Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement. 6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4. 6.3 JourneyApps shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken. 6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall: 6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement; 6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR; 6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time. 6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 3 contracts
Samples: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum
Subprocessing. 6.1 Each Customer Group Member 5.1 The Controller authorises JourneyApps and each JourneyApps Affiliate the Processor to appoint (and permit each Subprocessor appointed in accordance with this section 6 clause 5 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreementclause 5.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 The Controller may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate them as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case the Processor as soon as practicable meeting the obligations set out in section 6.4clause 5.4. At the date of this DPA, the Processor uses the Subprocessors listed in Schedule 4 to provide the Services.
6.3 JourneyApps 5.3 The Processor shall give Customer provide prior written notice of the appointment of any new Subprocessor, who may process the Personal Data, including full details of the Processing to be undertaken by the Subprocessor. Such notice may be given by the Processor from time to time, publishing the names of Subprocessors which it uses to process Personal Data, on the Processor’s website (and the Controller will be deemed to have been notified of the same at that time). If, within sixty (60) days 5 Business Days of receipt of that notice, Customer or date of publication on the Processor’s website, the Controller notifies JourneyApps the Processor in writing of any objections objection (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed then the Processor cannot make the appointment of the Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of raised. However if the steps takenobjections cannot be addressed then the Processor (or its related entity) may terminate the Principal Agreement if the failure to appoint the Subprocessor will inhibit or cause an unreasonable cost for the Processor (or its related entity) in providing the Services.
6.4 5.4 With respect to each SubprocessorSubprocessor appointed by the Processor, JourneyApps or the relevant JourneyApps Affiliate Processor shall:
6.4.1 (a) before the Subprocessor first Processes Customer any Personal Data (or, or where relevant, in accordance with section 6.2clause 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer the Personal Data required by this DPA and for the Principal Agreementdue provision of the Services;
6.4.2 (b) take reasonable steps to ensure that the arrangement between on with the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, Subprocessor is governed by a written contract agreement including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA and which meet the requirements of article articles 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.28
Appears in 3 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Subprocessing. 6.1 Each 5.1 Customer Group Member authorises JourneyApps and each JourneyApps Affiliate SentinelOne to appoint (and permit each Subprocessor appointed in accordance with this section 6 5 to appoint) Subprocessors in accordance with this section 6 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue . SentinelOne shall make available to use those Customer the current list of Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate that are processing Customer Personal Data, attached as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps Annex 3. SentinelOne shall give provide Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty thirty (6030) days of receipt of that notice, Customer notifies JourneyApps SentinelOne in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall appoint (or disclose any work with Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken in good faith to address Customer’s objections regarding the objections raised new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by any Customer Group Member and Customer has been provided providing SentinelOne with a reasonable written explanation notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the steps takenthese Terms.
6.4 5.2 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate SentinelOne shall:
6.4.1 5.2.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2)Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 5.2.2 ensure that the arrangement between on the one hand (a) JourneyAppsSentinelOne, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA Addendum and meet the requirements of article Article 28(3) of the GDPR;
6.4.3 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand
(a) JourneyAppsSentinelOne, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); Customer. and
6.4.4 5.2.4 provide to Customer for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.3 SentinelOne shall ensure that each Subprocessor performs the its obligations under sections 3.12.1, 3, 4, 56.1, 7.17.2, 8.2, 9 8 and 11.110.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsSentinelOne.
Appears in 3 contracts
Samples: Data Protection Addendum, Data Protection Addendum, Data Protection Addendum
Subprocessing. 6.1 Each 5.1 Customer Group Member authorises JourneyApps and each JourneyApps Affiliate SentinelOne to appoint (and permit each Subprocessor appointed in accordance with this section 6 5 to appoint) Subprocessors in accordance with this section 6 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue . SentinelOne shall make available to use those Customer the current list of Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate that are processing Customer Personal Data, attached as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps Annex 3. SentinelOne shall give provide Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty thirty (6030) days of receipt of that notice, Customer notifies JourneyApps SentinelOne in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall appoint (or disclose any work with Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken in good faith to address Customer’s objections regarding the objections raised new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by any Customer Group Member and Customer has been provided providing SentinelOne with a reasonable written explanation notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the steps takenAgreement.
6.4 5.2 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate SentinelOne shall:
6.4.1 5.2.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2)Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 5.2.2 ensure that the arrangement between on the one hand (a) JourneyAppsSentinelOne, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA Addendum and meet the requirements of article Article 28(3) of the GDPR;
6.4.3 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand
(a) JourneyAppsSentinelOne, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); Customer. and
6.4.4 5.2.4 provide to Customer for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.3 SentinelOne shall ensure that each Subprocessor performs the its obligations under sections 3.12.1, 3, 4, 56.1, 7.17.2, 8.2, 9 8 and 11.110.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsSentinelOne.
Appears in 3 contracts
Samples: Data Protection Addendum, Data Protection Addendum, Data Protection Addendum
Subprocessing. 6.1 1. Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 5 to appoint) Subprocessors in accordance with this section 6 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps 2. Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.45.4.
6.3 JourneyApps 3. Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 30 days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps : Neither Vendor nor any JourneyApps Vendor Affiliate shall appoint (or disclose any Customer Company Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Company Group Member and Customer Company has been provided with a reasonable written explanation of the steps taken.
6.4 4. With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:
6.4.1 1. before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 2. ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 3. if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 4. provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps 5. Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1obligations, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 2 contracts
Samples: Terms of Use, Data Processing Agreement
Subprocessing. 6.1 Each Customer Subscriber Group Member authorises JourneyApps eMudhra and each JourneyApps eMudhra Affiliate to appoint (,and permit each Subprocessor appointed in accordance with this section 6 to appoint) , Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps eMudhra and each JourneyApps eMudhra Affiliate may continue to use those Subprocessors already engaged by JourneyApps eMudhra or any JourneyApps eMudhra Affiliate as at the date of this DPAAddendum, subject to JourneyApps eMudhra and each JourneyApps eMudhra Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps eMudhra shall give Customer prior Subscriber written notice or make publicly available on its website of the appointment of any new SubprocessorSubprocessor that will process Subscriber’s data, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 7 days of receipt of that notice, Customer Subscriber notifies JourneyApps eMudhra in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps : Neither eMudhra nor any JourneyApps eMudhra Affiliate shall appoint (or disclose any Customer Subscriber Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Subscriber Group Member and Customer Subscriber has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps eMudhra or the relevant JourneyApps eMudhra Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Subscriber Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Subscriber Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppseMudhra, or (b) the relevant JourneyApps eMudhra Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Subscriber Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppseMudhra, or (b) the relevant JourneyApps eMudhra Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.or
Appears in 2 contracts
Subprocessing. 6.1 Each 4.1 Customer Group Member authorises JourneyApps specifically authorizes SentinelOne to engage as Subprocessors those entities listed as of the effective date of this DPA at the URL specified in Section 4.2. In addition, and each JourneyApps Affiliate without prejudice to appoint Section 4.4, Customer generally authorizes the engagement as Subprocessors of any other third parties (“New Subprocessors”).
4.2 Information about Subprocessors, including their functions and permit each Subprocessor appointed locations, is available at: xxx.xxxxxxxxxxx.xxx/xxxxx/xxxxxxxxxxx-xxx-xxxxxxxxxx (as may be updated by SentinelOne from time to time in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal AgreementDPA).
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already 4.3 When any New Subprocessor is engaged by JourneyApps or any JourneyApps Affiliate as while this DPA is in effect, SentinelOne shall provide Customer at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer least thirty days’ prior written notice of the appointment engagement of any new New Subprocessor, including full details of the Processing processing to be undertaken by the New Subprocessor. If, within sixty (60) thirty days of receipt of that notice, Customer notifies JourneyApps SentinelOne in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate and further provides commercially reasonable justifications to such objections based on that New Subprocessor’s inability to adequately safeguard Customer Data, then (i) SentinelOne shall appoint (or disclose any work with Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken in good faith to address Customer’s objections regarding the objections raised New Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty days from SentinelOne’s receipt of Customer’s notice, notwithstanding anything in the Agreement, Customer may, by any Customer Group Member and Customer has been provided providing SentinelOne with a reasonable written explanation notice with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid fees for the Solutions attributable to the subscription term (as outlined in the applicable Purchase Order under the Agreement) following the termination of the steps takenAgreement.
6.4 4.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate SentinelOne shall:
6.4.1 4.4.1. before the Subprocessor first Processes processes Customer Personal Data (or, where relevant, in accordance with section 6.2)Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing performing the level of protection for Customer Personal Data required by obligations subcontracted to it in accordance with the Principal AgreementAgreement (including this DPA);
6.4.2 4.4.2. ensure that the arrangement between on processing of Customer Data by the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same level no less protective of protection for Customer Personal Data as than those set out in this DPA and meet and, if the requirements processing of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted TransferCustomer Personal Data is subject to European Data Protection Laws, ensure that the Standard Contractual Clauses data protection obligations in this DPA are at all relevant times incorporated into the agreement between imposed on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer 4.4.3. remain fully liable for review such copies of all obligations subcontracted to, and all acts and omissions of, the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timeSubprocessor.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 2 contracts
Samples: Master Subscription Agreement, Data Protection Addendum
Subprocessing. 6.1 Each 5.1 To the extent required under Applicable Laws, Customer Group Member authorises JourneyApps and each JourneyApps Affiliate authorizes CrowdStrike to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 CrowdStrike may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at of the date of this DPADPA specified in Exhibit E, subject to JourneyApps and each JourneyApps Affiliate CrowdStrike in each case as soon as practicable meeting the obligations set out in section 6.45.5.
6.3 JourneyApps 5.3 Customer agrees to CrowdStrike maintaining and updating its list of Subprocessors online, for the Falcon Platform and Humio as outlined in Exhibit E.
5.4 CrowdStrike shall give provide notice of a proposed new Subprocessor to the Customer, at least 30 days prior to CrowdStrike’s use of the new Subprocessor to Process Customer prior Personal Data, through the applicable CrowdStrike Offering or platform, where Customer may elect to subscribe to such notices. Customers may sign up for email Subprocessor notifications at xxxxx://xxx.xxxxxxxxxxx.xxx/subprocessor-notification/. During the notice period, Customer may object to a change in Subprocessor in writing and CrowdStrike may, in its sole discretion, attempt to resolve Customer’s objection, including providing the Offerings without use of the proposed Subprocessor. If (a) CrowdStrike provides Customer written notice that it will not pursue an alternative, or (b) such an alternative cannot be made available by CrowdStrike to Customer within 90 days of Customer providing notice of its objection, then in either case, and notwithstanding anything to the contrary in the Agreement or order, Customer may terminate the Agreement or order to the extent that it relates to the Offerings which require the use of the appointment of any new proposed Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 5.5 With respect to each Subprocessor, JourneyApps or to the relevant JourneyApps Affiliate extent required under Applicable Laws, CrowdStrike shall:
6.4.1 before 5.5.1 Before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by Applicable Laws, this DPA and the Principal Agreement;
6.4.2 ensure 5.5.2 Ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; CrowdStrike and on the other hand the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least offers substantially the same level of protection for Customer Personal Data as those set out in required by this DPA and meet Applicable Laws, including Customer’s ability to protect the requirements rights of article 28(3) of Data Subjects in the GDPRevent CrowdStrike is insolvent, liquidated or otherwise ceases to exist;
6.4.3 if that arrangement 5.5.3 Apply an adequacy mechanism recognized by Customer’s Supervisory Authority as ensuring an adequate level of data protection under Applicable Laws where Subprocessor’s Processing of Customer Personal Data involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and;
6.4.4 provide to Customer for review such 5.5.4 Maintain copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.. To the extent necessary to protect Confidential Information, CrowdStrike may redact the copies prior to sharing with Customer; and
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the 5.5.5 Notify Customer of Subprocessor’s relevant failure to comply with obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried set out by that Subprocessor, as if it were party to Applicable Laws and this DPA in place where CrowdStrike has received notice of JourneyAppssuch.
Appears in 2 contracts
Samples: Data Protection Agreement, Data Protection Agreement
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate 4.1 You authorise us to appoint (and permit each Subprocessor appointed in accordance with this section 6 4 to appoint) Subprocessors in accordance with this section 6 4 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 4.2 We may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate us as at the date of this DPAAddendum, subject to JourneyApps and each JourneyApps Affiliate us, in each case as soon as practicable practicable, meeting the obligations set out in section 6.44.4.
6.3 JourneyApps 4.3 We shall give Customer you prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 30 calendar days of receipt of that notice, Customer notifies JourneyApps you notify us in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate we shall not appoint (or disclose any Customer of your Personal Data to) that proposed Subprocessor until it has taken reasonable steps have been taken to address the objections raised by any Customer Group Member you and Customer has been provided you with a reasonable written explanation of the steps taken.
6.4 4.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate we shall:
6.4.1 4.4.1 before the Subprocessor first Processes Customer your Personal Data (or, where relevant, in accordance with section 6.24.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer your Personal Data required by the Principal Agreement;
6.4.2 4.4.2 ensure that the arrangement between on the one hand us (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; ) and on the other hand the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same level of protection for Customer your Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;Addendum; and
6.4.3 4.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand us (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; ) and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer your Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with you or we enter into the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contract Contractual Clauses co-operates with their population on your behalf and execution); and
6.4.4 provide you hereby authorise us to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timedo so.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 2 contracts
Subprocessing. 6.1 Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps : Neither Vendor nor any JourneyApps Vendor Affiliate shall appoint (or nor disclose any Customer Company Personal Data to) that the proposed Subprocessor until reasonable steps have been taken to address except with the objections raised by any Customer Group Member and Customer has been provided with a reasonable prior written explanation consent of the steps takenCompany.
