Sub-processing. 11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub- processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
11.2 The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
11.3 The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely ........................................
11.4 The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Sub-processing. 10.1 In respect of any Processing of Personal Data performed by a third party on behalf of a Party, that Party shall:
(a) carry out adequate due diligence on such third party to ensure that it is capable of providing the level of protection for the Personal Data as is required by the contract, and provide evidence of such due diligence to the other Party where reasonably requested; and
(b) ensure that a suitable agreement is in place with the third party as required under applicable Data Protection Legislation.
Sub-processing. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub-processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
Sub-processing. 4.1 The Customer shall authorize the following:
(a) Processor may engage Sub Processors in connection with the provision of the Services.
(b) Processor may continue to use those Sub Processors already engaged by the Processor at the date of this Addendum and the Agreement, subject to the Sub Processor in each case meeting the obligations set out in section 4. The Processor uses the Sub Processors specified in Privacy Policy at the date of this Addendum.
(c) Processor shall give Customer prior written notice of the appointment of any new Sub Processor, including full details of the Processing to be undertaken by the Sub Processor. If, within 30 days of receipt of that notice, Customer notifies the Processor in writing of any reasonable objections (e.g., if making Personal Data available to the Sub Processor may violate applicable Data Protection Law or weaken the protections for such Personal Data) to the proposed appointment.
(d) Processor shall work with the Customer in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Sub Processor; and
(e) where such a change cannot be made within 30 days from Processor's receipt of Customer's notice, notwithstanding the provisions of the Agreement, Customer may by written notice to Processor with immediate effect terminate the Agreement to the extent that it relates to the Services which require the use of the proposed Sub Processor.
4.2 Where no objectin is provided, the Processor shall:
(a) before the Sub Processor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Sub Processor is capable of providing the level of protection for Customer Personal Data required by this Addendum and the Agreement;
(b) ensure that the arrangement between the Processor and the Sub Processor is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and provides for sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the Processing will meet the requirements of Data Protection Laws;
(c) provide to the Customer for review such copies of the Processors’ agreements with the Sub Processors (which may be redacted to remove confidential commercial information not relevant to the requirements of this Addendum) as Customer may request from time to time.
4.3 Where the Au...
Sub-processing. 8.1. Controller authorizes Processor to appoint (and permits each Sub Processor appointed in accordance with this Section 8 to appoint) Sub Processors in accordance with this Section 8.
8.2. Processor may continue to use those Sub Processors already engaged by Processor. An updated list of Processor's current sub-processors can be found online at xxxxx://xxx.xxxxxxx.xxx/moburst-sub-processors/. Updates to this list shall constitute notice to the Controller in accordance with Section 8.3 below. More information on Processor's use of sub-processors can be requested by email at xxxx@xxxxxxx.xxx.
8.3. Processor may appoint new Sub Processors and shall give notice of any such appointment to Controller, by updating the list available at the link above. If, within seven (7) days of such notice, Controller notifies Processor in writing of any reasonable objections to the proposed appointment, Processor shall not appoint the proposed Sub Processor for the Processing of Controller Personal Data until reasonable steps have been taken to address the objections raised by Controller and Controller has been provided with a reasonable written explanation of the steps taken. Where such steps are not sufficient to relieve Controller's reasonable objections, each of Controller or Processor may, by written notice to the other party and with immediate effect, terminate the Agreement to the extent that it relates to the Services requiring the use of the proposed Sub Processor. In such event, the terminating party shall not bear any liability for such termination.
8.4. With respect to each new Sub Processor, Processor shall:
8.4.1. Prior to the Processing of Controller Personal Data by Sub Processor, take reasonable steps (for instance by way of reviewing privacy policies as appropriate) to ensure that Sub Processor is committed and able to provide the level of protection for Controller Personal Data required by this DPA; and
8.4.2. ensure that the arrangement between the Processor and the Sub Processor is governed by a written contract, including terms that offer a materially similar level of protection for Controller Personal Data as those set out in this DPA and meet the requirements of Applicable Law.
8.5. Processor shall remain fully liable to the Controller for the performance of any Sub Processor's obligations.
Sub-processing. (a) The Controller hereby authorizes the appointment and use of Sub-processor(s) engaged by the Processor for the provision of the Services. The Controller approves the Sub-processor(s) set out in Annex 5.
(b) The Controller acknowledges and agrees that: (i) Wolters Kluwer group may be retained as Sub- processors; and (ii) the Processor and Wolters Kluwer group respectively may engage third-party Sub- processors (and permit each Sub-Processor appointed under this clause 5 to appoint sub-processors) in connection with the provision of the Services.
