Common use of Subprocessing Clause in Contracts

Subprocessing. ‌ 4.1 Company authorizes Securonix to appoint (and permit each Subprocessor appointed in accordance with this section 4 to appoint) Subprocessors in accordance with this section 4 and any restrictions in the Principal Agreement. 4.2 Securonix may continue to use those Subprocessors already engaged by Securonix as at the date of this DPA, subject to Securonix in each case as soon as practicable meeting the obligations set out in section 4.4.‌ 4.3 Securonix will give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) of receipt of that notice, Company notifies Securonix in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3. 4.4 With respect to each Subprocessor, Securonix or the relevant Securonix Affiliate shall:‌ 4.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 ensure that the arrangement between on the one hand (a) Securonix, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR; 4.4.3 if that arrangement involves a data transfer in accordance with Section 11 below, ensure that the appropriate standard contractual clauses are at all relevant times incorporated into the agreement between on the one hand (a) Securonix, (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual with the Company; and 4.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Company may request from time to time. 4.5 Securonix and each Securonix Affiliate shall ensure that each Subprocessor performs the obligations under this DPA as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of Securonix.

Subprocessing. ‌ 4.1 5.1 Company authorizes Securonix authorises Vendor to appoint (and permit each Subprocessor appointed in accordance with this section 4 to appoint) Subprocessors in accordance with this section 4 5 and any restrictions in the Principal Agreement. 4.2 Securonix 5.2 Vendor may continue to use those Subprocessors already engaged by Securonix Vendor as at the date of this DPAAddendum, subject to Securonix Vendor in each case as soon as practicable meeting the obligations set out in section 4.4.‌5.4. 4.3 Securonix will 5.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten five (105) business days of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, : 5.3.1 Vendor shall not appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the parties will seek to resolve objections raised by any Company has been provided with a reasonable written explanation of the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3steps taken. 4.4 5.4 With respect to each Subprocessor, Securonix or the relevant Securonix Affiliate shall:‌Vendor shall: 4.4.1 5.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 5.4.2 ensure that the arrangement between on the one hand (a) Securonix, or (b) Vendor and the relevant intermediate Subprocessor; and on the other hand the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 5.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) Securonix, (b) the relevant intermediate Subprocessor; Vendor and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data Data, procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Company; and 4.4.4 5.4.4 provide to Company for review such copies confirmation of the Contracted Processors' existence of Vendor’s agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Company may request from time to time. 4.5 Securonix and each Securonix Affiliate 5.5 Vendor shall ensure that each Subprocessor performs the obligations under this DPA sections 2.1, 3, 4, 6.1 , 7.2, 8 and 10.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 6.1 Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPAAddendum, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) 30 days of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3.: 4.4 6.4 With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix 6.5 Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 6.1. Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal AgreementTerms of Use. 4.2 Securonix 6.2. Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPAAddendum, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will give 6.3. The Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) of receipt of that notice, Company notifies Securonix in writing of any objections (on reasonable grounds) consents to the proposed appointment, Vendor appointing Subprocessor as a third-party processor of Company Personal Data under this agreement. The Vendor confirms that it has entered or (as the parties case may be) will seek to resolve the matter in good faith. If Securonix can provide the Services to Company without using enter with the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3into a written agreement [substantially on that Subprocessor’s standard terms of business. 4.4 6.4. With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1. before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal AgreementTerms of Use; 4.4.2 6.4.2. ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR;GDPR;11 4.4.3 if that arrangement involves a data transfer in accordance with Section 11 below, ensure that the appropriate standard contractual clauses are at all relevant times incorporated into the agreement between on the one hand (a) Securonix, (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual with the Company; and 4.4.4 6.4.3. provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix 6.5. Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 Company authorizes Securonix 5.4.1 Customer authorises CoreHR to appoint (and permit each Subprocessor appointed in accordance with this section 4 Clause 5.4.1 and Clause 5.4.2 to appoint) Subprocessors in accordance with this section 4 and any restrictions in the Principal Agreement. 4.2 Securonix may continue 5.4.2 Customer generally authorises CoreHR to use permit those Subprocessors already engaged by Securonix CoreHR as at the date of this DPAAgreement to Process Customer Personal Data as required to provide the Services, subject to Securonix CoreHR in each case as soon as practicable meeting the obligations set out in section 4.4.‌Clause 5.4.4 ("Authorised Subprocessors"). 4.3 Securonix will give Company prior written notice 5.4.3 CoreHR shall inform the Customer as soon as reasonably practicable of any intended changes concerning the addition or replacement of any of the appointment of Authorised Subprocessors that will Process any new Customer Personal Data ("New Subprocessor, including full details of the Processing to be undertaken by the Subprocessor"). If, within ten (10) 14 calendar days of receipt of that notice, Company Customer notifies Securonix CoreHR in writing of any objections (on reasonable grounds) to the proposed appointmentappointment of a New Sub-Processor, the parties will endeavour to agree (acting reasonably), without undue delay, the commercially reasonable steps to be taken to ensure that the new Subprocessor in question is compliant with Article 28(4) of the GDPR. Where the Customer considers, acting reasonably, that the risks involved with the subprocessing are still unacceptable in the context of Article 28(4), within 14 calendar days following the proposal in relation to the appropriate steps, the parties shall promptly seek to resolve the matter issues in good faith. If Securonix can provide accordance with the Services to Company without using Dispute Resolution Procedure as set out in Clause 14 of the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3Agreement. 4.4 5.4.4 With respect to each Subprocessor, Securonix or the relevant Securonix Affiliate shall:‌CoreHR shall: 4.4.1 5.4.4.1 before the Subprocessor first Processes Company Customer Personal Data (or, where relevant, in accordance with section 4.2)Clause 5.4.2, before the Subprocessor continues to Process Customer Personal Data following the signature of this Agreement, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Customer Personal Data required by the Principal Agreement; 4.4.2 5.4.4.2 ensure that the arrangement between on CoreHR and the one hand (a) Securonix, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, Subprocessor is governed by a written contract including terms which offer at least the same level of no less protection for Company Customer Personal Data as those set out in this DPA Agreement; and meet the requirements of article 28(3) of the GDPR; 4.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, at CoreHR's discretion: 5.4.4.2.1 ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between CoreHR, on the one hand (a) Securonixbehalf of Customer, (b) and the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before or 5.4.4.2.2 where required to ensure compliance with Data Protection Legislation, use commercially reasonable endeavours to procure that the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses directly with the Company; andrelevant Customer. 4.4.4 provide to Company 5.4.5 CoreHR shall remain liable for review such copies the acts and omissions of its Subprocessors in accordance with the terms and conditions of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Company may request from time to timeAgreement. 4.5 Securonix and each Securonix Affiliate shall ensure that each Subprocessor performs the obligations under this DPA as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of Securonix.

