Common use of Sub-Service Providers Clause in Contracts

Sub-Service Providers. 8.1 The inclusion of additional processors in order fulfilment (= sub-service providers) by the Contractor is only permitted with the consent of the Client. The Contractor shall notify the Client in text form in advance about the inclusion of additional sub-service providers and the transfer of Personal Data to them for processing. If the Client does not object to this use within 6 weeks after notification, the consent of the Client is deemed to be granted. 8.2 The prerequisite for approval to engage additional sub-service providers is their specific designation with names and contact details together with further information on the subject matter, type, scope and purpose of the specifically intended data processing. Furthermore, the Contractor must verify that the sub-service providers will comply with the IT security measures according to the specifications of Appendix 4 and submit the findings made to the Client upon request. The Client shall not unreasonably refuse consent to commissioning sub-service providers. 8.3 Commissioning sub-service providers or sub-sub-service providers in third countries (outside EU/EEA) takes place, provided that the relevant requirements of the GDPR are complied with. 8.4 If a Commissioning is permissible, the Contractor must select the sub-service provider carefully with regard to the fulfilment of contractual obligations. He must design the contractual agreements with the sub-service provider in such a way that they meet the data protection provisions of the Order Processing Agreement. In particular, it has to contractually secure the rights of disposal regulated in this Agreement and the inspection rights of the Client vis-a-vis its sub-service providers. This contractual protection must be designed in such a way that the Client – without prejudice to the responsibility of the Contractor for the sub-service providers – is entitled to directly monitor the sub-service provider. At the request of the Client, the Contractor is obligated to immediately provide information to the sub-service provider about the contractual content for the monitoring and the implementation of the data protection relevant obligations by the sub-service provider. 8.5 The previously approved sub-service providers are listed in Appendix 3 whereby the approval is subject to the reservation that compliance with data security measures is documented by the Contractor prior to the start of data processing and the specifications according to this Clause 8 are complied with. An updated list of sub-service providers is always retrievable under xxxxx://xxx.xxxxxxxx.xxx/public/en/privacy-sub-processors/. 8.6 The Contractor must review the compliance with these obligations by the sub-service provider regularly by means of appropriate inspections (i.