6.4 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 6.4.3 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 2 contracts
Subprocessing. 6.1 6.1. Each Customer User Group Member authorises JourneyApps authorizes Company and each JourneyApps Company Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal AgreementDPA.
6.2 JourneyApps 6.2. Company and each JourneyApps Company Affiliate may continue to use those Subprocessors already engaged by JourneyApps Company or any JourneyApps Company Affiliate as at the date of this DPAAddendum, subject to JourneyApps Company and each JourneyApps Company Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps 6.3. Company shall give Customer User prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days [ ] of receipt of that notice, Customer User notifies JourneyApps Company in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.1. Company shall appoint (or disclose any Customer Personal Data to) work with User in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
6.3.2. where such a change cannot be made within 30 days from Company's receipt of User's notice, notwithstanding anything in the DPA, User may by written notice to address Company with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation DPA to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 6.4. With respect to each Subprocessor, JourneyApps Company or the relevant JourneyApps Company Affiliate shall:
6.4.1 6.4.1. before the Subprocessor first Processes Customer User Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer User Personal Data required by the Principal AgreementDPA;
6.4.2 6.4.2. ensure that the arrangement between on the one hand (a) JourneyAppsCompany, or (b) the relevant JourneyApps Company Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer User Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 6.4.3. if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsCompany, or (b) the relevant JourneyApps Company Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer User Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer User Group Member(s) (and Customer User shall procure that each Customer User Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 6.4.4. provide to Customer User for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer User may request from time to time.
6.5 JourneyApps 6.5. Company and each JourneyApps Company Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer User Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsCompany.
Appears in 2 contracts
Subprocessing. 6.1 5.1 Each Customer Company Group Member authorises JourneyApps and each JourneyApps Affiliate authorizes Vendor to appoint (and permit each Subprocessor appointed in accordance with this section 6 of this DPA to appoint) Subprocessors in accordance with this section 6 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 Vendor may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate Vendor as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate Vendor in each case as soon as practicable meeting the obligations set out in section 6.45.4.
6.3 JourneyApps 5.3 Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 14 Calendar days of receipt of that notice, Customer notifies JourneyApps Company notifies Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate : Vendor shall not appoint (or disclose any Customer Company Personal Data to) that the proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Company Group Member and Customer Company has been provided with a reasonable written explanation of the steps taken.
6.4 5.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate Vendor shall:
6.4.1 5.4.1 before the Subprocessor first first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 5.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, Vendor or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 5.4.3 upon request provide to Customer Company for review such copies of the Contracted Processors’ Processors agreements with Subprocessors (which may be redacted to remove confidential confidential commercial information not relevant to the requirements of this DPA) as Customer Company may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.5 Vendor shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, this DPA as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyAppsVendor.
Appears in 2 contracts
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate 5.1. Vendor shall not engage any Subprocessor or disclose any Company Personal Data to appoint any third party without Company’s prior specific written authorization. Vendor shall submit the request for specific authorization to Company (and permit each by email to xxxxxxxxxxx@xxxxxxxxxxxxxx.xxx) at least one month in advance of its engagement of a new Subprocessor. The request to engage a new Subprocessor appointed in accordance with this section 6 to appointshould include (i) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice identity of the appointment of any new Subprocessor, including full details (ii) the location in which the Subprocessor would Process Company Personal Data, (iii) a description of the relevant Processing operations to be undertaken carried out by the Subprocessor. If, within sixty and (60iv) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised other information reasonably requested by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps takenCompany.
6.4 With respect 5.2. To the extent that Company authorizes Vendor to engage a Subprocessor (“Authorized Subprocessor”):
(a) Vendor shall evaluate the security, privacy and confidentiality practices of each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Authorized Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure establish that the such Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreementthis DPA;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) Vendor shall ensure that each Authorized Subprocessor is bound by a written agreement that, at a minimum, binds Authorized Subprocessor to the relevant JourneyApps Affiliatesame data protection obligations as those applicable to Vendor under this DPA. Such agreement must also include a third-party beneficiary clause whereby, in the event Vendor factually disappears, ceases to exist in law or becomes insolvent, Company shall have the right to terminate Vendor’s agreement with Authorized Subprocessor and instruct Authorized Subprocessor to destroy or return Company Personal Data to Company. Vendor shall be responsible for ensuring Authorized Subprocessors comply with the obligations in such agreements and Data Protection Laws;
(c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer If Vendor transfers Company Personal Data as those to Authorized Subprocessor for Processing in a Third Country, Vendor shall utilize a transfer mechanism that complies with Data Protection Laws; and
(d) Vendor shall notify Company when its Authorized Subprocessor appoints a Subprocessor to Process Company Personal Data and comply with the requirements set out in this DPA and meet the requirements of article 28(3) Section 5 of the GDPR;DPA.
6.4.3 if that arrangement involves 5.3. Upon request, Vendor shall provide (i) a Restricted Transferlist of Subprocessors to Company, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand and (aii) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies a copy of the Contracted Processors’ agreements with Subprocessors (which and any subsequent amendments thereto. Vendor may be redacted to remove confidential commercial information not relevant redact such agreements to the requirements extent necessary to protect business secrets, other confidential information and Personal Data.
5.4. Vendor shall remain fully liable to Company for the performance of each Subprocessor’s obligations in accordance with this DPA) as Customer may request from time . Vendor shall notify Company of any failure by a Subprocessor to timefulfill its contractual obligations.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Subprocessing. 6.1 Each 5.1. Customer Group Member authorises JourneyApps and each JourneyApps Affiliate authorizes Zip to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreementsection.
6.2 JourneyApps 5.2. Information about Subprocessors, including their functions and each JourneyApps Affiliate locations, as of the Addendum Effective Date is set forth in Attachment 3 (as may continue be updated by Provider from time to use those time) or such other website address as Provider may provide to customer from time to time (the “Subprocessor Site”). Customer acknowledges and agrees that Zip may utilize the Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate listed in Attachment 3 and/or on the Subprocessor Site as at of the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4Addendum Effective Date.
6.3 JourneyApps 5.3. Zip shall give Customer prior written notice of the appointment of any proposed new SubprocessorSubprocessor after the Addendum Effective Date by updating the Subprocessor Site or other written means, including full reasonable details of the Processing to be undertaken by the Subprocessor. If Customer does not object to such change of Subprocessors within fourteen (14) days of receipt of that notice, Customer shall be deemed to have consented to such change. If, within sixty fourteen (6014) days of receipt of that notice, Customer notifies JourneyApps Zip in writing of any objections (on reasonable groundsgrounds relating to the protection of Customer Personal Data) to the proposed appointment: (a) Zip shall use reasonable efforts to make available a commercially reasonable change in the provision of the Services, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and (b) where such a change cannot be made and failing an amicable resolution between the parties (each acting reasonably and in good faith), Customer may by written notice to address Zip with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor as its sole and exclusive remedy.
6.4 5.4. With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by Zip shall enter into a written contract including terms which offer at least are substantially similar regarding the same level protection of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;Data Processing Addendum.
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are 5.5. Zip shall at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide remain liable to Customer for review such copies of the Contracted Processorsits Subprocessors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps acts and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing omissions in respect of Customer Personal Data carried out by that Subprocessor, as to the same extent Zip would be liable if it were party to performing such Processing directly under the terms of this DPA in place of JourneyAppsData Processing Addendum.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each (a) Customer Group Member authorises JourneyApps acknowledges and each JourneyApps Affiliate agrees that JazzHR may engage Subprocessors in connection with the provision of the Services. A list of approved Subprocessors as of the Effective Date of this Addendum is located at xxxxx://xxx.xxxxxx.xxx/subprocessor-list (the “Subprocessor List”). Customer may subscribe to appoint receive update alerts when changes are made to the Subprocessor List.
(and permit b) JazzHR will enter into a written agreement with each Subprocessor appointed containing data protection obligations, to the extent practicable, no less protective than those in accordance with this section 6 Addendum or as may otherwise be required by applicable Data Protection Laws and Regulations. JazzHR agrees to appoint) Subprocessors in accordance with this section 6 and any restrictions in be responsible for the Principal acts or omissions of each such Subprocessor to the same extent as JazzHR would be liable if performing the services of such Sub-processor under the terms of the Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already (c) JazzHR will inform Customer of any new Subprocessor engaged during the term of the Agreement by JourneyApps or any JourneyApps Affiliate as at updating the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Subprocessor List. If Customer prior written notice of reasonably believes that the appointment of any a new SubprocessorSubprocessor will have a material adverse effect on JazzHR’s ability to comply with applicable Data Protection Laws and Regulations as a Processor, including full details of the Processing to be undertaken by the Subprocessor. Ifthen Customer must notify JazzHR in writing, within sixty (60) 30 days following the update to the Subprocessor List, of its reasonable basis for such belief. Upon receipt of that Customer’s written notice, Customer notifies JourneyApps in writing of any objections (and JazzHR will work together without unreasonable delay on reasonable grounds) to the proposed appointmentan alternative arrangement. If a mutually-agreed alternative arrangement is not found, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been a termination right under applicable Data Protection Laws and Regulations, then those Services that cannot be provided with a reasonable written explanation without the use of the steps takennew Subprocessor may be terminated by Customer without penalty.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall(d) Notices and Consents:
6.4.1 before the Subprocessor first Processes (i) General: Customer Personal shall comply with all applicable Data (orProtection Laws and Regulations, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand including: (a) JourneyAppsproviding all required notices and appropriate disclosures to all Data Subjects regarding Customer’s, or and JazzHR’s, Processing and transfer of Personal Data; and (b) obtaining all necessary rights and valid consents from Data Subjects to permit Processing by JazzHR for the relevant JourneyApps Affiliatepurposes of fulfilling JazzHR’s obligations, or as otherwise permitted, under the Agreement.
(cii) Sensitive Data: Customer’s use of the relevant intermediate Subprocessor; Services in connection with the distribution of Customer Data and/or Processing of sensitive Customer Data of a Data Subject (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or an individual’s genetic data, biometric data, health data, or data regarding sex life or sexual orientation) must be in compliance with all applicable Data Protection Laws and on the other hand the SubprocessorRegulations, is governed by a written contract including terms which offer at least the same level of protection for Customer obtaining express consent from Data Subjects whose Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party is provided to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer JazzHR for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timeProcessing.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each 3.1 Customer Group Member authorises JourneyApps and each JourneyApps Affiliate GlobalSign to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 clause 3 and any restrictions in the Principal Original Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 3.2 To the extent that any Subprocessor appointed by GlobalSign processes Customer Personal Data then, GlobalSign will remain responsible to the Customer for the Subprocessor’s obligations under this DPA.
3.3 GlobalSign may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate GlobalSign as at the date of this DPADPA as identified in the Subprocessor list which can be accessed on GlobalSign’s Legal Repository webpage at xxxxx://xxx.xxxxxxxxxx.xxx/en/repository/GlobalSign- Subprocessors.pdf. For the avoidance of doubt, subject to JourneyApps and each JourneyApps Affiliate in each case Customer specifically authorises the engagement of GlobalSign Affiliates as soon as practicable meeting the obligations set out in section 6.4Subprocessors.
6.3 JourneyApps 3.4 GlobalSign shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the SubprocessorSubprocessor by updating the Subprocessor list which is available in the GlobalSign Legal Repository. If, within sixty ten (6010) days of receipt of that noticenotice via the mechanism set out in this clause 3.3, Customer notifies JourneyApps GlobalSign in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate appointment GlobalSign shall not appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken. If the objection cannot be resolved by the parties within thirty (30) days of receipt by GlobalSign of the objection, GlobalSign shall not be in breach of the Original Agreement to the extent that it cannot provide the Services or otherwise comply with its obligations as a result.
6.4 3.5 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate GlobalSign shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 3.5.1 ensure that the arrangement between on the one hand (a) JourneyAppsGlobalSign, or (b) the relevant JourneyApps GlobalSign Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA DPA, in particular in relation to requiring the Subprocessor to implement appropriate technical and organisational measures, and meet the requirements of article 28(3) of the GDPR;
6.4.3 3.5.2 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses appropriate safeguards as set out in clause 8.2 and clause 8.5 of this DPA are at all relevant times incorporated into the agreement in place between on the one hand (a) JourneyAppsGlobalSign, or (b) the relevant JourneyApps GlobalSign Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 3.5.3 provide to Customer for review such copies of the Contracted Processors’ GlobalSign or GlobalSign Affiliate’s agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 3.6 GlobalSign shall ensure that each Subprocessor performs the obligations under sections 3.1clauses 2.2, 46.1, 5, 7.1, 8.2, 9 and 11.17.2, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyAppsGlobalSign.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 7.1 Each Customer Company Group Member authorises JourneyApps and authorizes each JourneyApps Affiliate Ooyala Group Member to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 7.2 Ooyala Group Members may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate an Ooyala Group Member as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate the Ooyala Group Member in each case as soon as practicable meeting the obligations set out in section 6.47.4.
6.3 JourneyApps 7.3 Ooyala shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty thirty (6030) days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate then Ooyala shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and, where such a change cannot be made within ninety (90) days from Ooyala's receipt of Company's notice, notwithstanding anything in the Agreement, Company may by written notice to address Ooyala with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 7.4 With respect to each Subprocessor, JourneyApps Ooyala or the relevant JourneyApps Ooyala Affiliate shall:shall:
6.4.1 (a) before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2)Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 (b) ensure that the arrangement between on the one hand (a) JourneyAppsthe Ooyala Group Member, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.on
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps Neither Vendor nor any JourneyApps Vendor Affiliate shall appoint (or nor disclose any Customer Company Personal Data to) that the proposed Subprocessor until reasonable steps have been taken to address except with the objections raised by any Customer Group Member and Customer has been provided with a reasonable prior written explanation consent of the steps takenCompany.
