Common use of DATA PROCESSOR’S OBLIGATIONS Clause in Contracts

DATA PROCESSOR’S OBLIGATIONS. 3.1. The Data Controller determines the purposes of Processing Client Personal Data for the provision of the Service. 3.2. In relation to the provision of the Service, the Data Processor undertakes to adhere to the following obligations including those defined in Annexes 1 and 2 attached hereto: a) The Data Processor Processes the Client Personal Data only as necessary to provide the Service, subject to the Data Controller’s written instructions in the present DPA; b) The Data Processor notifies the Data Controller in case it considers a Data Controller’s written instruction to breach Applicable Data Protection Laws. In no case is the Data Processor under the obligation of performing a comprehensive legal examination with respect to a Client’s written instruction; c) Register as Data Processor notifies the Data Controller without undue delay of any contact or communication it receives from a Supervisory Authority in relation to the Processing of Client Personal Data. In this regard, the Parties acknowledge and agree that the responsibility for replying to such requests rests on the Data Controller and not on the Data Processor; d) The Data Processor has implemented operational, technical and organizational measures, including as described in Annex 2 hereto, aimed at protecting the Client Personal Data. The Parties acknowledge and agree that the Data Processor is specifically allowed to implement adequate alternative measures or use alternative locations as long as the security level of the measures or of the locations is maintained or strengthened compared to the declared measures; e) In case the Data Processor discloses Client Personal Data to its personnel directly and exclusively involved in the performance of the Service, the Data Processor ensures that such personnel: i) is committed to confidentiality or is under an appropriate statutory obligation of confidentiality and;

DATA PROCESSOR’S OBLIGATIONS. 3.1. The Data Controller determines the purposes of Processing Client Personal Data for the provision of the Service. 3.2. In relation to the provision of the Service, the Data Processor undertakes to adhere to the following obligations including those defined in Annexes 1 and 2 attached hereto: a) The Data Processor Processes the Client Personal Data only as necessary to provide the Service, subject to the Data Controller’s written instructions in the present DPA; b) The Data Processor notifies the Data Controller in case it considers a Data Controller’s written instruction to breach Applicable Data Protection Laws. In no case is the Data Processor under the obligation of performing a comprehensive legal examination with respect to a Client’s written instruction; c) Register as Data Processor notifies the Data Controller without undue delay of any contact or communication it receives from a Supervisory Authority in relation to the Processing of Client Personal Data. In this regard, the Parties acknowledge and agree that the responsibility for replying to such requests rests on the Data Controller and not on the Data Processor; d) The Data Processor has implemented operational, technical and organizational measures, including as described in Annex 2 hereto, aimed at protecting the Client Personal Data. The Parties acknowledge and agree that the Data Processor is specifically allowed to implement adequate alternative measures or use alternative locations as long as the security level of the measures or of the locations is maintained or strengthened compared to the declared measures; e) In case the Data Processor discloses Client Personal Data to its personnel directly and exclusively involved in the performance of the Service, the Data Processor ensures that such personnel: i) is committed to confidentiality or is under an appropriate statutory obligation of confidentiality and; ii) Process Client Personal Data under the instructions of the Data Processor in compliance with its obligations under this DPA.