EU SCCs. Where Zendesk processes Personal Data that is subject to the GDPR in a country that has not received an adequacy decision from the EU Commission and if Section 6.2 (Binding Corporate Rules) does not apply, the Parties hereby incorporate the EU SCCs by reference. Where the EU SCCs apply, they will be deemed completed as follows: (i) Module 2 (Controller to Processor) will apply where Subscriber is a controller of Service Data and Zendesk is a processor of Service Data; Module 3 (Processor to Processor) will apply where Subscriber is a processor of Service Data and Zendesk is a processor of Service Data. (ii) in Clause 7, the optional docking clause will not apply; (iii) in Clause 9(a), Option 2 “General Written Authorisation” will apply, and the time period for prior notice of Sub- processor changes shall be as set out in Section 4 of this DPA; (iv) in Clause 11, the optional language will not apply; (v) in Clause 17, Option 1 will apply and will be governed by the laws provided in the MSA. If the MSA is not governed by an EEA member state law, then the laws of Ireland shall govern; (vi) in Clause 18(b), disputes shall be resolved before the courts provided in the MSA. If the MSA does not provide courts in an EEA Member State, the parties agree to the courts of Dublin; (vii) Annex I.A and I.B and Xxxxx XX of the EU SCCs shall be deemed completed with the information set out in (viii) in Annex I.C of the EU SCCs, where the data exporter is established in the EEA shall be the Supervisory Authority with responsibility for ensuring compliance by the data exporter with GDPR as regards the data transfer. Where the data exporter is not established in the EEA, but is within the territorial scope of application of GDPR in accordance with Article 3(2) and has appointed a representative pursuant to Article 27(1), the Supervisory Authority shall be the member state in which the representative within the meaning of Article 27(1) is established. If the data exporter is not established in the EEA, but falls within the territorial scope of application of GDPR without having to DocuSign Envelope ID: 15762B11-1782-411F-A2AD-ACE39FD21DF9 appoint a representative pursuant to Article 27(2), the Supervisory Authority of Ireland shall act as the competent Supervisory Authority. Nothing in the interpretations in this Section 6.3 is intended to conflict with either Party's rights or responsibilities under the EU SCCs and, in the event of any such conflict, the EU SCCs shall prevail.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
EU SCCs. Where Zendesk processes If the Processing of Personal Data includes transfers from the EEA to countries outside the EEA that is do not offer an adequate level of data protection or which have not been subject to the GDPR in a country that has not received an adequacy decision from the EU Commission and if Section 6.2 (Binding Corporate Rules) does not applyAdequacy Decision, the Parties shall comply with Chapter V of the GDPR. The Parties hereby incorporate execute the EU SCCs by reference. Where the EU SCCs apply, they will be deemed completed Standard Contractual Clauses as follows:
1.1 The Standard Contractual Clauses (iController-to-Processor) Module 2 and/or Standard Contractual Clauses (Controller to Processor-to-Processor) will apply where Subscriber is with respect to restricted transfers between Customer and Hunters that are subject to the EU GDPR. Where Customer acts as a controller of Service Data and Zendesk is Hunters as processor (as applicable), both parties agree that Module Two will apply. Where Customer acts as a processor of Service Data; and Hunters as a sub-processor (as applicable), both parties agree that Module 3 (Processor to Processor) Three will apply where Subscriber is a processor of Service Data and Zendesk is a processor of Service Dataapply.
