Common use of Contracting with Sub-Processors Clause in Contracts

Contracting with Sub-Processors. 8.1 The Data Controller authorises the Data Processor to engage sub-processors for the Service-related activities specified as described in Annex 2. Data Processor shall not add or replace any such sub-processors without giving the Data Controller an opportunity to object to such changes. 8.2 The Data Processor shall not engage in any future subcontracting of its Service-related activities related to the processing of the Personal Data or requiring Personal Data to be processed by any third party without the prior written authorisation of the Data Controller. 8.3 Notwithstanding any authorisations by the Data Controller within the meaning of the preceding paragraphs, the Data Processor shall remain fully liable vis-à-vis the Data Controller for the performance of any such subprocessor that fails to fulfil its data protection obligations. 8.4 The consent of the Data Controller pursuant to paragraphs 8.1 and 8.2 shall not alter the fact that consent is required under Section 6 for the engagement of sub-processors in a country outside the European Economic Area without a suitable level of protection. 8.5 The Data Processor shall ensure that the sub-processor is bound by the same data protection obligations of the Data Processor under this Data Processing Agreement, shall supervise compliance thereof, and must in particular impose on its sub-processors the obligation to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of EU Data Protection Law. 8.6 The Data Controller may request that the Data Processor audit a Third Party Subprocessor or provide confirmation that such an audit has occurred (or, where available, obtain or assist customer in obtaining a third-party audit report concerning the Third Party Subprocessor’s operations) to ensure compliance with its obligations imposed by the Data Processor in conformity with this Agreement.

Contracting with Sub-Processors. 8.1 The Data Controller authorises the Data Processor to engage sub-processors (Annex 4) for the Service-related activities specified as described in Annex 2. Data Processor shall not add or replace any such sub-processors listed in Annex 4 without giving the Data Controller an opportunity to object to such changes. 8.2 The Data Processor shall not engage in any future subcontracting of its Service-related activities related to the processing of the Personal Data or requiring Personal Data to be processed by any third party without the prior written authorisation of the Data Controller. 8.3 Notwithstanding any authorisations by the Data Controller within the meaning of the preceding paragraphs, the Data Processor shall remain fully liable vis-à-vis the Data Controller for the performance of any such subprocessor that fails to fulfil its data protection obligations. 8.4 The consent of the Data Controller pursuant to paragraphs 8.1 and 8.2 shall not alter the fact that consent is required under Section 6 for the engagement of sub-processors in a country outside the European Economic Area without a suitable level of protection. 8.5 The Data Processor shall ensure that the sub-processor is bound by the same data protection obligations of the Data Processor under this Data Processing AgreementAddendum, shall supervise compliance thereof, and must in particular impose on its sub-processors the obligation to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of EU Data Protection Law. 8.6 The Data Controller may request that the Data Processor audit a Third Party Subprocessor or provide confirmation that such an audit has occurred (or, where available, obtain or assist customer in obtaining a third-party audit report concerning the Third Party Subprocessor’s operations) to ensure compliance with its obligations imposed by the Data Processor in conformity with this AgreementAddendum. 8.7 The Data Processor shall not engage any Subprocessors located outside of European Economic Area without employing an acceptable instrument for cross-border data transfers such as Standard Contractual Clauses or the EU-US Privacy Shield (if the destination is located within the United States).

Contracting with Sub-Processors. 8.1 The Data Controller authorises the Data Processor to engage sub-processors for the Service-related activities specified as described in Annex 2. Data Processor shall not add or replace any such sub-processors without giving the Data Controller an opportunity to object to such changes. 8.2 The Data Processor shall not engage in subcontract any future subcontracting of its Service-related activities related to consisting (partly) of the processing of the Personal Data or requiring Personal Data to be processed by any third party without the prior written authorisation of the Data ControllerControllers. 8.3 8.2 Notwithstanding any authorisations authorisation by the Data Controller Controllers within the meaning of the preceding paragraphsparagraph, the Data Processor shall remain fully liable vis-à-vis the Data Controller Controllers for the performance of any such subprocessor that fails to fulfil its data protection obligations. 8.4 8.3 The consent of the Data Controller Controllers pursuant to paragraphs Article 8.1 and 8.2 shall not alter the fact that consent is required under Section Article 6 for the engagement of sub-processors in a country outside the European Economic Area without a suitable level of protection. 8.5 8.4 The Data Processor shall ensure that the sub-processor is bound by the same data protection obligations of the Data Processor under this Data Processing Agreement, shall supervise compliance thereof, and must in particular impose on its sub-processors the obligation to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of EU Data Protection Law. 8.6 8.5 The Data Controller Controllers may request that the Data Processor audit a Third Party Subprocessor or provide confirmation that such an audit has occurred (or, where available, obtain or assist customer in obtaining a third-party audit report concerning the Third Party Subprocessor’s operations) to ensure compliance with its obligations imposed by the Data Processor in conformity with this Agreement.

