Sub-processors. 7.1 bookinglab shall not subcontract any processing of the Customer Personal Data to any Sub-Processor except as authorised by the Customer in accordance with this paragraph 7. The Customer consents to bookinglab engaging Sub-Processors to process the Data provided that: (i) bookinglab provides at least 30 days' prior notice of the addition of any subcontractor (including details of the processing it performs or will perform) (“Sub-Processor Notice”); and (ii) bookinglab complies with paragraphs 7.4 and 7.5 of this Appendix.
7.2 The Customer hereby consents to bookinglab’s use of the Sub-Processors listed at xxx.xxxxxxxxxx.xx.xx/xxxxxx which shall be maintained and updated when any Sub-Processor is added or removed in accordance with this paragraph 7.
7.3 If within 30 days of receipt of a Sub-Processor Notice the Customer notifies bookinglab in writing of its refusal to consent to bookinglab’s appointment of a Sub-Processor on reasonable grounds relating to the protection of Customer Personal Data, then either: (i) bookinglab will not appoint the Sub-Processor; or (ii) if bookinglab does appoint the Sub-Processor, the Customer may elect to terminate the Agreement without penalty or cost to either party save that any portion of the fees paid in advance in respect of Services not yet delivered as at the effective date of termination shall be refunded to the Customer. If after 30 days from receipt of the Sub-Processor Notice the Customer has not indicated its refusal of the appointment of a Sub-Processor in accordance with this paragraph, then the Customer is deemed to have given its consent and bookinglab shall be entitled to appoint the relevant Sub-Processor with immediate effect.
7.4 If bookinglab appoints a Sub-Processor, bookinglab shall ensure that:
(a) such Sub-Processor shall only process Customer Personal Data in order to perform one or more of bookinglab's obligations under this Agreement; and
(b) it enters into a written agreement or other legally enforceable terms with that Sub-Processor prior to any processing by the Sub-Processor, requiring the Sub-Processor to:
(i) process Customer Personal Data only in accordance with the written instructions of bookinglab or the Customer; and
(ii) comply with data protection obligations equivalent in all material respects to those imposed on bookinglab under this Appendix.
7.5 Notwithstanding the appointment of a Sub-Processor, bookinglab is responsible and liable to the Customer for any processing by the Su...
Sub-processors. 6.1 The Data Processor is given general authorisation to engage third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub- Processor, the Data Controller shall give notice hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor.
6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Services by providing written notice to the Data Processor.
6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing.
6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions.
6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub- Processor, such new Sub-Processor shall be added to the list in sub-appendix B under paragraph 2.
Sub-processors. 8.1. The Data Processor has outlined in the Data Pro Statement whether the Data Processor uses any third parties (sub-processors) to help it process the Personal Data, and if so, which third parties.
8.2. The Client authorises the Data Processor to hire other sub-processors to meet its obligations under the Agreement.
8.3. The Data Processor will notify the Client if there is a change with regard to the third parties hired by the Data Processor, e.g. through a revised Data Pro Statement. The Client will be entitled to object to the aforementioned change implemented by the Data Processor. The Data Processor will ensure that any third parties it hires will commit to ensuring the same level of Personal Data protection as the security level the Data Processor is bound to provide to the Client pursuant to the Data Pro Statement.
Sub-processors. The Controller acknowledges and agrees that:
(a) Subsidiaries of the Processor may be used as Sub-Processors; and
(b) the Processor and its Subsidiaries respectively may engage Sub-Processors in connection with the provision of the Services. All Sub-Processors who process Personal Data in the provision of the Services to the Controller shall comply with the obligations of the Processor similar to those set out in this Data Processing Agreement. Where Sub-Processors are located outside of the EEA, the Processor confirms that such Sub-Processors:
(a) are located in a third country or territory recognized by the EU Commission to have an adequate level of protection; or
(b) have entered into Standard Contractual Clauses with the Processor; or
(c) have other legally recognized appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules. The Processor shall make available to the Controller the current list of Sub- Processors (at xxxxx://xxxxxxxxxxx.xxx/legal/policies/subprocessors/) which shall include the identities of Sub-Processors, what they’re used for, and their location. During the term of this DPA, the Processor shall provide the Controller with at least 14 days prior notification, via email (or in-application notice), of any changes to the list of Sub-Processor(s) who may process Personal Data before authorizing any new or replacement Sub-Processor(s) to process Personal Data in connection with the provision of the Services. If the Controller objects to a new or replacement Sub-Processor the Controller may terminate the Customer Terms with respect to those Services which cannot be provided by the Processor without the use of the new or replacement Sub- Processor. The Processor will refund the Controller any prepaid fees covering the remainder of the Term of the Customer Terms following the effective date of termination with respect to such terminated Services.
Sub-processors those Group companies and third-parties listed at xxx.xxxxxx.xxx/xxxxx/xxxxxxxxxxxxxx from time to time.
Sub-processors. 1. The Data Controller authorizes the Data Processor to engage the Sub-processors. All Sub-processors authorized by the Data Controller are acting under the authority and subject to direct instructions of the Data Controller. A list of the current Sub-processors is set out in Appendix 1 for the purposes specified therein. The Data Processor shall notify the Data Controller in writing in advance of any changes, in particular before engaging other Sub-processors in which event the Data Processor shall without undue delay and at the latest 8 weeks prior to transferring any Personal Data to a Sub-processor, inform the Data Controller in writing of the identity of such Sub-processor as well as the purpose for which it will be engaged.
