Common use of Sub-processing Clause in Contracts

Sub-processing. 6.1. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-Processors set out in Annex 3 (Authorised Sub-Processors). The Processor shall not engage any additional Data Sub-Processors to Process Controller Personal Data other than having given the Controller prior written notification. 6.2. With respect to each Sub-processor, the Processor shall: 6.2.1. Provide the Controller with full details of the Processing to be undertaken by each Sub- processor. 6.2.2. Carry out adequate due diligence, on a timely basis, on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organisational measures in such a manner that Processing will meet the requirements of GDPR, this Agreement, the Principal Agreement and the applicable Data Protection Laws. 6.2.3. Upon request, the Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review. 6.2.4. Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the Standard Contractual Clauses, Privacy Shield, or such other mechanism as directed by the Controller into the contract between the Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data. 6.2.5. Remain fully liable to the Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data. 6.3. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-processors set out in Annex 3 (Authorised Sub-Processors).

Sub-processing. 6.1. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-Processors set out in Annex 3 2 (Authorised Sub-Processors). The Processor shall not engage any additional Data Sub-Processors to Process Controller Personal Data other than having given with the Controller prior written notificationconsent of Controller, which Controller may refuse with absolute discretion. 6.2. With respect to each Sub-processor, the Processor shall: 6.2.1. Provide the Controller with full details of the Processing to be undertaken by each Sub- processor. 6.2.2. Carry out adequate due diligence, on a timely basis, diligence on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organisational measures in such a manner that Processing will meet the requirements of GDPR, this Agreement, the Principal Agreement and the applicable Data Protection Laws. 6.2.3. Include terms in the contract between the Processor and each Sub-processor which are the same as those set out in this Addendum. Upon request, the Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review. 6.2.4. Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the Standard Contractual Clauses, Privacy Shield, Clauses or such other mechanism as directed by the Controller into the contract between the Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data. 6.2.5. Remain fully liable to the Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data. 6.3. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-processors set out in Annex 3 2 (Authorised Sub-ProcessorsTransfers of Controller Personal Data).

Sub-processing. 6.1. As of the Addendum Order Form Effective Date, the Controller hereby authorises authorizes the Processor to engage those Sub-Processors set out in Annex 3 4 (Authorised Authorized Sub-Processors). The Processor shall not engage any additional Data Sub-Processors to Process Controller Personal Data other than having given with the Controller prior written notificationconsent of Controller, which Controller may refuse with absolute discretion. 6.2. With respect to each Sub-processor, the Processor shall: 6.2.1. Provide the Controller with full details of the Processing to be undertaken by each Sub- processor. 6.2.2. Carry out adequate due diligence, on a timely basis, diligence on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organisational organizational measures in such a manner that Processing will meet the requirements of GDPR, this Agreement, the Principal Agreement Order Form and the applicable Data Protection Laws. 6.2.3. Include terms in the contract between the Processor and each Sub-processor which are the same as those set out in this Schedule. Upon request, the Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review. 6.2.4. Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the Standard Contractual Clauses, Privacy Shield, Clauses or such other mechanism as directed by the Controller into the contract between the Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data. 6.2.5. Remain fully liable to the Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data. 6.3. As of the Addendum Schedule Effective Date, the Controller hereby authorises authorizes the Processor to engage those Sub-processors set out in Annex 3 (Authorised Sub-ProcessorsAuthorized Transfers of Controller Personal Data).

Sub-processing. 6.1. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-Processors set out in Annex 3 4 (Authorised Sub-Processors). The Processor shall not engage any additional Data Sub-Processors to Process Controller Personal Data other than having given with the Controller prior written notificationconsent of Controller, which Controller may refuse with absolute discretion. 6.2. With respect to each Sub-processor, the Processor shall: 6.2.1. Provide the Controller with full details of the Processing to be undertaken by each Sub- processor. 6.2.2. Carry out adequate due diligence, on a timely basis, diligence on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organisational measures in such a manner that Processing will meet the requirements of GDPR, this Agreement, the Principal Agreement and the applicable Data Protection Laws. 6.2.3. Include terms in the contract between the Processor and each Sub-processor which are the same as those set out in this Addendum. Upon request, the Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review. 6.2.4. Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the Standard Contractual Clauses, Privacy Shield, Clauses or such other mechanism as directed by the Controller into the contract between the Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data. 6.2.5. Remain fully liable to the Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data. 6.3. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-processors set out in Annex 3 (Authorised Sub-ProcessorsTransfers of Controller Personal Data).

Sub-processing. ‌ 6.1. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-Processors set out in Annex 3 (Authorised Sub-Processors). The Processor shall not engage any additional Data Sub-Processors to Process Controller Personal Data other than having given the Controller prior written notification. 6.2. With respect to each Sub-processor, the Processor shall: 6.2.1. Provide the Controller with full details of the Processing to be undertaken by each Sub- processor. 6.2.2. Carry out adequate due diligence, on a timely basis, diligence on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organisational measures in such a manner that Processing will meet the requirements of GDPR, this Agreement, the Principal Agreement and the applicable Data Protection Laws. 6.2.3. Upon request, the Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review. 6.2.4. Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the Standard Contractual Clauses, Privacy Shield, or such other mechanism as directed by the Controller into the contract between the Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data. 6.2.5. Remain fully liable to the Controller for any failure by each Sub-Processor to fulfil its obligations in relation to the Processing of any Controller Personal Data. 6.3. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-processors set out in Annex 3 (Authorised Sub-Processors).

Sub-processing. 6.1. As of the Addendum Effective Date, the Controller hereby authorises authorizes the Processor to engage those Sub-Processors set out in Annex 3 (Authorised Sub-Processors). The Processor shall not engage any additional Data Sub-Processors to Process Controller Personal Data other than having given with the Controller prior written notificationconsent of Controller, which Controller may refuse with absolute discretion. 6.2. With respect to each Sub-processor, the Processor shall: 6.2.1. Provide the Controller with full details of the Processing to be undertaken by each Sub- Sub-processor. 6.2.2. Carry out adequate due diligence, on a timely basis, diligence on each Sub-Processor to ensure that it can provide the level of protection for Controller Personal Data, including without limitation, sufficient guarantees to implement appropriate technical and organisational organizational measures in such a manner that Processing will meet the requirements of GDPR, this Agreement, the Principal Agreement and the applicable Data Protection Laws. 6.2.3. Include terms in the contract between the Processor and each Sub-processor which are the same as those set out in this Addendum. Upon request, the Processor shall provide a copy of its agreements with Sub-Processors to Controller for its review. 6.2.4. Insofar as that contract involves the transfer of Controller Personal Data outside of the EEA, incorporate the Standard Contractual Clauses, Privacy Shield, Clauses or such other mechanism as directed by the Controller into the contract between the Processor and each Sub-Processor to ensure the adequate protection of the transferred Controller Personal Data. 6.2.5. Remain fully liable to the Controller for any failure by each Sub-Processor to fulfil fulfill its obligations in relation to the Processing of any Controller Personal Data. 6.3. As of the Addendum Effective Date, the Controller hereby authorises the Processor to engage those Sub-processors set out in Annex 3 (Authorised Sub-ProcessorsTransfers of Controller Personal Data).