Common use of Roles and Scope Clause in Contracts

Roles and Scope. 2.1 This DPA only applies to the Processing of Customer Data and Personal Data by iManage on behalf of Customer pursuant to the Agreement. 2.2 Customer and iManage agree that with respect to Personal Data, Customer is the Controller of such Personal Data and iManage is a Processor of such Personal Data, except when Customer acts as a Processor or Sub- Processor of such Personal Data, in which case iManage is a Sub-Processor of such Personal Data. Nothing in the preceding sentence alters the obligations of either iManage or Customer under this DPA, as iManage acts as a Processor with respect to Customer in all events. In any instance where the Customer is a Processor or Sub- Processor, Customer warrants to iManage that Customer’s instructions, including appointment of iManage as a Processor or sub-Processor, have been authorized by the relevant Controller. 2.3 This DPA does not limit or reduce any data protection commitments iManage makes to Customer in the Agreement. 2.4 Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the Processing of its Customer Data and Personal Data as well as the risks to individuals) the security practices and policies implemented and maintained by iManage provide a level of security appropriate to the risk with respect to its Customer Data and Personal Data.

Roles and Scope. 2.1 This DPA only applies to the Processing of Customer Data and Personal Data by iManage on behalf of Customer pursuant to the Agreement. 2.2 Customer and iManage agree that with respect to Personal Data, Customer is the Controller of such Personal Data and iManage is a Processor of such Personal Data, except when Customer acts as a Processor or Sub- Processor of such Personal Data, in which case iManage is a Subsub-Processor of such Personal Data. Nothing in the preceding sentence alters the obligations of either iManage or Customer under this DPA, as iManage acts as a Processor with respect to Customer in all events. In any instance where the Customer is a Processor or Sub- Processor, Customer warrants to iManage that Customer’s instructions, including appointment of iManage as a Processor or sub-Processor, have been authorized by the relevant Controller. 2.3 This DPA does not limit or reduce any data protection commitments iManage makes to Customer in the Agreement. 2.4 Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the Processing of its Customer Data and Personal Data as well as the risks to individuals) the security practices and policies implemented and maintained by iManage provide a level of security appropriate to the risk with respect to its Customer Data and Personal Data.