Documentation and Audit Rights. 4.7.1 Lastline may, in its discretion provide data protection compliance certifications issued by a commonly accepted certification issuer which has been audited by a data security expert, by a publically certified auditing company or by another customer of Lastline.
4.7.2 If Customer has justifiable reason to believe that Lastline is not complying with the terms and conditions under this agreement, in particular with the obligation to implement and maintain the agreed technical and organizational data security measures, and only once per year, Customer is entitled to audit Lastline. This audit right can be exercised by (i) requesting additional information, (ii) accessing the databases which process Customer's personal data or (iii) by inspecting Lastline's working premises whereby in each case no access to personal data of other customers or Lastline’s confidential information will be granted. Alternatively, Customer may also engage third party auditors to perform such tasks on its behalf. The costs associated with such audits and/or for providing additional information shall be borne by Customer unless such audit reveals Lastline’s material breach with this Lastline DPA.
4.7.3 Customer may, in its discretion and in exchange for the audit, rely on data protection certifications issued by a commonly accepted certification issuer which has been audited by a data security expert or by a publicly certified auditing company.
4.7.4 If Customer intends to conduct an audit at Lastline’s working premises, Customer shall give reasonable notice to Lastline and agree with Lastline on the time and duration of the audit. In the case of a special legitimate interest, such audit can also be conducted without prior notice. Both Parties shall memorialize the results of the audit in writing.
Documentation and Audit Rights. 11.1. The Processor shall deal promptly and adequately with any inquiries from the Controller about the Processing under these DPA Terms and Conditions. The Processor shall make available to the Controller all information necessary to demonstrate compliance with these DPA Terms and Conditions and Applicable Data Protection Laws. At the Controller’s request, the Processor shall also permit and contribute to audits of the Processing activities under these DPA Terms and Conditions, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or an audit, the Controller may take into account relevant certifications held by the Processor.
11.2. The Controller may choose to conduct the audit by itself or mandate an independent auditor. Audits may also include inspections at the premises or physical facilities of the Processor and shall, where appropriate, be carried out with reasonable notice. The Processor shall grant access to such premises or facilities to the Controller or the independent auditor.
11.3. The Processor shall provide full co-operation to the Controller and the independent auditor, as applicable, in respect of any such audit and shall at the request of the Controller, provide the Controller with evidence of compliance with its obligations under these DPA Terms and Conditions.
11.4. The Parties shall make the information referred to in this clause, including the results of any audits, available to the Supervisory Authority/ies on request.
Documentation and Audit Rights. 3.7.1 Upon request and subject to a non-disclosure agreement, Flexera shall provide to Customer a comprehensive documentation of the technical and organizational data security measures in accordance with industry standards. The effectiveness of Flexera’s technical and organizational security measures will be audited by an independent third- party on an annual basis, in an SSAE16 SOC 2 Type II audit or equivalent. In addition, Flexera may, in its discretion provide data protection compliance certifications issued by a commonly accepted certification issuer which has been audited by a data security expert, by a publicly certified auditing company or by another customer of Flexera.
3.7.2 If Customer has justifiable reason to believe that Flexera is not complying with the terms and conditions under this Data Processing Agreement, in particular with the obligation to implement and maintain the agreed technical and organizational data security measures, and only once per year (unless there are specific indications that require a more frequent inspection), Customer is, subject to a non-disclosure agreement, entitled to audit Flexera. This audit right can be exercised by (i) requesting additional information, (ii) accessing the databases which process Customer Personal Data or (iii) by inspecting Flexera's working premises whereby in each case no access to personal data of other customers or Flexera’s confidential information will be granted. Alternatively, Customer may also engage third party auditors to perform such tasks on its behalf in accordance with Sec. 3.7.4. The costs associated with such audits and/or for providing additional information shall be borne by Customer unless such audit reveals Flexera’s material breach with this Data Processing Agreement.
3.7.3 If Customer intends to conduct an audit at Flexera’s working premises, Customer shall give reasonable notice to Flexera and agree with Flexera on the time and duration of the audit. In the case of a special legitimate interest, such audit can also be conducted without prior notice. Inspections shall be made during regular business hours and in such a way that business operations are not disturbed. At least one employee of Flexera may accompany the auditors at any time. Flexera may memorialize the results of the audit which shall be confirmed by Customer.
3.7.4 Customer may not appoint a third party as auditor who (i) Flexera reasonably considers to be in a competitive relationship to Flexera or (ii) ...