Subprocessing. ‌ 4.1 Company authorizes Securonix 6.1 Each Customer Group Member authorises SDS to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) appoint Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. This authorisation will constitute Customer's prior general written authorisation for SDS to subcontract the processing of Personal Data if such consent is required under Attachment 2 (Standard Contractual Clauses) or any applicable Data Protection Laws. 4.2 Securonix 6.2 SDS may continue to use those Subprocessors already engaged by Securonix SDS as at the date of this DPAAddendum, subject to Securonix SDS in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 SDS shall give Company Customer prior written notice of the appointment of any new intended changes concerning the addition or replacement of Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) 30 calendar days of receipt of that notice, Company Customer notifies Securonix SDS in writing of any objections (on reasonable grounds) grounds to the proposed appointment, SDS shall not appoint or disclose any Customer Personal Data to that proposed Subprocessor until reasonable steps have been taken to address the parties will seek to resolve objections raised by any Customer Group Member and Customer has been provided with a reasonable written explanation of the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3steps taken. 4.4 6.4 With respect to each Subprocessor, Securonix or the relevant Securonix Affiliate shall:‌SDS shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Customer Personal Data (or, where relevant, in accordance with section 4.2)6.2, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Customer Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) SecuronixSDS, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Customer Personal Data as those set out in this DPA Addendum and meet the requirements of article Article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixSDS, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Customer Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Customer Group Member(s) and Customer shall procure that each Customer Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution; and 4.4.4 6.4.4 provide to Company Customer for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) Addendum as Company Customer may request from time to time. 4.5 Securonix and each Securonix Affiliate 6.5 SDS shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Customer Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixSDS.

