Export and Retrieval by Customer. During the Subscription Term and subject to the Agreement, Customer can access its Personal Data at any time. Customer may export and retrieve its Personal Data in a standard format. Export and retrieval may be subject to technical limitations, in which case SAP and Customer will find a reasonable method to allow Customer access to Personal Data. 4.2 Deletion. Before the Subscription Term expires, Customer may use SAP’s self-service export 認證及稽核 5.1 Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if: 客戶稽核。客戶或 SAP 可合理接受的獨立第三方稽核員 (不包括 SAP 任何競爭對手,或不具適當資格或獨立性的第三方稽核員),得稽核與 SAP 個人資料處理相關的控制環境和安全性措施,唯須符合下列條件: (a) SAP has not provided sufficient evidence of its compliance with the technical and (b) A Personal Data Breach has occurred; (c) An audit is formally requested by Customer’s data protection authority; or (d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Appears in 2 contracts
Samples: Personal Data Processing Agreement, Personal Data Processing Agreement
Export and Retrieval by Customer. During the Subscription Term and subject to the Agreement, Customer can access its Personal Data at any time. Customer may export and retrieve its Personal Data in a standard format. Export and retrieval may be subject to technical limitations, in which case SAP and Customer will find a reasonable method to allow Customer access to Personal Data. 4.2 Deletion. Before the Subscription Term expires, Customer may use SAP’s self-service export 5. CERTIFICATIONS AND AUDITS 認證及稽核
5.1 Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if: 客戶稽核。客戶或 SAP 可合理接受的獨立第三方稽核員 (不包括 SAP 任何競爭對手,或不具適當資格或獨立性的第三方稽核員),得稽核與 SAP 個人資料處理相關的控制環境和安全性措施,唯須符合下列條件:
(a) SAP has not provided sufficient evidence of its compliance with the technical and
(b) A Personal Data Breach has occurred;
(c) An audit is formally requested by Customer’s data protection authority; or
(d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.
Appears in 2 contracts
Samples: Personal Data Processing Agreement, Personal Data Processing Agreement
Export and Retrieval by Customer. During the Subscription Term and subject to the Agreement, Customer can access its Personal Data at any time. Customer may export and retrieve its Personal Data in a standard format. Export and retrieval may be subject to technical limitations, in which case SAP and Customer will find a reasonable method to allow Customer access to Personal Data. 4.2 Deletion. Before the Subscription Term expires, Customer may use SAP’s self-service export 5. CERTIFICATIONS AND AUDITS 認證及稽核
5.1 Customer Audit. Customer or its independent third party auditor reasonably acceptable to SAP (which shall not include any third party auditors who are either a competitor of SAP or not suitably qualified or independent) may audit SAP’s control environment and security practices relevant to Personal Data processed by SAP only if: 客戶稽核。客戶或 SAP 可合理接受的獨立第三方稽核員 (不包括 SAP 任何競爭對手,或不具適當資格或獨立性的第三方稽核員),得稽核與 SAP 個人資料處理相關的控制環境和安全性措施,唯須符合下列條件:
(a) SAP has not provided sufficient evidence of its compliance with the technical andand organizational measures that protect the production systems of the Cloud Service through providing either: (i) a certification as to compliance with ISO 27001 or other standards (scope as defined in the certificate); or (ii) a valid ISAE3402 and/or ISAE3000 or other SOC1-3 attestation report. Upon Customer’s request audit reports or ISO certifications are available through the third party auditor or SAP;
(b) A Personal Data Breach has occurred;; 發生個人資料侵害:
(c) An audit is formally requested by Customer’s data protection authority; or
(d) Mandatory Data Protection Law provides Customer with a direct audit right and provided that Customer shall only audit once in any twelve month period unless mandatory Data Protection Law requires more frequent audits.. 護法之強制規定要求更頻繁的稽核次數。
Appears in 1 contract
Samples: Personal Data Processing Agreement
