Authorized Sub-processors. 5.1 Controller acknowledges and agrees that Processor may (1) engage its affiliates and the Authorized Sub-Processors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. By way of this Addendum, Controller provides general written authorization to Processor to engage sub-processors as necessary to perform the Services. 5.2 A list of Processor’s current Authorized Sub-Processors (the “List”) will be made available to Controller, either attached hereto, at a link provided to Controller, via email or through another means made available to Controller. Such List which may be updated by Processor from time to time. The List may provide a mechanism to subscribe to notifications of new Authorized Sub-Processors and Controller agrees to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than Authorized Sub-Processors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may reasonably object to such an engagement on legitimate grounds by informing Processor in writing within ten (10) days of receipt of the aforementioned notice by Controller. Controller acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Processor from offering the Services to Controller. 5.3 If Controller reasonably objects to an engagement in accordance with Section 5.2, and Processor cannot provide a commercially reasonable alternative within a reasonable period of time, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement. 5.4 If Controller does not object to the engagement of a third party in accordance with Section 5.2 within ten (10) days of notice by Processor, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum. 5.5 Processor will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor under this Addendum with respect to the protection of Personal Data. In case an Authorized Sub-Processors fails to fulfill its data protection obligations under such written agreement with Processor, Processor will remain liable to Controller for the performance of the Authorized Sub-Processor’s obligations under such agreement 5.6 Pursuant to the Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), (i) the above authorizations will constitute Controller’s prior written consent to the subcontracting by Processor of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Processors that must be provided by Processor to Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor only upon request by Controller.
Appears in 1 contract
Samples: Eu Data Processing Addendum
Authorized Sub-processors. 5.1 Controller acknowledges and 4.1 Customer agrees that Processor (a) Sigma may (1) engage its affiliates Affiliates and the Authorized Sub-Processors processors as listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and at xxxxx://xxx.xxxxxxxxxxxxxx.xxx/product/security/subprocessors/ (2“Sub-Processor Page”) which may be updated from time to time and (b) such Affiliates and Sub-Processors respectively may engage additional third parties for party Sub-Processors to process the purpose of providing the Services, including without limitation the Processing of Personal DataData on Sigma’s behalf. By way of this Addendum, Controller Customer provides general written authorization to Processor Sigma to engage subSub-processors Processors as necessary to perform the ServicesService.
5.2 A list of Processor’s current Authorized Sub-Processors (the “List”) will be made available to Controller, either attached hereto, at a link provided to Controller, via email or through another means made available to Controller. Such List which may be updated by Processor from time to time. The List may provide a mechanism to subscribe to notifications of new Authorized Sub-Processors and Controller agrees to subscribe to such notifications where available. 4.2 At least ten (10) days before enabling any third party other than Authorized Sub-Processors to access or participate in the Processing processing of Personal Data, Processor Sigma will add such third party to the ListSub-Processor Page. Controller Sigma will provide written notification of a new Sub-Processor before authorizing any new Sub-Processor to process any Personal Data. Customers may reasonably object to such an engagement on legitimate grounds by informing Processor Sigma in writing within ten (10) days of receipt being informed of the aforementioned notice by Controller. Controller acknowledges that certain subsuch new Sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Processor from offering the Services to ControllerProcessor.
5.3 4.3 If Controller Customer reasonably objects to an engagement in accordance with Section 5.24.2, and Processor Sigma cannot provide a commercially reasonable alternative within a reasonable period of time, Processor Sigma may terminate this AddendumAddendum as Customer’s sole and exclusive remedy for such objection. Termination shall not relieve Controller Customer of any fees owed to Processor Sigma under the Agreement.
5.4 4.4 If Controller Customer does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by ProcessorXxxxx, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum.
5.5 Processor 4.5 Sigma will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor Sigma under this Addendum with respect to the protection of Personal Data. In case an Authorized Sub-Processors fails to fulfill fulfil its data protection obligations under such written agreement with ProcessorSigma, Processor Sigma will remain liable to Controller Customer for the performance of the Authorized Sub-Processor’s obligations under such agreement
5.6 Pursuant to the Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), (i) the above authorizations will constitute Controller’s prior written consent to the subcontracting by Processor of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Processors that must be provided by Processor to Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor only upon request by Controller.
