Common use of PROCESSING OF THE PERSONAL DATA Clause in Contracts

PROCESSING OF THE PERSONAL DATA. 5 .1 The Schedules to this Data Protection Agreement contain a description of the processing activities. Parties shall maintain an adequately protected written or electronic record of all categories of processing activities carried out in line with the applicable law, insofar such record is not yet covered by this Data Protection Agreement. 5 .2 Customer warrants that it processes or shall have processed the Personal Data in accordance with the applicable law. Customer shall upon first request of IDEXX promptly provide all relevant information requested to IDEXX in writing, which may include in electronic form. IDEXX is not responsible or liable for compliance with Customer's obligations under the applicable law, including without limitation Customer’s obligations to its own customers or clients, such as Customer’s obligation to inform its customer or clients of recipients of their Personal Data. 5 .3 Taking into account the nature of the data processing and the information available to Parties, Parties shall provide each other with all necessary assistance in complying with the obligations that rest upon the Parties under the applicable law, in particular the obligations in relation to the security of Personal Data, Data Breach notification duties, information duty and the execution of data protection impact assessments, including prior consultation of the relevant Governmental Authority. 6 .1 IDEXX shall only process Personal Data on behalf of Customer and in accordance with the documented instructions that Customer may provide, including with regards to transfers of Personal Data to a third country. IDEXX shall immediately inform Customer if, in its opinion, any of the instructions of Customer infringes the applicable law. IDEXX shall have no independent say in relation to the Personal Data that it processes. IDEXX shall not process the Personal Data for its own or any third party's benefit or purposes, or for other purposes, unless otherwise required by the applicable law. 6 .2 The Schedules list the (groups of) Employees of IDEXX and/or other persons engaged by IDEXX that may have access to the Personal Data and describes the types of Personal Data and the data processing activities these persons are allowed to perform; other processing activities are explicitly prohibited. IDEXX shall ensure that such persons have committed themselves to confidentiality to the extent these persons are not bound by an appropriate statutory confidentiality obligation. IDEXX shall ensure that these Employees or other persons engaged by it comply with all the obligations laid down in this Data Protection Agreement and the Agreement.

PROCESSING OF THE PERSONAL DATA. 5 .1 5.1 The Schedules to this Data Protection Agreement contain a description of the processing activities. Parties shall maintain an adequately protected written or electronic record of all categories of processing activities carried out in line with the applicable law, insofar such record is not yet covered by this Data Protection Agreement. 5 .2 5.2 Customer warrants that it processes or shall have processed the Personal Data in accordance with the applicable law. Customer shall upon first request of IDEXX promptly provide all relevant information requested to IDEXX in writing, which may include in electronic form. IDEXX is not responsible or liable for compliance with Customer's obligations under the applicable law, including without limitation Customer’s obligations to its own customers or clients, such as Customer’s obligation to inform its customer or clients of recipients of their Personal Data. 5 .3 5.3 Taking into account the nature of the data processing and the information available to Parties, Parties shall provide each other with all necessary assistance in complying with the obligations that rest upon the Parties under the applicable law, in particular the obligations in relation to the security of Personal Data, Data Breach notification duties, information duty and the execution of data protection impact assessments, including prior consultation of the relevant Governmental Authority. 6 .1 6.1 IDEXX shall only process Personal Data on behalf of Customer and in accordance with the documented instructions that Customer may provide, including with regards to transfers of Personal Data to a third country. IDEXX shall immediately inform Customer if, in its opinion, any of the instructions of Customer infringes the applicable law. IDEXX shall have no independent say in relation to the Personal Data that it processes. IDEXX shall not process the Personal Data for its own or any third party's benefit or purposes, or for other purposes, unless otherwise required by the applicable law. 6 .2 6.2 The Schedules list the (groups of) Employees of IDEXX and/or other persons engaged by IDEXX that may have access to the Personal Data and describes the types of Personal Data and the data processing activities these persons are allowed to perform; other processing activities are explicitly prohibited. IDEXX shall ensure that such persons have committed themselves to confidentiality to the extent these persons are not bound by an appropriate statutory confidentiality obligation. IDEXX shall ensure that these Employees or other persons engaged by it comply with all the obligations laid down in this Data Protection Agreement and the Agreement.

PROCESSING OF THE PERSONAL DATA. 5 .1 The Schedules to this Data Protection Agreement contain a description of the processing activities. Parties shall maintain an adequately protected written or electronic record of all categories of processing activities carried out in line with the applicable law, insofar such record is not yet covered by this Data Protection Agreement. 5 .2 3.1 Customer warrants that it processes or shall have processed the Customer Personal Data in accordance with the applicable law. Customer shall upon first request of IDEXX promptly provide all relevant information requested to IDEXX in writing, which may include in electronic form. IDEXX is not responsible or liable for compliance with Customer's obligations under the applicable law, including without limitation Customer’s obligations to its own customers or clients, such as Customer’s obligation to inform its customer or clients of recipients of the Processing of their Personal Data. IDEXX is not responsible for determining the requirements or laws or regulations applicable to Customer’s business, or that a Service meets the requirements of any such applicable Data Protection Laws or regulations. As between the parties, Customer is responsible for the lawfulness of the Processing of Customer Personal Data. Customer will not use the Services in a manner that would violate applicable Data Protection Law. 5 .3 Taking into account the nature 3.2 The applicable DPA Schedule for a Service contains a list of the data processing and the information available to Partiescategories of Data Subjects, Parties shall provide each other with all necessary assistance in complying with the obligations that rest upon the Parties under the applicable lawtypes of Customer Personal Data, in particular the obligations in relation to the security any Special Categories of Personal Data, Data Breach notification duties, information duty and the execution of data protection impact assessments, including prior consultation . The duration of the relevant Governmental AuthorityProcessing corresponds to the duration of the Service, unless otherwise stated in the DPA Schedule. The purpose and subject matter of the Processing is the provision of the Service as described in the Agreement. 6 .1 3.3 IDEXX shall only process Customer Personal Data on behalf of Customer and in accordance with Customer’s documented instructions, unless otherwise required by the documented applicable law. The scope of Customer’s instructions that for the Processing of Customer may provide, including with regards to transfers of Personal Data to a third countryis defined in the Agreement, and, if applicable, Customer’s and its authorized users’ use and configuration of the features of the Service. IDEXX shall immediately inform Customer if, in its opinion, any of the instructions of Customer infringes the applicable law. Data Protection Laws, and IDEXX shall have no independent say may suspend the performance of such instruction until Customer has modified or confirmed its lawfulness in relation to the Personal Data that it processes. IDEXX shall not process the Personal Data for its own or any third party's benefit or purposes, or for other purposes, unless otherwise required by the applicable lawdocumented form. 6 .2 The Schedules list the (groups of) Employees of IDEXX and/or other persons engaged by IDEXX that may have access to the Personal Data and describes the types of Personal Data and the data processing activities these persons are allowed to perform; other processing activities are explicitly prohibited. 3.4 IDEXX shall ensure that such its employees and other persons engaged in the Processing of Customer Personal Data have committed themselves to confidentiality to the extent these persons are not bound by an appropriate statutory confidentiality obligation. IDEXX shall ensure that these Employees employees or other persons engaged by it comply with all the obligations laid down in this Data Protection Agreement DPA and the Agreement. IDEXX shall ensure that IDEXX' access to Customer Personal Data is limited to those employees and other persons performing Services in accordance with the Agreement.