Common use of Evidence and Audits Clause in Contracts

Evidence and Audits. 11.1. Service Provider shall provide Customer, at the latter’s request, with all information required and available to Service Provider to prove compliance with its obligations under this DPA. 11.2. Customer shall be entitled to audit Service Provider with regard to compliance with the provisions of this DPA, in particular the implementation of the technical and organizational measures, including inspections on Customer behalf by a certified independent third-party professional. 11.3. In order to carry out inspections in accordance with section 11.2 of this DPA, the Customer is entitled to access the business premises of Service Provider in which Customer Personal Data is processed within the usual business hours (Mondays to Fridays from 10 a.m. to 4 p.m. local time) after timely advance notification in accordance with section 11.5 of this DPA at its own expense, without disruption of the course of business and under strict secrecy by means of written commitment of Service Provider’s business and trade secrets. 11.4. Service Provider is entitled, at its own discretion and taking into account the legal obligations of Customer, not to disclose information which is sensitive with regard to Service Provider’s business or if Service Provider would be in breach of statutory or other contractual provisions as a result of its disclosure. Customer is not entitled to get access to data or information about Service Provider’s other customers, cost information, quality control and contract management reports, or any other confidential data of Service Provider that is not directly relevant for the agreed audit purposes. 11.5. Customer shall inform Service Provider in good time (usually at least thirty (30) calendar days in advance) of all circumstances in relation to the performance of the audit. Customer may carry out only one audit per calendar year against reimbursement of the costs. 11.6. If Customer commissions a third party to carry out the audit, Customer shall obligate the third party in writing the same way, as Customer is obliged vis-à-vis Service Provider according to this section 11 of this DPA. In addition, Customer shall obligate in writing the third party to maintain secrecy and confidentiality, unless the third party is subject to a professional obligation of secrecy. At the request of Service Provider, Customer shall immediately submit to Service Provider the commitment agreements with the third party. Customer may not commission any of Service Provider’s competitors to carry out the audit. 11.7. At the discretion of Service Provider, proof of compliance with the obligations under this DPA may be provided, instead of an inspection, by submitting an appropriate, current independent third party audit report or a suitable certification by an IT security or data protection audit – e.g. according to ISO 27001, the IT baseline protection approach from the German Federal Office for Information Security (so-called “BSI-Grundschutz”) or of any comparable approach – (“Audit Report”), if the Audit Report makes it possible in an appropriate manner for Customer to convince itself of compliance with the contractual obligations.

Evidence and Audits. ‌ 11.1. Service Provider shall provide Customer, at the latter’s request, with all information required and available to Service Provider to prove compliance with its obligations under this DPA. 11.2. Customer shall be entitled to audit Service Provider with regard to compliance with the provisions of this DPA, in particular the implementation of the technical and organizational measures, including inspections on Customer behalf by a certified independent third-party professional. 11.3. In order to carry out inspections in accordance with section 11.2 of this DPA, the Customer is entitled to access the business premises of Service Provider in which Customer Personal Data is processed within the usual business hours (Mondays to Fridays from 10 a.m. to 4 p.m. local time) after timely advance notification in accordance with section 11.5 of this DPA at its own expense, without disruption of the course of business and under strict secrecy by means of written commitment of Service Provider’s business and trade secrets. 11.4. Service Provider is entitled, at its own discretion and taking into account the legal obligations of Customer, not to disclose information which is sensitive with regard to Service Provider’s business or if Service Provider would be in breach of statutory or other contractual provisions as a result of its disclosure. Customer is not entitled to get access to data or information about Service Provider’s other customers, cost information, quality control and contract management reports, or any other confidential data of Service Provider that is not directly relevant for the agreed audit purposes. 11.5. Customer shall inform Service Provider in good time (usually at least thirty (30) calendar days in advance) of all circumstances in relation to the performance of the audit. Customer may carry out only one audit per calendar year against reimbursement of the costs. 11.6. If Customer commissions a third party to carry out the audit, Customer shall obligate the third party in writing the same way, as Customer is obliged vis-à-vis Service Provider according to this section 11 of this DPA. In addition, Customer shall obligate in writing the third party to maintain secrecy and confidentiality, unless the third party is subject to a professional obligation of secrecy. At the request of Service Provider, Customer shall immediately submit to Service Provider the commitment agreements with the third party. Customer may not commission any of Service Provider’s competitors to carry out the audit. 11.7. At the discretion of Service Provider, proof of compliance with the obligations under this DPA may be provided, instead of an inspection, by submitting an appropriate, current independent third party audit report or a suitable certification by an IT security or data protection audit – e.g. according to ISO 27001, the IT baseline protection approach from the German Federal Office for Information Security (so-called “BSI-Grundschutz”) or of any comparable approach – (“Audit Report”), if the Audit Report makes it possible in an appropriate manner for Customer to convince itself of compliance with the contractual obligations.

