Authorized Subprocessors. 5.1 Customer acknowledges and agrees that Zoom may (i) engage its affiliates and the entities listed at xxxx.xx/xxxxxxxxxxxxx (such URL may be updated by Zoom from time to time) (the “List”) to access and Process Personal Data for the purposes of providing the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5. 5.2 A list of Zoom’s current Authorized Subprocessors is available on the List. At least ten (10) days before enabling any third party other than Authorized Subprocessors to access or participate in the Processing of Personal Data, Zoom will add such third party to the List and notify Customer of that update by way of the functionality described in Section 5.1 above. Customer may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by Customer. 5.2.1 If Customer reasonably objects to an engagement in accordance with Section 5.2, Zoom shall provide Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provided, Customer may terminate this Addendum. Termination shall not relieve Customer of any fees owed to Zoom under the Agreement. 5.2.2 If Customer does not object to the engagement of a third party in accordance with Section 5.2 within ten (10) days of notice by Zoom, that third party will be deemed an Authorized Subprocessor for the purposes of this Addendum. 5.3 Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom. 5.4 Zoom shall, by way of contract or other legal act under applicable law ensure that every Authorized Subprocessor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Zoom is subject under this Addendum. Zoom shall, exercising reasonable care, evaluate an organization’s data protection practices before allowing the organization to act as an Authorized Subprocessor. 5.5 Zoom shall be liable to Customer for the acts and omissions of Authorized Subprocessors to the same extent that Zoom would itself be liable under this Addendum had it conducted such acts or omissions. 5.6 If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Zoom of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that such copies will be provided by the Zoom only upon request by Customer.
Appears in 3 contracts
Samples: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum
Authorized Subprocessors. 5.1 Customer acknowledges and agrees To the extent that Zoom may (i) is a Processor:
5.1 The Customer hereby generally authorizes Zoom to engage its affiliates and subprocessors in accordance with this Section 5. 5.2 Customer approves the entities Authorized Subprocessors listed at xxxx.xx/xxxxxxxxxxxxx xxxxx://xxxxxxx.xxxx.xx/docs/en- us/subprocessors.html:
5.3 Zoom may remove, replace, or appoint suitable and reliable further subprocessors in accordance with this Section 5.3:
(such URL may be updated by a) Zoom from time to timeshall at least thirty (30) (business days before the “List”) to access and Process new subprocessor starts processing any Customer Personal Data for the purposes of providing the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by way intended engagement (including the name and location of the relevant subprocessor, and the activities it will perform and a functionality on description of the Subprocessor sitePersonal Data it will process). Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contraryTo enable such notifications, Customer must subscribe shall visit xxxxx://xxxxxxx.xxxx.xx/docs/en- us/subprocessors.html and enter the email address to which Zoom shall send such notifications in order to ensure it is properly notified into the submission field at the bottom of any changes to Subprocessors under this Section 5the page.
5.2 A list of Zoom’s current Authorized Subprocessors is available on the List. At least ten (10b) days before enabling any third party other than Authorized Subprocessors to access In an emergency concerning Service availability or participate in the Processing of Personal Datasecurity, Zoom will add such third party is not required to provide prior notification to Customer but shall provide notification within seven (7) business days following the List and notify Customer of that update by way of change in subprocessor. In either case, the functionality described in Section 5.1 above. Customer may object to such an engagement in writing within ten fifteen (1015) business days of receipt of the aforementioned notice by CustomerZoom.
5.2.1 5.4 If the Customer reasonably objects to an the engagement in accordance with Section 5.2of a new subprocessor, Zoom shall have the right to cure the objection through one of the following options (to be selected at Zoom's sole discretion):
(a) Zoom cancels its plans to use the subprocessor with regard to Customer Personal Data.
(b) Zoom will take the corrective steps requested by Customer in its objection (which remove Customer's objection) and proceed to use the subprocessor with regard to Customer Personal Data.
(c) Zoom may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve the use of such a subprocessor with regard to Customer Personal Data. Zoom provides Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provided, Zoom and Customer may terminate this Addendumthe Agreement including the Addendum with prior written notice. Termination shall not relieve Customer of any fees or charges owed to Zoom for Services provided up to the effective date of the termination under the Agreement.