6.4 6.1 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:
6.4.1 6.1.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 6.1.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms 12 As the GDPR imposes on Vendor a requirement to ensure that appropriate security measures are in place, and Vendor may not be in a position to assess what measures are appropriate to the Company Personal Data (since the data are collected and processed for the purposes of Company's and not Vendor's business), Vendor may seek protection against contracted security measures turning out not to be appropriate although they have been approved (and may even have been specifically selected) by Company. It may also be the case that specific security measures are identified in the Principal Agreement. The GDPR does not (or at least does not clearly) change the actual standard of security required. The Company as Controller may wish to elaborate on the approach taken here, for example by: • committing Vendor only to a specific, relatively basic, level of security, described (in generic terms) in an Annex, with Company taking responsibility for any higher level of security required by the GDPR except to the extent specifically agreed (including in the Principal Agreement); or • confirming that Company has assessed any security measures specifically agreed in the Principal Agreement and that the Company is responsible (as between the parties and to data subjects and supervisory authorities) if those measures, in themselves (but acknowledging that any pre-agreed description may only deal with specific aspects of the required security arrangements rather than describing a comprehensive solution), do not meet the GDPR standard of appropriateness. which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;GDPR;13
6.4.3 6.1.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); execution);14 and
6.4.4 6.1.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps 6.2 Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate PeopleFluent to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate PeopleFluent may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate PeopleFluent as at the date of this DPAExhibit, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable PeopleFluent meeting the obligations set out in section 6.46.5.
6.3 JourneyApps PeopleFluent shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 7 days of receipt of that notice, Customer notifies JourneyApps PeopleFluent in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.1 PeopleFluent shall appoint (or disclose any work with Customer Personal Data to) in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
6.3.2 where such a change cannot be made within 45 days from PeopleFluent's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may by written notice to address PeopleFluent with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation impacted services to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 On termination of the impacted services, pursuant to section 6.3.2, Customer shall be liable for any contracted fees or charges for the remainder of the term of the Agreement and any Order Forms thereunder.
6.5 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate PeopleFluent shall:
6.4.1 6.5.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 6.5.2 ensure that the arrangement between on the one hand (a) JourneyAppsPeopleFluent, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA Exhibit and meet the requirements of article Article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 6.5.3 provide to Customer for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAExhibit) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 6.6 PeopleFluent shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA Exhibit in place of JourneyAppsPeopleFluent.
Appears in 1 contract
Samples: Service Agreement
Subprocessing. 6.1 6.1. Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Service Agreement.
6.2 JourneyApps 6.2. Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps 6.3. Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 30 days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.1. Vendor shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
6.3.2. where such a change cannot be made within 30 days from Vendor's receipt of Company's notice, notwithstanding anything in the Service Agreement, Company may by written notice to address Vendor with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Service Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 6.4. With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:
6.4.1 6.4.1. before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Service Agreement;
6.4.2 6.4.2. ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 6.4.3. if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 6.4.4. provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps 6.5. Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing.
6.1 Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.6.4.
6.3 JourneyApps Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 30 days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.1 Vendor shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
6.3.2 where such a change cannot be made within 30 days from Vendor's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to address Vendor with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Principal Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:shall:
6.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); andand
6.4.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 5 business days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps : Neither Vendor nor any JourneyApps Vendor Affiliate shall appoint (or nor disclose any Customer Company Personal Data to) that the proposed Subprocessor until reasonable steps have been taken to address except with the objections raised by any Customer Group Member and Customer has been provided with a reasonable prior written explanation consent of the steps takenCompany.
6.4 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each Customer Group Member 11.1 The Controller authorises JourneyApps and each JourneyApps Affiliate the Processor to appoint (and permit permits each Subprocessor appointed in accordance with this section 6 clause 11 to appoint) Subprocessors strictly in accordance with this section 6 clause 11 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 11.2 The Processor may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate the Processor as at the date of this DPAAgreement, subject to JourneyApps and each JourneyApps Affiliate in each case the Processor as soon as practicable meeting the obligations set out in section 6.4clause 11.4.
6.3 JourneyApps 11.3 The Processor shall give Customer the Controller prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty seven (607) days of receipt of that notice, Customer the Controller notifies JourneyApps the Processor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate the Processor shall not appoint (or nor disclose any Customer Controller Personal Data to) that the proposed Subprocessor until reasonable steps have been taken to address except with the objections raised by any Customer Group Member and Customer has been provided with a reasonable prior written explanation consent of the steps takenController.
6.4 11.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate Processor shall:
6.4.1 11.4.1 before the Subprocessor first Processes Customer processes Controller Personal Data (or, where relevant, in accordance with section 6.2)Data, carry out adequate due diligence in accordance with Good Industry Practice to ensure that the Subprocessor is capable of providing the level of protection for Customer the Controller Personal Data required by the Principal Agreement;
6.4.2 11.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; Processor and on the other hand the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same level of protection for Customer the Controller Personal Data as those set out in this DPA Agreement and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 11.4.3 provide to Customer the Controller for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAgreement) as Customer the Controller may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 11.5 The Processor shall ensure that each Subprocessor performs the applicable obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1this Agreement, as they apply to Processing processing of Customer Controller Personal Data carried out by that Subprocessor, as if it were party to this DPA Agreement in place of JourneyAppsthe Processor.
11.6 The Processor shall be liable for any failure of the Subprocessor to comply with its obligations pursuant to clause 11.5, and shall fully indemnify and keep fully indemnified the Controller against any and all actions, costs, claims, demands, damages, expenses (including legal fees), liabilities, losses and proceedings in connection with any failure of the Subprocessor to comply with its obligations pursuant to clause 11.5.
Appears in 1 contract
Samples: Booking Agreement
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps 8.1. The Controller specifically authorizes and generally agrees with the Provider and each JourneyApps Provider Affiliate to appoint (appointing and permit each Subprocessor appointed in accordance with this section 6 to appoint) engaging Subprocessors in accordance with this section 6 8 and any restrictions in the Principal Agreement.
6.2 JourneyApps 8.2. The Provider and each JourneyApps Provider Affiliate may also continue to use those Subprocessors already engaged by JourneyApps the Provider or any JourneyApps Provider Affiliate as at the date of this DPAStart Date, subject to JourneyApps whereby the Provider and each JourneyApps Provider Affiliate shall be in each case and as soon as practicable meeting required to ensure that the obligations set out in this section 6.48. are met by such Subprocessors.
6.3 JourneyApps shall give Customer prior written notice 8.3. The list of the appointment of any new Subprocessor, including full details of regarding their location and Processing functions is available here and may be updated from time to time by the Provider.
8.4. Regarding the Processing to be undertaken by and subprocessing of Controller Personal Data, the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of Provider and any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Provider Affiliate shall only appoint (or disclose any Customer Personal Data to) that proposed and engage Subprocessor until reasonable steps have been taken to address through the objections raised by any Customer Group Member and Customer has been provided with conclusion of a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessordata processing agreement containing all necessary data protection obligations, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which shall offer at least the same level of data processing protection for Customer Personal Data as those set out that can be found in this DPA and meet DPA, to the requirements of article 28(3) extent applicable to the nature of the GDPR;Services provided by such Subprocessors.
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand 8.5. Ten (a10) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party business days prior to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data being carried out by that a newly appointed Subprocessor, the Provider shall add such newly engaged Subprocessor to the list of Subprocessors. The parties hereby agree that such method of notification is adequate with regards to the Controllers right to be notified prior to Subprocessor engagement.
8.6. Should the Controller or Controller Affiliate oppose the engagement and appointment of a new Subprocessor, he shall notify the Provider within ten (10) business days from the last day prior to the start of Processing as if it were party referred to in the previous point. After that, Processing by the Subprocessor shall be deemed as accepted by the Controller or Controller Affiliate.
8.7. Should the Controller or Controller Affiliate oppose the engagement and appointment of a new Subprocessor and notify the Provider regarding this DPA (even after the period from the previous point), all data processing by such newly appointed Subprocessor shall cease and the parties shall seek to find an applicable solution in place of JourneyAppsgood faith. If the parties cannot agree on an applicable solution regarding the objection in a reasonable timeframe, the Controller may terminate the Agreement.
8.8. The Provider may be held liable for all obligations subcontracted to the Subprocessors, including their acts and omissions.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each 5.1 Customer Group Member authorises JourneyApps acknowledges and each JourneyApps Affiliate agrees that Netlify may utilize the authorized Sub-processors set forth in Schedule 2.
5.2 Netlify shall by email inform the Customer of any changes concerning the addition or replacement of sub-processors, at least ten (10) business days prior to appoint such change(s), thereby giving the Customer the opportunity to object to such changes. Customer may object in writing to Netlify’s intended change concerning Netlify’s Sub-processors within five (5) business days of such notice.
5.3 If it is not possible for Netlify and permit each Subprocessor appointed in accordance with this section 6 Customer to appoint) Subprocessors in accordance with this section 6 and any restrictions resolve the issue within a reasonable time despite both parties’ good faith efforts, notwithstanding anything in the Principal Agreement, Customer may suspend or terminate the Principal Agreement to the extent that it relates to the Services which require the use of the proposed Sub-processor.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by 5.4 Netlify will enter into a written contract including agreement with each Sub-processor containing terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA DPA, imposing in particular that each Sub-processor provides sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the Processing will meet the requirements of article 28(3the GDPR.
5.5 Netlify shall remain fully liable to Customer for the performance of its Sub-processor's obligations to the same extent Netlify would be liable if performing the Services directly under the terms of this DPA.
5.6 If Customer and Netlify have entered into Standard Contractual Clauses as described in Section 11 (Transfer mechanisms for data transfers), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Netlify of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Sub-processors that must be provided by Netlify to Customer pursuant to Clause 5(j) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsmay have commercial information, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating information unrelated to the Standard Contractual Clauses with the relevant Customer Group Member(s) (or their equivalent, removed by Netlify beforehand, and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of will be provided by the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may Netlify only upon request from time to timeby Customer.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer If Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps : Neither Vendor nor any JourneyApps Vendor Affiliate shall appoint (or nor disclose any Customer Company Personal Data to) that the proposed Subprocessor until reasonable steps have been taken to address except with the objections raised by any Customer Group Member and Customer has been provided with a reasonable prior written explanation consent of the steps takenCompany.
6.4 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing can provide the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 6.1. Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Affiliate Vendor A liate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps 6.2. Vendor and each JourneyApps Affiliate Vendor A liate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Affiliate Vendor A liate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Affiliate Vendor A liate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps 6.3. Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days one month of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.1. [Vendor shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
6.3.2. where such a change cannot be made within 3 months from Vendor's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to address Vendor with immediate e ect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Principal Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.]
6.4 6.4. With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Affiliate Vendor A liate shall:
6.4.1 6.4.1. before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 6.4.2. ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps AffiliateVendor A liate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer o er at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 6.4.3. if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps AffiliateVendor A liate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Affiliate Company A liate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 6.4.4. provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps 6.5. Vendor and each JourneyApps Affiliate Vendor A liate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate 5.1 Master Distributor authorizes TTI Success Insights to appoint (and permit each Subprocessor appointed in accordance with this section 6 5 to appoint) Subprocessors in accordance with this section 6 5 and any restrictions in the Principal Master Distributor Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 TTI Success Insights may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate TTI Success Insights as at the date of this DPAAddendum, subject to JourneyApps and each JourneyApps Affiliate in each case TTI Success Insights as soon as practicable meeting the obligations set out in section 6.45.4.
6.3 JourneyApps 5.3 TTI Success Insights shall give Customer Master Distributor prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) ten business days of receipt of that notice, Customer Master Distributor notifies JourneyApps TTI Success Insights in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
5.3.1 TTI Success Insights shall appoint (or disclose any Customer Personal Data to) work with Master Distributor in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
5.3.2 where such a change cannot be made within ten business days from TTI Success Insights’ receipt of Master Distributor’s notice, notwithstanding anything in the Master Distributor Agreement, Master Distributor may by written notice to address TTI Success Insights with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Master Distributor Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 5.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate TTI Success Insights shall:
6.4.1 5.4.1 before the Subprocessor first Processes Customer Master Distributor Personal Data (or, where relevant, in accordance with section 6.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Master Distributor Personal Data required by the Principal Master Distributor Agreement;
6.4.2 5.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, TTI Success Insights or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Master Distributor Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 5.4.3 if that arrangement involves a Restricted TransferTransfer and to the extent no other means allows for the transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand
(a) JourneyApps, TTI Success Insights or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Master Distributor Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution)Master Distributor Agreement; and
6.4.4 5.4.4 provide to Customer Master Distributor for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Master Distributor may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.5 TTI Success Insights shall ensure that each Subprocessor performs the obligations under sections 3.12.1, 3, 4, 56.1, 7.17.2, 8.28, 9 and 11.110.1, as they apply to Processing of Customer Master Distributor Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsTTI Success Insights.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps 4.1 Subprocessing for the purpose of this Agreement is to be understood as meaning processing which relates directly to the Services provided to you. This does not include ancillary services commissioned by us, such as telecommunication services, postal / transport services, cleaning or guarding services. IT services shall constitute a Subprocessing relationship if they are provided for IT systems which are used for the delivery of the Services you have purchased from us. We shall, however, be obliged to make appropriate and each JourneyApps Affiliate legally binding contractual arrangements including technical and organizational measures and take appropriate inspection measures to appoint (ensure the data protection and permit each Subprocessor appointed the data security of your data, even in the case of outsourced ancillary services.