Appears in 1 contract
Samples: Data Processing Addendum
Authorized Sub-processors. 5.1 Controller 4.1 Customer acknowledges and agrees that Processor Company may (1) engage its affiliates Affiliates and the Authorized Sub-Sub- Processors listed in Exhibit C to this Addendum identified on the List (as defined below) to access and Process process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. By way of this Addendum, Controller provides general written authorization to Processor to engage sub-processors as necessary to perform the Services.,
5.2 4.2 A list of ProcessorCompany’s current Authorized Sub-Processors (the “List”) will be made available to Controller, either attached hereto, at a link provided to Controller, via email or through another means made available to Controller. is set forth in Exhibit B. Such List which may be updated by Processor Company from time to time. The List may provide a mechanism to subscribe to notifications of new Authorized Sub-Processors and Controller agrees to subscribe to such notifications where availabletime on ten (10) days email notice. At least ten (10) days before enabling any third party other than existing Authorized Sub-Processors to access or participate in the Processing processing of Personal Data, Processor Company will add such third party to the ListList and notify Customer via email. Controller Customer may reasonably object to such an engagement on legitimate grounds by informing Processor in writing Company within ten (10) days of receipt of the aforementioned notice by ControllerCustomer, provided such objection is in writing and based on reasonable grounds relating to data protection. Controller Customer acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Processor Company from offering the Services to ControllerCustomer.
5.3 4.3 If Controller Customer reasonably objects to an engagement in accordance with Section 5.24.2, and Processor Company cannot provide a commercially reasonable alternative within a reasonable period of time, Processor Customer may terminate this Addendumdiscontinue the use of the affected Service by providing written notice to Company. Termination Discontinuation shall not relieve Controller Customer of any fees owed to Processor Company under the Agreement.
5.4 4.4 If Controller Customer does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by Processor, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum.
5.5 Processor 4.5 Company will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor Company under this Addendum with respect to the protection of Personal Data. In case an Authorized Sub-Processors Processor fails to fulfill its data protection obligations under such written agreement with ProcessorCompany, Processor Company will remain liable to Controller Customer for the performance of the Authorized Sub-Processor’s obligations under such agreement.
5.6 Pursuant to the 4.6 If Customer and Company have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), (i) the above authorizations will constitute ControllerCustomer’s prior written consent to the subcontracting by Processor Company of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Sub-Processors that must be provided by Processor Company to Controller Customer pursuant to Clause 5(j) of the Standard Contractual Clauses UK SCCs or Clause 9(c) of the EU SCCs may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor Company beforehand, and that such copies will be provided by the Processor Company only upon request by ControllerCustomer.
Appears in 1 contract
Samples: Data Processing Agreement
Authorized Sub-processors. 5.1 Controller 4.1 Customer acknowledges and agrees that Processor Company may (1) engage its affiliates Affiliates and the Authorized Sub-Processors listed in Exhibit C B to this Addendum DPA to access and Process process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing processing of Personal Data. By way of this AddendumDPA, Controller Customer provides general written authorization to Processor Company to engage sub-processors as necessary to perform the Services.
5.2 4.2 A list of ProcessorCompany’s current Authorized Sub-Processors (the “List”) will be made available to ControllerCustomer, either attached hereto, at a link provided to ControllerCustomer, via email email, or through another means made available to ControllerCustomer. Such List which may be updated by Processor Company from time to time. The List may provide a mechanism to subscribe to notifications of new Authorized Sub-Processors and Controller agrees to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than existing Authorized Sub-Processors to access or participate in the Processing processing of Personal Data, Processor Company will add such third party to the ListList and notify Customer via email. Controller Customer may reasonably object to such an engagement on legitimate grounds by informing Processor in writing Company within ten (10) days of receipt of the aforementioned notice by ControllerCustomer, provided such objection is in writing and based on reasonable grounds relating to data protection. Controller Customer acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Processor Company from offering the Services to ControllerCustomer.
5.3 4.3 If Controller Customer reasonably objects to an engagement in accordance with Section 5.24.2, and Processor Company cannot provide a commercially reasonable alternative within a reasonable period of time, Processor Customer may terminate this Addendumdiscontinue the use of the affected Service by providing written notice to Company. Termination Discontinuation shall not relieve Controller Customer of any fees owed to Processor Company under the Agreement.
5.4 4.4 If Controller Customer does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by ProcessorCompany, that third party will be deemed an Authorized Sub-Processor for the purposes of this AddendumDPA.
5.5 Processor 4.5 Company will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor Company under this Addendum DPA with respect to the protection of Personal Data. In case an Authorized Sub-Processors Processor fails to fulfill its data protection obligations under such written agreement with ProcessorCompany, Processor Company will remain liable to Controller Customer for the performance of the Authorized Sub-Processor’s obligations under such agreement.
5.6 Pursuant to the 4.6 If Customer and Company have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), (i) the above authorizations will constitute ControllerCustomer’s prior written consent to the subcontracting by Processor Company of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Sub-Processors that must be provided by Processor Company to Controller Customer pursuant to Clause 5(j9(c) of the Standard Contractual Clauses EU SCCs may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor Company beforehand, and that such copies will be provided by the Processor Company only upon request by ControllerCustomer.
Appears in 1 contract
Samples: Data Processing Addendum
Authorized Sub-processors. 5.1 Controller acknowledges 4.1 You acknowledge and agrees agree that Processor we may (1) engage its our affiliates and the Authorized Sub-Processors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the SignalWire Services and (2) from time to time engage additional third parties for the purpose of providing the SignalWire Services, including without limitation the Processing of Personal Data. By way of this Addendum, Controller provides you provide general written authorization to Processor us to engage subSub-processors Processors as necessary to perform the SignalWire Services.
5.2 4.2 A list of Processor’s our current Authorized Sub-Processors (the “List”) will be made available to Controlleryou, either attached hereto, at a link provided to Controlleryou, via email or through another means made available to Controlleryou. Such List which may be updated by Processor SignalWire from time to time. The List may provide a mechanism to subscribe to notifications of new Authorized Sub-Processors and Controller agrees you agree to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than Authorized Sub-Processors to access or participate in the Processing of Personal Data, Processor we will add such third party to the List. Controller You may reasonably object to such an engagement on legitimate grounds by informing Processor us in writing within ten (10) days of receipt of the aforementioned notice by Controlleryou. Controller acknowledges You acknowledge that certain subSub-processors Processors are essential to providing the SignalWire Services and that objecting to the use of a subSub-processor Processor may prevent Processor us from offering the SignalWire Services to Controlleryou.
5.3 4.3 If Controller you reasonably objects object to an engagement in accordance with Section 5.24.2, and Processor we cannot provide a commercially reasonable alternative within a reasonable period of time, Processor we may terminate this Addendum. Termination shall not relieve Controller you of any fees owed to Processor us under the Agreement.
5.4 4.4 If Controller does you do not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by Processorus, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum.
5.5 Processor 4.5 We will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor us under this Addendum with respect to the protection of Personal Data. In case an Authorized Sub-Processors fails to fulfill its data protection obligations under such written agreement with Processorus, Processor we will remain liable to Controller you for the performance of the Authorized Sub-Processor’s obligations under such agreement
5.6 Pursuant to the 4.6 If you and SignalWire have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), ,
(i) the above authorizations will constitute Controller’s your prior written consent to the subcontracting by Processor us of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Sub-Processors that must be provided by Processor us to Controller you pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor us beforehand, and that such copies will be provided by the Processor us only upon request by Controlleryou.
Appears in 1 contract
Samples: Eu Data Processing Addendum
Authorized Sub-processors. 5.1 Controller 4.1 Merchant acknowledges and agrees that Processor may Recurly may, as specified in Annex B, (1) engage its affiliates and the Authorized Sub-Sub- Processors listed in Exhibit C at xxxxx://xxxxxxx.xxx/legal/privacy/subprocessors to this Addendum to access and accessand Process Personal Data in connection with the withthe Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. By way of this Addendum, Controller Xxxxxxxx provides general written authorization to Processor Recurly to engage sub-sub- processors as necessary to perform the Services.
5.2 4.2 A list of ProcessorRecurly’s current Authorized Sub-Processors (the “List”) will be made is available to Controller, either attached hereto, at a link provided to Controller, via email or through another means made available to Controllerxxxxx://xxxxxxx.xxx/legal/privacy/subprocessors. Such List which may be updated by Processor Recurly from time to time. The List may provide a mechanism to subscribe Xxxxxxxx acknowledges and agrees that it is solely responsible for subscribing to notifications of changes, which notification mechanism will be available through the List, in order to be notified of new Authorized Sub-Processors Processors. Xxxxxxxx also acknowledges and Controller agrees that, aside from updating the List and informing Merchant that the List has been updated, Recurly shall have no obligation to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than inform Merchant ofany additional Authorized Sub-Processors to access or participate Processors. If the parties have entered into the Standard Contractual Clauses, the notification requirements set out in the Processing of Personal Data, Processor Clause 9 will add such third party to the Listcontrol. Controller may reasonably object to such an engagement on legitimate grounds by informing Processor in writing within ten (10) days of receipt of the aforementioned notice by Controller. Controller Merchant acknowledges that certain sub-sub- processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Processor Recurly from offering the Services to ControllerMerchant.
5.3 4.3 If Controller Merchant reasonably objects to an engagement in accordance with Section 5.24.2, and Processor Recurly cannot provide a commercially reasonable alternative within a reasonable period of time, Processor Recurly may terminate the Agreement or this Addendum. Termination shall not relieve Controller Merchant of any fees owed to Processor under the Recurly underthe Agreement.
5.4 4.4 If Controller Merchant does not object to the engagement of a third party in accordance with Section 5.2 within ten (10) days of notice by Processor4.2, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum.
5.5 Processor 4.5 Recurly will enter into a written agreement with the Authorized Sub-Processor imposing the same data protection obligations on the Authorized Sub-Processor data protection obligations comparable to as those imposed on Processor Recurly under this Addendum and by applicable Data Protection Laws with respect to the protection of Personal Data. In case an Authorized Sub-Processors fails to fulfill its data protection obligations under such written agreement with Processor, Processor will remain liable to Controller for the performance of the Authorized Sub-Processor’s obligations under such agreement.
5.6 Pursuant to the Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), (i) the The above authorizations will constitute ControllerMerchant’s prior written consent to the subcontracting by Processor Recurly of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Sub-Processors that must be provided by Processor Recurly to Controller Merchant pursuant to Clause 5(j9(c) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor Recurly only upon request by ControllerXxxxxxxx.
Appears in 1 contract
Samples: Personal Data Processing Addendum
Authorized Sub-processors. 5.1 Controller acknowledges and agrees that Processor may (1) engage its affiliates and the Authorized Customer hereby generally authorizes Billtrust’s appointment Sub-Processors listed processors in Exhibit C the context of the Processor Services on the following terms:
(a) Billtrust may continue to this Addendum to access and Process Personal Data in connection with use those Sub-processors already engaged by Billtrust as of the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. By way date of this Addendum, Controller provides general written authorization to Processor to engage sub-processors as necessary to perform the Servicesset out at xxxxxxxxx.xxx/xxx-xxxxxxxxxx.
5.2 A list (b) Billtrust shall provide Customer ten (10) days’ prior written notice of Processor’s current Authorized the appointment or replacement of any new Sub-Processors (the “List”) will be made available to Controller, either attached hereto, at a link provided to Controller, via email or through another means made available to Controller. Such List which may be updated processor by Processor from time to time. The List may provide offering Customers a mechanism to subscribe to notifications updates to the list of new Authorized Billtrust Sub-Processors and Controller agrees to subscribe to such notifications where availableprocessors. At least ten Within five (10) days before enabling any third party other than Authorized Sub-Processors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may reasonably object to such an engagement on legitimate grounds by informing Processor in writing within ten (105) days of receipt posting each such notice, Customer may object to the appointment or replacement of a Sub- processor provided such objection is in writing and based on reasonable grounds relating to data protection. If Customer’s concerns cannot be resolved in a commercially reasonable manner within twenty (25) days of Billtrust receiving notice of Customer’s objection, Billtrust will either not appoint or replace the Sub-processor or, if this is not possible (in Billtrust’s discretion), either Party may terminate all or part of the aforementioned notice Agreement (without prejudice to any payments owed or fees incurred by ControllerCustomer prior to termination). Controller acknowledges that certain sub-processors are essential to providing the Services This termination right shall constitute Customer’s sole and that objecting to the use of a sub-processor may prevent Processor from offering the Services to Controller.
5.3 If Controller reasonably exclusive remedy if Customer objects to an engagement Billtrust engaging a new or replacement Sub-processor, in accordance with the above. Notwithstanding the foregoing, Billtrust may add or replace a Sub-processor (meeting the requirements of Section 5.23.3(c)) immediately if it is necessary to ensure continuity of Processing or recovery in case of emergency, and Processor cannot except as prohibited by Applicable Data Protection Laws. In such case, Billtrust will provide a commercially reasonable alternative within a reasonable period of time, Processor may terminate this Addendumnotice as far in advance as reasonably possible. Termination shall not relieve Controller of any fees owed to Processor under In the Agreement.
5.4 If Controller event that the Customer does not exercise its right to object to the engagement of a third party Sub-processor in accordance with Section 5.2 within ten (10) days of notice by Processorthe terms described above, that third party will silence shall be deemed to constitute an Authorized approval of such engagement.
(c) With respect to each Sub-Processor for the purposes of this Addendum.
5.5 Processor will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor under this Addendum with respect to the protection of Personal Data. In case an Authorized Sub-Processors fails to fulfill its data protection obligations under such written agreement with Processorprocessor, Processor will remain liable to Controller for the performance of the Authorized Sub-Processor’s obligations under such agreement
5.6 Pursuant to the Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), Billtrust shall (i) carry out adequate due diligence to ensure that the above authorizations will constitute Controller’s prior written consent to Sub-processor is capable of providing the subcontracting by Processor level of the processing of protection and security for Personal Data if such consent is required under by this Addendum before the Standard Contractual Clauses, Sub-processor first Processes Personal Data; and (ii) impose terms between Billtrust and the parties agree Sub-Processor that offer substantially the copies same level of the agreements with Authorized Sub- Processors that must be provided by Processor to Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor only upon request by Controllerprotection for Personal Data as those set out in this Addendum.
Appears in 1 contract
Samples: Data Processing Agreement
Authorized Sub-processors. 5.1 4.1 Controller acknowledges and agrees that Processor may (1) engage its affiliates and the Authorized Sub-Processors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. By way of this Addendum, Controller provides general written authorization to Processor to engage sub-processors as necessary to perform the Services.
5.2 4.2 A list of Processor’s current Authorized Sub-Processors (the “List”) will be made available to Controller, either attached hereto, at a link provided to Controller, via email or through another means made available to Controller. Such List which may be updated by Processor from time to time. The List may provide a mechanism to subscribe to notifications of new Authorized Sub-Processors and Controller agrees to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than Authorized Sub-Processors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may reasonably object to such an engagement on legitimate grounds by informing Processor in writing within ten (10) days of receipt of the aforementioned notice by Controller. Controller acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Processor from offering the Services to Controller.
5.3 4.3 If Controller reasonably objects to an engagement in accordance with Section 5.24.2, and Processor cannot provide a commercially reasonable alternative within a reasonable period of time, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement.
5.4 4.4 If Controller does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by Processor, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum.
5.5 4.5 Processor will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor under this Addendum with respect to the protection of Personal Data. In case an Authorized Sub-Processors Processor fails to fulfill its data protection obligations under such written agreement with Processor, Processor will remain liable to Controller for the performance of the Authorized Sub-Processor’s obligations under such agreement.
5.6 Pursuant to the Standard Contractual Clauses 4.6 If Controller and Processor have entered into C2P SCCs as described in Section 7 11 (Transfers of Personal Data), (i) the above authorizations will constitute Controller’s prior written consent to the subcontracting by Processor of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Sub-Processors that must be provided by Processor to Controller pursuant to Clause 5(j9(c) of the Standard Contractual Clauses C2P SCCs may have commercial information, or information unrelated to the Standard Contractual Clauses C2P SCCs or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor only upon request by Controller.
Appears in 1 contract
Samples: Data Processing Agreement
Authorized Sub-processors. 5.1 4.1. Controller acknowledges and agrees that Processor may (1) engage its affiliates and the Authorized Sub-Sub- Processors listed in Exhibit C to this Addendum set forth on the List to access and Process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. By way of this Addendum, Controller provides general written authorization to Processor to engage sub-processors as necessary to perform the Services.
5.2 A list of Processor’s current Authorized Sub-Processors (the “List”) 4.2. The List will be made available to Controller, either attached hereto, at a link provided to Controller, via email or through another means made available to ControllerController by Processor. Such List which may be updated by Processor from time to time. The List may provide a mechanism to subscribe to notifications of new Authorized Sub-Processors and Controller agrees to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than Authorized Sub-Processors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may reasonably object to such an engagement on legitimate grounds by informing Processor in writing within ten (10) days of receipt of the aforementioned notice by Controller. Controller acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Processor from offering the Services to Controller.
5.3 4.3. If Controller reasonably objects to an engagement in accordance with Section 5.24.2, and Processor cannot provide a commercially reasonable alternative within a reasonable period of time, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement.
5.4 4.4. If Controller does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by Processor, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum.
5.5 4.5. Processor will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor under this Addendum with respect to the protection of Personal Data. In case an Authorized Sub-Processors fails to fulfill its data protection obligations under such written agreement with Processor, Processor will remain liable to Controller for the performance of the Authorized Sub-Processor’s obligations under such agreement
5.6 Pursuant to the 4.6. If Controller and Processor have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), (i) the above authorizations will constitute Controller’s prior written consent to the subcontracting by Processor of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Sub-Processors that must be provided by Processor to Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor only upon request by Controller.
Appears in 1 contract
Samples: End User License Agreement
Authorized Sub-processors. 5.1 4.1 Controller acknowledges and agrees that Processor may (1) engage its affiliates and the Authorized Sub-Processors listed in Exhibit C to this Addendum to access and Process the Controller Personal Data Information in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of the Controller Personal DataInformation. By way of this Addendum, Controller provides general written authorization to Processor to engage sub-processors as necessary to perform the Services.
5.2 A list of Processor’s current . If and to the extent that the personal information Processed by the Authorized Sub-Processors (qualifies as Personal Information under the “List”) will be made available CCPA, any such Authorized Sub-Processors used must qualify as a Service Provider under the CCPA and the Processor cannot make any disclosures to Controller, either attached hereto, at the Authorized Sub-Processors that the CCPA would treat as a link provided to Controller, via email or through another means made available to Controller. Such sale.
4.2 This List which may be updated by Processor from time to time. The List may provide a mechanism Processor shall notify Controller of any new sub-processor Processor wishes to subscribe appoint to notifications carry out Processing activities on behalf of new Authorized Sub-Processors and Controller agrees to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than Authorized Sub-Processors to access or participate in the Processing of Personal Data, Processor will add such third party to the ListController. Controller may reasonably object to such an engagement on legitimate grounds by informing Processor in writing within ten (10) days of receipt of the aforementioned notice by Controller. Controller acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Processor from offering the Services to Controller.
5.3 4.3 If Controller reasonably objects to an engagement in accordance with Section 5.24.2, and Processor cannot provide a commercially reasonable alternative within a reasonable period of time, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement.
5.4 4.4 If Controller does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by Processor, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum.
5.5 4.5 Processor will enter into a written agreement with the implement policies requiring all Authorized Sub-Processor imposing on Processors to comply with the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor under this Addendum with respect to the protection of Personal DataData and Personal Information. In case an Authorized Sub-Processors fails to fulfill its data protection obligations under such written agreement with Processor, Processor will remain liable to Controller for the performance of annually review the Authorized Sub-Processor’s obligations under such agreementIT governance policies and procedures. Processor will engage with the Authorized Sub-Processor to address any issues identified as a part of the review.
5.6 Pursuant to the Standard Contractual Clauses 4.6 If Controller and Processor have entered into SCC and/or IDTA (as applicable), as described in Section 7 6 (Transfers of Personal Data), (i) the above authorizations will constitute Controller’s prior written consent to the subcontracting by Processor Transfer of the processing Controller Personal Information to any Authorized Sub-Processors.
4.7 Notwithstanding any approval by Controller within the meaning of Personal this Section 4, Processor shall remain fully liable vis-à-vis Controller for the performance of any such Authorized Sub-Processor that fails to fulfil its data protection obligations under this Addendum and/or any applicable Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Processors that must be provided by Processor to Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor only upon request by ControllerProtection Laws.
Appears in 1 contract
Samples: Data Processing Agreement
Authorized Sub-processors. 5.1 Controller acknowledges and agrees that Processor may (1) engage its affiliates and the Authorized Customer hereby generally authorizes Billtrust’s appointment Sub-Processors listed processors in Exhibit C the context of the Processor Services on the following terms:
(a) Billtrust may continue to this Addendum to access and Process Personal Data in connection with use those Sub-processors already engaged by Billtrust as of the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. By way date of this Addendum, Controller provides general as set out at xxxxx://xxx.xxxxxxxxx.xxx/sub-processors/.
(b) Billtrust shall provide Customer ten (10) days’ prior written authorization to Processor to engage sub-processors as necessary to perform notice of the Services.
5.2 A list appointment or replacement of Processor’s current Authorized any new Sub-Processors (the “List”) will be made available to Controller, either attached hereto, at a link provided to Controller, via email or through another means made available to Controller. Such List which may be updated processor by Processor from time to time. The List may provide offering Customers a mechanism to subscribe to notifications updates to the list of new Authorized Billtrust Sub-Processors and Controller agrees to subscribe to such notifications where availableprocessors. At least ten Within five (10) days before enabling any third party other than Authorized Sub-Processors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may reasonably object to such an engagement on legitimate grounds by informing Processor in writing within ten (105) days of receipt posting each such notice, Customer may object to the appointment or replacement of a Sub- processor provided such objection is in writing and based on reasonable grounds relating to data protection. If Customer’s concerns cannot be resolved in a commercially reasonable manner within twenty (25) days of Billtrust receiving notice of Customer’s objection, Billtrust will either not appoint or replace the Sub-processor or, if this is not possible (in Billtrust’s discretion), either Party may terminate all or part of the aforementioned notice Agreement (without prejudice to any payments owed or fees incurred by ControllerCustomer prior to termination). Controller acknowledges that certain sub-processors are essential to providing the Services This termination right shall constitute Customer’s sole and that objecting to the use of a sub-processor may prevent Processor from offering the Services to Controller.
5.3 If Controller reasonably exclusive remedy if Customer objects to an engagement Billtrust engaging a new or replacement Sub-processor, in accordance with the above. Notwithstanding the foregoing, Billtrust may add or replace a Sub-processor (meeting the requirements of Section 5.23.3(c)) immediately if it is necessary to ensure continuity of Processing or recovery in case of emergency, and Processor cannot except as prohibited by Applicable Data Protection Laws. In such case, Billtrust will provide a commercially reasonable alternative within a reasonable period of time, Processor may terminate this Addendumnotice as far in advance as reasonably possible. Termination shall not relieve Controller of any fees owed to Processor under In the Agreement.
5.4 If Controller event that the Customer does not exercise its right to object to the engagement of a third party Sub-processor in accordance with Section 5.2 within ten (10) days of notice by Processorthe terms described above, that third party will silence shall be deemed to constitute an Authorized approval of such engagement.