5.2.2 . If Customer does not object to the a new subprocessor's engagement of a third party in accordance with Section 5.2 within ten (10) 15 business days of notice by issuance from Zoom, that third party will new subprocessor shall be deemed an Authorized Subprocessor for the purposes of this Addendumaccepted.
5.3 5.5 Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, unauthorized Processing of Customer Personal Data and Customer Content both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom.
5.4 5.6 Zoom shall, by way of contract or other legal act under applicable law ensure that every act, impose on the Authorized Subprocessor is subject the equivalent data protection obligations as set out in this Addendum and detailed in the GDPR. The Parties acknowledge and agree that notice periods shall be deemed equivalent regardless of disparate notification periods. If personal data are transferred to obligations regarding an Authorized Subprocessor in a third country, Zoom will ensure the Processing of Personal Data that transferred data are no less protective than those to which processed with the Zoom is subject under this Addendumsame GDPR transfer guarantees as agreed with Customer (such as Standard Contractual Clauses and BCRs). Zoom shall, exercising reasonable care, evaluate an organization’s will also perform a case by case assessment if supplementary measures are required in cases of onward transfers to third countries in order to bring the level of protection of the transferred data protection practices before allowing up to the organization to act as an Authorized SubprocessorXXX standard of essential equivalence.
5.5 5.7 Zoom shall be fully liable to Customer where that Authorized Subprocessor fails to fulfil its data protection obligations for the acts and omissions performance of that Authorized Subprocessors Subprocessor's obligations to the same extent that Zoom would itself be liable under this Addendum had it conducted such acts or omissions.
5.6 If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Zoom of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that such copies will be provided by the Zoom only upon request by Customer.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Authorized Subprocessors. 5.1 Customer 4.1 Controller acknowledges and agrees that Zoom Processor may (i) engage its affiliates and the entities subprocessors listed at xxxx.xx/xxxxxxxxxxxxx (such URL may be updated by Zoom Processor from time to time) (the “List”) to access and Process Personal Data for the purposes of providing in connection with the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5.
5.2 4.2 A list of ZoomProcessor’s current Authorized Subprocessors is available on the List. At least ten (10) days before enabling any third party other than Authorized Subprocessors to access or participate in the Processing of Personal Data, Zoom Processor will add such third party to the List and notify Customer Controller of that update by way of the functionality described in Section 5.1 aboveupdate. Customer Controller may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by CustomerController.
5.2.1 4.2.1 If Customer Controller reasonably objects to an engagement in accordance with Section 5.24.2, Zoom Processor shall provide Customer Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If ZoomProcessor, in its sole discretion, cannot provide any such alternative(s), or if Customer Controller does not agree to any such alternative(s) if provided, Customer Controller may terminate this Addendum. Termination shall not relieve Customer Controller of any fees owed to Zoom Processor under the Agreement.
5.2.2 4.2.2 If Customer Controller does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by ZoomProcessor, that third party will be deemed an Authorized Subprocessor for the purposes of this Addendum.
5.3 Zoom 4.3 Processor shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by ZoomProcessor, any Personal Data both during and after their engagement with ZoomProcessor.
5.4 Zoom 4.4 Processor shall, by way of contract or other legal act under applicable law Applicable Data Protection Law ensure that every Authorized Subprocessor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Zoom Processor is subject under this Addendum. Zoom Processor shall, exercising reasonable care, evaluate an organization’s data protection practices before allowing the organization to act as an Authorized Subprocessor.
5.5 Zoom 4.5 Processor shall be liable to Customer Controller for the acts and omissions of Authorized Subprocessors to the same extent that Zoom Processor would itself be liable under this Addendum had it conducted such acts or omissions.
5.6 4.6 If Customer Controller and Zoom Processor have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), (i) the above authorizations will constitute CustomerController’s prior written consent to the subcontracting by Zoom Processor of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom Processor to Customer Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom Processor beforehand, and that such copies will be provided by the Zoom Processor only upon request by CustomerController.