4.2 In accordance with the provisions of this section 6 Agreement, you acknowledge and agree that Xxxxxx, or the third parties engaged to appointprovide the Services provided here: xxxxx://xxxxxx.xxxxxx.xxx/asset_ mgr/current/202114/Subprocessor%20List_LOr3.pdf (which are hereby designated as subprocessors for the purpose of processing Customer Data) Subprocessors may store or process Customer Data in accordance with this section 6 and any restrictions locations outside the country in which you are located on servers based in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of United States provided that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or we shall publish notification of any changes to the subprocessors processing Customer Data on our website thirty (30) days prior to any changes to the subprocessors processing Customer Data and give you an opportunity to review such changes and raise reasonable objection to such changes; and (b) the relevant JourneyApps Affiliate, subprocessors processing Customer Data are subject to the same data protection obligations or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out are contained in this DPA and meet Agreement in accordance with Article 28 paragraphs 2-4 GDPR. Customer agrees to raise any reasonable objections in writing within ten (10) calendar days of such notification. In the requirements event you reasonably object to the addition of article 28(3) of a Subprocessor for reasons related to the GDPR;
6.4.3 if that arrangement involves , as permitted in the preceding sentences, and the Parties do not find a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant solution in good faith to the requirements issue in question, then either Party may terminate this Agreement and we will provide a pro-rated refund for any prepaid but unused fees. You confirm that Section 4.2 constitutes general written authorization for the purposes of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate GDPR. We shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing remain liable for any processing of Customer Personal Data carried out by subprocessors engaged under the Agreement. Upon your request, we will tell you where Customer Data is located. Notwithstanding anything to the contrary in this Section, if we and you have agreed that SubprocessorCustomer Data will be stored in any particular location, as if it were party to this DPA we will store such Customer Data in place of JourneyAppsthe agreed location.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each 5.1 The Subprocessors currently engaged by Docmosis and authorized by Customer Group Member are listed in Annex 3. The Customer generally authorises JourneyApps and each JourneyApps Affiliate Docmosis to appoint (and permit each Subprocessor appointed in accordance with this section 6 5 to appoint) Subprocessors in accordance with this section 6 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 Docmosis may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate Docmosis as at the date of this DPAAddendum, subject to JourneyApps and each JourneyApps Affiliate Docmosis in each case as soon as practicable meeting the obligations set out in section 6.45.4.
6.3 JourneyApps 5.3 Docmosis shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 30 days of receipt of that notice, Customer notifies JourneyApps Docmosis in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any appointment Customer Personal Data to) may by written notice to Docmosis with immediate effect terminate the Agreement to the extent that proposed Subprocessor until reasonable steps have been taken it relates to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Services which require the use of the steps takenproposed Subprocessor. This termination right is Customer’s sole and exclusive remedy if Customer objects to any new Third Party Subprocessor.
6.4 5.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate Docmosis shall:
6.4.1 5.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 5.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsDocmosis, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 5.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsDocmosis, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution)Customer; and
6.4.4 5.4.4 provide to Customer for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.5 Docmosis shall ensure that each Subprocessor performs the obligations under sections 3.12.1, 3, 4, 56.1, 7.17.2, 8.2, 9 8 and 11.110.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsDocmosis.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing.
6.1 Each Customer Tata Communications Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section Section 6 to appoint) Subprocessors in accordance with this section Section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.Section 6.4.
6.3 JourneyApps Vendor shall give Customer Tata Communications prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty ten (6010) business days of receipt of that notice, Customer Tata Communications notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.1 Vendor shall appoint (or disclose any Customer Personal Data to) work with Tata Communications in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
6.3.2 where such a change cannot be made within ten (10) business days from Vendor's receipt of Tata Communications' notice, notwithstanding anything in the Principal Agreement, Tata Communications may by written notice to address Vendor with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Principal Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:shall:
6.4.1 before the Subprocessor first Processes Customer Tata Communications Personal Data (or, where relevant, in accordance with section Section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Tata Communications Personal Data required by this Addendum and the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Tata Communications Personal Data as those set out in this DPA Addendum and meet the requirements of article Article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Tata Communications Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Tata Communications Group Member(s) (and Customer Tata Communications shall procure that each Customer Tata Communications Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); andand
6.4.4 provide to Customer Tata Communications for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Tata Communications may request from time to time.
6.5 JourneyApps Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Tata Communications Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps Lineup and each JourneyApps Lineup Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Lineup and each JourneyApps Lineup Affiliate may continue to use those Subprocessors already engaged by JourneyApps Lineup or any JourneyApps Lineup Affiliate as at the date of this DPAthese Data Processing Terms, subject to JourneyApps Lineup and each JourneyApps Lineup Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps Lineup shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 30 days of receipt of that notice, Customer notifies JourneyApps Lineup in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.1 Lineup shall appoint (or disclose any work with Customer Personal Data to) in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
6.3.2 where such a change cannot be made within 180 days from Lineup's receipt of Customer's notice, notwithstanding anything in the Principal Agreement, Customer may by written notice to address Lineup with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Principal Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 With respect to each Subprocessor, JourneyApps Lineup or the relevant JourneyApps Lineup Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsLineup, or (b) the relevant JourneyApps Lineup Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA these Data Processing Terms and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsLineup, or (b) the relevant JourneyApps Lineup Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAthese Data Processing Terms) as Customer may request from time to time.
6.5 JourneyApps Lineup and each JourneyApps Lineup Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA these Data Processing Terms in place of JourneyAppsLineup.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps authorizes Supplier and each JourneyApps Supplier Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 Section 4 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Agreement and this Addendum. Supplier and each JourneyApps Supplier Affiliate may continue to use those Subprocessors already engaged by JourneyApps Supplier or any JourneyApps Supplier Affiliate as at the date of this DPAAddendum, subject to JourneyApps Supplier and each JourneyApps Supplier Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps this Section and Supplier providing a list of any such Subprocessors prior to the performance of Services. Supplier shall give Customer Us prior written notice of the appointment of any new Subprocessor, including full details of the location and Processing to be undertaken by the Subprocessor prior to or concurrent with the appointment of such Subprocessor. If, within sixty 30 (60thirty) calendar days of receipt of that notice, Customer notifies JourneyApps We notify Supplier in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (then: ● Supplier will cancel its plan to use the Subprocessor for the processing of Cloud Software Group Personal Information and will offer an alternative to provide the Services without such Subprocessor; ● Supplier will take the corrective steps requested by Us in its objection(s) and proceed to use the Subprocessor to process Cloud Software Group Personal Information; or disclose any Customer ● We may choose not to use the Services that would involve the use of such Subprocessor with regard to Personal Data to) that proposed Subprocessor until reasonable steps have been taken Information, subject to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation adjustment of the steps taken.
6.4 remuneration for the Services considering the reduced scope of the Services. If none of the above options are reasonably available and all of Our objections have not been resolved to the mutual satisfaction of the Parties within 30 (thirty) calendar days of the Supplier's receipt of Our objection, either Party may terminate the applicable SOW or Order Form in accordance with the termination rights in the Principal Agreement. With respect to each Subprocessor, JourneyApps Supplier or the relevant JourneyApps Supplier Affiliate shall:
6.4.1 : ● before the Subprocessor first Processes Customer begins Processing Personal Data (or, where relevant, in accordance with section 6.2)Information, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data Information required by the Principal Agreement;
6.4.2 this Addendum; ● ensure that the arrangement between on the one hand (a) JourneyAppsSupplier or the relevant Supplier Affiliate, or and (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data Information as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate SubprocessorAddendum; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 ● provide to Customer Us for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer We may request from time to time.
6.5 JourneyApps . Supplier and each JourneyApps Supplier Affiliate shall ensure that be responsible for each Subprocessor performs such Subprocessor’s performance of its obligations and compliance with the obligations under sections 3.1terms of the Principal Agreement, 4, 5, 7.1, 8.2, 9 this Addendum and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyAppsApplicable Law.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each 11.1 Customer Group Member authorises JourneyApps and each JourneyApps Affiliate authorizes 5thPort to appoint (and permit each Subprocessor appointed in accordance with this section 6 11 to appoint) Subprocessors in accordance with this section 6 11 and any restrictions in the Principal AgreementSA.
6.2 JourneyApps and each JourneyApps Affiliate 11.2 5thPort may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate 5thPort as at of the date of this DPAAddendum, subject to JourneyApps and each JourneyApps Affiliate in each case 5thPort as soon as practicable meeting the obligations set out in section 6.411.4.
6.3 JourneyApps 11.3 5thPort shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty fourteen (6014) days of receipt of that notice, Customer notifies JourneyApps 5thPort in writing of any objections (on reasonable grounds) grounds to the proposed appointment), neither JourneyApps nor any JourneyApps Affiliate 5thPort shall not appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member Customer, and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 11.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate 5thPort shall:
6.4.1 11.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.211.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal AgreementSA;
6.4.2 11.4.2 ensure that the arrangement between between, on the one hand 5thPort (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant an intermediate Subprocessor; and ) and, on the other hand hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA Addendum and meet the requirements of article Article 28(3) of the GDPR;
6.4.3 11.4.3 if that arrangement involves a Restricted Transfertransfer of Customer Personal Data, ensure that the Standard Contractual Clauses Subprocessor take all such measures as are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal reasonably required to ensure such transfer is in compliance with any applicable Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution)Protection Laws; and
6.4.4 11.4.4 provide to Customer for review such copies of the Contracted Processors’ 5thPort’s agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 11.5 5thPort shall ensure that each Subprocessor performs the its obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that SubprocessorData, as if it the Subprocessor were party to this DPA Addendum in place of JourneyApps5thPort.
Appears in 1 contract
Samples: Service Agreement
Subprocessing. 6.1 Each 6.1. Customer Group Member authorises JourneyApps authorizes Dubsado and each JourneyApps Dubsado Affiliate to appoint (and permit each Subprocessor Sub- processor appointed in accordance with this section 6 to appoint) Subprocessors Sub-processors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps 6.2. Dubsado and each JourneyApps Dubsado Affiliate may continue to use those Subprocessors Sub-processors already engaged by JourneyApps Dubsado or any JourneyApps Dubsado Affiliate as at the date of this DPAAddendum, subject to JourneyApps Dubsado and each JourneyApps Dubsado Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give 6.3. A list of Sub-Processors associated with Dubsado can be located here: https:// xxx.xxxxxxx.xxx/xxxxxxx-xxxxxxx-xxxxxx
6.3.1. Dubsado will promptly inform Customer prior written notice of the appointment of any new Subprocessordetails regarding the changing of Sub-processors; and
6.3.2. if upon receiving that notice and within a reasonable time, including full details Customer informs Dubsado of any objections to sub-processing:
6.3.2.1. Dubsado to the Processing best of their ability, will make reasonable changes to avoid the use of personal data with said Sub-processor; and
6.3.2.2. If a change cannot be undertaken by the Subprocessor. If, within sixty (60) days made in a reasonable amount of receipt of that time after receiving customer notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to may terminate the proposed appointmentPrincipal Agreement, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps takennotice.
6.4 6.4. With respect to each SubprocessorSub-processor, JourneyApps Dubsado or the relevant JourneyApps Dubsado Affiliate shall:
6.4.1 6.4.1. before the Subprocessor Sub-processor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor Sub-processor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 6.4.2. ensure that the arrangement between on the one hand (a) JourneyAppsDubsado, or (b) the relevant JourneyApps Dubsado Affiliate, or (c) the relevant intermediate SubprocessorSub-processor; and on the other hand the SubprocessorSub-processor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;; and
6.4.3 if 6.4.3. If that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsDubsado, or (b) the relevant JourneyApps Dubsado Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.or
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each Customer Group Member Where there is no subprocessing at the date of this addendum, these clauses cover GDPR requirements in the event that subprocessors are required at a future date.
5.1 The Client authorises JourneyApps and each JourneyApps Affiliate Oleeo to appoint (and permit each Subprocessor appointed in accordance with this section 6 paragraph 5 to appoint) Subprocessors in accordance with this section 6 paragraph 5 and any restrictions in the Principal Agreement.agreement. Oleeo Standdard Terms v27x GC Page 27 of 32
6.2 JourneyApps and each JourneyApps Affiliate 5.2 Where applicable, Oleeo may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate Oleeo as at the date of this DPASchedule, subject to JourneyApps and each JourneyApps Affiliate in each case Oleeo as soon as practicable meeting the obligations set out in section 6.4paragraph 5.4.
6.3 JourneyApps 5.3 Oleeo shall give Customer the Client prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) fourteen days of receipt of that notice, Customer the Client notifies JourneyApps Oleeo in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate Oleeo shall not appoint (or disclose any Customer Client Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member the Client and Customer the Client has been provided with a reasonable written explanation of the steps taken.
6.4 5.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate Oleeo shall:
6.4.1 5.4.1 before the Subprocessor first Processes Customer Client Personal Data (or, where relevant, in accordance with section 6.2paragraph 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Client Personal Data required by the Principal Agreementagreement;
6.4.2 5.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsOleeo, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which impose substantively the same obligations on the Subprocessor as this Schedule imposes on Oleeo, which offer at least the same level of protection for Customer Client Personal Data as those set out in this DPA Schedule and meet the requirements of article 28(3) of the GDPR;
6.4.3 5.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsOleeo, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand hand, the SubprocessorSubprocessor or, or before the Subprocessor first Processes Customer Client Personal Data Data, procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution)Client; and
6.4.4 5.4.4 provide to Customer the Client for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPASchedule) as Customer the Client may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.5 Oleeo shall ensure that each Subprocessor performs the obligations under sections 3.1paragraphs 2.1, 3, 4, 56.1, 7.1, 8.27.2, 9 and 11.110.1, as they apply to Processing of Customer Client Personal Data carried out by that Subprocessor, as if it were party to this DPA Schedule in place of JourneyAppsOleeo.