(c) In case the Processor intends to engage new or additional Sub-processors, the Controller hereby provides general written authorization for the Processor to do so, provided that the Processor shall inform the Controller of any intended changes concerning the addition or replacement of any Sub-processor ("Sub-processor Notice") such notice to be provided though CCH OneClick or on the GDPR page at xxxxx://xxx.xxx.xx.xx/softwaresupport/2015/home.asp (“Sub-processor List Website”). The Controller is responsible for visiting the Sub-processor List Website from time to time. If the Controller has a reasonable basis to object to the use of any such new or additional Sub-processor, the Controller shall notify the Processor promptly in writing within 14 days after receipt of the Sub-processor Notice. In the event the Controller objects to a new or additional Sub-processor, and that objection is not unreasonable, the Processor will use reasonable efforts to make available to the Controller a change in the S ervices or recommend a commercially reasonable change to the Controller’s configuration or use of the Services to avoid Processing of Personal Data by the objected-to new or additional Sub-processor without unreasonably burdening the Controller. If the Processor is unable to make available such change within a reasonable period of time, which shall not exceed ninety (90) days, the Controller may terminate (notwithstanding any contrary provision in the Services Agreement and without liability to the Controller) the affected part of the Services Agreement with respect only to those Services which cannot be provided by the Processor without the use of the objected-to new or additional Sub-processor by providing written notice to the Processor.
(d) The Processor and/or Wolters Kluwer group shall impose the same data protection obligations as set out in this DPA on any Sub-processor by contract. The contract between the P...
Sub-processing. 9.1. Customer agrees that MailerLite may engage Sub-Processors to Process Customer Data on Customer's behalf. The Sub-Processors currently engaged by MailerLite and authorized by Customer are listed in the Annex.
Sub-processing. The Service rests on the infrastructure services of Amazon (AWS) who acts as a sub-pro- cessor under the Provider’s control. A GDPR compliant data processing addendum is incorporated in the agree- ment between AWS and the Provider. The Provider will inform You of any changes of sub-processors.
Sub-processing. 13.1 ‘Sub-Processing’, in the meaning of this Agreement, does not include ancillary services, such as telecommunication services, postal / transport services, maintenance and user support services or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data Processing equipment. The Processor shall, however, be obliged to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the Controller's data, even in the case of outsourced ancillary services to Sub-Processors.
13.2 The Controller agrees to the commissioning of the following sub-processors on the condition of a contractual agreement in accordance with applicable data protection laws: Sub-Processor Address / country Service Amazon Web Services Ireland Secure Cloud Service Platform for Database Storage
13.3 Outsourcing to further Sub-Processors or changing any existing Sub-Processors is permissible if the Processor informs the Controller of the identity of the Sub- Processor and the scope of the planned Sub-Processing in writing or in text form and the Controller does not object to the planned Sub-Processing in writing or in text form within ten (10) business days as from giving notice by the Processor. The Controller shall not unreasonably object to the planned Sub- Processing. In addition, the following provisions apply:
(a) the transfer of Personal Data to the Sub-Processor and the Sub-Processor’s commencement of the data Processing shall only be undertaken after compliance with all requirements has been achieved;
(b) if the Sub-Processor provides the agreed service outside the EU/EEA, the Processor shall ensure compliance with Applicable Laws; and
(c) the Processor shall impose on the Sub-Processor the same data protection obligations as set out in this Agreement, in particular with regard to the provision of sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of the Applicable Law.
13.4 With respect to each Sub-Processor, the Processor will before the Sub- Processor first Processes any data of the Controller, carry out adequate due diligence to ensure that the Sub-Processor is capable of providing the level of protection for the Personal Data required by this Agreement and shall ensure that the agr...
Sub-processing. 6.1. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-Processors set out in Annex 3 (Authorised Sub-Processors). The Processor shall not engage any additional Data Sub-Processors to Process Controller Personal Data other than having given the Controller prior written notification.
6.2. With respect to each Sub-processor, the Processor shall:
6.2.1. Provide the Controller with full details of the Processing to be undertaken by each Sub- processor.
6.2.2. Carry out adequate due diligence, on a timely basis, on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organisational measures in such a manner that Processing will meet the requirements of GDPR, this Agreement, the Principal Agreement and the applicable Data Protection Laws.
6.2.3. Upon request, the Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review.
6.2.4. Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the Standard Contractual Clauses, Privacy Shield, or such other mechanism as directed by the Controller into the contract between the Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data.
6.2.5. Remain fully liable to the Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data.
6.3. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-processors set out in Annex 3 (Authorised Sub-Processors).