Appears in 1 contract
Samples: Data Processing Addendum
Authorized Subprocessors. 5.1 5.1. The Customer acknowledges and agrees that hereby generally authorizes Zoom to engage subprocessors in accordance with this Section 5. 5.2. Customer approves the third-party subprocessors currently listed at xxxx.xx/xxxxxxxxxxxxx.
5.3. Zoom may (i) engage its affiliates remove, replace or appoint suitable and the entities listed at xxxx.xx/xxxxxxxxxxxxx (such URL may be updated by Zoom from time to time) (the “List”) to access and Process Personal Data for the purposes of providing the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Datareliable further subprocessors in accordance with this Section 5.3:
5.3.1. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5.
5.2 A list of Zoom’s current Authorized Subprocessors is available on the List. At at least ten fifteen (1015) days before enabling engaging any third party other than Authorized Subprocessors new subprocessors to access or participate in the Processing of Customer’s Personal Data, Zoom will add such third party to the List and Data notify Customer of that update by way of the functionality described in Section 5.1 aboveupdate. The Customer may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by the Customer. To enable such notifications, Customer shall visit xxxx.xx/xxxxxxxxxxxxx and enter the email address to which Zoom shall send such notifications into the submission field at the bottom of the page.
5.2.1 5.3.2. If the Customer reasonably objects to an the engagement in accordance with Section 5.2of a new subprocessor, Zoom shall have the right to cure the objection through one of the following options (to be selected at Zoom's sole discretion):
a) Zoom cancels its plans to use the subprocessor with regard to Customer's Personal Data.
b) Zoom will take the corrective steps requested by Customer in its objection (which remove Customer's objection) and proceed to use the subprocessor with regard to Customer's Personal Data.
c) Zoom may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve the use of such subprocessor with regard to Controller's personal data.
d) Zoom provides Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provided, Zoom and Customer may terminate this AddendumAddendum with prior written notice. Termination shall not relieve Customer of any fees or charges owed to Zoom for Services provided up to the effective date of the termination under the Agreement.
5.2.2 5.3.3. If Customer does not object to the a new subprocessor's engagement of a third party in accordance with Section 5.2 within ten (10) days of notice by Zoom, that third party will new subprocessor shall be deemed an Authorized Subprocessor for the purposes of this Addendumaccepted.
5.3 5.4. Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, unauthorized Processing of Customer’s Personal Data both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom.
5.4 5.5. Zoom shall, e.g., by way of contract or other legal act under applicable law ensure that every impose on the Authorized Subprocessor is subject to the equivalent data protection obligations regarding the Processing of Personal Data that are no less protective than those to which the Zoom is subject under as set out in this Addendum. Zoom shall, exercising shall exercise reasonable care, care and evaluate an organizationa potential subprocessor’s data protection practices before allowing the organization subprocessor to act as an Authorized Subprocessor.
5.5 5.6. Zoom shall be fully liable to Customer where that Authorized Subprocessor fails to fulfil its data protection obligations for the acts and omissions performance of that Authorized Subprocessors Subprocessor’s obligations to the same extent that Zoom would itself be liable under this Addendum had it conducted such acts or omissions.
5.6 5.7. If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (International Transfers of Personal Data), (i) the above authorizations will constitute Customer’s 's prior written consent to the subcontracting by Zoom of the processing Processing of Customer’s Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that Zoom will provide such copies will be provided by the Zoom only upon request by Customer.
Appears in 1 contract
Samples: Data Processing Addendum
Authorized Subprocessors. 5.1 Customer 4.1 Controller acknowledges and agrees that Zoom Processor may (i) engage its affiliates and the entities subprocessors listed at xxxx.xx/xxxxxxxxxxxxx xxxxx://xxxxxxx.xxx/help/gdpr (such URL may be updated by Zoom Processor from time to time) (the “List”) to access and Process Personal Data for the purposes of providing in connection with the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5.
5.2 4.2 A list of ZoomProcessor’s current Authorized Subprocessors is available on the List. At least ten (10) days before enabling any third party other than Authorized Subprocessors to access or participate in the Processing of Personal Data, Zoom Processor will add such third party to the List and notify Customer Controller of that update by way of the functionality described in Section 5.1 aboveupdate. Customer Controller may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by CustomerController.
5.2.1 4.2.1 If Customer Controller reasonably objects to an engagement in accordance with Section 5.24.2, Zoom Processor shall provide Customer Controller with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If ZoomProcessor, in its sole discretion, cannot provide any such alternative(s), or if Customer Controller does not agree to any such alternative(s) if provided, Customer Controller may terminate this Addendum. Termination shall not relieve Customer Controller of any fees owed to Zoom Processor under the Agreement.
5.2.2 4.2.2 If Customer Controller does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by ZoomProcessor, that third party will be deemed an Authorized Subprocessor for the purposes of this Addendum.
5.3 Zoom 4.3 Processor shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by ZoomProcessor, any Personal Data both during and after their engagement with ZoomProcessor.
5.4 Zoom 4.4 Processor shall, by way of contract or other legal act under applicable law Applicable Data Protection Law ensure that every Authorized Subprocessor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Zoom Processor is subject under this Addendum. Zoom Processor shall, exercising reasonable care, evaluate an organization’s data protection practices before allowing the organization to act as an Authorized Subprocessor.
5.5 Zoom 4.5 Processor shall be liable to Customer Controller for the acts and omissions of Authorized Subprocessors to the same extent that Zoom Processor would itself be liable under this Addendum had it conducted such acts or omissions.
5.6 4.6 If Customer Controller and Zoom Processor have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), (i) the above authorizations will constitute CustomerController’s prior written consent to the subcontracting by Zoom Processor of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom Processor to Customer Controller pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom Processor beforehand, and that such copies will be provided by the Zoom Processor only upon request by Customer.Controller
Appears in 1 contract
Samples: Data Processing Addendum
Authorized Subprocessors. 5.1 4.1 Customer acknowledges and agrees that Zoom Company may (i1) engage its affiliates Affiliates and the entities Authorized Subprocessors listed at xxxx.xx/xxxxxxxxxxxxx (such URL may be updated by Zoom from time in Exhibit B to time) (the “List”) this DPA to access and Process process Personal Data for the purposes of providing in connection with the Services and (ii2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing processing of Personal Data. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by By way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contraryDPA, Customer must subscribe provides general written authorization to such notifications in order Company to ensure it is properly notified of any changes engage subprocessors as necessary to Subprocessors under this Section 5perform the Services.
5.2 4.2 A list of ZoomCompany’s current Authorized Subprocessors is available on to Customer here: xxxxx://xxxx.xxxxxxx.xxx/learn/subprocessors/ (the “List”). Such List may be updated by Company from time to time. Company may provide a mechanism to subscribe to notifications of new Authorized Subprocessors and Customer agrees to subscribe to such notifications where available. At least ten (10) days before enabling any third party other than existing Authorized Subprocessors to access or participate in the Processing processing of Personal Data, Zoom Company will add such third party to the List and notify Customer of that update by way of the functionality described in Section 5.1 abovevia email. Customer may object to such an engagement in writing by informing Company within ten (10) days of receipt of the aforementioned notice by to Customer, provided such objection is in writing and based on reasonable grounds relating to data protection. Customer acknowledges that certain subprocessors are essential to providing the Services and that objecting to the use of a subprocessor may prevent Company from offering the Services to Customer.
5.2.1 4.3 If Customer reasonably objects to an engagement in accordance with Section 5.24.2, Zoom shall provide Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, and Company cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provideda commercially reasonable alternative within a reasonable period of time, Customer may terminate this Addendumdiscontinue the use of the affected Service by providing written notice to Company. Termination Discontinuation shall not relieve Customer of any fees owed to Zoom Company under the Agreement.
5.2.2 4.4 If Customer does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by ZoomCompany, that third party will be deemed an Authorized Subprocessor for the purposes of this AddendumDPA.
5.3 Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Zoom, any Personal Data both during and after their engagement 4.5 Company will enter into a written agreement with Zoom.