Appears in 1 contract
Subprocessing. 6.1 Each 3.1 Notwithstanding anything to the contrary in the Agreement, Customer Group Member authorises JourneyApps and each JourneyApps Affiliate provides a general authorization for Databricks to appoint Subprocessors to assist it in providing the Databricks Advisory Services including the Subprocessors listed at xxx.xxxxxxxxxx.xxx/xxxxxxxxxxxxx ("Subprocessor List"), provided that:
(a) such Subprocessors are bound to a written agreement which includes data protection and permit each Subprocessor appointed in accordance security measures no less protective of Customer Personal Data than the Agreement and this Advisory Services DPA;
(b) agree to act only on Databricks’ instructions when processing the Customer Personal Data (which instructions shall be consistent with Customer's Processing Instructions to Databricks); and
(c) agree to protect the Customer Personal Data to a standard consistent with the requirements of this section 6 Advisory Services DPA, including by implementing and maintaining appropriate technical and organizational measures to appoint) Subprocessors in accordance protect the Customer Personal Data they process consistent with this section 6 and any restrictions in the Principal AgreementSecurity Standards.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or 3.2 Databricks remains fully liable for any JourneyApps Affiliate as at the date breach of this DPAAdvisory Services DPA or the Agreement that is caused by an act, subject error or omission of such Subprocessors to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4extent Databricks would have been liable for such act, error or omission had it been caused by Databricks.
6.3 JourneyApps shall give Customer prior written notice of 3.3 Prior to the appointment addition of any new Subprocessor, including full details Databricks shall provide notice to Customer not less than 30 calendar days prior to the date on which the Subprocessor shall commence processing Customer Personal Data. Such notice will be sent to individuals who have signed up to receive updates to the Subprocessor List via the mechanism(s) indicated on the Subprocessor List (which mechanisms will include at a minimum email).
3.4 Customer may reasonably object on data protection grounds to Xxxxxxxxx's use of the Processing to be undertaken a new Subprocessor by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps notifying Databricks in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer within 10 calendar days after notice has been provided with a by Databricks. In the event of Customer's timely objection on such reasonable written explanation of the steps taken.
6.4 With respect grounds relating to each Subprocessordata protection, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand Databricks will either (a) JourneyApps, work with Customer to address Customers objections to its reasonable satisfaction; or (b) instruct the relevant JourneyApps AffiliateSubprocessor to not process Customer Data (including any Customer Personal Data), provided that Customer acknowledges this may mean that Databricks is unable to provide all or part of the Databricks Advisory Services in accordance with the Agreement; or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level notify Customer of protection for Customer Personal Data as those set out in its option to terminate this DPA and meet the requirements Agreement. Customer shall have 14 calendar days in which to exercise its option to terminate the Agreement after receiving notice of article 28(3) a right to terminate. If Customer timely exercises its right to terminate the Agreement, Databricks will provide Customer with a pro rata reimbursement of any prepaid, but unused, fees as of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes date Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party notifies Databricks of its choice to any exercise such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timeright.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Subprocessing. 6.1 Each (a) Customer Group Member authorises JourneyApps acknowledges and each JourneyApps Affiliate agrees that JazzHR may engage Subprocessors in connection with the provision of the Services. A list of approved Subprocessors as of the Effective Date of this Addendum is located at xxxxx://xxx.xxxxxx.xxx/subprocessorlist (the “Subprocessor List”). Customer may subscribe to appoint receive update alerts when changes are made to the Subprocessor List.
(and permit b) JazzHR will enter into a written agreement with each Subprocessor appointed containing data protection obligations, to the extent practicable, no less protective than those in accordance with this section 6 Addendum or as may otherwise be required by applicable Data Protection Laws and Regulations. JazzHR agrees to appoint) Subprocessors in accordance with this section 6 and any restrictions in be responsible for the Principal acts or omissions of each such Subprocessor to the same extent as JazzHR would be liable if performing the services of such Subprocessor under the terms of the Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already (c) JazzHR will inform Customer of any new Subprocessor engaged during the term of the Agreement by JourneyApps or any JourneyApps Affiliate as at updating the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Subprocessor List. If Customer prior written notice of reasonably believes that the appointment of any a new SubprocessorSubprocessor will have a material adverse effect on JazzHR’s ability to comply with applicable Data Protection Laws and Regulations as a Processor, including full details of the Processing to be undertaken by the Subprocessor. Ifthen Customer must notify JazzHR in writing, within sixty (60) 30 days following the update to the Subprocessor List, of its reasonable basis for such belief. Upon receipt of that Customer’s written notice, Customer notifies JourneyApps in writing of any objections (and JazzHR will work together without unreasonable delay on reasonable grounds) to the proposed appointmentan alternative arrangement. If a mutuallyagreed alternative arrangement is not found, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been a termination right under applicable Data Protection Laws and Regulations, then those Services that cannot be provided with a reasonable written explanation without the use of the steps takennew Subprocessor may be terminated by Customer without penalty.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall(d) Notices and Consents:
6.4.1 before the Subprocessor first Processes (i) General: Customer Personal shall comply with all applicable Data (orProtection Laws and Regulations, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand including: (a) JourneyAppsproviding all required notices and appropriate disclosures to all Data Subjects regarding Customer’s, or and JazzHR’s, Processing and transfer of Personal Data; and (b) obtaining all necessary rights and valid consents from Data Subjects to permit Processing by JazzHR for the relevant JourneyApps Affiliatepurposes of fulfilling JazzHR’s obligations, or as otherwise permitted, under the Agreement.
(cii) Sensitive Data: Customer’s use of the relevant intermediate Subprocessor; Services in connection with the distribution of Customer Data and/or Processing of sensitive Customer Data of a Data Subject (such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or an individual’s genetic data, biometric data, health data, or data regarding sex life or sexual orientation) must be in compliance with all applicable Data Protection Laws and on the other hand the SubprocessorRegulations, is governed by a written contract including terms which offer at least the same level of protection for Customer obtaining express consent from Data Subjects whose Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party is provided to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer JazzHR for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timeProcessing.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 15 days of receipt of that notice, Customer notifies JourneyApps Company notifies Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps : Neither Vendor nor any JourneyApps Affiliate Vendor Affiliate shall appoint (or nor disclose any Customer Company Personal Data to) that the proposed Subprocessor until reasonable steps have been taken to address except with the objections raised by any Customer Group Member and Customer has been provided with a reasonable prior written explanation consent of the steps takenCompany.
6.4 6.2 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Affiliate Vendor Affiliate shall:
6.4.1 6.2.1 before the Subprocessor first first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 6.2.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps AffiliateVendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 6.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps AffiliateVendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Affiliate Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 6.2.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps 6.3 Vendor and each JourneyApps Affiliate Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 5.1 Each Customer Company Group Member authorises JourneyApps and each JourneyApps Affiliate Vendor to appoint (and permit each Subprocessor appointed in accordance with this section 6 5 to appoint) Subprocessors in accordance with this section 6 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 Vendor may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate Vendor as at of the date of this DPAAddendum, subject to JourneyApps and each JourneyApps Affiliate Vendor in each case as soon as practicable meeting the obligations set out in section 6.45.4.
6.3 JourneyApps 5.3 Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days one week of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate : Vendor shall not appoint (or disclose any Customer Company Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Company Group Member and Customer Company has been provided with a reasonable written explanation of the steps taken.
6.4 5.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate Vendor shall:
6.4.1 5.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 5.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 5.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 5.4.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.5 Vendor shall ensure that each Subprocessor performs the obligations under sections 3.1, 3, 4, 56.1, 7.17.2, 8.2, 9 8 and 11.110.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each 3.1 Customer Group Member authorises JourneyApps and each JourneyApps Affiliate grants Amperity a general authorization to appoint (and permit each Subprocessor appointed in accordance with this section 6 subcontract the Processing of Customer Personal Data to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice of the appointment of any new a Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty those Subprocessors listed in Amperity's website at xxxxx://xxxx.xxxxxxxx.xxx/support/subcontractors.html (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed "Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps takenList").
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall3.2 Amperity will:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by enter into a written contract including agreement with each Subprocessor containing data protection terms which offer that provide at least the same level of protection for Customer Personal Data as those set out contained in this DPA and meet DPA, to the requirements of article 28(3) extent applicable to the nature of the GDPR;services provided by each Subprocessor; and
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide remain responsible to Customer for review such copies any acts or omissions of the Contracted Processors’ agreements with Subprocessors (which may be redacted Subprocessor that cause Amperity to remove confidential commercial information not relevant breach any of its obligations under this DPA.
3.3 Prior to the requirements addition of this DPAany new Subprocessor, Amperity shall provide notice to Customer not less than ten (10) as calendar days prior to the date on which the Subprocessor shall commence Processing Customer Personal Data. Amperity provides a subscription form along with the Subprocessor list for Customers to subscribe to receive automatic notifications of changes to the Subprocessor List. Customer acknowledges and agrees that it shall subscribe to Amperity's notice mechanism provided in the Subprocessor List to receive the notices and that Amperity will only provide the corresponding notice to the email address provided in the subscription form.
3.4 Customer may request object to Amperity's appointment of any new or replacement Subprocessor promptly in writing within ten (10) calendar days of receipt of the automatic notice in accordance with 3.3 above and on reasonable grounds related to Subprocessor's ability to comply with Applicable Data Protection Law. In such case, the Parties shall discuss Customer´s concerns in good faith with a view to achieving a commercially reasonable resolution. If the Parties cannot reach such resolution, Amperity shall, at its sole discretion, either not appoint the Subprocessor at issue, or permit Customer to suspend or terminate the applicable Order Form and/or the Agreement without liability to either Party. In the event Customer exercises its right of termination under this Section 3.4, Amperity will refund to Customer a pro rata share of any prepaid unused fees for the remaining and unexpired portion of the applicable Subscription Term from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1date of termination, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyAppsthe Customer’s exclusive remedy.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each 3.1 Customer Group Member authorises JourneyApps and each JourneyApps Affiliate Xxxxx to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 clause 3 and any restrictions in the Principal Original Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 3.2 To the extent that any Subprocessor appointed by Elige processes Customer Personal Data then, Xxxxx will remain responsible to the Customer for the Subprocessor’s obligations under this DPA.
3.3 Elige may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate Xxxxx as at the date of this DPADPA as identified in the Subprocessor list which can be accessed on Elige’s Legal Repository webpage at xxxxx://xxx.xxxxx.xx/repository/Elige-Subprocessors.pdf. For the avoidance of doubt, subject to JourneyApps and each JourneyApps Affiliate in each case Customer specifically authorises the engagement of Xxxxx Xxxxxxxxxx as soon as practicable meeting the obligations set out in section 6.4Subprocessors.
6.3 JourneyApps 3.4 Elige shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the SubprocessorSubprocessor by updating the Subprocessor list which is available in the Elige Legal Repository. If, within sixty ten (6010) days of receipt of that noticenotice via the mechanism set out in this clause 3.3, Customer notifies JourneyApps Elige in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate appointment Elige shall not appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken. If the objection cannot be resolved by the parties within thirty (30) days of receipt by Xxxxx of the objection, Elige shall not be in breach of the Original Agreement to the extent that it cannot provide the Services or otherwise comply with its obligations as a result.
6.4 3.5 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate Elige shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 3.5.1 ensure that the arrangement between on the one hand (a) JourneyAppsElige, or (b) the relevant JourneyApps Elige Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA DPA, in particular in relation to requiring the Subprocessor to implement appropriate technical and organizational measures, and meet the requirements of article 28(3) of the GDPRData Protection Laws;
6.4.3 3.5.2 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses appropriate safeguards as set out in clause 8.1.1 and clause 8.1.2 are at all relevant times incorporated into the agreement in place between on the one hand (a) JourneyAppsElige, or (b) the relevant JourneyApps Elige Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 3.5.3 provide to Customer for review such copies of the Contracted Processors’ Elige or Elige Affiliate’s agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 3.6 Elige shall ensure that each Subprocessor performs the obligations under sections 3.1clauses 2.2, 46.1, 5, 7.1, 8.2, 9 and 11.17.2, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyAppsElige.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each 5.1 To the extent required under Applicable Laws, Customer Group Member authorises JourneyApps and each JourneyApps Affiliate authorizes CrowdStrike to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 CrowdStrike may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at of the date of this DPADPA specified in Exhibit E, subject to JourneyApps and each JourneyApps Affiliate CrowdStrike in each case as soon as practicable meeting the obligations set out in section 6.45.5.
6.3 JourneyApps 5.3 Customer agrees to CrowdStrike maintaining and updating its list of Subprocessors online, for the Falcon Platform as outlined in Exhibit E.
5.4 CrowdStrike shall give provide notice of a proposed new Subprocessor to the Customer, at least 30 days prior to CrowdStrike’s use of the new Subprocessor to Process Customer prior Personal Data, through the applicable CrowdStrike Offering or platform, where Customer may elect to subscribe to such notices. Customers may sign up for email Subprocessor notifications at xxxxx://xxx.xxxxxxxxxxx.xxx/subprocessor-notification/. During the notice period, Customer may object to a change in Subprocessor in writing and CrowdStrike may, in its sole discretion, attempt to resolve Customer’s objection, including providing the Offerings without use of the proposed Subprocessor. If (a) CrowdStrike provides Customer written notice that it will not pursue an alternative, or (b) such an alternative cannot be made available by CrowdStrike to Customer within 90 days of Customer providing notice of its objection, then in either case, and notwithstanding anything to the contrary in the Agreement or order, Customer may terminate the Agreement or order to the extent that it relates to the Offerings which require the use of the appointment of any new proposed Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 5.5 With respect to each Subprocessor, JourneyApps or to the relevant JourneyApps Affiliate extent required under Applicable Laws, CrowdStrike shall:
6.4.1 before 5.5.1 Before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by Applicable Laws, this DPA and the Principal Agreement;
6.4.2 ensure 5.5.2 Ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; CrowdStrike and on the other hand the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least offers substantially the same level of protection for Customer Personal Data as those set out in required by this DPA and meet Applicable Laws, including Customer’s ability to protect the requirements rights of article 28(3) of Data Subjects in the GDPRevent CrowdStrike is insolvent, liquidated or otherwise ceases to exist;
6.4.3 if that arrangement 5.5.3 Apply an adequacy mechanism recognized by Customer’s Supervisory Authority as ensuring an adequate level of data protection under Applicable Laws where Subprocessor’s Processing of Customer Personal Data involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and;
6.4.4 provide to Customer for review such 5.5.4 Maintain copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) and make these available as Customer may request from time to time.. To the extent necessary to protect Confidential Information, CrowdStrike may redact the copies prior to sharing with Customer; and
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the 5.5.5 Notify Customer of Subprocessor’s relevant failure to comply with obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried set out by that Subprocessor, as if it were party to Applicable Laws and this DPA in place where CrowdStrike has received notice of JourneyAppssuch.
Appears in 1 contract
Samples: Data Protection Agreement
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant Subject to the requirements of this DPA) as Section, Customer may request from time generally authorizes TaskRay to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure engage Subprocessors that each Subprocessor performs TaskRay considers reasonably appropriate for the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out under this Addendum. A list of TaskRay’s Subprocessors, including their functions and locations, is available at xxxxx://xxx.xxxxxxx.xxx/dpa-subprocessors and may be updated by TaskRay from time to time in accordance with this Section. TaskRay will notify Customer of the addition or replacement of any Subprocessor at least ten (10) days prior to such engagement. Customer may object to such changes on reasonable data protection grounds by providing TaskRay written notice of such objection within the aforementioned ten (10) days period. Upon receiving such an objection, where practicable and at TaskRay’s sole discretion TaskRay will use commercially reasonable efforts to: (a) seek an alternative Subprocessor; (b) work with Customer in good faith to make available a commercially reasonable change in the provision of the Service which avoids the use of that proposed Subprocessor; or (c) take corrective steps requested by Customer in its objection and proceed to use the new Subprocessor. If TaskRay informs Customer that such change or corrective steps cannot be made, Customer may, as its sole and exclusive remedy available under this Section, terminate the relevant portion of the Agreement involving the relevant aspect of the Service that requires the use of the proposed Subprocessor by providing written notice to TaskRay. When engaging any Subprocessor, as if it were party TaskRay will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those imposed upon TaskRay by this Addendum. TaskRay shall be liable for the acts and omissions of the Subprocessor to the extent TaskRay would be liable under the Agreement and this DPA in place of JourneyAppsAddendum.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps 5.1 Supplier will not give access to or transfer any Conversant Personal Data to any third party (including any of Supplier’s Affiliates, group companies or Subprocessors) without the prior written consent of Conversant. Notwithstanding the foregoing, where Supplier is a Processor, Conversant does consent to Supplier engaging a Subprocessor to Process Conversant Personal Data provided that:
(a) Supplier conducts appropriate due diligence to ensure it retains Subprocessors which present sufficient guarantees in terms of confidentiality, security and each JourneyApps Affiliate to appoint (and permit each Subprocessor appointed data protection in accordance with this section 6 to appointData Protection Legislation;
(b) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as Supplier provides at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer least 30 days’ prior written notice to Conversant of the appointment engagement of any new Subprocessor, Subprocessor (including full details of the Processing and location) and Supplier shall update the list of all Subprocessors engaged to be undertaken by Process Conversant Personal Data under the DPA and send such updated version to Conversant prior to the engagement of the Subprocessor. If, within sixty ;
(60c) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to Supplier must ensure that the Subprocessor is capable a "service provider" as such term is defined under US Data Protection Law or any similar or analogous designation under Data Protection Legislation;
(d) Supplier must ensure the reliability and competence of providing such Subprocessor, and of its Authorized Personnel who may have access to Conversant Personal Data;
(e) Supplier imposes in its contract with such Subprocessor provisions which are at least as protective of Conversant as those in the level of protection for Customer Personal Data DPA and the Services Agreement and as required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution)Protection Legislation; and
6.4.4 provide (f) Supplier is fully liable to Customer Conversant for review such copies any breach of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant DPA and the Services Agreement caused by an act, error or omission of a Subprocessor including Authorized Personnel.
5.2 If Conversant objects to the requirements engagement of this DPA) as Customer any Subprocessor on data protection grounds, then either Supplier will not engage the Subprocessor to Process Conversant Personal Data or Conversant may request from time elect to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs immediately suspend or terminate the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Services Agreement or the Processing of Customer Conversant Personal Data carried out by that Subprocessorunder the Services Agreement, as if it were party to this DPA in place of JourneyAppseach case without penalty.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps 7.1 Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) shall not engage Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.acting as a Company’s
6.2 JourneyApps 7.2 Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.47.4.
6.3 JourneyApps 7.3 Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 30 days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
7.3.1 Vendor shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
7.3.2 where such a change cannot be made within 30 days from Vendor's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to address Vendor with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Principal Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 7.4 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:
6.4.1 7.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.27.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 7.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 7.4.3 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps 7.4.4 maintain an up-to-date list of Subprocessors (see Annex 4) specifying (i) their name and details, as well as (ii) the nature of the tasks entrusted to them, (iii) the location of the Processing and (iv) the dates of previous audits.
7.5 Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 44.1, 5, 7.16.1.5, 8.28.1, 9 9, 10, 11 and 11.112.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor. Vendor will remain responsible for its compliance with the obligations of this Addendum and for any acts or omissions of the Subprocessor that cause Vendor to breach any of Vendor’s obligations under this Addendum.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each 7.1 Accredible may engage third parties to perform the agreed Processing activities under this Accredible DPA (“Subcontractor”) subject to the requirements pursuant to this Sec.7.
7.2 Any Subcontractor with access to Personal Data covered by the GDPR shall be obliged before initiating the Processing, to commit itself in writing for the benefit of Customer Group Member authorises JourneyApps and each JourneyApps Affiliate its Affiliates to appoint comply with the same data protection obligations as the ones under this Accredible DPA or legal act within the meaning of Art. 28 para 3, 4 and 6 GDPR unless explicitly agreed otherwise. The agreement with the Subcontractor must provide at least the level of data protection required by this Accredible DPA. Where the Subcontractor fails to fulfil its data protection obligations, Accredible shall remain fully liable to Customer for the performance of the Subcontractorʼs obligations (the corresponding Clause 11 SCC shall remain unaffected).
7.3 Any Subcontractor must in particular agree to comply with the agreed technical and permit each Subprocessor appointed organizational security measures in accordance with this section 6 to appoint) Subprocessors in accordance Sec. 5.5.2 and 5.5.3 herein and provide Accredible, with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice a list of the appointment of any new Subprocessorimplemented technical and organizational measures, including full details of which upon request by Customer will also be made available to Customer. Subcontractorʼs measures may differ from the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, ones agreed between Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate and Accredible but shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing not fall below the level of data security as provided by the measures of Accredible.
7.4 Where a Subcontractor refuses to be bound by the same data protection for obligations as the ones under this Accredible DPA, Customer may consent thereto, whereby such consent shall not be unreasonably withheld.
7.5 Accredible will inform Customer in Text Form of any intended engagement of a Subcontractor with access to Personal Data required covered by the Principal Agreement;
6.4.2 ensure GDPR. Alternatively, Accredible may provide a website or provide another notice that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer lists all Subcontractors to access to Personal Data of its Customer covered by the GDPR as those set out in this DPA and meet well as the requirements of article 28(3limited or ancillary services they provide. At least two (2) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or weeks before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party authorizing any new Subcontractor to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.access such
Appears in 1 contract
Samples: Data Protection Amendment Agreement
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate 7.1 Subject to appoint Section 7.3, the Service Provider is hereby authorized to engage other Processors in relation to the Processing of Company Personal Data under this DPA (and permit each Subprocessor appointed "SubProcessor") in accordance with this section 6 and to appoint) Subprocessors the extent permitted by Data Protection Laws. As of the date hereof, the Service Provider engages exclusively the SubProcessors listed in accordance with this section 6 and any restrictions in Exhibit C which the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate Service Provider may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPAuse, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting provided that the obligations set out in section 6.4Section 7.2 are met. The Service Provider shall at all times and without being so requested provide the Company with an up to date list of SubProcessors, detailing company name, address, contact details, the specific area of Processing operations outsourced and the location of the Processing.
6.3 JourneyApps 7.2 With respect to each SubProcessor, the Service Provider shall:
(a) before any Company Personal Data is transferred to the SubProcessor, carry out adequate due diligence to ensure that the SubProcessor is capable of (i) providing the level of protection for Company Personal Data required by this DPA, the Principal Agreement and Data Protection Laws and (ii) complying with the Standard Contractual Clauses adopted by the EU Commission or any other safeguards applied in relation to a Cross Border Transfer (as defined in Section 8.1 below) and, where required or appropriate, has taken supplementary effective measures to ensure an essentially equivalent level of protection;
(b) enter into a written agreement with the SubProcessor which imposes the same obligations on the SubProcessor in relation to the protection of Company Personal Data as are imposed on the Service Provider under this DPA;
(c) upon written request provide the Company with the Sub-contracting agreement and any other documentation reasonably requested by the Company (it being understood that the Service Provider shall be permitted to redact any confidential commercial terms which are and not required by the Company to assess compliance of the Service Provider with its obligations under this DPA); and
(d) conduct regular audits as required to ensure that the SubProcessor complies with the Data Security Standards and its other contractual obligations and shall promptly notify the Company in writing in accordance with Section 10 of any breach of a SubProcessor's obligations.
7.3 Service Provider shall give Customer Company prior written notice of the appointment intended engagement of any new SubprocessorSubProcessor, including full details of the Processing to be undertaken by the SubprocessorSubProcessor. If, within sixty (60) days three weeks of receipt of that notice, Customer the Company notifies JourneyApps Service Provider in writing of any objections (on reasonable grounds) grounds to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate Service Provider shall not appoint (or disclose any Customer Company Personal Data to) that proposed Subprocessor SubProcessor until reasonable steps have been taken to address the objections raised by the Company.
7.4 In case of non-compliance of any Customer Group Member and Customer has been provided SubProcessor with a reasonable written explanation of the steps taken.its contractual obligations,
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, the Service Provider shall remain liable to the Company for any damages caused by such non-compliance and shall indemnify and hold harmless the Company against any claims or damages in connection with or resulting from the engagement of the SubProcessor; and
(b) the relevant JourneyApps Affiliate, or (c) Company shall be entitled to withdraw its consent to the relevant intermediate Subprocessor; and on engagement of such SubProcessor in which case the other hand Service Provider shall promptly stop engaging such SubProcessor in connection with the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, Processing Services. The Service Provider shall ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; SubProcessor promptly and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses fully complies with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyAppsSection 12.
Appears in 1 contract
Samples: Construction Management Agreement
Subprocessing. 6.1 Each Customer Group Member 5.1 Company authorises JourneyApps and each JourneyApps Affiliate AccuRun to appoint (and permit each Subprocessor appointed in accordance with this section 6 Section 5 to appoint) Subprocessors in accordance with this section 6 Section 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 AccuRun may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate AccuRun as at the date of this DPAAddendum, subject to JourneyApps and each JourneyApps Affiliate in each case AccuRun as soon as practicable meeting the obligations set out in section 6.4Section 5.4.
6.3 JourneyApps 5.3 AccuRun shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty thirty (6030) days of receipt of that notice, Customer Company notifies JourneyApps AccuRun in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
5.3.1 AccuRun shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
5.3.2 where such a change cannot be made within thirty (30) days from AccuRun's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to address AccuRun with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Principal Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 5.4 With respect to each Subprocessor, JourneyApps AccuRun or the relevant JourneyApps Affiliate shall:
6.4.1 5.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2Section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 5.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps AffiliateAccuRun, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 5.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps AffiliateAccuRun, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution)Company; and
6.4.4 5.4.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.5 AccuRun shall ensure that each Subprocessor performs the obligations under sections 3.1Sections 2.2, 3, 4, 56.1, 7.17.2, 8.28, 9 and 11.110.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsAccuRun.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each The following provisions are without prejudice to the content of Clause 9(a) SCC option 2 and Clause 9(b) SCC:
8.1 Carrot has Customer’s and Customer Group Member authorises JourneyApps and each JourneyApps Affiliate Affiliates’ general authorization for the engagement of sub- processor(s) with respect to appoint (and permit each Subprocessor appointed in accordance with this section 6 Customer Personal Data from an agreed list. Customer herewith agrees also on behalf of its Customer Affiliates to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate sub-processors as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.Exhibit C.
6.3 JourneyApps shall give Customer prior 8.2 Carrot may provide a website or provide another written notice of the appointment of any new Subprocessor, including full details of the Processing that lists all sub-processors to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for access Customer Personal Data as those set out well as the limited or ancillary services they perform. Carrot shall not authorize any new sub-processor except where Carrot has provided Customer with at least two (2) weeks’ prior notice by electronic means or via email and the opportunity to object to such sub-processor in this DPA and meet accordance with the requirements of article 28(3aforementioned Clause to access Customer Personal Data.
8.3 In the case that Customer objects to the sub-processing, Carrot will, at its discretion, use reasonable endeavors to make available to the Customer a change in the Services, or will recommend a commercially reasonable change to the Services to prevent the applicable sub-processor from processing the Customer Personal Data. If Carrot determines, at its discretion, that such a change is not viable, Carrot can choose to
(i) either not engage the sub-processor, or
(ii) to terminate the Agreement or any related service agreement with two (2) months prior written notice. Until the termination of the GDPR;Agreement or any related service agreement, Carrot may suspend the portion of the Services which is affected by the objection of Customer. Customer shall not be entitled to a pro-rata refund of the remuneration for the Services, unless the objection is based on justified reasons of non-compliance with applicable data protection law.
6.4.3 if that arrangement involves 8.4 Any sub-processor is obliged before initiating the processing, to commit itself by way of written contract to comply with, in substance, the same data protection obligations as the ones under the Data Processing Agreement.
8.5 Where a Restricted Transfersub-processor refuses to be bound by the same data protection obligations as the ones under the Data Processing Agreement, ensure that Customer may consent to such other terms whereby such consent shall not be unreasonably withheld if, upon request of the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsCustomer, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses Carrot can demonstrate sub-processor’s compliance with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timeApplicable Law.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing.
6.1 Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.6.4.
6.3 JourneyApps Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty [ 30 (60thirty) calendar days ] of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.1 [Vendor shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
6.3.2 where such a change cannot be made within [ 30 (thirty) calendar days ] from Vendor's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to address Vendor with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Principal Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.]
6.4 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:shall:
6.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2)) , carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); andand
6.4.4 provide to Customer Company for review such copies of o f the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyApps.Vendor.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each Customer Group Member 5.1 Company authorises JourneyApps and each JourneyApps Affiliate ChallengeRunner to appoint (and permit each Subprocessor appointed in accordance with this section 6 Section 5 to appoint) Subprocessors in accordance with this section 6 Section 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 ChallengeRunner may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate ChallengeRunner as at the date of this DPAAddendum, subject to JourneyApps and each JourneyApps Affiliate in each case ChallengeRunner as soon as practicable meeting the obligations set out in section 6.4Section 5.4.
6.3 JourneyApps 5.3 ChallengeRunner shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty thirty (6030) days of receipt of that notice, Customer Company notifies JourneyApps ChallengeRunner in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
5.3.1 ChallengeRunner shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
5.3.2 where such a change cannot be made within thirty (30) days from ChallengeRunner's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to address ChallengeRunner with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Principal Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 5.4 With respect to each Subprocessor, JourneyApps ChallengeRunner or the relevant JourneyApps Affiliate shall:
6.4.1 5.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2Section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 5.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps AffiliateChallengeRunner, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 5.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps AffiliateChallengeRunner, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution)Company; and
6.4.4 5.4.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.5 ChallengeRunner shall ensure that each Subprocessor performs the obligations under sections 3.1Sections 2.2, 3, 4, 56.1, 7.17.2, 8.28, 9 and 11.110.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsChallengeRunner.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps and each JourneyApps Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Dynatrace shall maintain an up-to-date list at xxxxx://xxx.xxxxxxxxx.xxx/company/legal/customers/ of all Subprocessors in accordance with this section 6 and any restrictions used in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate provision of Services who may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand Process (a) JourneyAppsCustomer Data (which may contain Customer Personal Data), or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out received by Dynatrace from Customer through the Services under the Agreement (“Subprocessor List”). At the Effective Date, Customer gives its general authorization to Dynatrace to appoint the Subprocessors on the Subprocessor List to assist it in providing the Services by Processing Customer Personal Data in accordance with this DPA and meet the requirements for purposes of article 28(3) Clause 11 of the GDPR;Model Clauses.
6.4.3 if that arrangement involves 6.2 Customer shall ensure any Subprocessors appointed to assist in providing the Services enter into a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the written agreement between with Dynatrace which imposes on the Subprocessor obligations which are substantially the same as those imposed on Dynatrace under this DPA.
6.3 Dynatrace remains liable for any breach of this DPA that is caused by an act, error or omission of its Subprocessor to the extent Dynatrace would have been liable for such act, error or omission had it been caused by Dynatrace.
6.4 Prior to the addition or change of any Subprocessors, Dynatrace shall provide notice to Customer, which may include by updating the Subprocessor List on the website listed above, not less than 10 days prior to the date on which the Subprocessor shall commence processing Customer Personal Data. Dynatrace will make available a means by which Customer may subscribe to receive notifications of changes to the Subprocessor List (which may include without limitation the provision of an RSS feed).
6.5 If Customer objects to the processing of Customer Personal Data by any newly appointed Subprocessor as described in Section 6.4 (on reasonable grounds), it shall inform Dynatrace in writing within 7 days after notice has been provided by Dynatrace setting out the specific reasons for its objection. Customer shall not unreasonably object to any intended change of any Subprocessors. In the event Customer objects within such timeframe on reasonable grounds relating to protection of Customer Personal Data, the parties shall work together in good faith to address Customer’s reasonable objections and thereafter proceed to use the Subprocessor to perform such Processing. If agreement cannot be reached between the parties to use the new Subprocessor within one hand month of the objection, Dynatrace shall either, at Dynatrace’s option: (a) JourneyAppsinstruct the Subprocessor not to process Customer Personal Data, which may result in a Service feature being suspended and unavailable to Customer; or (b) allow Customer to terminate this DPA and the relevant JourneyApps AffiliateAgreement on three months’ notice, and Dynatrace will promptly refund a prorated portion of any prepaid fees for the period after such suspension or (c) termination date. If no objection is received by Dynatrace within the relevant intermediate Subprocessor; and on the other hand the Subprocessortime period specified above, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party be deemed to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies have approved the use of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timenew Subprocessor.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each 6.1. Customer Group Member authorises JourneyApps authorizes Dubsado and each JourneyApps Dubsado Affiliate to appoint (and permit each Subprocessor Sub- processor appointed in accordance with this section 6 to appoint) Subprocessors Sub-processors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps 6.2. Dubsado and each JourneyApps Dubsado Affiliate may continue to use those Subprocessors Sub-processors already engaged by JourneyApps Dubsado or any JourneyApps Dubsado Affiliate as at the date of this DPAAddendum, subject to JourneyApps Dubsado and each JourneyApps Dubsado Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps 6.3. Dubsado maintains a list of sub-processors on its Privacy Policy web page, located at http:// xxx.xxxxxxx.xxx/xxx-xxxx/
6.3.1 Customer shall give subscribe, and if Customer prior written notice of the appointment subscribers, Dubsado shall provide details of any new Subprocessor, including full details of the Processing changes in Sub-processors at least fourteen (14) calendar days prior to be undertaken by the Subprocessor. If, any such change.
6.3.2 If within sixty seven (607) calendar days of receipt of that notice, Customer notifies JourneyApps Dubsado in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.2.1 Dubsado shall appoint (or disclose any work with Customer in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Sub-processor with Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken Data; and
6.3.2.2 where such a change cannot be made within 30 days from Dubsado’s receipt of Customer's notice, notwithstanding anything in the Principal Agreement, Customer may by written notice to address Dubsado with immediate effect terminate the objections raised Principal Agreement (without prejudice to any fees incurred by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.prior to termination)
6.4 6.4. With respect to each SubprocessorSub-processor, JourneyApps Dubsado or the relevant JourneyApps Dubsado Affiliate shall:
6.4.1 6.4.1. before the Subprocessor Sub-processor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor Sub-processor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 6.4.2. ensure that the arrangement between on the one hand (a) JourneyAppsDubsado, or (b) the relevant JourneyApps Dubsado Affiliate, or (c) the relevant intermediate SubprocessorSub-processor; and on the other hand the SubprocessorSub-processor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;; and
6.4.3 if 6.4.3. If that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsDubsado, or (b) the relevant JourneyApps Dubsado Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.or
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each 10.1 Customer Group Member authorises JourneyApps acknowledges, agrees and each JourneyApps Affiliate authorizes, that Hubilo may engage Sub Processors for certain Processing activities as required from time to appoint (and permit each Subprocessor appointed time on Customer's behalf in accordance with this section 6 8 and subject to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal AgreementMSA.
6.2 JourneyApps 10.2 Hubilo and each JourneyApps Hubilo Affiliate may continue to use those Subprocessors Sub-processors already engaged by JourneyApps or any JourneyApps Hubilo and each Hubilo Affiliate as at the date of this DPAAddendum, subject to JourneyApps Hubilo and each JourneyApps Hubilo Affiliate in each case as soon as practicable meeting the obligations set out in section 6.47.
6.3 JourneyApps 10.3 Hubilo and/or the relevant Hubilo Affiliate shall give the Customer prior written notice of the appointment of any new SubprocessorSub-processors, including full details of the Processing to be undertaken by the SubprocessorSub-processors within 30 (thirty) days of such appointment. If, within sixty 10 (60ten) days of receipt of that notice, Customer notifies JourneyApps Hubilo and/or the relevant Hubilo Affiliate in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Hubilo and/or the relevant Hubilo Affiliate shall appoint (or disclose any work with Customer Personal Data to) in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps takenSub-processors.
6.4 10.4 With respect to each SubprocessorSub Processor, JourneyApps or Hubilo and/or the relevant JourneyApps Hubilo Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 i) ensure that the arrangement between on the one hand (a) JourneyAppsHubilo, or (b) the relevant JourneyApps Hubilo Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 ii) if that arrangement involves a Restricted Transfer, Hubilo shall ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand hand
(a) JourneyAppsHubilo, or (b) the relevant JourneyApps Hubilo Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution)Customer; and
6.4.4 iii) provide to Customer for review such copies of Hubilo's or the Contracted Processors’ agreements relevant Hubilo Affiliate’s agreements, as applicable, with Subprocessors Sub-processors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each 7.1. Customer Group Member authorises JourneyApps and each JourneyApps Affiliate authorizes Company to appoint the entities identified on Schedule 1, Annex III of this DPA as Subprocessors of Customer Personal Data and generally authorizes Company’s engagement of additional Subprocessors and Company’s replacement of any Subprocessors identified in Annex III. For the avoidance of doubt, the above authorization constitutes Customer’s prior written consent to the subprocessing of Customer Personal Data for purposes of Clause 9, Option 2 of the Standard Contractual Clauses. Company will inform Customer of any intended changes concerning the addition or replacement of any Subprocessors. If Customer can show on reasonable and objective grounds that a new Subprocessor does not or cannot comply with applicable Data Protection Legislation and wishes to object to Company’s use of such Subprocessor, then Customer has fifteen (15) days after Company notifies Customer of such new Subprocessor to notify Company in writing of its reasonable and permit each objective basis, supported by documentary evidence, for objection to the use of the new Subprocessor. Upon receipt of Customer’s written objection, Customer and Company will work together without unreasonable delay to find a mutually acceptable resolution to address the objection, including but not limited to reviewing additional documentation supporting the Subprocessor’s ability to comply with Data Protection Legislation. To the extent Customer and Company do not reach a mutually acceptable resolution within a reasonable timeframe, Company will use reasonable endeavors to make available to Customer a change in the Services or will recommend a commercially reasonable change to the Services to prevent the applicable Subprocessor appointed from Processing Customer Personal Data. If Company is unable to make available such a change within a reasonable period of time, which shall not exceed thirty (30) days, Customer shall have the right, as its sole remedy, to terminate the relevant Services (a) in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions the termination provisions in the Principal Agreement.
6.2 JourneyApps ; (b) without liability to Company, and each JourneyApps Affiliate may continue (c) without relieving Customer from its payment obligations under the Agreement up to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate as at the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4termination.
6.3 JourneyApps shall give Customer prior 7.2. Company will enter into a binding written notice of the appointment of agreement with any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) days of receipt of Subprocessors that notice, Customer notifies JourneyApps in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.
6.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between imposes on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least Subprocessors the same level of protection for Customer Personal Data as those set out in restrictions that apply to Company under this DPA and meet to the requirements of article 28(3) extent applicable to the nature of the GDPR;
6.4.3 if services provided by such Subprocessors. Where any of its Subprocessors fails to fulfil its data protection obligations in relation to the Services provided to Customer, such that arrangement involves a Restricted TransferCompany would be found to have violated its obligations to Customer under this DPA, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide Company will be responsible to Customer for review such copies the performance of the Contracted Processorsits Subprocessors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timeobligations.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Samples: Data Processing Agreement
Subprocessing. 6.1 Each Customer Group Member 9.5.1 Client authorises JourneyApps and each JourneyApps Affiliate Supplier to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate may continue 9.5.2 Client specifically authorises no subprocessors are currently engaged to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate act as at a sub- processor on behalf of Client ("Subprocessor List") to Process Client Personal Data as required to provide the date of this DPAServices, subject to JourneyApps and each JourneyApps Affiliate Supplier in each case case, as soon as practicable practicable, meeting the obligations set out in section 6.4Clause 9.5.4 (in each case, an "Authorised Sub- Processor").
6.3 JourneyApps 9.5.3 Supplier shall give Customer prior written notice ensure the Client receives a notification as soon as reasonable practicable of any intended changes concerning the addition or replacement of any of the appointment of Authorised Sub- Processors, that will Process any new Subprocessor, including full details of the Processing to be undertaken by the SubprocessorClient Personal Data ("New Sub-Processor"). If, within sixty (60) 14 calendar days of receipt of that notice, Customer Client notifies JourneyApps Supplier in writing of any objections (on reasonable grounds) to the proposed appointmentappointment of a New Sub-Processor, neither JourneyApps nor any JourneyApps Affiliate shall appoint the parties will endeavour to agree (or disclose any Customer Personal Data toacting reasonably) that proposed Subprocessor until the commercially reasonable steps have been to be taken to address ensure that the objections raised by any Customer Group Member and Customer has been provided New Subprocessor in question is compliant with a reasonable written explanation Article 28(4) of the steps takenData Protection Laws. Where the Client considers, acting reasonably, that the risks involved with the subprocessing are still unacceptable in the context of Article 28(4), within 30 calendar days following the proposal in relation to the appropriate steps, the parties shall promptly seek to resolve the issues.
