Common use of Duration of the Clause in Contracts

Duration of the. processing The data importer will continue to store data exporter's patients' personal data for the period that the Controller uses the services, unless Controller chooses to delete their patient personal data sooner. Further, processor may retain personal data in accordance with applicable legal requirements. For processing by (sub-) processors, also specify subject matter, nature and duration of the processing Sub-processor name Sub-processor address Description of services Location from which services are provided Xxxxxx Laboratories 00000 Xxxxxx Xxxx Xxxxx, Xxxxxx, Xxxxxxxxxx 00000 XXX, To provide, operate and maintain the Xxxxxx.xxx™ Patient Care Network USA Processor-to- Processor Standard Contractual Clauses St. Jude Medical Sweden AB Xxxxxxxxxxxxx 00 000 00 Xxxxx Xxxxxx Providing Customer support, in particular troubleshooting and other application and software support. Sweden Microsoft Azure 000 Xxxxxxxx Xxx XX - 00xx Xxxxx Xxxxxxxx, Xxxxxxxxxx, 00000 XXX Azure hosting service for encrypted data from 3Q23 Ireland Licensing Documents (xxxxxxxxx.xxx) Twilio 000 Xxxxx Xxxxxx, Xxxxx Xxxxx, Xxx Xxxxxxxxx, Xxxxxxxxxx 00000 XXX Used by Abbott Heart Failure for the automated phone message service described in the Merlin Privacy Notice USA Five9 0000 Xxxxxx Xxxxx, Suite 350, San Ramon, California 94583 USA Used by CardioRhythm Management Division as a cloud-based phone communications system for Merlin support services USA Salesforce 000 Xxxxxxx Xxxxxx, 0xx Xxxxx, Xxx Xxxxxxxxx, Xxxxxxxxxx 00000, Xxxxxx Xxxxxx Customer relationship management system used by the Xxxxxx’x CardioRhythm Management Division to provide device support services for SyncUp USA

Duration of the. processing The data importer will continue to store data exporter's patients' personal data for the period that the Controller uses the services, unless Controller chooses to delete their patient personal data sooner. Further, processor may retain personal data in accordance with applicable legal requirements. For processing by (sub-) processors, also specify subject matter, nature and duration of the processing Sub-processor name Sub-processor address Description of services Location from which services are provided Xxxxxx Laboratories 00000 Xxxxxx Xxxx Xxxxx, Xxxxxx, Xxxxxxxxxx 00000 XXX, To provide, operate and maintain the Xxxxxx.xxx™ Patient Care Network USA Processor-to- Processor Standard Contractual Clauses St. Jude Medical Sweden AB Xxxxxxxxxxxxx 00 000 00 Xxxxx Xxxxxx Providing Customer support, in particular troubleshooting and other application and software support. Sweden Microsoft Azure 000 Xxxxxxxx Xxx XX - 00xx Xxxxx Xxxxxxxx, Xxxxxxxxxx, 00000 XXX Azure hosting service for encrypted data from 3Q23 Ireland Licensing Documents (xxxxxxxxx.xxx) Twilio 000 Xxxxx Xxxxxx, Xxxxx Xxxxx, Xxx Xxxxxxxxx, Xxxxxxxxxx 00000 XXX Used by Abbott Heart Failure for the automated phone message service described in the Merlin Privacy Notice USA Five9 0000 Xxxxxx Xxxxx, Suite 350, San Ramon, California 94583 USA Used by CardioRhythm Management Division as a cloud-based phone communications system for Merlin support services USA Salesforce 000 Xxxxxxx Xxxxxx, 0xx Xxxxx, Xxx Xxxxxxxxx, Xxxxxxxxxx 00000, Xxxxxx Xxxxxx Customer relationship management system used by the Xxxxxx’x CardioRhythm Management Division to provide device support services for SyncUp USAUSA TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA XXXXXX XXXXXX.XXX™ PATIENT CARE NETWORK MEASURES Accreditations/Certifications 1. ISO 27001: Abbott and Xxxxxx.xxx is certified with the Information Security Management standard ISO/IEC 27001:2013. The ISO certification recognizes that Xxxxxx.xxx has established processes and standards that maintain the required levels of confidentiality, integrity and availability for customers. A current copy of the ISO certification for Xxxxxx.xxx is available upon request.

Duration of the. processing The data importer will continue to store data exporter's patients' personal data for the period that the Controller uses the services, unless Controller chooses to delete their patient personal data sooner. Further, processor may retain personal data in accordance with applicable legal requirements. For processing by (sub-) processors, also specify subject matter, nature and duration of the processing Sub-processor name Sub-processor address Description of services Location from which services are provided Xxxxxx Laboratories 00000 Xxxxxx Xxxx Xxxxx, Xxxxxx, Xxxxxxxxxx 00000 XXX, To provide, operate and maintain the Xxxxxx.xxx™ Patient Care Network USA Processor-to- Processor Standard Contractual Clauses St. Jude Medical Sweden AB Xxxxxxxxxxxxx 00 000 00 Xxxxx Xxxxxx Providing Customer support, in particular troubleshooting and other application and software support. Sweden Microsoft Azure 000 Xxxxxxxx Xxx XX - 00xx Xxxxx Xxxxxxxx, Xxxxxxxxxx, 00000 XXX Azure hosting service for encrypted data from 3Q23 Ireland Licensing Documents (xxxxxxxxx.xxx) Twilio 000 Xxxxx Xxxxxx, Xxxxx Xxxxx, Xxx Xxxxxxxxx, Xxxxxxxxxx 00000 XXX Used by Abbott Heart Failure for the automated phone message service described in the Merlin Privacy Notice USA Five9 0000 Xxxxxx Xxxxx, Suite 350, San Ramon, California 94583 USA Used by CardioRhythm Management Division as a cloud-based phone communications system for Merlin support services USA Salesforce 000 Xxxxxxx Xxxxxx, 0xx Xxxxx, Xxx Xxxxxxxxx, Xxxxxxxxxx 00000, Xxxxxx Xxxxxx Customer relationship management system used by the Xxxxxx’x CardioRhythm Management Division to provide device support services for SyncUp USAUSA ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA XXXXXX XXXXXX.XXX™ PATIENT CARE NETWORK MEASURES Accreditations/Certifications 1. ISO 27001: Abbott and Xxxxxx.xxx is certified with the Information Security Management standard ISO/IEC 27001:2013. The ISO certification recognizes that Xxxxxx.xxx has established processes and standards that maintain the required levels of confidentiality, integrity and availability for customers. A current copy of the ISO certification for Xxxxxx.xxx is available upon request.