Common use of Processing of Controller Personal Data Clause in Contracts

Processing of Controller Personal Data. 2.1. Processor shall not Process Controller Personal Data other than on the Controller’s documented reasonable and customary instructions as specified in the Agreement or this DPA, unless such Processing is required by Applicable Laws to which the Processor is subject or as strictly necessary for the provision of Processor's services under the Agreement. 2.2. Controller instructs Processor (and authorizes Processor to instruct each Sub Processor) to (i) Process Controller Personal Data; and (ii) in particular, transfer Controller Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with the Agreement and in accordance with Applicable Laws. 2.3. Furthermore, Controller warrants and represents that it is and will remain duly and effectively authorized to give the instruction set out in Section 2.1 and any additional instructions as provided pursuant to the Agreement and/or in connection with the performance thereof, on behalf of itself and each relevant Controller Affiliate, at all relevant times and at least for as long as the Agreement is in effect and for any additional period during which Processor is lawfully processing the Controller Personal Data. 2.4. Controller sets forth the details of the Processing of Controller Personal Data, as required by article 28(3) of the GDPR in Annex 1 (Details of Processing of Controller Personal Data) hereto. 2.5. Without derogating from the provisions of the Agreement, solely Controller (and not Processor) shall be liable for any excess Controller Personal Data provided or otherwise made available to Processor or any Sub Processor in the course of providing Processor's Services under the Agreement or this DPA. Processor's obligations under the Agreement or this DPA shall not apply to any such excess Controller Personal Data.

Processing of Controller Personal Data. 2.13.1. Processor shall not Process Controller Personal Data other than on the Controller’s documented reasonable and customary instructions as specified specified in the Agreement or this DPA, unless such Processing is required by Applicable Laws to which the Processor is subject or as strictly necessary for the provision of Processor's services under the Agreement. 2.23.2. Controller instructs Processor (and authorizes Processor to instruct each Sub Processor) to (i) Process Controller Personal Data; and (ii) in particular, transfer Controller Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with the Agreement and in accordance with Applicable Laws. 2.33.3. Furthermore, Controller warrants and represents that it is and will remain duly and effectively authorized to give the instruction set out in Section 2.1 and any additional instructions as provided pursuant to the Agreement and/or in connection with the performance thereof, on behalf of itself and each relevant Controller AffiliateAffiliate, at all relevant times and at least for as long as the Agreement is in effect and for any additional period during which Processor is lawfully processing the Controller Personal Data. 2.43.4. Controller sets forth the details of the Processing of Controller Personal Data, as required by article 28(3) of the GDPR in Annex 1 (Details of Processing of Controller Personal Data) hereto. 2.53.5. Without derogating from the provisions of the Agreement, solely Controller (and not Processor) shall be liable for any excess Controller Personal Data provided or otherwise made available to Processor or any Sub Processor in the course of providing Processor's Services under the Agreement or this DPA. Processor's obligations under the Agreement or this DPA shall not apply to any such excess Controller Personal Data.

