Cross-Border Transfers. 6.1 Customer acknowledges and agrees that Mimecast may, in the course of providing the Services, Process (or permit any Affiliate or Third-Party Subcontractor to Process) Customer’s Personal Data in one or more Third Countries, provided that such Processing takes place in accordance with the requirements of Applicable Law. In such case, Mimecast shall, comply with (or procure that any Affiliate or Third-Party Subcontractor comply with) the data importer obligations in the applicable Standard Contractual Clauses. Customer hereby grants Mimecast a mandate to enter into the Standard Contractual Clauses with a Third-Party Subcontractor or Affiliate it appoints.
6.2 If, in fulfilling its obligations under the Agreement or pursuant to other lawful instructions from Customer, Personal Data is to be transferred from the European Economic Area and/or Switzerland to any country that has not been recognized by the European Commission as providing an adequate level of protection for Personal Data, the parties agree to enter into and abide by the EU Standard Contractual Clauses, which are incorporated into this DPA as follows:
(i) Customer is the Data Exporter and Mimecast is the Data Importer;
(ii) Clause 7, the "Docking Clause (Optional)", shall be deemed incorporated;
(iii) In Clause 9, the parties choose Option 2, 'General Written Authorisation', with a time period of 20 days;
(iv) the optional wording in Clause 11 shall be deemed not incorporated;
(v) In Clause 17, the Data Exporter and Data Importer agree that the EU Standard Contractual Clauses shall be governed by the laws of the Germany, and choose Option 1 to this effect;
(vi) In Clause 18, the Data Exporter and Data Importer agree that any disputes shall be resolved by the courts of the Germany;
(vii) Completed Annexes I, II and III of the EU Standard Contractual Clauses are included in Schedule 1-3 herein; and
(viii) Notwithstanding the fact that the Standard Contractual Clauses are incorporated herein by reference without the Standard Contractual Clauses actually being signed by the parties, the parties agree that the execution of this DPA is deemed to constitute its execution of the Standard Contractual Clauses on behalf of the Data Exporter or Data Importer (as applicable), and that it is duly authorized to do so on behalf of, and to contractually bind, the Data Exporter or Data Importer (as applicable) accordingly.
(ix) The parties agree that the Standard Contractual Clauses shall cease to apply to the ...
Cross-Border Transfers. Consistent with the terms of this DPA, Nectar HR will at all times provide an adequate level of protection for the Personal Data, wherever processed, in accordance with the requirements of applicable Data Protection Laws. To the extent that transfers of Personal Data occur under this DPA in connection with the Services, and such transfers are not to an Adequate Country, the parties agree that such transfers shall be subject to the Standard Contractual Clauses, conditioned on Nectar HR complying with (and requiring any Subcontractor to comply with) the Standard Contractual Clauses, which are incorporated by reference and form as an integral part of this DPA (see Schedule II attached hereto). For the purposes of the descriptions in the Standard Contractual Clauses and only as between Nectar HR and Client, Nectar HR agrees that it is a “data importer” and Client is the “data exporter” under the Standard Contractual Clauses. The parties acknowledge and agree that, given the types and categories of Personal Data processed by Nectar HR, any Transfer Impact Assessment (TIA) will only be undertaken by Nectar HR if, after a case-specific analysis of Client, Nectar HR determines such TIA is reasonable and appropriate in accordance with applicable Data Protection laws.
Cross-Border Transfers. In connection with the performance of these Terms and Conditions, CribMaster may transfer Personal Information to various locations. CribMaster will protect Personal Information in accordance with these Terms and Conditions regardless of the jurisdiction in which it is located. If required by applicable law, the parties will enter into EU Standard Contractual Clauses (Controller to Processor) or other similar agreements to facilitate transfer of Personal Information cross border.
Cross-Border Transfers. 2.3.1 The Partner hereby acknowledges and accepts that the Akamai platform is made up of servers owned and operated by Akamai and/or its Affiliates globally and that Akamai processes Agreement Personal Data not only in the applicable jurisdiction(s) where the Partner or Partner’s Clients operate, but also transfers Agreement Personal Data outside of such jurisdictions, dependent upon the location of the Partner’s or the Client’s end user and the Akamai servers serving those connections. Such cross-border transfers shall take place in accordance with applicable Data Protection Laws, including, without limitation, completing any required prior assessments. A list of all countries in which Akamai operates servers, including a list of all Akamai Affiliates that own such servers, as may be updated from time to time, is available in Akamai’s Privacy Trust Centre at xxxxx://xxx.xxxxxx.xxx/us/en/multimedia/documents/akamai/points-of-presence-countries.pdf.
