Subprocessing. The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
Subprocessing. 5.1 Processor shall not appoint (or disclose any Company Personal Data to) any Subprocessor unless required or authorized by the Company.
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters int...
Subprocessing. 11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
11.2 The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses.
11.3 The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established.
11.4 The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.
Subprocessing. 5.1 You authorise us to engage the Subprocessors specified in the SCC Annexes for the specified purposes described in the SCC Annexes and authorise us, to appoint further Subprocessors in accordance with this section 5 and subject to the requirements of the SCCs.
5.2 We shall give you at least fourteen (14) days’ prior written notice of the appointment of any new Subprocessor or changes to any Subprocessor’s Processing arrangements, including necessary details of the Processing to be undertaken by the Subprocessor.
5.3 If, within fourteen (14) calendar days of our notice, you notify us in writing of any objections (on reasonable grounds) to the proposed appointment, we shall at our option:
5.3.1 not appoint (or disclose any of your Personal Data to) that proposed Subprocessor until it has taken reasonable steps to address the objections raised by you; or
5.3.2 notify you that you may terminate the Service without incurring any early termination costs, notwithstanding any term of the Services Agreement or any Service Order Form to the contrary.
5.3.3 For the avoidance of doubt, your right to terminate an affected Service under section 5.3.2 shall not extend to non-impacted services and is otherwise without prejudice to the Parties’ rights and obligations in relation to any terminated Service up to, and including the date of termination.
5.4 With respect to each Subprocessor, we shall ensure that the Subprocessor’s Processing is governed by a written contract including terms which offer at least the same level of protection for your Personal Data as those set out in this DPA.
Subprocessing.
4.1 Company authorizes Securonix to appoint (and permit each Subprocessor appointed in accordance with this section 4 to appoint) Subprocessors in accordance with this section 4 and any restrictions in the Principal Agreement.
4.2 Securonix may continue to use those Subprocessors already engaged by Securonix as at the date of this DPA, subject to Securonix in each case as soon as practicable meeting the obligations set out in section 4.4.
4.3 Securonix will give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) of receipt of that notice, Company notifies Securonix in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3.
4.4 With respect to each Subprocessor, Securonix or the relevant Securonix Affiliate shall:
4.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement;
4.4.2 ensure that the arrangement between on the one hand (a) Securonix, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
4.4.3 if that arrangement involves a data transfer in accordance with Section 11 below, ensure that the appropriate standard contractual clauses are at all relevant times incorporated into the agreement between on the one hand (a) Securonix, (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual with the Company; and
4.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not rel...
Subprocessing. The Controller authorizes the Processor to make use of other processors in accordance with the following subsections in Sect. 9 of this Agreement. This authorization shall constitute a general written authorization within the meaning of Art. 28 (2)
Subprocessing. (a) Processors may subcontract its obligations under this DPA in compliance with the requirements as set forth herein to Processors’ affiliated companies and/or third parties (“Subprocessors”). A list of the Subprocessors engaged with Processors as of the Effective Date of the Agreement is set forth in the respective Services Description and Customer herewith agrees to the engagement of such Subprocessors.
(b) During the Term, Processors will provide at least four (4) weeks prior notice (“Subprocessor Change Notification”) to the Customer before authorizing any new Subprocessor (“Subprocessor Change Effective Date”). If Customer disapproves of the engagement of such new Subprocessor, Customer may terminate the Agreement with two (2) weeks written notice, including an explanation of the reasonable grounds for disapproval of the Subprocessor, to the Subprocessor Change Effective Date. If the Customer does not object to the Subprocessor Change Notification in accordance with the foregoing, this shall be deemed as the Customer’s acceptance of the new Subprocessor. Processors remain responsible for any Subprocessors’ compliance with the obligations of this DPA.
(c) In case a Subprocessor is located outside the EU/EEA in a country that is not recognized as providing an adequate level of data protection, the Processor will (i) enter into a data processing agreement based on EU Model Clauses (Processor to Processor), or (ii) provide the Controller with information on the Subprocessor's certification under the Privacy Shield program and re-confirms that the Subprocessor's certification under the Privacy Shield Program is still valid upon Controller`s request, or (iii) provide the Controller, upon Controller`s request, with other information and relevant documentation on the mechanism for international data transfer pursuant to Art. 46 GDPR that is used to lawfully disclose the Controller's personal data to the Subprocessor.
Subprocessing. 5.1. Customer authorises Supplier to appoint Subprocessors in accordance with this Paragraph 5.
5.2. Supplier may continue to use those Subprocessors already engaged by Supplier as at the date of this Data Processing Addendum as listed in the Annex 3 to this Data Processing Addendum, subject to Supplier meeting within a reasonable timeframe (or having already met) the obligations set out in Paragraph 5.3.
5.3. Supplier shall give Customer prior written notice of the appointment of any proposed Subprocessor, including reasonable details of the Processing to be undertaken by the Subprocessor. If, within fourteen (14) days of receipt of that notice, Customer notifies Supplier in writing of any objections (on reasonable grounds) to the proposed appointment, Supplier shall use reasonable efforts to make available a commercially reasonable change in the provision of the Services, which avoids the use of that proposed Subprocessor. If such a change cannot be made within fourteen (14) days from Supplier receipt of Customer’s notice, no commercially reasonable change is available, and/or Customer declines to bear the cost of the proposed change, either party may by written notice to the other party with immediate effect terminate the Agreement either in whole or to the extent that it relates to the Services which require the use of the proposed Subprocessor.
5.4. With respect to each Subprocessor, Supplier shall ensure that the arrangement between Supplier and the Subprocessor is governed by a written contract including terms which offer at least an equivalent level of protection for Customer Personal Data as those set out in this Data Processing Addendum.
Subprocessing. 6.1 Customer generally authorizes UKG to appoint Subprocessors in accordance with this Section 6, including without limitation those Subprocessors provided herein and any new Subprocessors. Subprocessors used for UKG Other Products and Services may be listed under each applicable Statement of Work or Order Form or in an addendum to this DPA.
6.2 UKG will provide Customer with a mechanism to obtain notification of the appointment of any new Subprocessor, including material details of the Processing to be undertaken by the Subprocessor at least thirty (30) days before said Subprocessor carries out Processing activities on Customer Personal Data on behalf of Customer. Customer may object, on reasonable data protection grounds, to any new Subprocessor by providing notice of an objection to UKG within ten (10) days of Customer's receipt of notification of the addition of the new Subprocessor by UKG. In the event UKG, in its sole discretion, is unable to forego the utilization of a new Subprocessor that has been objected to for the Processing of Customer Personal Data or is otherwise unable to reasonably address the Customer's objection within thirty (30) days of UKG's receipt of such objection from Customer, the Customer may terminate the impacted services upon written notice to UKG. This termination right is Customer’s sole and exclusive remedy if Customer objects to any new Subprocessor.
6.3 With respect to each Subprocessor, UKG will:
6.3.1 verify that the arrangement between UKG and the Subprocessor is governed by a written contract including terms which offer at least equivalent level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR; and
6.3.2 if that arrangement involves a Restricted Transfer, confirm that the Standard Contractual Clauses, or other legally valid Cross-Border Transfer Mechanism, are at all relevant times incorporated into the relevant agreement(s) between UKG and the Subprocessor.