5.4 Zoom shall, by way of contract or other legal act under applicable law ensure that every the Authorized Subprocessor is subject imposing on the Authorized Subprocessor data protection obligations comparable to obligations regarding those imposed on Company under this DPA with respect to the Processing protection of Personal Data that are no less protective than those Data. In case an Authorized Subprocessor fails to which the Zoom is subject under this Addendum. Zoom shall, exercising reasonable care, evaluate an organization’s fulfill its data protection practices before allowing the organization to act as an Authorized Subprocessor.
5.5 Zoom shall be obligations under such written agreement with Company, Company will remain liable to Customer for the acts and omissions performance of the Authorized Subprocessors to the same extent that Zoom would itself be liable Subprocessor’s obligations under this Addendum had it conducted such acts or omissionsagreement.
5.6 4.6 If Customer and Zoom Company have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Zoom Company of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom Company to Customer pursuant to Clause 5(j9(c) of the Standard Contractual Clauses EU SCCs may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom Company beforehand, and that such copies will be provided by the Zoom Company only upon request by Customer.
Appears in 1 contract
Samples: Data Processing Addendum
Authorized Subprocessors. 5.1 Customer acknowledges and agrees that Zoom may (i) engage its affiliates and the entities listed at xxxx.xx/xxxxxxxxxxxxx (such URL may be updated by Zoom from time to time) (the “List”) to access and Process Personal Data for the purposes of providing the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data5.1. Zoom shall automatically notify not engage a subprocessor without general written authorization of the Customer. 5.2. Customer of updates to approves the Subprocessor List noted above by way of a functionality on the Subprocessor sitethird-party subprocessors currently listed at xxxx.xx/ subprocessors.
5.3. Notwithstanding the notification provisions contained Zoom may remove, replace or appoint suitable and reliable further subprocessors at its own discretion in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under accordance with this Section 5.5.3:
5.2 A list of Zoom’s current Authorized Subprocessors is available on the List5.3.1. At Zoom shall at least ten fifteen (1015) days before enabling any third party other than Authorized Subprocessors new subprocessors to access or participate in the Processing of Personal Data, Zoom will add such third party to the List and Data notify Customer of that update by way of the functionality described in Section 5.1 aboveupdate. The Customer may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by the Customer. To enable such notifications, Customer shall visit xxxx.xx/xxxxxxxxxxxxx and enter the email address to which Zoom shall send such notifications into the submission field at the bottom of the page.
5.2.1 5.3.2. If the Customer reasonably objects to an engagement in accordance with Section 5.2engagement, Zoom shall have the right to cure the objection through one of the following options (to be selected at Zoom's sole discretion):
a) Zoom cancels its plans to use the subprocessor with regard to Customer's Personal Data.
b) Zoom will take the corrective steps requested by Customer in its objection (which remove Controller's objection) and proceed to use the subprocessor with regard to Customer's Personal Data.
c) Zoom may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve the use of such subprocessor with regard to Controller's personal data.
d) Zoom provides Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provided, Zoom and Customer may terminate this AddendumAddendum with prior written notice. Termination shall not relieve Customer of any fees owed to Zoom under the Agreement.
5.2.2 5.3.3. If Customer does not object to the a new subprocessor's engagement of a third party in accordance with Section 5.2 within ten (10) days of notice by Zoom, that third party will new subprocessor shall be deemed an Authorized Subprocessor for the purposes of this Addendumaccepted.
5.3 5.4. Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, unauthorized Processing of Customer Personal Data both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom.
5.4 5.5. Zoom shall, e.g., by way of contract or other legal act under applicable law ensure that every impose on the Authorized Subprocessor is subject to the equivalent data protection obligations regarding the Processing of Personal Data that are no less protective than those to which the Zoom is subject under as set out in this Addendum. Zoom shall, exercising shall exercise reasonable care, care and evaluate an organization’s 's data protection practices before allowing the organization to act as an Authorized Subprocessor.
5.5 5.6. Zoom shall be fully liable to Customer where that Authorized Subprocessor fails to fulfil its data protection obligations for the acts and omissions performance of Authorized Subprocessors that subprocessor’s obligations to the same extent that Zoom would itself be liable under this Addendum had it conducted such acts or omissions.
5.6 5.7. If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (International Transfers of Personal Data), (i) the above authorizations will constitute Customer’s 's prior written consent to the subcontracting by Zoom of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that Zoom will provide such copies will be provided by the Zoom only upon request by Customer.
Appears in 1 contract
Samples: Data Processing Addendum
Authorized Subprocessors. 5.1 4.1 Customer acknowledges and agrees that Zoom Company may (i1) engage its affiliates Affiliates and the entities Authorized Subprocessors listed at xxxx.xx/xxxxxxxxxxxxx (such URL may be updated by Zoom from time in Exhibit B to time) (the “List”) this DPA to access and Process process Personal Data for the purposes of providing in connection with the Services and (ii2) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing processing of Personal Data. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by By way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contraryDPA, Customer must provides general written authorization to Company to engage subprocessors as necessary to perform the Services.
4.2 A list of Company’s current Authorized Subprocessors (the “List”) will be made available to Customer, either attached hereto, at a link provided to Customer, via email or through another means made available to Customer. Such List may be updated by Company from time to time. Company may provide a mechanism to subscribe to notifications of new Authorized Subprocessors and Customer agrees to subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5.
5.2 A list of Zoom’s current Authorized Subprocessors is available on the Listwhere available. At least ten (10) days before enabling any third party other than existing Authorized Subprocessors to access or participate in the Processing processing of Personal Data, Zoom Company will add such third party to the List and notify Customer of that update by way of the functionality described in Section 5.1 abovevia email. Customer may object to such an engagement in writing by informing Company within ten (10) days of receipt of the aforementioned notice by to Customer, provided such objection is in writing and based on reasonable grounds relating to data protection. Customer acknowledges that certain subprocessors are essential to providing the Services and that objecting to the use of a subprocessor may prevent Company from offering the Services to Customer.
5.2.1 4.3 If Customer reasonably objects to an engagement in accordance with Section 5.24.2, Zoom shall provide Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, and Company cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provideda commercially reasonable alternative within a reasonable period of time, Customer may terminate this Addendumdiscontinue the use of the affected Service by providing written notice to Company. Termination Discontinuation shall not relieve Customer of any fees owed to Zoom Company under the Agreement.
5.2.2 4.4 If Customer does not object to the engagement of a third party in accordance with Section 5.2 4.2 within ten (10) days of notice by ZoomCompany, that third party will be deemed an Authorized Subprocessor for the purposes of this AddendumDPA.
5.3 Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Zoom, any Personal Data both during and after their engagement 4.5 Company will enter into a written agreement with Zoom.
5.4 Zoom shall, by way of contract or other legal act under applicable law ensure that every the Authorized Subprocessor is subject imposing on the Authorized Subprocessor data protection obligations comparable to obligations regarding those imposed on Company under this DPA with respect to the Processing protection of Personal Data that are no less protective than those Data. In case an Authorized Subprocessor fails to which the Zoom is subject under this Addendum. Zoom shall, exercising reasonable care, evaluate an organization’s fulfill its data protection practices before allowing the organization to act as an Authorized Subprocessor.
5.5 Zoom shall be obligations under such written agreement with Company, Company will remain liable to Customer for the acts and omissions performance of the Authorized Subprocessors to the same extent that Zoom would itself be liable Subprocessor’s obligations under this Addendum had it conducted such acts or omissionsagreement.
5.6 4.6 If Customer and Zoom Company have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Zoom Company of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom Company to Customer pursuant to Clause 5(j9(c) of the Standard Contractual Clauses EU SCCs may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom Company beforehand, and that such copies will be provided by the Zoom Company only upon request by Customer.
