served upon the Data Exporter and/or Controller in writing;
IIIV. The data importer Data Importer will use commercially reasonable legal mechanisms to challenge any such demand for access to Customer’s Personal Data which is under the data importerData Importer’s control. Notwithstanding the above, (a) the data exporter Data Exporter acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Customer’s Personal Data, the data importer Data Importer has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(IIc)(III) shall not apply. In such event, the data importer Data Importer shall notify the data exporterData Exporter, as soon as possible, following the access by the government authority, and provide the data exporter Data Exporter with relevant details of the same, unless and to the extent legally prohibited to do so.
2. Once in every 12-month period, the data importer Data Importer will inform the data exporterData Exporter, at the data exporterData Exporter’s written request, to the extent permitted by applicable law, of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA.
Appears in 1 contract
Samples: Data Processing Addendum
Additional Safeguards. 1. In the event of an EEA Transfer, Transfer or a UK Transfer, or a Swiss Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate:
a. The data importer as defined in Part 1 of this Schedule 2 Processor shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from the data exporter as defined in Part 1 of this Schedule 2 Controller to the data importer Processor and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data.
b. The data importer Processor will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, or the AFDP, including under section 702 of the United States Foreign Intelligence Surveillance Act Court (“"FISA”");
c. If the data importer Processor becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise:
I. The data importer Processor shall inform the relevant government authority that Riverside the Processor is a processor of the Personal Data and that the data exporter, as the controller, Controller has not authorized Riverside the Processor to disclose the Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Personal Data should therefore be notified to or served upon the Controller in writing;
II. The data importer Processor will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under the data importerProcessor’s control. Notwithstanding the above, (a) the data exporter Controller acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Personal Data, the data importer Processor has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(II) shall not apply. In such event, the data importer Processor shall notify the data exporterController, as soon as possible, following the access by the government authority, and provide the data exporter Controller with relevant details of the same, unless and to the extent legally prohibited to do so.
2. Once in every 12-month period, the data importer Processor will inform the data exporterController, at the data exporterController’s written request, of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA.
Appears in 1 contract
Samples: Data Processing Addendum
Additional Safeguards. 1. In the event of an EEA Transfer, Transfer or a UK Transfer, or a Swiss Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate:
a. The data importer as defined in Part 1 of this Schedule 2 Processor shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from the data exporter as defined in Part 1 of this Schedule 2 Controller to the data importer Processor and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data.
b. The data importer Processor will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, or the AFDP, including under section 702 of the United States Foreign Intelligence Surveillance Act Court (“FISA”);
c. If the data importer Processor becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise:
I. The data importer Processor shall inform the relevant government authority that Riverside the Processor is a processor of the Personal Data and that the data exporter, as the controller, Controller has not authorized Riverside the Processor to disclose the Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Personal Data should therefore be notified to or served upon the Controller in writing;
II. The data importer Processor will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under the data importerProcessor’s control. Notwithstanding the above, (a) the data exporter Controller acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Personal Data, the data importer Processor has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(II) shall not apply. In such event, the data importer Processor shall notify the data exporterController, as soon as possible, following the access by the government authority, and provide the data exporter Controller with relevant details of the same, unless and to the extent legally prohibited to do so.
2. Once in every 12-month period, the data importer Processor will inform the data exporterController, at the data exporterController’s written request, of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA.
Appears in 1 contract
Samples: Data Processing Addendum
Additional Safeguards. 1. In the event of an EEA Transfer, Transfer or a UK Transfer, or a Swiss Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate:
a. The data importer as defined in Part 1 of this Schedule 2 Company shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from the data exporter as defined in Part 1 of this Schedule 2 Partner to the data importer Company and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data.
b. The data importer Company will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, or the AFDP, including under section 702 of the United States Foreign Intelligence Surveillance Act (“FISA”);.
c. If the data importer Company becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise:
I. The data importer Company shall inform the relevant government authority that Riverside Company is a processor of the Personal Data and that Partner, the data exporter, as the controllerController, has not authorized Riverside Company to disclose the Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Personal Data should therefore be notified to or served upon the Controller Partner in writing;
II. The data importer Partner will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under the data importerCompany’s control. Notwithstanding the above, (a) the data exporter Partner acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Personal Data, the data importer Company has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(II) shall not apply. In such event, the data importer Company shall notify the data exporterPartner, as soon as possible, following the access by the government authority, and provide the data exporter Partner with relevant details of the same, unless and to the extent legally prohibited to do so.
2. Once in every 12-month period, the data importer Company will inform the data exporterPartner, at the data exporterPartner’s written request, request of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA.
Appears in 1 contract
Samples: Data Processing Addendum