1.2 The Parties agree that for the purpose of transfer of Personal Data between Customer (as Data Exporter) and Hunters (as Data Importer), the following shall apply: (i) Clause 7 of the Standard Contractual Clauses shall not apply; (ii) In Clause 9, option 2 shall apply and the method described in Clause 7, Section 5 of the optional docking clause will not DPA (Sub-Processors) shall apply;
; (iii) in Clause 9(a), Option 2 “General Written Authorisation” will apply, and 11(a) of the time period for prior notice of Sub- processor changes Standard Contractual Clauses shall not be as set out in Section 4 of this DPA;
applicable; (iv) In Clause 17, where the GDPR applies to processing under the Agreement and the country of establishment of the data exporter, as specified in Clause 11Annex I.A of such SCCs, is a Member State of the European Union whose law allows for third party beneficiary rights, the optional language will governing law shall be that country of establishment of the data exporter. Where the GDPR applies to processing under the Agreement and the country of establishment of the data exporter, as specified in Annex I.A of such SCCs, is not apply;
a Member State of the European Union, then the governing law shall be the law of the Netherlands; and (v) in In Clause 17, Option 1 will apply and 18(b) any disputes arising from the EU Clauses will be governed resolved by the laws provided courts determined in the MSA. If the MSA is not governed by an EEA member state lawAgreement, then the laws of Ireland shall govern;
(vi) in Clause 18(b), disputes shall be resolved before if they are the courts provided in the MSA. If the MSA does not provide courts in of an EEA EU Member State, the parties agree to otherwise the courts of Dublin;
(vii) Annex I.A and I.B and Xxxxx XX of the EU SCCs shall be deemed completed with the information set out in
(viii) in Annex I.C of the EU SCCs, where the data exporter is established in the EEA shall be the Supervisory Authority with responsibility for ensuring compliance by the data exporter with GDPR as regards the data transfer. Where the data exporter is not established in the EEA, but is within the territorial scope of application of GDPR in accordance with Article 3(2) and has appointed a representative pursuant to Article 27(1), the Supervisory Authority shall be the member state in which the representative within the meaning of Article 27(1) is established. If the data exporter is not established in the EEA, but falls within the territorial scope of application of GDPR without having to DocuSign Envelope ID: 15762B11-1782-411F-A2AD-ACE39FD21DF9 appoint a representative pursuant to Article 27(2), the Supervisory Authority of Ireland shall act as the competent Supervisory Authority. Nothing in the interpretations in this Section 6.3 is intended to conflict with either Party's rights or responsibilities under the EU SCCs and, in the event of any Netherlands will resolve such conflict, the EU SCCs shall prevaildisputes.
Appears in 1 contract
Samples: Data Processing Agreement
EU SCCs. Where Zendesk processes Personal Data that is subject to the GDPR in a country that has not received an adequacy decision from the EU Commission and if Section 6.2 (Binding Corporate Rules) does not apply, the Parties hereby incorporate the EU SCCs by reference. Where the EU SCCs apply, they will be deemed completed as follows:
(i) Module 2 (Controller to Processor) will apply where Subscriber is a controller of Service Data and Zendesk is a processor of Service Data; Module 3 (Processor to Processor) will apply where Subscriber is a processor of Service Data and Zendesk is a processor of Service Data.
(ii) in Clause 7, the optional docking clause will not apply;
(iii) in Clause 9(a), Option 2 “General Written Authorisation” will apply, and the time period for prior notice of Sub- processor changes shall be as set out in Section 4 of this DPA;
(iv) in Clause 11, the optional language will not apply;
(v) in Clause 17, Option 1 will apply and will be governed by the laws provided in the MSA. If the MSA is not governed by an EEA member state law, then the laws of Ireland shall govern;
(vi) in Clause 18(b), disputes shall be resolved before the courts provided in the MSA. If the MSA does not provide courts in an EEA Member State, the parties agree to the courts of Dublin;
(vii) Annex I.A and I.B and Xxxxx XX of the EU SCCs shall be deemed completed with the information set out inin Docusign Envelope ID: D759E6BE-EEC9-4858-9FC2-AEB426F94B30
(viii) in Annex I.C of the EU SCCs, where the data exporter is established in the EEA shall be the Supervisory Authority with responsibility for ensuring compliance by the data exporter with GDPR as regards the data transfer. Where the data exporter is not established in the EEA, but is within the territorial scope of application of GDPR in accordance with Article 3(2) and has appointed a representative pursuant to Article 27(1), the Supervisory Authority shall be the member state in which the representative within the meaning of Article 27(1) is established. If the data exporter is not established in the EEA, but falls within the territorial scope of application of GDPR without having to DocuSign Envelope ID: 15762B11-1782-411F-A2AD-ACE39FD21DF9 appoint a representative pursuant to Article 27(2), the Supervisory Authority of Ireland shall act as the competent Supervisory Authority. Nothing in the interpretations in this Section 6.3 is intended to conflict with either Party's rights or responsibilities under the EU SCCs and, in the event of any such conflict, the EU SCCs shall prevail.
Appears in 1 contract
Samples: Data Processing Agreement