Common use of Deletion or return of Company Personal Data Clause in Contracts

Deletion or return of Company Personal Data. 10.1 Subject to sections 10.2 and 10.3 Vendor and each Vendor Affiliate shall promptly and in any event within 180 days of the date of cessation of any Services involving the Processing of Company Personal Data (the "Cessation Date"), delete and procure the deletion of all copies of those Company Personal Data. Such deletion may include deletion through erasure of an encryption key and deletion of backup copies shall be performed through Vendor’s and Vendor Affiliates’ ordinary course of overwriting and deletion of backups. 10.2 Company has the ability to retrieve its own Customer Data from within its applications through self-service prior to the Cessation Date. Accordingly, subject to section 10.3, Vendor is only required to provide a copy of Company Personal Data to Company by secure file transfer in a non-Company-proprietary format if it has prevented such retrieval access. Any request for a provision of a copy must be received within fifteen (15) days after the Cessation Date with the copy to be provided only if Vendor has access to the Customer Data and if so, within thirty (30) days of receipt of such request. 10.3 Vendor and each Contracted Processor may retain Company Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Vendor and each Vendor Affiliate shall ensure the confidentiality of all such Company Personal Data and shall ensure that such Company Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose. 10.4 Vendor shall provide written certification to Company that it and each Vendor Affiliate has fully complied with this section 10 upon written request made within thirty (30) days of the Cessation Date; such certification will be provided within thirty (30) days after completion of the copy or deletion obligations.

Deletion or return of Company Personal Data. 10.1 Subject to sections 10.2 and 10.3 Vendor and each Vendor Affiliate shall promptly and in any event within 180 days of the date of cessation of any Services involving the Processing of Company Personal Data (the "Cessation Date"), delete and procure the deletion of all copies of those Company Personal Data. Such deletion may include deletion through the erasure of an encryption key and deletion of backup copies shall be performed through the Vendor’s and Vendor Affiliates’ ordinary course of overwriting and deletion of backups. 10.2 Company has the ability to retrieve its own Customer Data from within its applications through self-service prior to the Cessation Date. Accordingly, subject to section 10.3, the Vendor is only required to provide a copy of Company Personal Data to Company by secure file transfer in a non-Company-proprietary format if it has prevented such retrieval access. Any request for a provision of a copy must be received within fifteen (15) days after the Cessation Date with the copy to be provided only if Vendor has access to the Customer Data and if so, within thirty (30) days of receipt of such request. 10.3 Vendor and each Contracted Processor may retain Company Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Vendor and each Vendor Affiliate shall ensure the confidentiality of all such Company Personal Data and shall ensure that such Company Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose. 10.4 Vendor shall provide written certification to Company that it and each Vendor Affiliate has fully complied with this section 10 upon written request made within thirty (30) days of the Cessation Date; such certification will be provided within thirty (30) days after completion of the copy or deletion obligations.

Deletion or return of Company Personal Data. 10.1 Subject to sections 10.2 and 10.3 Vendor CloudShare and each Vendor CloudShare Affiliate shall promptly and in any event within 180 days of the date of cessation of any Services involving the Processing of Company Personal Data (the "Cessation Date"), delete and procure the deletion of all copies of those Company Personal Data. Such deletion may include deletion through erasure of an encryption key and deletion of backup copies shall be performed through VendorCloudShare’s and Vendor CloudShare Affiliates’ ordinary course of overwriting and deletion of backups. 10.2 Company has the ability to retrieve its own Customer Data from within its applications through self-service prior to the Cessation Date. Accordingly, subject to section 10.3, Vendor CloudShare is only required to provide a copy of Company Personal Data to Company by secure file transfer in a non-Company-proprietary format if it has prevented such retrieval access. Any request for a provision of a copy must be received within fifteen (15) days after the Cessation Date with the copy to be provided only if Vendor CloudShare has access to the Customer Data and if so, within thirty (30) days of receipt of such request. 10.3 Vendor CloudShare and each Contracted Processor may retain Company Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Vendor CloudShare and each Vendor CloudShare Affiliate shall ensure the confidentiality of all such Company Personal Data and shall ensure that such Company Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose. 10.4 Vendor CloudShare shall provide written certification to Company that it and each Vendor CloudShare Affiliate has fully complied with this section 10 upon written request made within thirty (30) days of the Cessation Date; such certification will be provided within thirty (30) days after completion of the copy or deletion obligations.

Deletion or return of Company Personal Data. 10.1 Subject to sections 10.2 and 10.3 Vendor and each Vendor Affiliate shall promptly and section 10.2, Company may in any event its absolute discretion by written notice to 17hats within 180 days six (6) calendar months of the date of cessation of any Services involving the Processing of Company Personal Data (the "Cessation Date"), delete ) require 17hats and procure the deletion each 17hats Affiliate to (a) return a complete copy of all copies of those Company Personal Data. Such deletion may include deletion through erasure of an encryption key and deletion of backup copies shall be performed through Vendor’s and Vendor Affiliates’ ordinary course of overwriting and deletion of backups. 10.2 Company has the ability to retrieve its own Customer Data from within its applications through self-service prior to the Cessation Date. Accordingly, subject to section 10.3, Vendor is only required to provide a copy of Company Personal Data to Company by secure file transfer in a non-Company-proprietary such format if it has prevented such retrieval access. Any request for a provision as is reasonably notified by Company to 17hats; and (b) delete and procure the deletion of a copy must be received within fifteen (15) days after the Cessation Date with the copy to be provided only if Vendor has access to the Customer all other copies of Company Personal Data and if so, within thirty (30) days of receipt of such requestProcessed by any Contracted Processor. 10.3 Vendor and each 10.2 Each Contracted Processor may retain Company Personal Data to the extent required by Applicable Laws and only to the extent and for such period as required by Applicable Laws and always provided that Vendor 17hats and each Vendor 17hats Affiliate shall ensure the confidentiality of all such Company Personal Data and shall ensure that such Company Personal Data is only Processed as necessary for the purpose(s) specified in the Applicable Laws requiring its storage and for no other purpose. 10.4 Vendor 10.3 17hats shall provide written certification to Company that it and each Vendor 17hats Affiliate has fully complied with this Section 10. 11. AUDIT RIGHTS 11.1 Subject to sections [11.2 to 11.3], 17hats and each 17hats Affiliate shall make available to each Company Group Member on request all information necessary to demonstrate compliance with this Addendum, and shall allow for and contribute to audits, including inspections, by any Company Group Member or an auditor mandated by any Company Group Member in relation to the Processing of the Company Personal Data by the Contracted Processors. 11.2 Information and audit rights of the Company Group Members only arise under section 10 upon written request made 11.1 to the extent that the Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law (including, where applicable, article 28(3)(h) of the GDPR); and 11.3 Information and audit rights of the Company Group Members only arise under section 11.1 to the extent that the audit follows within thirty ninety (3090) days of the Cessation Date; such certification will be provided within thirty (30) days after completion of the copy or deletion obligationsa Personal Data Breach suffered by 17hats.