Common use of Data Processor Terms Clause in Contracts

Data Processor Terms. The parties agree and acknowledge that: 2.2.1 Partner hereby authorizes Akamai to process Agreement Personal Data as a Data Processor for the purposes of providing the Services only. Akamai is authorised to engage, use or permit an Authorized Sub-Processor for the Processing of Agreement Personal Data provided that: (a) Akamai undertakes reasonable due diligence on them in advance to ensure appropriate safeguards for Agreement Personal Data and respective individual rights in accordance with applicable Data Protection Laws; (b) Akamai shall provide the Partner with advance written notice of any intended changes to any Authorized Sub-Processor, allowing the Partner sufficient opportunity to object; and (c) The Authorized Sub-Processor’s activities must be specified in accordance with the obligations set out in this Section 2.2. Without prejudice to this Section 2.2.1, Akamai shall remain responsible for all acts or omissions of the Authorized Sub-Processor as if they were its own. The Partner hereby approves the Authorized Sub- Processors that Akamai uses to provide the Services, listed at xxxxx://xxx.xxxxxx.xxx/us/en/multimedia/documents/akamai/akamai-processors.pdf. Further, to the extent that any Data Protection Laws would deem an Akamai Affiliate, by sole virtue of its ownership of Akamai servers used to provide the Services, to be a sub-processor for purposes of this Agreement, the Partner hereby authorizes Akamai’s use of such Akamai Affiliates as Authorized Sub-Processors. 2.2.2 Akamai shall (and procure that any Authorized Sub-Processor shall): (a) process Agreement Personal Data only on documented instructions from the Partner, including those set forth in the Channel Agreement, this Agreement, technical specifications provided for administration of the Services, and configuration settings set in any of Akamai’s customer portals provided for administration of the Services; (b) without prejudice to Section 2.2.2(a), ensure that Agreement Personal Data will only be used by Akamai as set forth in this Agreement or the Channel Agreement; (c) ensure that any persons authorized to process Agreement Personal Data: (i) have committed themselves to appropriate confidentiality obligations in relation to Agreement Personal Data or are under an appropriate statutory obligation of confidentiality; (ii) access and process Agreement Personal Data solely on written documented instructions from the Partner; and (iii) are appropriately reliable, qualified and trained in relation to their processing of Agreement Personal Data; (d) implement technical and organizational measures at a minimum to the standard set out in Schedule 2 to ensure a level of security appropriate to the risk presented by processing Agreement Personal Data, including as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing; (e) notify the Partner without undue delay (and in any event no later than 48 hours) after becoming aware of a Personal Data Breach as set forth in Section 4; (f) assist the Partner in: (i) responding to requests for exercising the Data Subject's rights under the Data Protection Laws, by appropriate technical and organizational measures, insofar as this is reasonably possible, provided that Akamai shall not be required to store or process any data for the purpose of re- identifying an individual when such information is not normally processed or stored by Akamai; (ii) responding to any requests or other communications from the Partner or Partner’s Clients as Data Controller relating to the processing of Agreement Personal Data under this Agreement; (iii) reporting any Personal Data Breach to any Supervisory Authority or Data Subjects and documenting any Personal Data Breach; (iv) taking measures to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects; and (v) conducting mandatory privacy impact assessments of any processing operations and consulting with any applicable Supervisory Authority or appropriate persons accordingly; (g) at the choice of the Partner and where appropriate, to the extent that Agreement Personal Data is stored by Akamai, securely delete or return all Agreement Personal Data to the Partner after the end of the provision of relevant Services relating to processing, and securely delete any remaining copies and certify when this exercise has been completed; (h) make available to the Partner all information necessary to comply with its obligations to do so under Data Protection Laws; (i) immediately inform the Partner if Akamai is of the opinion that an instruction of the Partner or Partner’s Client regarding the processing of Agreement Personal Data violates applicable Data Protection Laws; and (j) not sell, rent, disclose, release, transfer, make available or otherwise communicate, Agreement Personal Data to a third party for monetary or other valuable consideration.