Documentation and Audit Rights. 4.1. Supplier shall maintain readily available information and records regarding the structure and functioning of all systems and processes that Process Personal Information under the Agreement (e.g., inventory of systems and processes). Such information shall include at least a description of (i) Supplier name and contact details, and data protection officer where applicable, (ii) the categories of Processing activities performed on behalf of Oracle Health, (iii) if applicable, the countries to which Transfers occur, (iv) if applicable, the identity of any Authorized Subprocessors and the Processing activities subcontracted to such Authorized Subprocessors, and (v) the technical and organizational measures designed to protect Personal Information against any misuse, accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition, or access.
4.2. Supplier (or its authorized third party auditor) shall regularly audit business processes and procedures that involve the Processing of Personal Information under the Agreement for compliance with the Agreement. A copy of the audit results shall be provided free of charge to Oracle Health upon Oracle Health’s request.
4.3. Supplier shall complete a security and privacy assessment questionnaire related to Services, upon Oracle Health’s written request. Such a questionnaire may include questions seeking confirmation of compliance with the Agreement and Applicable Data Protection Law. Upon request by Oracle Health, Supplier will also supply a copy of its and its Authorized Subprocessors’ most recent third party audit report or attestation, such as an ISO 27001, SOC report, NIST or similar assessment, if Supplier has had such an assessment which may be shared with Oracle Health Affiliates, Customer or any relevant Supervisory Authority. If, after the original security questionnaire assessment, Oracle Health determines that further assessment is warranted, Oracle Health may request, no more than once per year and with thirty (30) days prior written notice, an assessment with a scope to be mutually agreed to related to the Services provided. During such an assessment, Oracle Health may examine Systems related to specific Services performed, to the extent that such review does not compromise Supplier’s confidentiality obligations to other clients. Supplier will also ensure that such audits or assessments confirm Authorized Subprocessors’ obligations with the terms of the Agreement.
4.4. If rel...
Documentation and Audit Rights. All costs, expenses and other amounts invoiced shall be substantiated and supported by invoices, timesheets, receipts and other documents. Contractor shall maintain all records and accounts pertaining to Work performed by Contractor under this Agreement for a period of two (2) years after final payment under this Agreement. Owner shall have the right to audit, copy and inspect said records and accounts at reasonable times during the course of such Work and for the above two (2) year period for the purpose of verifying costs incurred.
Documentation and Audit Rights. 4.1. Supplier shall maintain readily available information and records regarding the structure and functioning of all systems and processes that Process Personal Information under the Agreement (e.g., inventory of systems and processes). Such information shall include at least a description of (i) Supplier name and contact details, and data protection officer where applicable, (ii) the categories of Processing activities performed on behalf of Oracle, (iii) if applicable, the countries to which Transfers occur, (iv) if applicable, the identity of any Authorized Subprocessors and the Processing activities subcontracted to such Authorized Subprocessors, and (v) the technical and organizational measures designed to protect Personal Information against any misuse, accidental, unlawful or unauthorized destruction, loss, alteration, disclosure, acquisition, or access.
4.2. Supplier (or its authorized third party auditor) shall regularly audit business processes and procedures that involve the Processing of Personal Information under the Agreement for compliance with the Agreement. A copy of the audit results shall be provided free of charge to Oracle upon Oracle’s request.
4.3. Supplier shall complete a security and privacy assessment questionnaire related to Services, upon Oracle’s written request. Such a questionnaire may include questions seeking confirmation of compliance with the Agreement and Applicable Data Protection Law. Upon request by Oracle, Supplier will also supply a copy of its and its Authorized Subprocessors most recent third party audit report or attestation, such as an ISO 27001, SOC report, NIST or similar assessment, if Supplier has had such an assessment which may be shared with Oracle Affiliates, customer or any relevant Supervisory Authority. If, after the original security questionnaire assessment, Oracle determines that further assessment is warranted, Oracle may request, no more than once per year and with thirty
Documentation and Audit Rights. 4.5.1 Upon request and subject to signing the non-disclosure agreement attached as Exhibit C and Applicable Law, ESAB shall make available to Client information reasonably necessary to demonstrate ESAB's compliance with its obligations under this DPA, in particular with the agreed technical and organizational data security measures. ESAB shall have the right to limit unreasonable or overly burdensome requests by the Client and charge Client a reasonable fee for the production of such information. ESAB may, in its discretion provide data protection compliance certifications issued by a commonly accepted certification issuer which has been audited by a data security expert, by a publicly certified auditing company or by another Client of ESAB.
4.5.2 If Client has justifiable reason to believe that ESAB is not complying with the terms and conditions under this Data Processing Agreement, in particular with the obligation to implement and maintain the agreed technical and organizational data security measures, and only once per year (unless there are specific indications that require a more frequent inspection), Client is, subject to signing the non-disclosure agreement attached as Exhibit C, entitled to audit ESAB. This audit right can be exercised by (i) requesting additional information, (ii) accessing the databases which process Client Personal Data or
Documentation and Audit Rights. 5.8.1 Upon request and subject to a non-disclosure agreement, Accredible shall provide to Customer a comprehensive documentation of the technical and organizational data security measures in accordance with industry standards. In addition, Accredible may, in its discretion, provide data protection compliance certifications issued by a commonly accepted certification issuer which has been audited by a data security expert, by a publically certified auditing company or by another customer of Accredible.
5.8.2 If Customer has justifiable reason to believe that Accredible is not complying with the terms and conditions under this Accredible DPA, in particular with the obligation to implement and maintain the agreed technical and organizational data security measures, and only once per year (unless there are specific indications that require a more frequent inspection), Customer is, subject to a non-disclosure agreement, entitled to audit Accredible
Documentation and Audit Rights. 11.1. The Processor shall deal promptly and adequately with any inquiries from the Controller about the Processing under this DPA. The Processor shall make available to the Controller all information necessary to demonstrate compliance with this DPA and Applicable Data Protection Laws. At the Controller’s request, the Processor shall also permit and contribute to audits of the Processing activities under this DPA, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or an audit, the Controller may take into account relevant certifications held by the Processor.
11.2. The Controller may choose to conduct the audit by itself or mandate an independent auditor. Audits may also include inspections at the premises or physical facilities of the Processor and shall, where appropriate, be carried out with reasonable notice. The Processor shall grant access to such premises or facilities to the Controller or the independent auditor.
11.3. The Controller may elect to conduct audits annually, subject to prior reasonable notice to the Processor.
11.4. The audit shall be at the expense of the Controller unless the Controller specifies otherwise.
11.5. The audit shall be at the expense of the Controller unless the Controller specifies otherwise.
11.6. The Processor shall provide full co-operation to the Controller and the independent auditor, as applicable, in respect of any such audit and shall at the request of the Controller, provide the Controller with evidence of compliance with its obligations under this DPA.
11.7. The Parties shall make the information referred to in this clause, including the results of any audits, available to the Supervisory Authority/ies on request.
11.8. The Controller and its auditors shall use reasonable efforts to conduct such audits in a manner that will result in minimal inconvenience and disruption to the Processors business operations. Audits may be conducted only during normal business hours and no more frequently than annually unless material issues are discovered.
11.9. The Processor shall make available, within 10 (ten) days the information reasonably required by the Controller to conduct the audit and shall assist the Controller or its auditors as reasonably necessary. All information learned or exchanged in connection with the conduct of an audit, as well as the results of any audit, constitutes Confidential Information.
Documentation and Audit Rights. 4.7.1 Xxxx may, in its discretion provide data protection compliance certifications issued by a commonly accepted certification issuer which has been audited by a data security expert, by a publically certified auditing company or by another customer of Xxxx.
4.7.2 If Customer has justifiable reason to believe that Xxxx is not complying with the terms and conditions under this agreement, in particular with the obligation to implement and maintain the agreed technical and organizational data security measures, and only once per year, Customer is entitled to audit Xxxx. This audit right can be exercised by (i) requesting additional information, (ii) accessing the databases which process Customer’s personal data or (iii) by inspecting Odus's working premises whereby in each case no access to personal data of other customers or Odus’s confidential information will be granted. Alternatively, Customer may also engage third party auditors to perform such tasks on its behalf. The costs associated with such audits and/or for providing additional information shall be borne by Customer unless such audit reveals Odus’s material breach with this Xxxx DPA.
4.7.3 If Customer intends to conduct an audit at Odus’s working premises, Customer shall give reasonable notice to Xxxx and agree with Xxxx on the time and duration of the audit. In the case of a special legitimate interest, such audit can also be conducted without prior notice. Both Parties shall memorialize the results of the audit in writing.