Processing of Controller Personal Data. 2.1. The Parties acknowledge and agree that with regard to the Processing of Controller Personal Data, (i) the customer is the Controller, (ii) Eloops is the Processor, and (iii) Processor or Processor Affiliates may engage Sub Processors pursuant to the requirements set forth in Section 5 below. 2.2. Processor shall not Process Controller Personal Data other than on the Controller’s documented reasonable and customary instructions as specified in the Agreement or in this DPA, unless such Processing is required by Applicable Laws applicable laws to which the Processor is subject or as strictly necessary for the provision of Processor's services service and product under the AgreementAgreement (together the "Services"). 2.22.3. Controller instructs Processor (and authorizes Processor to instruct each Sub Processor) to (i) Process Controller Personal Data; and (ii) in particular, transfer Controller Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with Section 2.5 below, with the Agreement and this DPA and in accordance with Applicable Laws. 2.32.4. Furthermore, Controller warrants and represents that it is and will remain duly and effectively authorized to give the instruction instructions set out in Section 2.1 and any additional instructions as provided pursuant to the Agreement and this DPA and/or in connection with the performance thereof, on behalf of itself and each relevant Controller Affiliate, at all relevant times and at least for as long as the Agreement is and this DPA are in effect and for any additional period during which Processor is lawfully processing the Controller Personal Data. 2.42.5. Controller hereby sets forth the details of the Processing of Controller Personal Data, as required by article 28(3) of the GDPR in Annex 1 (Details of Processing of Controller Personal Data) hereto. 2.52.6. Controller Personal Data may be transferred from the EU Member States, EEA member countries, and the United Kingdom (collectively, "EEA"), (i) to countries that offer adequate level of data protection under or pursuant to the adequacy decisions published by the relevant data protection authorities of the EEA, the European Union, Member States or the European Commission, without any further safeguard being necessary; (ii) to the United States, solely for Processing by Processor or Sub Processor on its behalf which has self-certified and comply with the EU-US and Swiss-US Privacy Shield Frameworks, as administered by the US Department of Commerce, to the extent permitted under Applicable Laws; (iii) to any country that does not offer an adequate level of data protection, or offers a mechanism such as the aforesaid Privacy Shield, if the Parties hereto have executed the standard data protection clauses adopted by the relevant data protection authorities of the EEA, the European Union, Member States or the European Commission, or complied with any of the other mechanisms provided for in the GDPR or any other Applicable Laws for transferring Personal Data to such other countries. 2.7. Without derogating from the provisions of the AgreementAgreement and this DPA, solely Controller (and not Processor) shall be exclusively liable for any excess Controller Personal Data provided or otherwise made available to Processor or any Sub Processor in the course of providing Processor's Services under the Agreement or under this DPA. Processor's obligations under the Agreement or under this DPA shall not apply to any such excess Controller Personal Data.

Processing of Controller Personal Data. 2.1. Processor shall not Process Controller Personal Data other than on the Controller’s documented reasonable and customary instructions Instructions as specified in the Agreement or this DPA, unless such Processing is required by Applicable Laws to which the Processor is subject or as strictly necessary for the provision of Processor's services under the Agreementsubject. 2.2. Controller instructs Processor (and authorizes Processor to instruct each Sub Processor) to to (i) Process Controller Personal Data; and (ii) in particular, transfer Controller Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with the Agreement (including the Privacy Policy, as defined under the Agreement) and in accordance with Applicable Laws. 2.3. Furthermore, Controller warrants and represents that it is and will remain duly and effectively authorized to give the instruction set out in Section 2.1 2.2 and any additional instructions (email is sufficient) as provided pursuant to the Agreement and/or in connection with the performance thereof, on behalf of itself and each relevant Controller Affiliate, at all relevant times and at least for as long as the Agreement is in effect and for any additional period during which Processor is lawfully processing the Controller Personal Data. 2.4. Controller sets forth the details of the Processing of Controller Personal Data, as required by article 28(3) of the GDPR in Annex 1 (Details of Processing of Controller Personal Data) ), attached hereto. 2.5. Without derogating from Controller’s obligations hereunder, including Section 19 to the provisions of the AgreementAgreement (“Data, solely Privacy, Retention and Restricted Data”), Controller may only provide to Processor, or otherwise have Processor (or anyone on its behalf) process, such Controller Data types and parameters which are explicitly permitted under Processor’s Privacy Policy (“Permitted Controller Personal Data Types and Parameters”). Solely Controller (and not Processor) shall be liable for any excess Controller Personal Data data which is provided or otherwise made available to Processor or any Sub anyone on its behalf in excess of the Permitted Controller Personal Data Types and Parameters (“Excess Data”). Processor in the course of providing Processor's Services under the Agreement or this DPA. Processor's obligations under the Agreement or this DPA shall not apply to any such excess Controller Personal Excess Data.