2. The Data Controller at its own discretion may object to any such changes within 8 weeks after the Data Processor’s notice.
3. The Data Processor shall impose by written agreement, which includes an electronic form, on all Sub-processors processing Personal Data under this DPA (including inter alia its agents, intermediaries and sub-contractors) the same obligations as apply to the Data Processor, in particular the obligations defined in section 4.1 (in particular, procedure of notification to Data Controller and Data Controller’s right to issue direct instructions to Sub-processors) and section 4.2 of this DPA.
Sub-processors. Buyer agrees that Licensor, a processor, may engage other processors (“Sub- processors”) to assist in providing the Services consistent with the Standard Contract. Licensor will make a list of such Sub-processors available to Buyer prior to transferring any Personal Data to such Sub-processors. Licensor will notify Buyer of any changes to the list of Sub-processors in order to give Buyer an opportunity to object to such changes.
Sub-processors. 7.1 The Data Controller acknowledges and agrees that:
7.1.1 Affiliates of the Data Processor may be used as Sub-processors; and
7.1.2 the Data Processor and its Affiliates respectively may engage Sub-processors in connection with the provision of the Services.
7.2 All Sub-processors who process Personal Data in the provision of the Services to the Data Controller shall comply with the obligations of the Data Processor set out in this DPA.
7.3 The Data Controller authorises the Data Processor to use the Sub-Processors included in the list of Sub-processors to process the Personal Data. During the term of this DPA, the Data Processor shall provide the Data Controller with 30 days prior notification, via email, of any changes to the list of Sub-processors before authorising any new or replacement Sub- processor to process Personal Data in connection with provision of the Services.
7.4 The Data Controller may object to the use of a new or replacement Sub-processor, by notifying the Data Processor promptly in writing within 14 days after receipt of the Data Processor’s notice. If the Data Controller objects to a new or replacement Sub-processor, the Data Controller may terminate the Agreement with respect to those Services which cannot be provided by the Data Processor without the use of the new or replacement Sub-processor.
7.5 All Sub-processors who process Personal Data shall comply with the obligations of the Data Processor set out in this DPA. The Data Processor shall prior to the relevant Sub-processor carrying out any processing activities in respect of the Personal Data:
7.5.1 Appoint each Sub-processor under a written contract containing materially the same obligations to those of the processor in this DPA enforceable by the Data Processor;
7.5.2 Ensure each such Sub-processor complies with all such obligations.
7.6 The Data Controller agrees that the Processor and its Sub-Processors may make Restricted Transfers of Personal Data for the purpose of providing the Services to the Data Controller in accordance with the Agreement.. The Data Processor confirms that suchSub-Processors:
7.6.1 Are located in a third country or territory recognised by the EU Commission to have an adequate level of protection; or
7.6.2 Have entered into the applicable SCCs with the Data Processor; or
7.6.3 Have other legally recognised appropriate safeguards in place.
Sub-processors. Contractor shall enter into written agreements with all Sub-processors performing functions pursuant to the Service Agreement, whereby the Sub-processors agree to protect Student Data in a manner consistent with the terms of this DPA. Contractor shall provide the LEA with a description of the sub-processors or types of sub-processors who have access to the LEA's student data and shall update the list as new sub-processors are added.
Sub-processors. 5.1 Bluecore shall not engage third-party Sub-processors in connection with the provision of the Services except in accordance with this Section 5. Any such Sub-processors will be permitted to obtain Personal Data only to deliver the services Bluecore has retained them to provide, and are prohibited from using Personal Data for any other purpose. Bluecore will have a written agreement with each Sub-processor and agrees that any agreement with a Sub-processor will include data protection obligations no less protective than those set out in this DPA.
5.2 Bluecore shall be liable for the acts and omissions of its Sub-processors and compliance with all the obligations of this DPA by such Sub-processors to the same extent Bluecore would be liable if performing the services of each Sub-processor directly under the terms of this DPA. To this end, Bluecore will conduct proper due diligence on all Sub-processors to ensure each Sub-process can comply with Data Protection Laws and all applicable terms and conditions of this DPA.
5.3 Customer acknowledges and agrees that Third Party Partners are not Sub-processors and Bluecore assumes no responsibility or liability for the acts or omissions of such Third Party Partners. Sub-processors retained by Bluecore to provide Services for Customer will at all times be deemed Sub-processors of Bluecore and shall not under any circumstance be construed or deemed to be employees or Sub-processors of Customer.
5.4 A list of Bluecore’s authorized Sub-processors is available upon Customer’s request. Bluecore may add additional Sub-processors to this list provided that it gives 30 days’ prior written notification of the identity of the Sub-processor to Customer and Customer does not object to the appointment within that period. In the event Customer objects to a new Sub-processor, Bluecore will use reasonable efforts to make available to Customer a change in the affected Services or recommend a commercially reasonable change to Customer’s use of the affected Services to avoid Processing of Personal Data by the objected-to new Sub-processor without unreasonably burdening Customer. If Bluecore is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the Agreement and applicable SOW(s) in respect to those Services which cannot be provided by Bluecore without the use of the objected-to new Sub-processor, by providing written notice to Bluecore, without Blue...
