Common use of Third-Party Certifications and Audits Clause in Contracts

Third-Party Certifications and Audits. Upon Customer’s request at reasonable intervals, and subject to the confidentiality obligations set forth in the Terms of Services and this DPA, Devolutions shall make available to Customer that is not a competitor of Devolutions (or Customer’s independent, reputable, third-party auditor that is not a competitor of Devolutions and not in conflict with Devolutions) all information necessary to demonstrate compliance with this DPA and the obligations laid down in Article 28 of the GDPR (as applicable) and allow for and contribute to audits, including inspections, conducted by them (provided, however, that such information, audits, inspections and the results therefrom, including the documents reflecting the outcome of the audit and/or the inspections, shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Devolutions’ prior written approval and, upon Devolutions’ first request, Customer shall return all records or documentation in Customer’s possession or control provided by Devolutions in the context of the audit and/or the inspection). Customer shall be fully responsible for bearing all the costs and expenses arising from or related to this Section and shall reimburse Devolutions for any time expended for any such on-site audit at the Devolutions’ then-current professional services rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and Devolutions shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Devolutions. Customer shall promptly notify Devolutions with information regarding any noncompliance discovered during the course of an audit.

Third-Party Certifications and Audits. Upon Customer’s request at reasonable intervals, and subject to the confidentiality obligations set forth in the Terms of Services and this DPA, Devolutions GoTo shall make available to the Customer that is not a competitor of Devolutions (or Customer’s independent, reputable, third-party auditor that is not a competitor of Devolutions and not in conflict with Devolutions) all information necessary to demonstrate compliance with this DPA its obligations under applicable Data Protection Laws and Regulations by making available, upon Customer’s request and no more than once annually: (a) any written technical documentation that GoTo makes available or generally provide to its customer base; and (b) information regarding GoTo’s compliance with the obligations laid down in Article 28 of the GDPR (as applicable) and allow for and contribute to audits, including inspections, conducted by them (provided, however, that such information, audits, inspections and the results therefrom, including the documents reflecting the outcome of the audit and/or the inspections, shall only be used by Customer to assess compliance with this DPA, in the form of applicable third-party certifications and/or audits [including those specified in the applicable Technical and shall not Organizational Measures available on GoTo’s Trust and Privacy Center (also accessible via xxxx://xxx.xxxx.xxx/company/trust under the “Product Resources” tab)]. Where required under Data Protection Laws and Regulations, the preceding may also include relevant information and documentation about GoTo's Sub-processors, to the extent such information is available and may be used distributed by GoTo. Should additional audit activities be deemed reasonably necessary, for any other purpose example if there is: (i) a requirement under Data Protection Laws and Regulations; (ii) a Security Incident; (iii) a material adverse change or disclosed reduction to any third party without Devolutions’ prior written approval and, upon Devolutions’ first requestthe relevant data protection practices for GoTo’s Services; and/or (iv) a breach of the material terms of this DPA, Customer shall return all records may contact GoTo to request an audit by the Customer directly or documentation in Customer’s possession or control provided another auditor appointed by Devolutions in the context Customer of the audit and/or procedures relevant to the inspection). Customer shall be fully responsible for bearing all the costs and expenses arising from or related to protection of Personal Data under this Section and shall reimburse Devolutions for any time expended for any such on-site audit at the Devolutions’ then-current professional services rates, which shall be made available to Customer upon requestDPA. Before the commencement of any such on-site audit, Customer and Devolutions GoTo shall mutually agree upon the scope, timing, duration, and/or reimbursable expenses (if any and duration solely to the extent permitted by Data Protection Laws and Regulations) of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Devolutionsaudit. Customer shall shall: (a) promptly notify Devolutions provide GoTo with information regarding any noncompliance non- compliance discovered during the course of an audit; and (b) use best efforts to minimize interference with GoTo’s business operations when conducting any such audit.

Third-Party Certifications and Audits. Retool has obtained the third-party certifications and audits set forth in the Security Practices Page. Upon Customer’s request at reasonable intervalsrequest, and subject to the confidentiality obligations set forth in the Terms of Services and this DPAAgreement, Devolutions Retool shall make available to Customer that is not a competitor of Devolutions (or Customer’s independent, reputable, third-party auditor that is not a competitor of Devolutions and not in conflict with Devolutionsauditor) all information necessary to demonstrate regarding Retool’s compliance with the obligations set forth in this DPA and in the obligations laid down in Article 28 form of the GDPR (as applicable) third-party certifications and allow for audits set forth in the Security Practices Page. Retool shall also permit and contribute to audits, including inspections, conducted by them (provided, however, that such information, audits, inspections and the results therefrom, including the documents reflecting the outcome audits of the audit and/or the inspectionsprocessing activities covered by this DPA, shall only be used by Customer to assess at reasonable intervals or: (a) if there are indications, in Customer’s reasonable opinion, of non-compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Devolutions’ prior written approval and, upon Devolutions’ first request; (b) where requested by a Supervisory Authority. To this end, Customer shall return all records or documentation may contact Retool in Customer’s possession or control provided by Devolutions accordance with notice provisions in the context of the audit and/or the inspection). Customer shall be fully responsible for bearing all the costs and expenses arising from or related Agreement to this Section and shall reimburse Devolutions for any time expended for any such request an on-site audit at of Retool’s procedures relevant to the Devolutions’ then-current professional services ratesprotection of Relevant Personal Data, which shall be made available but only to Customer upon requestthe extent required under Data Protection Laws. Before the commencement of any such on-site audit, Customer and Devolutions Retool shall mutually agree upon the scope, timing, and duration of the audit audit, in addition to the reimbursement rate for which Customer shall be responsible. Customer shall reimburse Retool for any time expended for any such on-site audit at the Retool Group’s then-current rates, which shall be made available to Customer upon request. All reimbursement rates shall be reasonable, taking into account the resources expended by DevolutionsRetool. Customer shall promptly notify Devolutions Retool with information regarding any noncompliance non-compliance discovered during the course of an audit., and Retool shall use commercially reasonable efforts to address any confirmed non-compliance.‌

Third-Party Certifications and Audits. Upon Customer’s request at reasonable intervalsThe Customer or an auditor authorized by Customer (however, and subject to the confidentiality obligations set forth in the Terms of Services and this DPA, Devolutions shall make available to Customer that is not a competitor of Devolutions (the M-Files) shall be entitled to inspect and/or audit the data privacy and security activities of M-Files pursuant to the DPA. The Parties shall agree on the time, scope and process of the inspection or audit at latest 30 days before the inspection or audit. The audit shall be carried out in a way that does not impede the obligations of M-Files or its subcontractors in regard to any third parties. Prior to any audit process, the representatives of Customer and the auditor agree to be subject to and sign, if needed, M-Files' form of non-disclosure agreement. M-Files shall provide Customer free of charge any documentation or other materials reasonably available to M-Files and necessary for the purposes of the Customer’s independent's audit or inspection. Further audit or inspection activities required by Customer shall be subject to the prevailing M-Files service rates set out in the applicable price list. If applicable, reputable, in the event that M-Files provides the Customer with an audit report by a third-party auditor that is not a competitor reasonably meets in any material respects the purpose of Devolutions and not in conflict with Devolutions) all information necessary to demonstrate compliance with this DPA and Customer's audit request based on the obligations laid down in Article 28 of the GDPR (as applicable) and allow for and contribute to auditsapplicable circumstances, including inspections, conducted by them (provided, however, that such information, audits, inspections and the results therefrom, including the documents reflecting the outcome of then the audit and/or the inspections, right hereunder shall only be used by Customer to assess compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Devolutions’ prior written approval and, upon Devolutions’ first request, Customer shall return all records or documentation in Customer’s possession or control provided by Devolutions in the context of the audit and/or the inspection)deemed satisfied. The Customer shall be fully responsible for bearing all its own expenses caused by the costs and expenses arising from audit or related to this Section and shall reimburse Devolutions for any time expended for any such oninspection, unless a material default or breach of the Agreement is uncovered, in which event M-site audit at the Devolutions’ then-current professional services rates, which Files shall be made available to responsible for the reasonable and documented out-of- pocket costs that Customer upon request. Before the commencement of any such onincurred in reviewing M-site audit, Customer Files' security activities and Devolutions shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Devolutions. Customer shall promptly notify Devolutions with information regarding any noncompliance discovered during the course of an auditdata privacy practices.

Third-Party Certifications and Audits. Retool has obtained the third-party certifications and audits set forth in the Security Practices Page. Upon Customer’s request at reasonable intervalsrequest, and subject to the confidentiality obligations set forth in the Terms of Services and this DPAAgreement, Devolutions Retool shall make available to Customer that is not a competitor of Devolutions (or Customer’s independent, reputable, third-party auditor that is not a competitor of Devolutions and not in conflict with Devolutionsauditor) all information necessary to demonstrate regarding Retool’s compliance with the obligations set forth in this DPA and in the obligations laid down in Article 28 form of the GDPR (as applicable) third-party certifications and allow for audits set forth in the Security Practices Page. Retool shall also permit and contribute to audits, including inspections, conducted by them (provided, however, that such information, audits, inspections and the results therefrom, including the documents reflecting the outcome audits of the audit and/or the inspectionsprocessing activities covered by this DPA, shall only be used by Customer to assess at reasonable intervals or: (a) if there are indications, in Customer’s reasonable opinion, of non-compliance with this DPA, and shall not be used for any other purpose or disclosed to any third party without Devolutions’ prior written approval and, upon Devolutions’ first request; (b) where requested by a Supervisory Authority. To this end, Customer shall return all records or documentation may contact Retool in Customer’s possession or control provided by Devolutions accordance with notice provisions in the context of the audit and/or the inspection). Customer shall be fully responsible for bearing all the costs and expenses arising from or related Agreement to this Section and shall reimburse Devolutions for any time expended for any such request an on-site audit at of Retool’s procedures relevant to the Devolutions’ then-current professional services ratesprotection of Relevant Personal Data, which shall be made available but only to Customer upon requestthe extent required under Data Protection Laws. Before the commencement of any such on-site audit, Customer and Devolutions Retool shall mutually agree upon the scope, timing, and duration of the audit audit, in addition to the reimbursement rate for which Customer shall be responsible. Customer shall reimburse Retool for any time expended for any such on-site audit at the Retool Group’s then-current rates, which shall be made available to Customer upon request. All reimbursement rates shall be reasonable, taking into account the resources expended by DevolutionsRetool. Customer shall promptly notify Devolutions Retool with information regarding any noncompliance non-compliance discovered during the course of an audit, and Retool shall use commercially reasonable efforts to address any confirmed non-compliance.