Common use of Sub-processing Clause in Contracts

Sub-processing. 13.1 ‘Sub-Processing’, in the meaning of this Agreement, does not include ancillary services, such as telecommunication services, postal / transport services, maintenance and user support services or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data Processing equipment. The Processor shall, however, be obliged to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the Controller's data, even in the case of outsourced ancillary services to Sub-Processors. 13.2 The Controller agrees to the commissioning of the following sub-processors on the condition of a contractual agreement in accordance with applicable data protection laws: Sub-Processor Address / country Service Amazon Web Services Ireland Secure Cloud Service Platform for Database Storage 13.3 Outsourcing to further Sub-Processors or changing any existing Sub-Processors is permissible if the Processor informs the Controller of the identity of the Sub- Processor and the scope of the planned Sub-Processing in writing or in text form and the Controller does not object to the planned Sub-Processing in writing or in text form within ten (10) business days as from giving notice by the Processor. The Controller shall not unreasonably object to the planned Sub- Processing. In addition, the following provisions apply: (a) the transfer of Personal Data to the Sub-Processor and the Sub-Processor’s commencement of the data Processing shall only be undertaken after compliance with all requirements has been achieved; (b) if the Sub-Processor provides the agreed service outside the EU/EEA, the Processor shall ensure compliance with Applicable Laws; and (c) the Processor shall impose on the Sub-Processor the same data protection obligations as set out in this Agreement, in particular with regard to the provision of sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of the Applicable Law. 13.4 With respect to each Sub-Processor, the Processor will before the Sub- Processor first Processes any data of the Controller, carry out adequate due diligence to ensure that the Sub-Processor is capable of providing the level of protection for the Personal Data required by this Agreement and shall ensure that the agreement between the Processor and the relevant Sub-Processor, is governed by a written contract including terms which offer at least the same level of protection for the Controller as those set out in this Agreement and meets the requirements of article 28(3) of the GDPR.

Sub-processing. 13.1 ‘Sub-Processing’, in the meaning of this Agreement, does not include ancillary services, such as telecommunication services, postal / transport services, maintenance and user support services or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data Processing equipment. The Processor shall, however, be obliged to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the Controller's data, even in the case of outsourced ancillary services to Sub-Processors. 13.2 The Controller agrees to the commissioning of the following sub-processors on the condition of a contractual agreement in accordance with applicable data protection laws: Sub-Processor Address / country Service Amazon Web Services Ireland Secure Cloud Service Platform for Database Storage 13.3 Outsourcing to further Sub-Processors or changing any existing Sub-Processors is permissible if the Processor informs the Controller of the identity of the Sub- Sub-Processor and the scope of the planned Sub-Processing in writing or in text form and the Controller does not object to the planned Sub-Processing in writing or in text form within ten (10) business days as from giving notice by the Processor. The Controller shall not unreasonably object to the planned Sub- Sub-Processing. In addition, the following provisions apply: (a) the transfer of Personal Data to the Sub-Processor and the Sub-Processor’s commencement of the data Processing shall only be undertaken after compliance with all requirements has been achieved; (b) if the Sub-Processor provides the agreed service outside the EU/EEA, the Processor shall ensure compliance with Applicable Laws; and (c) the Processor shall impose on the Sub-Processor the same data protection obligations as set out in this Agreement, in particular with regard to the provision of sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of the Applicable Law. 13.4 With respect to each Sub-Processor, the Processor will before the Sub- Sub-Processor first Processes any data of the Controller, carry out adequate due diligence to ensure that the Sub-Processor is capable of providing the level of protection for the Personal Data required by this Agreement and shall ensure that the agreement between the Processor and the relevant Sub-Processor, is governed by a written contract including terms which offer at least the same level of protection for the Controller as those set out in this Agreement and meets the requirements of article 28(3) of the GDPR.

Sub-processing. 13.1 ‘Sub-Processing’', in the meaning of this Agreement, does not include ancillary services, such as telecommunication services, postal / transport services, maintenance and user support services or the disposal of data carriers, as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data Processing equipment. The Processor shall, however, be obliged to make appropriate and legally binding contractual arrangements and take appropriate inspection measures to ensure the data protection and the data security of the Controller's data, even in the case of outsourced ancillary services to Sub-Processors. 13.2 The Controller agrees to the commissioning of the following sub-processors on the condition of a contractual agreement in accordance with applicable data protection laws: Sub-Processor Address / country Service Amazon Web Services Ireland Secure Platform Storage Cloud Service Platform for Database Storage 13.3 Outsourcing to further Sub-Processors or changing any existing Sub-Processors is permissible if the Processor informs the Controller of the identity of the Sub- Processor SubProcessor and the scope of the planned Sub-Processing in writing or in text form and the Controller does not object to the planned Sub-Processing in writing or in text form within ten (10) business days as from giving notice by the Processor. The Controller shall not unreasonably object to the planned Sub- ProcessingSubProcessing. In addition, the following provisions apply: (a) the transfer of Personal Data to the Sub-Processor and the Sub-Processor’s 's commencement of the data Processing shall only be undertaken after compliance with all requirements has been achieved; (b) if the Sub-Processor provides the agreed service outside the EU/EEA, the Processor shall ensure compliance with Applicable Laws; and (c) the Processor shall impose on the Sub-Processor the same data protection obligations as set out in this Agreement, in particular with regard to the provision of sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of the Applicable Law. 13.4 With respect to each Sub-Processor, the Processor will before the Sub- Processor SubProcessor first Processes any data of the Controller, carry out adequate due diligence to ensure that the Sub-Processor is capable of providing the level of protection for the Personal Data required by this Agreement and shall ensure that the agreement between the Processor and the relevant Sub-Processor, is governed by a written contract including terms which offer at least the same level of protection for the Controller as those set out in this Agreement and meets the requirements of article 28(3) of the GDPR.