Data Processor Terms. The parties agree and acknowledge that: 2.2.1 Partner hereby authorizes Akamai Vyzze Global to process Agreement Personal Data as a Data Processor for the purposes of providing the Services only. Akamai Vyzze Global is authorised to engage, use or permit an Authorized Sub-Processor for the Processing of Agreement Personal Data provided that: (a) Akamai Vyzze Global undertakes reasonable due diligence on them in advance to ensure appropriate safeguards for Agreement Personal Data and respective individual rights in accordance with applicable Data Protection Laws; (b) Akamai Vyzze Global shall provide the Partner with advance written notice of any intended changes to any Authorized Sub-Processor, allowing the Partner sufficient opportunity to object; and (c) The Authorized Sub-Processor’s activities must be specified in accordance with the obligations set out in this Section 2.2. Without prejudice to this Section 2.2.1, Akamai Vyzze Global shall remain responsible for all acts or omissions of the Authorized Sub-Processor as if they were its own. The Partner hereby approves the Authorized Sub- Processors that Akamai Vyzze Global uses to provide the Services, listed at xxxxx://xxx.xxxxxx.xxx/us/en/multimedia/documents/akamai/akamai-processors.pdf. xxxxx://xxxxx.xxx/legal/pdpa/ Further, to the extent that any Data Protection Laws would deem an Akamai Vyzze Global Affiliate, by sole virtue of its ownership of Akamai Vyzze Global servers used to provide the Services, to be a sub-processor for purposes of this Agreement, the Partner hereby authorizes AkamaiVyzze Global’s use of such Akamai Vyzze Global Affiliates as Authorized Sub-Processors. 2.2.2 Akamai Vyzze Global shall (and procure that any Authorized Sub-Processor shall): (a) process Agreement Personal Data only on documented instructions from the Partner, including those set forth in the Channel Agreement, this Agreement, technical specifications provided for administration of the Services, and configuration settings set in any of AkamaiVyzze Global’s customer portals provided for administration of the Services; (b) without prejudice to Section 2.2.2(a), ensure that Agreement Personal Data will only be used by Akamai Vyzze Global as set forth in this Agreement or the Channel Agreement; (c) ensure that any persons authorized to process Agreement Personal Data: (i) have committed themselves to appropriate confidentiality obligations in relation to Agreement Personal Data or are under an appropriate statutory obligation of confidentiality; (ii) access and process Agreement Personal Data solely on written documented instructions from the Partner; and (iii) are appropriately reliable, qualified and trained in relation to their processing of Agreement Personal Data; (d) implement technical and organizational measures at a minimum to the standard set out in Schedule 2 to ensure a level of security appropriate to the risk presented by processing Agreement Personal Data, including as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing; (e) notify the Partner without undue delay (and in any event no later than 48 hours) after becoming aware of a Personal Data Breach as set forth in Section 4; ; (f) assist the Partner in: (i) responding to requests for exercising the Data Subject's rights under the Data Protection Laws, by appropriate technical and organizational measures, insofar as this is reasonably possible, provided that Akamai Vyzze Global shall not be required to store or process any data for the purpose of re- identifying reidentifying an individual when such information is not normally processed or stored by AkamaiVyzze Global; (ii) responding to any requests or other communications from the Partner or Partner’s Clients as Data Controller relating to the processing of Agreement Personal Data under this Agreement; (iii) reporting any Personal Data Breach to any Supervisory Authority or Data Subjects and documenting any Personal Data Breach; (iv) taking measures to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects; and (v) conducting mandatory privacy impact assessments of any processing operations and consulting with any applicable Supervisory Authority or appropriate persons accordingly; (g) at the choice of the Partner and where appropriate, to the extent that Agreement Personal Data is stored by AkamaiVyzze Global, securely delete or return all Agreement Personal Data to the Partner after the end of the provision of relevant Services relating to processing, and securely delete any remaining copies and certify when this exercise has been completed; (h) make available to the Partner all information necessary to comply with its obligations to do so under Data Protection Laws; (i) immediately inform the Partner if Akamai Vyzze Global is of the opinion that an instruction of the Partner or Partner’s Client regarding the processing of Agreement Personal Data violates applicable Data Protection Laws; and (j) not sell, rent, disclose, release, transfer, make available or otherwise communicate, Agreement Personal Data to a third party for monetary or other valuable consideration.