Appears in 1 contract
Samples: Data Processing Addendum
Authorized Subprocessors. 5.1 To the extent that ChurnZero is a Processor,
5.1. Customer acknowledges and agrees that Zoom may hereby (i) generally authorizes ChurnZero to engage its affiliates and the entities listed at xxxx.xx/xxxxxxxxxxxxx (such URL may be updated by Zoom from time to time) (the “List”) to access and Process Personal Data for the purposes of providing the Services subprocessors in accordance with this Section 4; and (ii) from time approves the Authorized Subprocessors listed in Schedule 2 to time engage additional third parties for the purpose of this DPA.
5.2. ChurnZero may remove, replace, or appoint subprocessors by providing the Services, including without limitation the Processing of Personal Data. Zoom shall automatically notify Customer of updates at least thirty (30) days prior written notice to the Subprocessor List noted above by way intended engagement of a functionality on subprocessor (including the Subprocessor sitename and location of the relevant subprocessor, and the activities it will perform and a description of the Customer Personal Data it will process). Any such notifications will be sent to Customer’s account administrator’s email address contained in the relevant submission field in Customer’s account. Notwithstanding the above, in an emergency concerning the Subscription Service’s availability or security, ChurnZero is not required to provide prior notification provisions contained to Customer but shall provide notification within five (5) business days following the change in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5subprocessor.
5.2 A list of Zoom’s current Authorized Subprocessors is available on the List. At least ten (10) days before enabling any third party other than Authorized Subprocessors to access or participate in the Processing of Personal Data, Zoom will add such third party to the List and notify Customer of that update by way of the functionality described in Section 5.1 above5.3. Customer may object to such an the engagement of a proposed subprocessor in writing to ChurnZero by providing written objection to ChurnZero within ten fifteen (1015) business days of receipt of the aforementioned notice by Customer.
5.2.1 If Customer reasonably objects to an engagement XxxxxXxxx referenced in accordance with Section 5.2, Zoom shall provide Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services4.2. If Zoomthe Customer so objects, ChurnZero shall have the right to cure the objection through one of the following options (to be selected at ChurnZero's sole discretion): (i) cancelling the use the subprocessor with regard to Customer Personal Data; (ii) taking the corrective steps requested by Customer in its sole discretionobjection (which remove Customer's objection) and proceed to use the subprocessor with regard to Customer Personal Data; or (iii) ceasing to provide the particular aspect of the Subscription Service affected. If ChurnZero, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provided, ChurnZero and Customer may terminate this Addendumthe Agreement including the DPA with prior written notice as to the affected portion of the Subscription Service. Termination shall not relieve Customer of any fees owed to Zoom under the Agreement.
5.2.2 If Customer does not object to the a new subprocessor's engagement of a third party in accordance with Section 5.2 within ten (10) 15 days of notice by Zoomissuance from ChurnZero, that third party will new subprocessor shall be deemed an Authorized Subprocessor for the purposes of this Addendumaccepted.
5.3 Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom.
5.4 Zoom 5.4. ChurnZero shall, by way of contract or other legal act under applicable law ensure that every act, impose on the Authorized Subprocessor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Zoom is subject under this Addendum. Zoom shall, exercising reasonable care, evaluate an organization’s equivalent data protection practices before allowing obligations as set out in this DPA and detailed in the organization GDPR. The Parties acknowledge and agree that notice periods shall be deemed equivalent regardless of disparate notification periods. If personal data are transferred to act as an Authorized SubprocessorSubprocessor in a third country, XxxxxXxxx will ensure the transferred data are processed with the same transfer guarantees as agreed with Customer (such as Standard Contractual Clauses). ChurnZero will also perform a case by case assessment if supplementary measures are required in cases of onward transfers to third countries in order to bring the level of protection of the transferred data up to the EU standard of essential equivalence.
5.5 Zoom 5.5. ChurnZero shall be fully liable to Customer where that Authorized Subprocessor fails to fulfil its data protection obligations for the acts and omissions performance of that Authorized Subprocessors Subprocessor’s obligations to the same extent that Zoom ChurnZero would itself be liable under this Addendum DPA had it conducted such acts or omissions.
5.6 If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Zoom of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that such copies will be provided by the Zoom only upon request by Customer.
Appears in 1 contract
Samples: Data Processing Agreement