2.3.2 To the extent that Agreement Personal Data is subject to a cross-border transfer to a non-EU member country that does not have an EU adequacy determination, at least one of the Cross-Border Transfer Mechanism(s) listed below shall apply in the order of preference listed in the event that more than one mechanism applies:
(a) Binding Corporate Rules -- To the extent Akamai has adopted Binding Corporate Rules, it shall maintain such Binding Corporate Rules and promptly notify the Partner in the event that the Binding Corporate Rules are no longer a valid transfer mechanism between the parties.
Cross-Border Transfers. Vendor will ensure that Personal Information is not physically transferred to, accessed by, or otherwise processed by its employees or personnel in any country other than the E.E.A. unless agreed to in writing by Customer. At Customer’s request, Vendor and any of its affiliates or subcontractors will enter into an appropriate data processing agreement that incorporates the European Commission Standard Contractual Clauses between Controllers and Processors, or any similar agreement relating to other countries with Customer to allow Customer’s international offices to transfer Personal Information to Vendor and any of its affiliates or subcontractors.
Cross-Border Transfers. 6.1 Data Processor acknowledges and agrees, and shall procure that Data Controller acknowledges and agrees, that Sub-Processor may, in the course of providing the Services, Process (or permit any Affiliate or Third-Party Subcontractor to Process) Personal Data in one or more Third Countries, provided that such Processing takes place in accordance with the requirements of Applicable Law. In such case, the Sub-Processor shall comply with (or procure that any Affiliate or Third-Party Subcontractor comply with) the data importer obligations in the applicable Standard Contractual Clauses.
7.2 If, in fulfilling its obligations under the Agreement or pursuant to other lawful Instructions from the Data Controller Personal Data is to be transferred from the European Economic Area, Switzerland and/or the UK (as applicable) by Data Controller and/or Data Processor to Sub-Processor to any Third Country, the parties agree to enter into and abide by the EU Standard Contractual Clauses and/or UK Addendum (as applicable) which are incorporated into this DPA as follows:
(i) Data Processor is the Data Exporter and Sub-Processor is the Data Importer (the foregoing shall apply with respect to Table 1 of the UK Addendum);
(ii) In Clause 7, the "Docking Clause (Optional)", shall be deemed incorporated (the foregoing shall apply with respect to Table 1 of the UK Addendum);
(iii) In Clause 9, the parties choose Option 2, 'General Written Authorisation', with a time period of 20 days (the foregoing shall apply with respect to Table 2 of the UK Addendum);
(iv) the optional wording in Clause 11 shall be deemed not incorporated (the foregoing shall apply with respect to Table 2 of the UK Addendum);
(v) In Clause 13, the competent Regulator shall be the Bavarian Data Protection Authority (Bayerisches Landesamt für Datenschutzaufsicht).
(vi) In Clause 17, the Data Exporter and Data Importer agree that the EU Standard Contractual Clauses shall be governed by the laws of Germany, and choose Option 1 to this effect (Part 2, Section 15(m) of the UK Addendum shall apply);
(vii) In Clause 18, the Data Exporter and Data Importer agree that any disputes shall be resolved by the courts of Munich, Germany(Part 2, Section 15(n) of the UK Addendum shall apply);
(viii) In accordance with Section 19 of the UK Addendum and Section 6.4 of this DPA, neither party may end the UK Addendum when the UK Addendum changes;
(ix) Completed Annexes I, II and III of the EU Standard Contractual Clauses and Annexes...
Cross-Border Transfers. Where Personal Data originates from the European Economic Area and is transferred to the United States, SailPoint will act in compliance with the EU-U.S. Privacy Shield Framework. Where Personal Data originates from Switzerland and is transferred to the United States, SailPoint will act in compliance with the U.S.- Swiss Safe Harbor Framework. SailPoint has self-certified to the EU-U.S. Privacy Shield Framework and theU.S.- Swiss Safe Harbor Framework and will maintain such certification throughout the term of this Agreement.
