Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply:
6.6.1 As of the date of this Addendum, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”);
6.6.2 If, after the date of this Addendum, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this Addendum should be suspended in the light of the such Government Agency Requests; and
6.6.3 The Data Exporter and Data Importer will meet as needed to consider whether:
(i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be;
(ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and
(iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities.
6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices an...
Supplementary Measures. For any ex-EEA or ex-UK Transfers, the following supplementary measures will apply:
i) Jamf represents and warrants that, at the time of the transfer, it has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the relevant Personal Data is being exported, for access to (or for copies of) Personal Data that has been transferred to Jamf pursuant to this Agreement ("Government Agency Requests");
ii) if, after the Effective Date of this DPA, Jamf receives any Government Agency Requests, it will (unless prohibited by law from doing so) inform the Customer in writing as soon as reasonably practicable and the Customer and Jamf will (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this DPA should be suspended in the light of such Government Agency Requests; and
iii) the Customer and Jamf will meet regularly to consider whether:
1) the protection afforded by the laws where Jamf is based to Data Subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA and/or the UK;
2) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Law; and
3) it is still appropriate for Personal Data to be transferred to Jamf, considering all relevant information available to the Parties, together with guidance provided by the supervisory authorities.
Supplementary Measures. 5.1 This section supplements but does not modify the EU Clauses or the UK Addendum.
5.2 In the event that Personal Data is transferred to a country where the EU Clauses or the UK Addendum are required, and the third country does not ensure an essentially equivalent level of protection to Personal Data as the European Union or the UK, Splunk has put in place the following supplementary measures:
Supplementary Measures. In addition to the obligations under Sections 7(a)-(d), if and to the extent that the Parties will engage in cross-border Processing of Personal Data or will transmit, directly or indirectly, any Personal Data to a country outside of the country from which such Personal Data was collected (including without limitation transfers of Personal Data outside of the EEA, Switzerland or the UK), the Parties agree to the following supplementary measures:
i. All Personal Data shall be encrypted both in transit and at rest using state of the art encryption technology that is robust against the performance of cryptanalysis;
ii. Menlo Security warrants and represents that, as of the date of the Agreement, it has not received any national security data production orders (e.g., pursuant to Section 702 of the Foreign Intelligence Surveillance Act (“FISA Section 702”) or U.S. Presidential Policy Directive 28);
iii. Menlo Security will use all reasonable legal mechanisms to challenge any demands for data access through the national security process that Menlo Security receives; and
iv. Menlo Security will provide, up to once per calendar year upon Customer’s request, a transparency report indicating the types of binding legal demands for the Personal Data it has received, including national security orders and directives.
Supplementary Measures. To the extent required by Data Protection Laws, in cases where transfer of EU Area Personal Data to Third Countries which do not provide an equivalent level of protection as granted under applicable EU Area Laws, the Parties agree to implement additional supplementary measures as may be required on a case by case basis. Such supplementary measures may include the following:
Supplementary Measures a. RingCentral warrants and represents that it shall use its best efforts to make Customer aware of any changes to the information that it has provided to the Customer under clause 14c of the EU Standard Contractual Clauses and shall advise Customer without undue delay of any changes to such information.
b. RingCentral warrants and represents that:
i. it has not purposefully created back doors or similar programming that could be used to access the personal data processed in connection with this DTA.
ii. it has not purposefully created or changed its business processes in a manner that facilitates access to such personal data.
c. RingCentral agrees to:
i. provide the notification under clause 15.1 of the EU Standard Contractual Clauses before access is granted to personal data.
ii. monitor any legal or policy developments that might lead to its inability to comply with its obligations under this DTA and promptly inform the Customer of any such changes and developments, if possible, ahead of their implementation.
d. If RingCentral receives a request for the disclosure of personal data processed in connection with this DTA from a public authority in a third country, the RingCentral shall:
i. inform the requesting public authority of any incompatibility of the order with the safeguards contained in the Standard Contractual Clauses and the resulting conflict of obligations for RingCentral.
ii. notify as soon as possible the Customer insofar as possible under the third country legal order.
Supplementary Measures. In addition, in accordance with regulatory guidance following the European Court of Justice “Schrems II” decision, Provider further commits to maintaining the following additional technical, organizational and legal/contractual measures with respect to Accenture Data, including personal data. Accenture Data in transit between Provider entities will be strongly encrypted with encryption that:
Supplementary Measures. TO ENHANCE THE IMPLEMENTATION OF THE SEVILLE AGREEMENT
Supplementary Measures. To maintain the protection of Personal Data granted in the European Economic Area (“EEA”), OpenVPN shall collaborate with the Client in the event of international data transfers from the EEA to the United States. For the appropriate safeguards contained in the GDPR Article 46 transfer tools to be effective, OpenVPN shall comply with the following supplementary measures: It undertakes
(i) to provide encryption key management as outlined in the security controls referenced in Annex II - “Security of Processing”; (ii) to challenge unjust government data access request to Personal Data if any; and (iii) to delete any Personal Data as soon as reasonably practicable after the Principal Agreement has expired or has been terminated unless OpenVPN has valid legal reasons for retaining such data for longer.
Supplementary Measures. Where the destination country does not provide the level of data protection required by EU and UK law, the parties to the data transfer should assess whether they can provide supplementary measures to ensure an essentially equivalent level of protection as provided in the UK; and whether the law of the destination country will impinge on these supplementary measures so as to prevent their effectiveness. EDPB recommendations note that:
