Common use of Authorized Subcontractors Clause in Contracts

Authorized Subcontractors. 4.1 Controller acknowledges and agrees that Processor may (1) engage the Authorized Subcontractors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. 4.2 Processor shall notify Controller before engaging any third party other than Authorized Subcontractors to access or participate in the Processing of Personal Data. Controller may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by Controller. 4.2.1 If Controller reasonably objects to an engagement in accordance with Section 4.2, Processor shall provide Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Processor, in its sole discretion, cannot provide any such alternative(s), or if Controller does not agree to any such alternative(s) if provided, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement. 4.2.2 If Controller does not object to the engagement of a third party in accordance with Section 4.2 within ten (10) days of notice by Processor, such third party will be deemed an Authorized Subcontractor for the purposes of this Addendum. 4.3 Processor shall ensure that all Authorized Subcontractors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Processor, any Personal Data both during and after their engagement with Processor. 4.4 Processor shall, by way of contract or other legal act under European Union or European Union member state law (including without limitation approved codes of conduct and standard contractual clauses), ensure that every Authorized Subcontractor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Processor is subject under this Addendum. 4.5 Processor shall be liable to Controller for the acts and omissions of Authorized Subcontractors to the same extent that Processor would itself be liable under this Addendum had it conducted such acts or omissions.

Authorized Subcontractors. 4.1 4.1. Controller acknowledges and agrees that Processor may (1i) engage the Authorized Subcontractors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and (2ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. 4.2 4.2. A list of Processor’s current Authorized Subcontractors (the “List”) is available at xxx.Xxxxx.xxx (such URL may be updated by Processor shall notify Controller from time to time). At least fourteen (14) days before engaging enabling any third party other than Authorized Subcontractors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may object to such an engagement in writing within ten fourteen (1014) days of receipt of the aforementioned notice by Controller. 4.2.1 4.2.1. If Controller reasonably objects to an engagement in accordance with Section 4.2, Processor shall provide Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Processor, in its sole discretion, cannot provide any such alternative(s), or if Controller does not agree to any such alternative(s) if provided, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement. 4.2.2 4.2.2. If Controller does not object to the engagement of a third party in accordance with Section 4.2 within ten fourteen (1014) days of notice by Processor, such third party will be deemed an Authorized Subcontractor for the purposes of this Addendum. 4.3 4.3. Processor shall ensure that all Authorized Subcontractors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Processor, any Personal Data both during and after their engagement with Processor. 4.4 4.4. Processor shall, by way of contract or other legal act under European Union or European Union member state law (including without limitation approved codes of conduct and standard contractual clausesconduct), ensure that every Authorized Subcontractor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Processor is subject under this Addendum. 4.5 4.5. Processor shall be liable to Controller for the acts and omissions of Authorized Subcontractors to the same extent that Processor would itself be liable under this Addendum had it conducted such acts or omissions.

Authorized Subcontractors. 4.1 Controller acknowledges and agrees that Processor may (1) engage the Authorized Subcontractors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. 4.2 A list of Processor’s current Authorized Subcontractors (the “List”) is available at [xxxxx://xxx.xxxxx.xxx/gdpr] (such URL may be updated by Processor shall notify Controller from time to time). At least ten (10) days before engaging enabling any third party other than Authorized Subcontractors to access or participate in the Processing of Personal Data, Processor will add such third party to the List and notify Controller of that update via email. Controller may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by Controller. 4.2.1 If Controller reasonably objects to an engagement in accordance with Section 4.2, Processor shall provide Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Processor, in its sole discretion, cannot provide any such alternative(s), or if Controller does not agree to any such alternative(s) if provided, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement. 4.2.2 If Controller does not object to the engagement of a third party in accordance with Section 4.2 within ten (10) days of notice by Processor, such that third party will be deemed an Authorized Subcontractor for the purposes of this Addendum. 4.3 Processor shall ensure that all Authorized Subcontractors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Processor, any Personal Data both during and after their engagement with Processor. 4.4 Processor shall, by way of contract or other legal act under European Union or European Union member state law (including without limitation approved codes of conduct and standard contractual clauses), ensure that every Authorized Subcontractor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Processor is subject under this Addendum. 4.5 Processor shall be liable to Controller for the acts and omissions of Authorized Subcontractors to the same extent that Processor would itself be liable under this Addendum had it conducted such acts or omissions. 4.6 If Controller has entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the above authorizations will constitute Controller’s prior written consent to the subcontracting by Processor of the processing of Personal Data if such consent is required under the Standard Contractual Clauses.

Authorized Subcontractors. 4.1 Controller acknowledges and agrees that Processor Cyberint may (1) engage the Authorized Subcontractors listed in Exhibit C A-3 to this Addendum to access and Process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including including, without limitation limitation, the Processing of Personal Data, and therefore Controller hereby provides a general written authorization. 4.2 Processor Cyberint shall notify Controller provide notification of any new Subcontractor, before engaging any third party other than Authorized enabling such new Subcontractors to access or participate in the Processing of Personal Data, Cyberint will add such third party to the List and notify Controller of that update via email. Controller may object (solely for reasons related to GDPR) to such an engagement in writing within ten three (103) days of receipt of the aforementioned notice by Controller. 4.2.1 (a) If Controller reasonably objects to an engagement in accordance with Section 4.2, Processor Cyberint shall provide Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If ProcessorCyberint, in its sole discretion, cannot provide any such alternative(s), or if Controller does not agree to any such alternative(s) if provided, Processor Cyberint may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor Cyberint under the Agreement. 4.2.2 (b) If Controller does not object to the engagement of a third party in accordance with Section 4.2 within ten three (103) days of notice by ProcessorCyberint, such that third party will be deemed an Authorized Subcontractor for the purposes of this Addendum. 4.3 Processor shall ensure that all Authorized Subcontractors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Processor, any Personal Data both during and after their engagement with Processor. 4.4 Processor Cyberint shall, by way of contract or other legal act under European Union or European Union member state law (including without limitation approved codes of conduct and standard contractual clauses), ensure that have with every Authorized Subcontractor is subject similar obligations to obligations regarding the Processing of Personal Data that are no less protective than those to which the Processor is subject ones under this Addendum. 4.5 Processor 4.4 Cyberint shall be liable to Controller for the acts and omissions of Authorized Subcontractors Subcontractors, to the same extent that Processor Cyberint would itself be liable under this Addendum had it conducted such acts or omissions. The above authorizations will constitute Controller’s prior written consent to the subcontracting by Cyberint of the processing of Personal Data. Upon request, Cyberint will provide a copy of the data processing agreement with any such Subcontractor (provided that Cyberint can redact it in confidential and business aspects).

Authorized Subcontractors. 4.1 4.1. Controller acknowledges and agrees that Processor may (1i) engage the Authorized Subcontractors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and (2ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. 4.2 4.2. A list of Processor’s current Authorized Subcontractors (the “List”) is available at xxx.xxxxxxxxx.xxx (such URL may be updated by Processor shall notify Controller from time to time). At least fourteen (14) days before engaging enabling any third party other than Authorized Subcontractors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may object to such an engagement in writing within ten fourteen (1014) days of receipt of the aforementioned notice by Controller. 4.2.1 4.2.1. If Controller reasonably objects to an engagement in accordance with Section 4.2, Processor shall provide Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Processor, in its sole discretion, cannot provide any such alternative(s), or if Controller does not agree to any such alternative(s) if provided, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement. 4.2.2 4.2.2. If Controller does not object to the engagement of a third party in accordance with Section 4.2 within ten fourteen (1014) days of notice by Processor, such third party will be deemed an Authorized Subcontractor for the purposes of this Addendum. 4.3 4.3. Processor shall ensure that all Authorized Subcontractors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Processor, any Personal Data both during and after their engagement with Processor. 4.4 4.4. Processor shall, by way of contract or other legal act under European Union or European Union member state law (including without limitation approved codes of conduct and standard contractual clausesconduct), ensure that every Authorized Subcontractor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Processor is subject under this Addendum. 4.5 4.5. Processor shall be liable to Controller for the acts and omissions of Authorized Subcontractors to the same extent that Processor would itself be liable under this Addendum had it conducted such acts or omissions.

Authorized Subcontractors. 4.1 4.1. Controller acknowledges and agrees that Processor may (1i) engage the Authorized Subcontractors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and (2ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. 4.2 4.2. A list of Processor’s current Authorized Subcontractors (the “List”) is available at xxxxxxxx.xxx/xxxxxxxxxxxxx (such URL may be updated by Processor shall notify Controller from time to time). At least fourteen (14) days before engaging enabling any third party other than Authorized Subcontractors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may object to such an engagement in writing within ten fourteen (1014) days of receipt of the aforementioned notice by Controller. 4.2.1 4.2.1. If Controller reasonably objects to an engagement in accordance with Section 4.2, Processor shall provide Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Processor, in its sole discretion, cannot provide any such alternative(s), or if Controller does not agree to any such alternative(s) if provided, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement. 4.2.2 4.2.2. If Controller does not object to the engagement of a third party in accordance with Section 4.2 within ten fourteen (1014) days of notice by Processor, such third party will be deemed an Authorized Subcontractor for the purposes of this Addendum. 4.3 4.3. Processor shall ensure that all Authorized Subcontractors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Processor, any Personal Data both during and after their engagement with Processor. 4.4 4.4. Processor shall, by way of contract or other legal act under European Union or European Union member state law (including without limitation approved codes of conduct and standard contractual clausesconduct), ensure that every Authorized Subcontractor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Processor is subject under this Addendum. 4.5 4.5. Processor shall be liable to Controller for the acts and omissions of Authorized Subcontractors to the same extent that Processor would itself be liable under this Addendum had it conducted such acts or omissions.

Authorized Subcontractors. 4.1 4.1. Controller acknowledges and agrees that Processor may (1i) engage the Authorized Subcontractors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and (2ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. 4.2 4.2. A list of Processor’s current Authorized Subcontractors (the “List”) is available at xxx.xxxxxxx.xxx/xxxxxxxxxxxxx (such URL may be updated by Processor shall notify Controller from time to time). At least fourteen (14) days before engaging enabling any third party other than Authorized Subcontractors to access or participate in the Processing of Personal Data, Processor will add such third party to the List. Controller may object to such an engagement in writing within ten fourteen (1014) days of receipt of the aforementioned notice by Controller. 4.2.1 4.2.1. If Controller reasonably objects to an engagement in accordance with Section 4.2, Processor shall provide Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Processor, in its sole discretion, cannot provide any such alternative(s), or if Controller does not agree to any such alternative(s) if provided, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement. 4.2.2 4.2.2. If Controller does not object to the engagement of a third party in accordance with Section 4.2 within ten fourteen (1014) days of notice by Processor, such third party will be deemed an Authorized Subcontractor for the purposes of this Addendum. 4.3 4.3. Processor shall ensure that all Authorized Subcontractors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Processor, any Personal Data both during and after their engagement with Processor. 4.4 4.4. Processor shall, by way of contract or other legal act under European Union or European Union member state law (including without limitation approved codes of conduct and standard contractual clausesconduct), ensure that every Authorized Subcontractor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Processor is subject under this Addendum. 4.5 4.5. Processor shall be liable to Controller for the acts and omissions of Authorized Subcontractors to the same extent that Processor would itself be liable under this Addendum had it conducted such acts or omissions.

Authorized Subcontractors. 4.1 Controller acknowledges and agrees that Processor may (1) engage its affiliates and the Authorized Subcontractors listed in Exhibit C to this Addendum to access and Process Personal Data in connection with the Services and (2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. 4.2 A list of Processor’s current Authorized Subcontractors (the “List”) is available through the privacy policy portal, which may be updated by Processor shall notify from time to time. The List will provide a mechanism to subscribe to notifications of new Authorized Subcontractors and Controller agrees to subscribe to such notifications. At least ten (10) days before engaging enabling any third party other than Authorized Subcontractors to access or participate in the Processing of Personal Data. , Processor will add such third party to the List.] Controller may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by Controller. 4.2.1 If Controller reasonably objects to an engagement in accordance with Section 4.2, Processor shall provide Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Processor, in its sole discretion, cannot provide any such alternative(s), or if Controller does not agree to any such alternative(s) if provided, Processor may terminate this Addendum. Termination shall not relieve Controller of any fees owed to Processor under the Agreement. 4.2.2 If Controller does not object to the engagement of a third party in accordance with Section 4.2 within ten (10) days of notice by Processor, such that third party will be deemed an Authorized Subcontractor for the purposes of this Addendum. 4.3 Processor shall ensure that all Authorized Subcontractors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Processor, any Personal Data both during and after their engagement with Processor. 4.4 Processor shall, by way of contract or other legal act under European Union or European Union member state law (including without limitation approved codes of conduct and standard contractual clauses), ensure that every Authorized Subcontractor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Processor is subject under this Addendum. 4.5 Processor shall be liable to Controller for the acts and omissions of Authorized Subcontractors to the same extent that Processor would itself be liable under this Addendum had it conducted such acts or omissions. 4.6 If Controller and Processor have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), (i) the above authorizations will constitute Controller’s prior written consent to the subcontracting by Processor of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subcontractors that must be provided by Processor to Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Processor beforehand, and that such copies will be provided by the Processor only upon request by Controller.