Common use of Processing of Company Personal Data Clause in Contracts

Processing of Company Personal Data. 3.1 Vendor and each Vendor Affiliate shall: 3.1.1 comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and 3.1.2 not Process Company Personal Data other than on the relevant Company Group Member’s documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor or the relevant Vendor Affiliate shall to the extent permitted by Applicable Laws inform the relevant Company Group Member of that legal requirement before the relevant Processing of that Personal Data. 3.2 Each Company Group Member: 3.2.1 instructs Vendor and each Vendor Affiliate (and authorises Vendor and each Vendor Affiliate to instruct each Subprocessor) to: 3.2.1.1 Process Company Personal Data; and 3.2.1.2 in particular, transfer Company Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement; and 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorised to give the instruction set out in section 3.2.1 on behalf of each relevant Company Affiliate. 3.3 Annex 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 1 by written notice to Vendor from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any party to this Addendum.

Processing of Company Personal Data. 3.1 Vendor and each Vendor Affiliate shall: 3.1.1 comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and 3.1.2 not Process Company Personal Data other than on the relevant Company Group Member’s documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor or the relevant Vendor Affiliate shall to the extent permitted by Applicable Laws inform the relevant Company Group Member of that legal requirement before the relevant Processing of that Personal Data. 3.2 Each Company Group Member: 3.2.1 instructs Vendor and each Vendor Affiliate (and authorises authorizes Vendor and each Vendor Affiliate to instruct each Subprocessor) to: 3.2.1.1 Process Company Personal Data; and 3.2.1.2 in particular, transfer Company Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement; and 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorised authorized to give the instruction set out in section 3.2.1 on behalf of each relevant Company Affiliate. 3.3 Annex 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 1 by written notice to Vendor from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any party to this Addendum.

Processing of Company Personal Data. 3.1 Vendor and each Vendor Affiliate shall:shall:‌ 3.1.1 comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and 3.1.2 not Process Company Personal Data other than on the relevant Company Group Member’s documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor or the relevant Vendor Affiliate shall to the extent permitted by Applicable Laws inform the relevant Company Group Member of that legal requirement before the relevant Processing of that Personal Data. 3.2 Each Company Group Member: 3.2.1 instructs Vendor and each Vendor Affiliate (and authorises Vendor and each Vendor Affiliate to instruct each Subprocessor) to:to:‌ 3.2.1.1 Process Company Personal Data; and 3.2.1.2 in particular, transfer Company Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement; and 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorised to give the instruction set out in section 3.2.1 on behalf of each relevant Company Affiliate. 3.3 Annex 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 1 by written notice to Vendor from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any party to this Addendum.Addendum.‌

Processing of Company Personal Data. 3.1 Vendor and each Vendor Affiliate Affiliate shall: 3.1.1 comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and 3.1.2 not Process Company Personal Data other than on the relevant Company Group Member’s documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor or the relevant Vendor Affiliate Affiliate shall to the extent permitted by Applicable Laws inform the relevant Company Group Member of that legal requirement before the relevant Processing of that Personal Data. 3.2 Each Company Group Member: 3.2.1 instructs Vendor and each Vendor Affiliate Affiliate (and authorises Vendor and each Vendor Affiliate Affiliate to instruct each Subprocessor) to: 3.2.1.1 Process Company Personal Data; and 3.2.1.2 in particular, transfer Company Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement; and 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively effectively authorised to give the instruction set out in section 3.2.1 on behalf of each relevant Company AffiliateAffiliate. 3.3 Annex 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 1 by written notice to Vendor from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any party to this Addendum.