Data Processor Terms. The parties agree and acknowledge that: 2.2.1 Partner that (i) Akamai, (and any relevant Affiliates, if applicable), when providing the Services to Customer, will be acting as a Data Processor in respect of the processing by or for it of Agreement Personal Data and, (ii) Customer hereby authorizes Akamai to process Agreement Personal Data as a Data Processor (on its and its Affiliates’ behalf, if applicable) for the purposes of providing the Services only. . 2.2.1 Akamai is authorised to engage, use or permit an Authorized Sub-Processor for the Processing of Agreement Personal Data provided that: (a) Akamai undertakes reasonable due diligence on them in advance to ensure appropriate safeguards for Agreement Personal Data and respective individual rights in accordance with applicable Data Protection Laws; (b) Akamai shall provide the Partner Customer with advance written notice of any intended changes to any Authorized Sub-Processor, allowing the Partner Customer sufficient opportunity to object; and (c) The Authorized Sub-Processor’s activities must be specified in accordance with the obligations set out in this Section 2.2. Without prejudice to this Section 2.2.1, Akamai shall remain responsible for all acts or omissions of the Authorized Sub-Processor as if they were its own. The Partner Customer hereby approves the Authorized Sub- Processors that Akamai uses to provide the Services, listed at xxxxx://xxx.xxxxxx.xxx/us/en/multimedia/documents/akamai/akamai-processors.pdf. Further, to the extent that any Data Protection Laws would deem an Akamai Affiliate, by sole virtue of its ownership of Akamai servers used to provide the Services, to be a sub-processor for purposes of this Agreement, the Partner Customer hereby authorizes Akamai’s use of such Akamai Affiliates as Authorized Sub-Processors. 2.2.2 Akamai shall (and procure that any Authorized Sub-Processor shall): (a) process Agreement Personal Data only on documented instructions from the PartnerCustomer, including those set forth in the Channel AgreementTerms & Conditions, this Agreement, technical specifications provided for administration of the Services, and configuration settings set in any of Akamai’s customer portals provided for administration of the Services; (b) without prejudice to Section 2.2.2(a), ensure that Agreement Personal Data will only be used by Akamai as set forth in this Agreement or the Channel AgreementTerms & Conditions; (c) ensure that any persons authorized to process Agreement Personal Data: (i) have committed themselves to appropriate confidentiality obligations in relation to Agreement Personal Data or are under an appropriate statutory obligation of confidentiality; (ii) access and process Agreement Personal Data solely on written documented instructions from the PartnerCustomer; and (iii) are appropriately reliable, qualified and trained in relation to their processing of Agreement Personal Data; (d) implement technical and organizational measures at a minimum to the standard set out in Schedule 2 to ensure a level of security appropriate to the risk presented by processing Agreement Personal Data, including as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing; (e) notify the Partner Customer without undue delay (and in any event no later than 48 hours) after becoming aware of a Personal Data Breach as set forth in Section 4; (f) assist the Partner Customer in: (i) responding to requests for exercising the Data Subject's rights under the Data Protection Laws, by appropriate technical and organizational measures, insofar as this is reasonably possible, provided that Akamai shall not be required to store or process any data for the purpose of re- identifying an individual when such information is not normally processed or stored by Akamai; (ii) responding to any requests or other communications from the Partner or Partner’s Clients Customer as Data Controller relating to the processing of Agreement Personal Data under this Agreement; (iii) reporting any Personal Data Breach to any Supervisory Authority or Data Subjects and documenting any Personal Data Breach; (iv) taking measures to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects; and (v) conducting mandatory privacy impact assessments of any processing operations and consulting with any applicable Supervisory Authority or appropriate persons accordingly; (g) at the choice of the Partner Customer and where appropriate, to the extent that Agreement Personal Data is stored by Akamai, securely delete or return all Agreement Personal Data to the Partner Customer after the end of the provision of relevant Services relating to processing, and securely delete any remaining copies and certify when this exercise has been completed; (h) make available to the Partner Customer all information necessary to comply with its obligations to do so under Data Protection Laws; (i) immediately inform the Partner Customer if Akamai is of the opinion that an instruction of the Partner or Partner’s Client Customer regarding the processing of Agreement Personal Data violates applicable Data Protection Laws; and (j) not sell, rent, disclose, release, transfer, make available or otherwise communicate, Agreement Personal Data to a third party for monetary or other valuable consideration.