(c) With respect to each Sub-Processor for the purposes of this Addendum.
5.5 Processor will enter into a written agreement with the Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection obligations comparable to those imposed on Processor under this Addendum with respect to the protection of Personal Data. In case an Authorized Sub-Processors fails to fulfill its data protection obligations under such written agreement with Processorprocessor, Processor will remain liable to Controller for the performance of the Authorized Sub-Processor’s obligations under such agreement
5.6 Pursuant to the Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), Billtrust shall (i) carry out adequate due diligence to ensure that the above authorizations will constitute Controller’s prior written consent to Sub-processor is capable of providing the subcontracting by Processor level of the processing of protection and security for Personal Data if such consent is required under by this Addendum before the Standard Contractual Clauses, Sub-processor first Processes Personal Data; and (ii) impose terms between Billtrust and the parties agree Sub-Processor that offer substantially the copies same level of the agreements with Authorized Sub- Processors that must be provided by Processor to Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor only upon request by Controllerprotection for Personal Data as those set out in this Addendum.
Appears in 1 contract
Samples: Data Processing Agreement
Authorized Sub-processors. 5.1 4.1 Controller acknowledges and agrees that Processor may (1) has general authority to engage third parties, partners, agents, or service providers, including its affiliates and the Authorized Sub-Processors listed in Exhibit C Affiliates, to this Addendum to access and Process Personal Data on Controller’s behalf in connection with order to provide the Services and solutions contemplated in the Agreement agreed to by Controller (2) from time “Authorized Subprocessors”). Processor shall not engage a subprocessor to time engage additional third parties for carry out specific Processing activities which fall outside the purpose of providing the Services, including general authority granted above without limitation the Processing of Personal Data. By way of this Addendum, Controller provides general Controller’s prior specific written authorization to and, where such subprocess is so engaged, Processor to engage sub-processors as necessary to perform shall ensure that the Servicessame obligations set out in this Addendum shall be imposed on that subprocessor.
5.2 4.2 A list of Processor’s current Authorized Sub-Processors (the “List”) will be made is available to ControllerController at xxx.xxxxxxxxxx.xxx/xxxxx/xxxxxxxxxxxxx, either attached hereto, at a link provided to Controller, via email or through another means made available to Controller. Such List which may be updated by Processor from time to time. The List may provide a mechanism Controller agrees to subscribe to receive notifications from the List of new Authorized Sub-Processors and Controller agrees to subscribe to such notifications where availableProcessors. At least ten (10) days before enabling any third party other than current Authorized Sub-Processors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may reasonably object to the addition of any such an engagement on legitimate grounds third parties to the List by informing Processor in writing within ten (10) days of receipt of the aforementioned notice by Controller. Controller acknowledges that certain sub-processors are essential to providing the Services and that objecting to the use of a sub-processor may prevent Processor from offering the Services to Controller.
5.3 4.3 If Controller reasonably objects to an engagement in accordance with Section 5.24.2, and Processor cannot provide a commercially reasonable alternative within a reasonable period of time, Processor may terminate this Addendumthe Agreement. Termination shall not relieve Controller of any fees owed to Processor under the Agreement.
5.4 . If Controller does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by Processor, that third party will be deemed an Authorized Sub-Processor for the purposes of this Addendum.
5.5 4.4 Processor will enter into a written agreement with the each Authorized Sub-Processor imposing on the Authorized Sub-Processor data protection that imposes obligations to protect Personal Data that are comparable to those imposed on Processor under this Addendum with respect to the protection of Personal DataAddendum. In case an Authorized Sub-Processors fails to fulfill its data protection obligations under such written agreement with Processor, Processor will remain liable to Controller for the non-performance of the Authorized Sub-Processor’s data protection obligations under such agreement
5.6 Pursuant to the 4.5 If Controller and Processor have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), (i) the above authorizations will constitute Controller’s prior written consent to the subcontracting by Processor of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Sub- Sub-Processors that must be provided by Processor to Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor only upon request by Controller.
Appears in 1 contract
Samples: Data Processing Addendum