Contracting with Sub-Processors. 8.1 The Data Controller authorises the Data Processor to engage sub-processors for the Service-related activities specified as described in Annex 2. Data Processor shall not add or replace any such sub-sub- processors without giving the Data Controller an opportunity to object to such changes. 8.2 The Data Processor shall not engage in any future subcontracting of its Service-related activities related to the processing of the Personal Data or requiring Personal Data to be processed by any third party without the prior written authorisation of the Data Controller. 8.3 Notwithstanding any authorisations by the Data Controller within the meaning of the preceding paragraphs, the Data Processor shall remain fully liable vis-à-vis the Data Controller for the performance of any such subprocessor that fails to fulfil its data protection obligations. 8.4 The consent of the Data Controller pursuant to paragraphs 8.1 and 8.2 shall not alter the fact that consent is required under Section 6 for the engagement of sub-processors in a country outside the European Economic Area without a suitable level of protection. 8.5 The Data Processor shall ensure that the sub-processor is bound by the same data protection obligations of the Data Processor under this Data Processing AgreementAddendum, shall supervise compliance thereof, and must in particular impose on its sub-processors the obligation to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of EU Data Protection Law. 8.6 The Data Controller may request that the Data Processor audit a Third Party Subprocessor or provide confirmation that such an audit has occurred (or, where available, obtain or assist customer in obtaining a third-party audit report concerning the Third Party Subprocessor’s operations) to ensure compliance with its obligations imposed by the Data Processor in conformity with this AgreementAddendum. 8.7 The Data Processor shall not engage any Subprocessors located outside of European Economic Area without employing an acceptable instrument for cross-border data transfers such as Standard Contractual Clauses or the EU-US Privacy Shield (if the destination is located within the United States).

Contracting with Sub-Processors. 8.1 The Data Controller authorises the Data Processor to engage sub-processors for the Service-related activities specified as described in Annex 2. Data Processor shall not add or replace subcontract any such sub-processors without giving the Data Controller an opportunity to object to such changes. 8.2 The Data Processor shall not engage in any future subcontracting of its Service-related activities related to consisting (partly) of the processing of the Personal Data or requiring Personal Data to be processed by any third party without the prior written authorisation of the Controller. The Controller authorises the Processor to engage the sub-processors listed in Annex 6 for the service-related Data Processing activities described in Annex 2. Processor shall inform the Controller of any addition or replacement of such sub-processors, giving the Controller an opportunity to object to such changes. If the Controller sends the Processor a timely written objection notice, setting forth a reasonable basis for objection, the Processor will make a good-faith effort to resolve Controller’s objection. In the absence of a resolution, the Processor will make commercially reasonable efforts to provide Controller with the same level of service described in the Agreements, without using the sub-processor to process Data Controller. 8.3 ’s Personal Data. If the Processor’s efforts are not successful within a reasonable time, each Party may terminate the portion of the service which cannot be provided without the sub-processor, and the Controller will be entitled to a pro-rated refund of the applicable service fees. Notwithstanding any authorisations authorisation by the Data Controller within the meaning of the preceding paragraphsparagraph, the Data Processor shall remain fully liable vis-à-vis the Data Controller for the performance of any such subprocessor sub-processor that fails to fulfil its data protection obligations. 8.4 . The consent of the Data Controller pursuant to paragraphs 8.1 and 8.2 shall not alter the fact that consent is required under Section 6 for the engagement of sub-processors in a country outside the European Economic Area without a suitable level of protection. 8.5 The Data Processor shall ensure that the sub-processor is bound by the same data protection obligations compatible with those of the Data Processor under this Data Processing Agreement, shall supervise compliance thereof, and must in particular impose on its sub-processors the obligation to implement appropriate technical and organizational organisational measures in such a manner that the processing will meet the requirements of EU Data Protection Law and Irish Data Protection Law. 8.6 . The Data Controller may request that the Data Processor audit a Third Party Subprocessor Sub-processor or provide confirmation that such an audit has occurred (or, where available, obtain or assist customer Controller in obtaining a third-party audit report concerning the Third Party SubprocessorSub-processor’s operations) to ensure compliance with its obligations imposed by the Data Processor in conformity with this Agreement.