Data Processor Terms. The parties agree and acknowledge that: 2.2.1 that Akamai, and any relevant Akamai Affiliates, when providing the Services for Partner hereby and/or Partner’s Client, will be acting as an Authorized Sub Processor (on behalf of Partner as a Data Processor) in respect of the processing by or for it of Agreement Personal Data. Partner (A) authorizes Akamai to process the Agreement Personal Data, and (B) confirms that on the effective date of each respective Order Form made after the Effective Date hereof Partner will have obtained its Client’s consent for Akamai to process such Agreement Personal Data and its Client has confirmed it will have obtained enduser consent or has another legal basis for processing, as applicable, in each case for the term of any applicable Order Form under the Channel Agreement as a Data Processor or Authorised Sub-Processor as applicable (on its and its Affiliates behalf) for the purposes of providing the Services only. . 2.2.1 Akamai is authorised to engage, use or permit an Authorized Authorised Sub-Processor for the Processing of Agreement Personal Data provided that: (a) Akamai undertakes reasonable due diligence on them in advance to ensure appropriate safeguards for Agreement Personal Data and respective individual rights in accordance with applicable Data Protection Laws; (b) Akamai shall provide the Partner with advance written notice of any intended changes to any Authorized Authorised Sub-Processor, allowing the Partner sufficient opportunity to object; (c) Akamai has entered into a data processing agreement with such Authorized Sub-Processor that satisfies the requirements of the applicable Data Protection Laws and the terms of this Agreement; and (cd) The Authorized Authorised Sub-Processor’s activities must be specified in accordance with the obligations set out in this Section 2.2. Without prejudice to this Section 2.2.1, Akamai shall remain responsible for all acts or omissions of the Authorized Authorised Sub-Processor as if they were its own. The Partner hereby approves the Authorized Sub- Processors that Akamai uses to provide the Services, listed at xxxxx://xxx.xxxxxx.xxx/us/en/multimedia/documents/akamai/akamai-processors.pdf. Further, to the extent that any Data Protection Laws would deem an Akamai Affiliate, by sole virtue of its ownership of Akamai servers used to provide the Services, to be a sub-processor for purposes of this Agreement, the Partner hereby authorizes Akamai’s use of such Akamai Affiliates as Authorized Sub-Processors. 2.2.2 Akamai shall (and procure that any Authorized Authorised Sub-Processor shall): (a) process the Agreement Personal Data only on documented instructions from the Partner, including those set forth in the Channel Agreement, this Agreement, any technical specifications provided for administration of the Services, and configuration settings set by Partner or Partner’s Client in any of Akamai’s customer portals provided for administration of the Services; (b) without prejudice to Section 2.2.2(a), ensure that Agreement Personal Data will only be used by Akamai as set forth in this Agreement or the Channel Agreement; (c) ensure that any persons authorized authorised to process the Agreement Personal Data: (ia) have committed themselves to appropriate confidentiality obligations in relation to Agreement Personal Data or are under an appropriate statutory obligation of confidentiality; (iib) access and process the Agreement Personal Data solely on written documented instructions from the Partner; and (iiic) are appropriately reliable, qualified and trained in relation to their processing of Agreement Personal Data; (d) implement technical and organizational organisational measures at a minimum to the standard set out in the Schedule 2 to ensure a level of security appropriate to the risk presented by processing the Agreement Personal Data, including as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal in particular from a Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processingBreach Incident; (e) notify the Partner without undue delay (and in any event no later than 48 hours) after becoming aware of a Personal Data Breach Incident as set forth in Section 45; (f) assist the Partner in: (ia) responding to requests for exercising the Data Subject's rights under the Data Protection Laws, by appropriate technical and organizational organisational measures, insofar as this is reasonably possible, provided that Akamai shall not be required to store or process any data for the purpose of re- re-identifying an individual when such information is not normally processed or stored by Akamai; (ii) responding to any requests or other communications from the Partner or Partner’s Clients as Data Controller relating to the processing of Agreement Personal Data under this Agreement; (iiib) reporting any Personal Data Breach Incident to any Supervisory Authority or Data Subjects and documenting any Personal Data BreachBreach Incidents; (ivc) taking measures to address the Personal Data BreachBreach Incident, including, where appropriate, measures to mitigate its possible adverse effects; and (vd) conducting mandatory privacy impact assessments of any processing operations and consulting with any applicable Supervisory Authority or appropriate persons accordingly; (g) at the choice of the Partner and where appropriatePartner, to the extent that Agreement Personal Data is stored by Akamai, securely delete or return all Agreement Personal Data to the Partner after the end of the provision of relevant Services relating to processing, and securely delete any remaining copies and certify when this exercise has been completed; (h) make available to the Partner all information necessary to comply with its obligations to do so under the Data Protection LawsLaws and allow for and contribute to audits, including inspections, conducted by Partner or another auditor mandated by Partner (including in response to audit requests by Partner’s Client); (i) immediately inform acquire no rights or interest in the Partner if Akamai is of the opinion that an instruction of the Partner or Partner’s Client regarding the processing of Agreement Personal Data violates applicable Data Protection LawsData, except to the extent necessary to provide the Services under the respective contract; and (j) not sell, rent, disclose, release, transfer, make available or otherwise communicate, transfer any Agreement Personal Data to a third party outside of the EEA, except as provided for monetary or other valuable considerationin Section 2.3 below.

Data Processor Terms. The parties agree and acknowledge that: 2.2.1 Partner that (i) Akamai, (and any relevant Affiliates, if applicable), when providing the Services to Customer, will be acting as a Data Processor in respect of the processing by or for it of Agreement Personal Data and, (ii) Customer hereby authorizes Akamai to process Agreement Personal Data as a Data Processor (on its and its Affiliates’ behalf, if applicable) for the purposes of providing the Services only. . 2.2.1 Akamai is authorised to engage, use or permit an Authorized Sub-Processor for the Processing of Agreement Personal Data provided that: (a) Akamai undertakes reasonable due diligence on them in advance to ensure appropriate safeguards for Agreement Personal Data and respective individual rights in accordance with applicable Data Protection Laws; (b) Akamai shall provide the Partner Customer with advance written notice of any intended changes to any Authorized Sub-Processor, allowing the Partner Customer sufficient opportunity to object; and (c) The Authorized Sub-Processor’s activities must be specified in accordance with the obligations set out in this Section 2.2. Without prejudice to this Section 2.2.1, Akamai shall remain responsible for all acts or omissions of the Authorized Sub-Processor as if they were its own. The Partner Customer hereby approves the Authorized Sub- Processors that Akamai uses to provide the Services, listed at xxxxx://xxx.xxxxxx.xxx/us/en/multimedia/documents/akamai/akamai-processors.pdfxxxxx://xxx.xxxxxx.xxx/content/dam/site/en/documents/akamai/akamai-processors.pdf. Further, to the extent that any Data Protection Laws would deem an Akamai Affiliate, by sole virtue of its ownership of Akamai servers used to provide the Services, to be a sub-processor for purposes of this Agreement, the Partner Customer hereby authorizes AkamaiXxxxxx’s use of such Akamai Affiliates as Authorized Sub-Processors. 2.2.2 Akamai shall (and procure that any Authorized Sub-Processor shall): (a) process Agreement Personal Data only on documented instructions from the PartnerCustomer, including those set forth in the Channel AgreementTerms & Conditions, this Agreement, technical specifications provided for administration of the Services, and configuration settings set in any of Akamai’s customer portals provided for administration of the Services; (b) without prejudice to Section 2.2.2(a), ensure that Agreement Personal Data will only be used by Akamai as set forth in this Agreement or the Channel AgreementTerms & Conditions; (c) ensure that any persons authorized to process Agreement Personal Data: (i) have committed themselves to appropriate confidentiality obligations in relation to Agreement Personal Data or are under an appropriate statutory obligation of confidentiality; (ii) access and process Agreement Personal Data solely on written documented instructions from the PartnerCustomer; and (iii) are appropriately reliable, qualified and trained in relation to their processing of Agreement Personal Data; (d) implement technical and organizational measures at a minimum to the standard set out in Schedule 2 to ensure a level of security appropriate to the risk presented by processing Agreement Personal Data, including as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing; (e) notify the Partner Customer without undue delay (and in any event no later than 48 hours) after becoming aware of a Personal Data Breach as set forth in Section 4; (f) assist the Partner Customer in: (i) responding to requests for exercising the Data Subject's rights under the Data Protection Laws, by appropriate technical and organizational measures, insofar as this is reasonably possible, provided that Akamai shall not be required to store or process any data for the purpose of re- identifying an individual when such information is not normally processed or stored by Akamai; (ii) responding to any requests or other communications from the Partner or Partner’s Clients Customer as Data Controller relating to the processing of Agreement Personal Data under this Agreement; (iii) reporting any Personal Data Breach to any Supervisory Authority or Data Subjects and documenting any Personal Data Breach; (iv) taking measures to address the Personal Data Breach, including, where appropriate, measures to mitigate its possible adverse effects; and (v) conducting mandatory privacy impact assessments of any processing operations and consulting with any applicable Supervisory Authority or appropriate persons accordingly; (g) at the choice of the Partner Customer and where appropriate, to the extent that Agreement Personal Data is stored by Akamai, securely delete or return all Agreement Personal Data to the Partner Customer after the end of the provision of relevant Services relating to processing, and securely delete any remaining copies and certify when this exercise has been completed; (h) make available to the Partner Customer all information necessary to comply with its obligations to do so under Data Protection Laws; (i) immediately inform the Partner Customer if Akamai is of the opinion that an instruction of the Partner or Partner’s Client Customer regarding the processing of Agreement Personal Data violates applicable Data Protection Laws; and (j) not sell, rent, disclose, release, transfer, make available or otherwise communicate, Agreement Personal Data to a third party for monetary or other valuable consideration.