Subprocessing. ‌ 4.1 6.1 Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPA, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) 30 days of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, : Neither Vendor nor any Vendor Affiliate shall appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the parties will seek to resolve objections raised by any Company Group Member and Company has been provided with a reasonable written explanation of the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3steps taken. 4.4 6.4 With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Company may request from time to time. 4.5 Securonix 6.5 Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 9 and 11, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of SecuronixVendor.

Subprocessing. ‌ 4.1 Company authorizes Securonix 6.1 Each Controller Group Member authorises Processor and each Processor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2 Processor and each Processor Affiliate may continue to use those Subprocessors already engaged by Securonix Processor or any Processor Affiliate as at the date of this DPAAddendum, subject to Securonix Processor and each Processor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 Processor shall give Company Controller prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten thirty (1030) calendar days of receipt of that notice, Company Controller notifies Securonix Processor in writing of any objections (on reasonable grounds) to the proposed appointment, : Neither Processor nor any Processor Affiliate shall appoint (nor disclose any Controller Personal Data to) the parties will seek to resolve proposed Subprocessor except with the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3prior written consent of Controller. 4.4 6.4 With respect to each Subprocessor, Securonix Processor or the relevant Securonix Processor Affiliate shall:‌shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Controller Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Controller Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) SecuronixProcessor, or (b) the relevant Processor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Controller Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixProcessor, (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual with the Company; and 4.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Company may request from time to time. 4.5 Securonix and each Securonix Affiliate shall ensure that each Subprocessor performs the obligations under this DPA as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of Securonix.or

Subprocessing. ‌ 4.1 6.1. Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2. Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPAAddendum, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3. Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) 30 days of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter : 6.3.1. Vendor shall work with Company in good faith. If Securonix can provide faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor; and 6.3.2. where such a change cannot be made within 30 days from Vendor's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to Company without using Vendor with immediate effect terminate the Subprocessor and decides in its discretion Principal Agreement to do so, then Company will have no further rights the extent that it relates to object the Subprocessor under this Section 4.3Services which require the use of the proposed Subprocessor. 4.4 6.4. With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1. before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2. ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3. if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4. provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix 6.5. Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 6.1. Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2. Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPAAddendum, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3. Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) one month of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter : 6.3.1. [Vendor shall work with Company in good faith. If Securonix can provide faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor; and 6.3.2. where such a change cannot be made within 3 months from Vendor's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to Company without using Vendor with immediate effect terminate the Subprocessor and decides in its discretion Principal Agreement to do so, then Company will have no further rights the extent that it relates to object the Subprocessor under this Section 4.3Services which require the use of the proposed Subprocessor.] 4.4 6.4. With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Affiliate shall:‌Vendor Affiliate shall: 4.4.1 6.4.1. before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2. ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3. if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4. provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix 6.5. Vendor and each Securonix Affiliate Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 6.1 Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPAAddendum, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) [ 30 days ] of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter : 6.3.1 [Vendor shall work with Company in good faith. If Securonix can provide faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor; and 6.3.2 where such a change cannot be made within [ 30 days ] from Vendor's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to Company without using Vendor with immediate effect terminate the Subprocessor and decides in its discretion Principal Agreement to do so, then Company will have no further rights the extent that it relates to object the Subprocessor under this Section 4.3Services which require the use of the proposed Subprocessor.] 4.4 6.4 With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix 6.5 Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 6.1. Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2. Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPAAddendum, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3. Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) 30 days of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter in good faith: 6.4. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3. 4.4 With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1. before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2. ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3. if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4. provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix 6.5. Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 6.1 Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPA, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) 30 days of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, : Neither Vendor nor any Vendor Affiliate shall appoint (or disclose any Company Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the parties will seek to resolve objections raised by any Company Group Member and Company has been provided with a reasonable written explanation of the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3steps taken. 4.4 6.4 With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Company may request from time to time. 4.5 Securonix 6.5 Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of SecuronixVendor.