Processing of Company Personal Data. 3.1 2.1 Vendor and each Vendor Affiliate shall:shall:‌ 3.1.1 2.1.1 comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and 3.1.2 2.1.2 not Process Company Personal Data other than on the relevant Company Group Member’s documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor or the relevant Vendor Affiliate shall to the extent permitted by Applicable Laws inform the relevant Company Group Member of that legal requirement before the relevant Processing of that Personal Data. 3.2 2.2 Each Company Group Member: 3.2.1 2.2.1 instructs Vendor and each Vendor Affiliate (and authorises Vendor and each Vendor Affiliate to instruct each Subprocessor) to:to:‌ 3.2.1.1 2.2.1.1 Process Company Personal Data; and 3.2.1.2 2.2.1.2 in particular, transfer Company Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement; and 3.2.2 2.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorised to give the instruction set out in section 3.2.1 2.2.1 on behalf of each relevant Company Affiliate. 3.3 2.3 Annex 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 1 by written notice to Vendor from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.32.3) confers any right or imposes any obligation on any party to this Addendum.Addendum.‌

Processing of Company Personal Data. 3.1 Vendor Xxxx and each Vendor Xxxx Affiliate shall: 3.1.1 comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and 3.1.2 not Process Company Personal Data other than on the relevant Company Group Member’s or Data Subject's documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor Xxxx or the relevant Vendor Xxxx Affiliate shall to the extent permitted by Applicable Laws inform the relevant Company Group Member of that legal requirement before the relevant Processing of that Personal Data. 3.2 Each Company Group Member: 3.2.1 instructs Vendor Xxxx and each Vendor Xxxx Affiliate (and authorises Vendor Xxxx and each Vendor Xxxx Affiliate to instruct each Subprocessor) to: 3.2.1.1 Process Company Personal Data; and 3.2.1.2 in particular, transfer Company Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement; and 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorised to give the instruction set out in section 3.2.1 on behalf of each relevant Company Affiliate. 3.3 Annex 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 1 by written notice to Vendor Xxxx from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any party to this Addendum.

Processing of Company Personal Data. 3.1 3.1. Vendor and each Vendor Affiliate shall: 3.1.1 3.1.1. comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and 3.1.2 3.1.2. not Process Company Personal Data other than on the relevant Company Group Member’s documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor or the relevant Vendor Affiliate shall to the extent permitted by Applicable Laws inform the relevant Company Group Member of that legal requirement before the relevant Processing of that Personal Data. 3.2 3.2. Each Company Group Member: 3.2.1 3.2.1. instructs Vendor and each Vendor Affiliate (and authorises Vendor and each Vendor Affiliate to instruct each Subprocessor) to: 3.2.1.1 3.2.1.1. Process Company Personal Data; and 3.2.1.2 3.2.1.2. in particular, transfer Company Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement; and 3.2.2 3.2.2. warrants and represents that it is and will at all relevant times remain duly and effectively authorised to give the instruction set out in section 3.2.1 on behalf of each relevant Company Affiliate. 3.3 3.3. Annex 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 1 by written notice to Vendor from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any onany party to this Addendum.

Processing of Company Personal Data. 3.1 3.1. Vendor and each Vendor Affiliate Affiliate shall: 3.1.1 3.1.1. comply with all applicable Data Protection Laws in the Processing of Company Personal Data; and 3.1.2 3.1.2. not Process Company Personal Data other than on the relevant Company Group Member’s documented instructions unless Processing is required by Applicable Laws to which the relevant Contracted Processor is subject, in which case Vendor or the relevant Vendor Affiliate Affiliate shall to the extent permitted by Applicable Laws inform the relevant Company Group Member of that legal requirement before the relevant Processing of that Personal Data. 3.2 3.2. Each Company Group Member: 3.2.1 3.2.1. instructs Vendor and each Vendor Affiliate Affiliate (and authorises Vendor and each Vendor Affiliate Affiliate to instruct each Subprocessor) to: 3.2.1.1 3.2.1.1. Process Company Personal Data; and 3.2.1.2 3.2.1.2. in particular, transfer Company Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with the Principal Agreement; and 3.2.2 3.2.2. warrants and represents that it is and will at all relevant times remain duly and effectively effectively authorised to give the instruction set out in section 3.2.1 on behalf of each relevant Company AffiliateAffiliate. 3.3 3.3. Annex 1 to this Addendum sets out certain information regarding the Contracted Processors' Processing of the Company Personal Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Company may make reasonable amendments to Annex 1 by written notice to Vendor from time to time as Company reasonably considers necessary to meet those requirements. Nothing in Annex 1 (including as amended pursuant to this section 3.3) confers any right or imposes any obligation on any party to this Addendum.