Cross-Border Transfers. 9.1. Customer hereby authorizes Processor to transfer personal data to Processor's Affiliates in the United States to the extent such affiliates are certified to the EU-U.S. Privacy Shield Framework. Except as set forth in the previous sentence, Processor shall not transfer any personal data to a country outside of the European Economic Area without an adequate level of protection without express written approval from Customer, unless otherwise required to do so by European Law to which Processor is subject. In the event that European Law may require Processor to transfer personal data to such a country other than as authorized by Customer, Processor shall notify Customer of such European Law requirement before transferring personal data, unless such European Law prohibits such information on important grounds of public interest.
9.2. To the extent that Customer or Processor are relying on a specific statutory mechanism recognized under EU Data Protection Laws to lawfully transfer personal data to a country outside of the European Economic Area and such mechanism is subsequently modified, revoked or held in a court of competent jurisdiction to be invalid, Customer and Processor agree to cooperate in good faith to promptly terminate the transfer or to pursue a suitable alternate mechanism that can lawfully support the transfer.
Cross-Border Transfers. The following text is added to the Agreement: “Client (for itself and its relevant Affiliates), as data exporter, and ON24 and its relevant Affiliates, each as a data importer, hereby execute the Standard Contractual Clauses attached hereto as Exhibit A (the “SCCs”). The SCCs shall apply to any personal data processed by ON24 on behalf of Client pursuant to the Agreement (“Client personal data” hereunder), and shall take effect (a) in the event such Client personal data is transferred to, by or between ON24 and its Affiliates or Subprocessors, and (b) to the extent such transfer would be prohibited by the applicable data protection laws of the European Economic Area, the United Kingdom, and Switzerland (as amended). The parties agree that the SCCs hereby replace ON24’s obligations pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, with respect to any Client personal data transferred to the United States. With respect to the Client Personal Data subject to Data Protection Laws other than the GDPR and data protection laws of the United Kingdom, in the Standard Contractual Clauses, the terms “Member State” and “State” are replaced throughout by the word “jurisdiction,” “supervisory authority” will mean the relevant data protection regulator or other government body with authority to enforce Data Protection Laws, and references to “applicable data protection laws” and “Directive 95/46/EC” shall be replaced with the “applicable Data Protection Laws” as defined herein.”
Cross-Border Transfers. 3.1 The Distributor warrants and undertakes that it shall, and shall procure that each of its subcontractors shall, not cause or permit personal data to be transferred or otherwise processed outside of the United States without the Trust’s express prior written consent and otherwise in accordance with Section 3.2 below.
3.2 In the event of any cross border transfer of personal data approved by the Trust under Section 3.1 above, to the extent that any transfer is outside of a jurisdiction deemed to have an adequate level of protection for personal data by competent data protection authorities or other competent regulator, including the European Economic Area (“EEA”), Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, Japan, New Zealand, Switzerland, Uruguay and such other countries notified in writing by the Trust from time to time (“Adequate Countries”), the respective parties shall be bound by the following transfer mechanisms: (i) in the context of transfers from the EEA and/or the UK, the Standard Contractual Clauses for Data Processors established in Third Countries pursuant to the Commission Decision (2010/87/EU) of 5 February 2010 under the EU Directive 95/46/EC as may be amended, updated or replaced from time to time (“Processor Standard Contractual Clauses”). The information required to complete the Processor Standard Contractual Clauses is incorporated by reference and applies to the parties as if it were set out herein in full.
3.3 In the event that the Processor Standard Contractual Clauses are at any time no longer deemed to provide adequate protection to personal data transferred, or in the event other jurisdictions require the implementation of transfer mechanisms, the parties shall adopt such alternative or new data transfer solution to replace the Processor Standard Contractual Clauses as is required by the Trust to comply with its legal and/or regulatory requirements. For the avoidance of doubt, the Trust shall have no liability to the Distributor in respect of the Distributor’s refusal to adopt such alternative or new data transfer solution.
3.4 If the Distributor operates as a data controller as defined under applicable privacy and data protection laws, in the event of any cross border transfer of personal data outside the Adequate Countries, the respective parties shall be bound by the following transfer mechanism: in the context of transfers from the EEA, the Standard Contractual Clauses for the Transfer ...