Subprocessing. ‌ 4.1 Company authorizes Securonix 5.1 The Association authorises the Processor to appoint (and permit each Subprocessor appointed in accordance with this section 4 5 to appoint) Subprocessors in accordance with this section 4 5 and any restrictions in the Principal AgreementContract. 4.2 Securonix 5.2 The Processor may continue to use those Subprocessors already engaged by Securonix the Processor as at the date of this DPAAddendum, subject to Securonix the Processor in each case as soon as practicable meeting the obligations set out in section 4.4.‌5.4. 4.3 Securonix will 5.3 The Processor shall give Company the Association prior written notice of the appointment of any new its intention to appoint a Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten The Processor shall not appoint (10nor disclose any Association Personal Data to) of receipt of that notice, Company notifies Securonix in writing of any objections (on reasonable grounds) to the proposed appointment, Subprocessor except with the parties will seek to resolve prior written consent of the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3Association. 4.4 5.4 With respect to each Subprocessor, Securonix the Processor or the relevant Securonix Affiliate shall:‌shall: 4.4.1 5.4.1 before the Subprocessor first Processes Company Association Personal Data (or, where relevant, in accordance with section 4.25.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Association Personal Data required by the Principal Agreement; 4.4.2 5.4.2 ensure that the arrangement between on the one hand (a) Securonix, or (b) the relevant intermediate Subprocessor; Processor and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Association Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 5.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) Securonix, (b) the relevant intermediate Subprocessor; Processor and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Association Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual with the CompanyData; and 4.4.4 5.4.4 provide to Company the Association for review such copies of the Contracted Processors' Processor’s agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company the Association may request from time to time. 4.5 Securonix and each Securonix Affiliate 5.5 The Processor shall ensure that each Subprocessor performs the obligations under this DPA sections 2.1, 3, 4, 6.1, 7.2, 8 and 10.1, as they apply to Processing of Company Association Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of Securonixthe Processor.

Subprocessing. ‌ 4.1 6.1 Company authorizes Securonix authorises Vendor to appoint (and permit each Subprocessor Sub-processor appointed in accordance with this section 4 6 to appoint) Subprocessors Sub-processors in accordance with this section 4 6 and any restrictions in the Principal Master Agreement. 4.2 Securonix 6.2 Vendor may continue to use those Subprocessors Sub-processors already engaged by Securonix Vendor as at the date of this DPAAddendum, subject to Securonix in each case as soon as practicable Vendor meeting the obligations set out in section 4.4.‌6.5. 4.3 Securonix will give 6.3 Where Vendor intends to make changes to the use of any of its Sub-processors, it shall inform Company 30 days prior written notice to the date of the appointment of any the new SubprocessorSub-processor. Where the Company objects to such a change (acting reasonably), including full details the Company shall notify Vendor prior to the appointment date of the Processing to be undertaken by new Sub-processor. In such case, Vendor and the Subprocessor. If, within ten (10) of receipt of that notice, Company notifies Securonix in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter shall meet in good faith. If Securonix , and if no agreement can provide be found, the Services Company shall during a reasonable timeframe be entitled to Company without using terminate the Subprocessor Master Agreement and decides in its discretion to do so, then Company will have any active underlying Order Form on no further rights to object the Subprocessor under this Section 4.3less than 30 days’ written notice. 4.4 6.4 On termination of the impacted services, pursuant to section Error! Reference source not found., Company shall be liable for any contracted fees or charges for the remainder of the term of the Master Agreement and any Order Forms thereunder. 6.5 With respect to each SubprocessorSub-processor, Securonix or the relevant Securonix Affiliate shall:‌Vendor shall: 4.4.1 6.5.1 before the Subprocessor Sub-processor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence checks to ensure that the Subprocessor Sub-processor is capable of providing the level of protection for Company Personal Data required by the Principal AgreementVendor; 4.4.2 6.5.2 ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant intermediate Subprocessor; Sub-processor, and on the other hand the SubprocessorSub- processor, is governed by a written contract including terms which offer at least the same a similar level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article Article 28(3) of the GDPR; 4.4.3 if that arrangement involves a data transfer in accordance with Section 11 below, ensure that the appropriate standard contractual clauses are at all relevant times incorporated into the agreement between on the one hand (a) Securonix, (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual with the Company; and 4.4.4 6.5.3 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors Sub-processors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix and each Securonix Affiliate 6.6 Vendor shall ensure that each Subprocessor Sub-processor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that SubprocessorSub-processor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 6.1 Each Company authorizes Securonix Group Member authorises Samsung and each Samsung Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 Section 6 to appoint) appoint Subprocessors in accordance with this section 4 Section 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2 Samsung and each Samsung Affiliate may continue to use those Subprocessors already engaged by Securonix Samsung or any Samsung Affiliate as at the date of this DPAAddendum, subject to Securonix Samsung and each Samsung Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌Section 6.4. 4.3 Securonix will 6.3 Samsung shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) 14 calendar days of receipt of that notice, Company notifies Securonix Samsung in writing of any objections (on reasonable grounds) grounds related to data protection or privacy to the proposed appointment, neither Samsung nor any Samsung Affiliate shall appoint or disclose any Company Personal Data to that proposed Subprocessor until reasonable steps have been taken to address the parties will seek to resolve objections raised by any Company Group Member and Company has been provided with a reasonable written explanation of the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3steps taken. 4.4 6.4 With respect to each Subprocessor, Securonix Samsung or the relevant Securonix Samsung Affiliate shall:‌shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.2)Section 6.2, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) SecuronixSamsung, or (b) the relevant Samsung Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that (i) the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixSamsung, or (b) the relevant Samsung Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Company; and 4.4.4 provide to relevant Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAGroup Member(s) as and Company may request from time to time. 4.5 Securonix and each Securonix Affiliate shall ensure procure that each Subprocessor performs Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution; or (ii) the obligations under this DPA as they apply to Processing recipient of Company Personal Data carried out by has adequate safeguards in accordance with Data Protection Laws to ensure the protection of that Subprocessor, as if it were party to this DPA in place of SecuronixCompany Personal Data.

Subprocessing. ‌ 4.1 Company authorizes Securonix 5.1 You and each of Your relevant Affiliates authorise Us to appoint (and permit each Subprocessor appointed in accordance with this section 4 5 to appoint) Subprocessors in accordance with this section 4 5 and any restrictions in the Principal Agreement. 4.2 Securonix 5.2 We may continue to use those Subprocessors already engaged by Securonix Us as at the date of this DPAAddendum, subject to Securonix Us, in each case case, as soon as practicable meeting the obligations set out in section 4.4.‌5.4.‌ 4.3 Securonix will 5.3 We shall give Company You prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) one month of receipt of that notice, Company notifies Securonix You notify Us in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter : 5.3.1 We shall work with You in good faith. If Securonix can provide faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor; and 5.3.2 where such a change cannot be made within six months from Our receipt of Your notice, notwithstanding anything in the Agreement, You may by written notice to Company without using Us with immediate effect terminate the Subprocessor and decides in its discretion Agreement to do so, then Company will have no further rights the extent that it relates to object the Subprocessor under this Section 4.3Services which require the use of the proposed Subprocessor. 4.4 5.4 With respect to each Subprocessor, Securonix or the relevant Securonix Affiliate We shall:‌ 4.4.1 5.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.25.2), carry out adequate reasonable enquiries and due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal AgreementAgreement ; 4.4.2 5.4.2 ensure that the arrangement between on the one hand (a) Securonix, or (b) the relevant intermediate Subprocessor; and on the other hand with the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 5.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) Securonix, (b) the relevant intermediate Subprocessor; Us and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual with the Company; and 4.4.4 5.4.4 if requested by You, provide to Company You for review such copies of the Contracted Processors' Our agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Company may request from time to timeAddendum). 4.5 Securonix 5.5 We shall remain primarily liable for the acts and each Securonix Affiliate shall ensure that each Subprocessor performs omissions of Our Subprocessors relating to the obligations under this DPA as they apply to Processing processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of SecuronixData.

Subprocessing. ‌ 4.1 6.1 Each Company Group Member authorizes Securonix Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPAAddendum, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten thirty (1030) calendar days of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3.: 4.4 6.4 With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix 6.5 Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 Company 6.1 Customer/Controller authorizes Securonix WJ/EW to appoint (Subprocessors in accordance with this section 6 and any restrictions in the XXXX, and to permit each Subprocessor duly appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 and any restrictions in the Principal Agreementappoint further Subprocessors. 4.2 Securonix 6.2 WJ/EW may continue to use those Subprocessors already engaged by Securonix WJ/EW as at the date of this DPAAddendum, subject to Securonix WJ/EW in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 To the extent required under the GDPR, WJ/EW shall give Company Customer/Controller prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, Such appointment shall be effective unless within ten 10 (10ten) days of receipt of that such notice, Company notifies Securonix in writing of any Customer/Controller provides WJ/EW written objections (on reasonable grounds) to the proposed appointment, . WJ/EW shall not appoint (or disclose any Customer/Controller Personal Data to) that proposed Subprocessor until reasonable steps have been taken to address the parties will seek to resolve objections raised by Customer/Controller and Customer/Controller has been provided with a reasonable written explanation of the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3steps taken. 4.4 6.4 With respect to each Subprocessor, Securonix or the relevant Securonix Affiliate shall:‌WJ/EW shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Customer/Controller Personal Data (or, where relevant, in accordance with section 4.2section6.2), carry out adequate due diligence under the circumstances to ensure that the Subprocessor is capable of providing the level of protection for Company Customer/Controller Personal Data required by the Principal AgreementApplicable Law, this Addendum, or under the XXXX; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) Securonixhand, WJ/EW, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Customer/Controller Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) Securonixhand, (b) WJ/EW, or the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Customer/Controller Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with WJ/EW, or the Companyrelevant intermediate Subprocessor; and 4.4.4 6.4.4 provide to Company Customer/Controller for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum, or Applicable Law) as Company Customer/Controller may request from time to time. 4.5 Securonix 6.5 Customer/Controller and each Securonix Customer/Controller Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections3.1,4,5,7.1,8.2,9 and11.1, as they apply to Processing of Company Customer/Controller Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixCustomer/Controller.

Subprocessing. ‌ 4.1 6.1 Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPAAddendum, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten twenty (1020) business days of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter : 6.3.1 Vendor shall work with Company in good faith. If Securonix can provide faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed Subprocessor; and 6.3.2 where such a change cannot be made within forty-five (45) days from Vendor's receipt of Company's notice, notwithstanding anything in the Principal Agreement, Company may by written notice to Company without using Vendor with immediate effect terminate the Subprocessor and decides in its discretion Principal Agreement to do so, then Company will have no further rights the extent that it relates to object the Subprocessor under this Section 4.3Services which require the use of the proposed Subprocessor. 4.4 6.4 With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on one of the one hand following; (a) SecuronixVendor, (b) the relevant Vendor Affiliate, or (bc) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA Addendum and meet the requirements of article 28(3) of the GDPR; 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that that: (a) the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on one of the one hand following: (ai) SecuronixVendor, (bii) the relevant Vendor Affiliate, or (iii) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or (b) before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyrelevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix 6.5 Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.

Subprocessing. ‌ 4.1 6.1 Each Company authorizes Securonix Group Member authorises Vendor and each Vendor Affiliate to appoint appoin t (and permit each Subprocessor appointed in accordance with this section 4 6 to appoint) Subprocessors in accordance with this section 4 6 and any restrictions in the Principal Agreement. 4.2 Securonix 6.2 Vendor and each Vendor Affiliate may continue to use those Subprocessors already engaged by Securonix Vendor or any Vendor Affiliate as at the date of this DPAAddendum, subject to Securonix Vendor and each Vendor Affiliate in each case as soon as practicable meeting the obligations set out in section 4.4.‌6.4. 4.3 Securonix will 6.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) 30 days of receipt of that notice, Company notifies Securonix Vendor in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3.: 4.4 6.4 With respect to each Subprocessor, Securonix Vendor or the relevant Securonix Vendor Affiliate shall:‌shall: 4.4.1 6.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.26.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 6.4.2 ensure that the arrangement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affiliate, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR;on 4.4.3 6.4.3 if that arrangement involves a data transfer in accordance with Section 11 belowRestricted Transfer, ensure that the appropriate standard contractual clauses Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SecuronixVendor, or (b) the relevant Vendor Affilia te, or (c) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual Standard Contractual Clauses with the Companyth e relevant Company Group Member(s) (and Company shall procure that each Company Affiliate party to any such Standard Contractual Clauses co-operates with their population and execution); and 4.4.4 6.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPAAddendum) as Company may request from time to time. 4.5 Securonix 6.5 Vendor and each Securonix Vendor Affiliate shall ensure that each Subprocessor performs the obligations under this DPA sections 3.1, 4, 5, 7.1, 8.2, 9 and 11.1, as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA Addendum in place of SecuronixVendor.