6.4 9.5.4 With respect to each Authorised Subprocessor, JourneyApps or the relevant JourneyApps Affiliate Supplier shall:
6.4.1 before the Subprocessor first Processes Customer Personal Data : (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Principal Agreement;
6.4.2 i) ensure that the arrangement between on Supplier and the one hand Authorised Subprocessor is governed by terms and conditions or a service agreement which offers no less protection for Client Personal Data as those terms set out in the Agreement and (ii) if that arrangement involves the transfer of Personal Data to a country outside of the EEA that has not been determined to ensure an adequate level of protection for Personal Data, at Supplier's discretion: Supplier will either (a) JourneyAppsensure that an appropriate data transfer safeguard is in place in compliance with Chapter V of the Data Protection Laws, or (b) the relevant JourneyApps Affiliatewhere required to ensure compliance with Data Protection Laws, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure use commercially reasonable endeavours to procure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating standard contractual clauses approved by the Standard Contractual Clauses ICO or European Commission (as appropriate) directly with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timeClient.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Samples: Terms and Conditions
Subprocessing. 6.1 5.1 Each Customer Company Group Member authorises JourneyApps and each JourneyApps Affiliate authorizes Vendor to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 5 and any restrictions in the Principal Agreement.
6.2 JourneyApps and each JourneyApps Affiliate 5.2 Vendor may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate Vendor as at the date of this DPAAddendum, subject to JourneyApps and each JourneyApps Affiliate Vendor in each case as soon as practicable meeting the obligations set out in section 6.45.4.
6.3 JourneyApps 5.3 Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 14 Calendar days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate : Vendor shall appoint (or disclose any Customer Company Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Company Group Member and Customer Company has been provided with a reasonable written explanation of the steps taken.
6.4 5.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate Vendor shall:
6.4.1 5.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 5.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, Vendor or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 5.4.3 upon request provide to Customer Company for review such copies of the Contracted Processors’ Processors agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 5.5 Vendor shall ensure that each Subprocessor performs the obligations under sections 3.12.1, 3, 4, 56.1, 7.17.2, 8.2, 9 8 and 11.110.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each Customer Company Group Member authorises JourneyApps Xxxx and each JourneyApps Xxxx Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Xxxx and each JourneyApps Xxxx Affiliate may continue to use those Subprocessors already engaged by JourneyApps Xxxx or any JourneyApps Xxxx Affiliate as at the date of this DPAAddendum, subject to JourneyApps Xxxx and each JourneyApps Xxxx Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps Xxxx maintains a list of sub-processors on its Privacy Policy web page, located at xxxxx://xxx.xxxx.xxx/privacy-policy, which includes a link to subscribe to written email notifications of new Subprocessors.
6.3.1 Customer shall give subscribe, and if Customer prior written notice of the appointment subscribers, Xxxx shall provide details of any new Subprocessor, including full details of the Processing changes in Subprocessors at least fourteen (14) calendar days prior to be undertaken by the Subprocessor. any such change.
6.3.2 If, within sixty seven (607) calendar days of receipt of that notice, Customer Company notifies JourneyApps Xxxx in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.3.2.1 Xxxx shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken with Company Personal Data; and
6.3.2.2 where such a change cannot be made within 30 days from Xxxx'x receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to address Xxxx with immediate effect terminate the objections raised Principal Agreement (without prejudice to any fees incurred by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps takenCompany prior to termination).
6.4 With respect to each Subprocessor, JourneyApps Xxxx or the relevant JourneyApps Xxxx Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsXxxx, or (b) the relevant JourneyApps Xxxx Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsXxxx, or (b) the relevant JourneyApps Xxxx Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps Xxxx and each JourneyApps Xxxx Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyAppsXxxxxxxx xx xxxxx xx Xxxx.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written An up to notice of all Subprocessors is available to the appointment of any new Subprocessor, including full details of the Processing to Company upon request and will be undertaken by the Subprocessor. provided within 5 business days.
6.4 If, within sixty (60) 5 business days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
6.4.1 Vendor shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps takenSubprocessor.
6.4 6.5 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:
6.4.1 6.5.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 6.5.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 6.5.3 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps 6.6 Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each Customer Company Group Member authorises JourneyApps 17hats and each JourneyApps 17hats Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps 17hats and each JourneyApps 17hats Affiliate may continue to use those Subprocessors already engaged by JourneyApps 17hats or any JourneyApps 17hats Affiliate as at the date of this DPAAddendum, subject to JourneyApps 17hats and each JourneyApps 17hats Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.
6.3 JourneyApps shall give Customer prior written notice 17hats maintains a list of Subprocessors on its Privacy Policy web page, which can be found at xxxxx://xxx.00xxxx.xxx/privacy-policy, and which includes an email address for subscribing to email notifications on the occasion of the appointment of any new SubprocessorSubprocessors
6.3.1 Company Group Member shall subscribe, including full details of and if Company Group Member subscribes, 17hats shall provide, via email to the Processing email address provided, send information on any proposed Subprocessor appointments at least seven (7) calendar days prior to be undertaken by the Subprocessor. such update.
6.3.2 If, within sixty three (603) calendar days of receipt of that notice, Customer Company Group Member notifies JourneyApps 17hats in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate ;
6.3.2.1 17hats shall appoint (or disclose any Customer Personal Data to) work with Company in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken Subprocessor; and
6.3.2.2 where such a change cannot be made within thirty (30) calendar days from 17hats' receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to address 17hats with immediate effect terminate the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation Principal Agreement to the extent that it relates to the Services which require the use of the steps takenproposed Subprocessor.
6.4 With respect to each Subprocessor, JourneyApps 17hats or the relevant JourneyApps 17hats Affiliate shall:
6.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyApps17hats, or (b) the relevant JourneyApps 17hats Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps17hats, or (b) the relevant JourneyApps 17hats Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps 17hats and each JourneyApps 17hats Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyApps17hats.
Appears in 1 contract
Samples: Data Protection Addendum
Subprocessing. 6.1 Each Customer Group Member 24.1 The Client authorises JourneyApps and each JourneyApps Affiliate Xxxxxx to appoint (and permit each Subprocessor appointed in accordance with this section 6 Clause 24 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal AgreementClause 24.
6.2 JourneyApps and each JourneyApps Affiliate 24.2 Xxxxxx may continue to use those Subprocessors already engaged by JourneyApps or any JourneyApps Affiliate Xxxxxx as at the date of this DPAthe Agreement, subject to JourneyApps and each JourneyApps Affiliate Xxxxxx in each case as soon as practicable meeting the obligations set out in section 6.4Clause 24.4.
6.3 JourneyApps 24.3 Xxxxxx shall give Customer the Client prior written notice of the appointment of any new Subprocessor, Subprocessor including full details of the nature of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 30 days of receipt of that notice, Customer the Client notifies JourneyApps Xxxxxx in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate :
24.3.1 Xxxxxx shall appoint (or disclose any Customer Personal Data to) work with the Client in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor until reasonable steps have been taken to address the objections raised by Subprocessor; and
24.3.2 where in Xxxxxx’x sole opinion such a change cannot reasonably be made, notwithstanding any Customer Group Member and Customer has been provided with a reasonable written explanation other terms of the steps takenAgreement Xxxxxx may by written notice to the Client with immediate effect terminate the Agreement or any other contract between Xxxxxx and the Client to the extent that it relates to the Services which require the use of the proposed Subprocessor;
24.3.3 where an agreement is terminated under Clause 24.3.2:
24.3.3.1 the provisions of Clause 35.2 shall apply;
24.3.3.2 Xxxxxx shall be paid in full for Work done up to the date of termination;
24.3.3.3 where the Client has paid in advance for Services which have not been performed, the Client shall be entitled to a partial refund of those Charges to the extent that they relate to wholly unperformed Services.
6.4 24.4 With respect to each Subprocessor, JourneyApps or the relevant JourneyApps Affiliate Xxxxxx shall:
6.4.1 24.4.1 before the Subprocessor first Processes Customer Client Personal Data (or, where relevant, in accordance with section 6.2Clause 24.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Client Personal Data required by the Principal this Agreement;
6.4.2 24.4.2 ensure that the arrangement between on the one hand (a) JourneyApps, Xxxxxx or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; Subprocessor and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Client Personal Data as those set out in this DPA Agreement and which meet the requirements of article Article 28(3) of the GDPR;
6.4.3 24.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyApps, Xxxxxx or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; , and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Client Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution)Client; and
6.4.4 24.4.4 provide to Customer the Client for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAData Protection Laws) as Customer the Client may request from time to time.
6.5 JourneyApps and each JourneyApps Affiliate 24.5 Xxxxxx shall ensure that each Subprocessor performs the obligations under sections 3.1Clauses 21.1, 422, 523, 7.125.1, 8.226.2, 9 26.3, and 11.1, 29.1 as they apply to Processing of Customer Client Personal Data carried out by that Subprocessor, as if it were party to this DPA Agreement in place of JourneyAppsXxxxxx.
24.6 A general list of current Subprocessors used by Xxxxxx can be found at xxxx://xxx.xxxxxxx.xxx/subprocessors. Updating this list and notifying the Client in writing of the update shall satisfy the notification requirements of Clause 24.3. Additional Subprocessors relevant to specific Projects may be notified to the Client separately.
Appears in 1 contract
Samples: Terms and Conditions
Subprocessing.
6.1 Each Customer Company Group Member authorises JourneyApps Vendor and each JourneyApps Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 to appoint) Subprocessors in accordance with this section 6 and any restrictions in the Principal Agreement.
6.2 JourneyApps Vendor and each JourneyApps Vendor Affiliate may continue to use those Subprocessors already engaged by JourneyApps Vendor or any JourneyApps Vendor Affiliate as at the date of this DPAAddendum, subject to JourneyApps Vendor and each JourneyApps Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4.6.4.
6.3 JourneyApps Vendor shall give Customer Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 30 days of receipt of that notice, Customer Company notifies JourneyApps Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps nor any JourneyApps Affiliate shall appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the steps taken.:
6.4 With respect to each Subprocessor, JourneyApps Vendor or the relevant JourneyApps Vendor Affiliate shall:shall:
6.4.1 before the Subprocessor first Processes Customer Company Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Company Personal Data required by the Principal Agreement;
6.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;on
6.4.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) JourneyAppsVendor, or (b) the relevant JourneyApps Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Company Personal Data procure that it enters into an agreement incorporating the Standard Contractual Clauses with the relevant Customer Company Group Member(s) (and Customer Company shall procure that each Customer Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); andand
6.4.4 provide to Customer Company for review such copies of the Contracted Processors’ ' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Customer Company may request from time to time.
6.5 JourneyApps Vendor and each JourneyApps Vendor Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of JourneyAppsVendor.
Appears in 1 contract
Samples: Data Processing Addendum
Subprocessing. 6.1 Each Customer Group Member authorises JourneyApps 5.1 CUSTOMER authorizes GERBER and each JourneyApps GERBER Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 6 5 to appoint) Subprocessors in accordance with this section 6 and 5, subject to any restrictions in the Principal Agreement, to conduct Processing described in clause 2.3.
6.2 JourneyApps 5.2 GERBER and each JourneyApps GERBER Affiliate may continue to use those for the Processing of CUSTOMER Personal Data the Subprocessors which have been already engaged by JourneyApps GERBER or any JourneyApps GERBER Affiliate as at of the date of this DPA, subject to JourneyApps and each JourneyApps Affiliate in each case as soon as practicable meeting the obligations set out in section 6.4Addendum.
6.3 JourneyApps 5.3 GERBER shall give Customer CUSTOMER prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within sixty (60) 10 days of receipt of that notice, Customer CUSTOMER notifies JourneyApps GERBER in writing of any objections (on reasonable grounds) to the proposed appointment, neither JourneyApps GERBER nor any JourneyApps GERBER Affiliate shall appoint (or nor disclose nor transfer any Customer CUSTOMER Personal Data to) that the proposed Subprocessor until reasonable steps have been taken except with the prior written consent of CUSTOMER. If CUSTOMER objects to address the objections raised appointment of a proposed Subprocessor then GERBER shall be entitled to either propose another Subprocessor or terminate the respective Service by any Customer Group Member and Customer has been provided with a reasonable written explanation of notice to the steps takenCUSTOMER.
6.4 5.4 With respect to each Subprocessor, JourneyApps GERBER or the relevant JourneyApps GERBER Affiliate shall:
6.4.1 5.4.1 before the Subprocessor first Processes Customer CUSTOMER Personal Data (or, where relevant, in accordance with section 6.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer CUSTOMER Personal Data required by the Principal AgreementAgreement and this Addendum;
6.4.2 5.4.2 ensure that the arrangement between on the one hand (a) JourneyAppsGERBER, or (b) the relevant JourneyApps GERBER Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which that offer at least the same level of protection for Customer CUSTOMER Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;; and
6.4.3 5.4.3 if that arrangement involves a Restricted Transfer, (a) ensure that the Standard Contractual Clauses are at all relevant times properly incorporated into the agreement between on GERBER or the one hand (a) JourneyAppsrelevant GERBER Affiliate and the Subprocessor, or (b) the relevant JourneyApps Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer CUSTOMER Personal Data procure that it enters Data, require the Subprocessor to enter into an agreement incorporating with CUSTOMER that incorporates the Standard Contractual Clauses with the relevant Customer Group Member(s) (and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and
6.4.4 provide to Customer for review such copies of the Contracted Processors’ agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Customer may request from time to timeClauses.
6.5 JourneyApps and each JourneyApps Affiliate shall ensure that each Subprocessor performs the obligations under sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of JourneyApps.
Appears in 1 contract
Samples: Data Processing Addendum