Evidence and Audits. 11.1. Service Provider 12.1 The Supplier shall provide the Customer, at the latter’s 's request, with all information required and available to Service Provider the Supplier to prove compliance with its his obligations under this DPAAgreement. 11.2. 12.2 The Customer or another auditor mandated by the Customer shall be entitled to audit Service Provider the Supplier with regard to compliance with the provisions of this DPAAgreement, in particular the implementation of the technical and organizational measures, ; including inspections on Customer behalf by a certified independent third-party professionalinspections. 11.3. 12.3 In order to carry out inspections in accordance with section 11.2 of this DPASection 12.2., the Customer is entitled to access the business premises of Service Provider the Supplier in which Customer Personal Data is processed within the usual business hours (Mondays to Fridays from 10 a.m. to 4 p.m. local time6 p.m.) after timely advance notification in accordance with section 11.5 of this DPA Section 12.5 at its his own expense, without disruption of the course of business and under strict secrecy by means of written commitment of Service Provider’s the Supplier's business and trade secrets. 11.4. Service Provider 12.4 The Supplier is entitled, at its his own discretion and taking into account the legal obligations of the Customer, not to disclose information which is sensitive with regard to Service Provider’s the Supplier's business or if Service Provider the Supplier would be in breach of statutory or other contractual provisions as a result of its disclosure. The Customer is not entitled to get access to data or information about Service Provider’s the Supplier's other customers, cost information, quality control and contract management reports, or any other confidential data of Service Provider the Supplier that is not directly relevant for the agreed audit purposes. 11.5. 12.5 The Customer shall inform Service Provider the Supplier in good time (usually at least thirty (30) calendar days two weeks in advance) of all circumstances in relation to the performance of the audit. The Customer may carry out only one audit per calendar year year. Further audits are carried out against reimbursement of the costscosts and after consultation with the Supplier. 11.6. 12.6 If the Customer commissions a third party to carry out the audit, the Customer shall obligate the third party in writing the same way, way as the Customer is obliged vis-à-vis Service Provider the Supplier according to this section 11 Section 12 of this DPAAgreement. In addition, the Customer shall obligate in writing the third party to maintain secrecy and confidentiality, unless the third party is subject to a professional obligation of secrecy. At the request of Service Providerthe Supplier, the Customer shall immediately submit to Service Provider him the commitment agreements with the third party. The Customer may not commission any of Service Provider’s the Supplier's competitors to carry out the audit. 11.7. 12.7 At the discretion of Service Providerthe Supplier, proof of compliance with the obligations under this DPA Agreement may be provided, instead of an inspection, by submitting an appropriate, current opinion or report from an independent third party authority (e.g. auditor, audit report department, data protection officer, IT security department, data protection auditors or quality auditors) or a suitable certification by an IT security or data protection audit – - e.g. according to ISO 27001, the IT baseline protection approach from the German Federal Office for Information Security (so-called “BSI-Grundschutz”) or of any comparable approach – Grundschutz - (“Audit Reportaudit report”), if the Audit Report audit report makes it possible for the Customer in an appropriate manner for Customer to convince itself himself of compliance with the contractual obligations.