Common use of Third-Party Certifications and Audits Clause in Contracts

Third-Party Certifications and Audits. VTEX has obtained the third-party certifications and audits set forth in the Security Practices Data Sheet. Upon Customer’s request, and subject to the confidentiality obligations set forth in the Agreement, VTEX shall make available to Customer (or Customer’s independent, third-party auditor) information regarding the VTEX Group’s compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits set forth in the Security Practices Data Sheet. Customer may contact VTEX to request an on-site audit of VTEX's procedures relevant to the protection of Personal Data, but only to the extent required under applicable Data Protection Law. Customer shall reimburse VTEX for any time expended for any such on-site audit at the VTEX Group’s then-current rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and VTEX shall mutually agree upon the scope, timing, and duration of the audit and any measures to protect the security of third party personal data or VTEX confidential information, in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by VTEX. Customer shall promptly notify VTEX with information regarding any non-compliance discovered during the course of an audit, and VTEX shall use commercially reasonable efforts to address any confirmed non-compliance.

Third-Party Certifications and Audits. VTEX has obtained the third-party certifications and audits set forth in the Security Practices Data Sheet. Upon Customer’s request, and subject to the confidentiality obligations set forth in the Agreement, VTEX shall make available to Customer (or Customer’s independent, third-party auditor) information regarding the VTEX Group’s compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits set forth in the Security Practices Data Sheet. Customer may contact VTEX to request an on-site audit of VTEX's procedures relevant to the protection of Personal Data, but only to the extent required under applicable Data Protection Law. Customer shall reimburse VTEX for any time expended for any such on-site audit at the VTEX Group’s then-current rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and VTEX shall mutually agree upon the scope, timing, and duration of the audit and any measures to protect the security of third party personal data or VTEX confidential informationaudit, in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by VTEX. Customer shall promptly notify VTEX with information regarding any non-compliance discovered during the course of an audit, and VTEX shall use commercially reasonable efforts to address any confirmed non-compliance.

Third-Party Certifications and Audits. VTEX has obtained the third-party certifications and audits set forth in the Security Practices Data SheetAppendix 2. Upon CustomerContractor’s request, and subject to the confidentiality obligations set forth in the Agreement, VTEX shall make available to Customer Contractor (or CustomerContractor’s independent, third-party auditor) information regarding the VTEX Group’s compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits set forth in the Security Practices Data SheetAppendix 2. Customer Contractor may contact VTEX to request an on-site audit of VTEX's procedures relevant to the protection of Personal DataData in the context of the Services, but only to the extent required under applicable Data Protection LawLaws. Customer Contractor shall reimburse VTEX for any time expended for any such on-site audit at the VTEX Group’s then-current rates, which shall be made available to Customer Contractor upon request. Before the commencement of any such on-site audit, Customer Contractor and VTEX shall mutually agree upon the scope, timing, and duration of the audit and any measures to protect the security of third party personal data or VTEX confidential information, in addition to the reimbursement rate for which Customer Contractor shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by VTEX. Customer Contractor shall promptly notify VTEX with information regarding any non-compliance discovered during the course of an audit, and VTEX shall use commercially reasonable efforts to address any confirmed non-compliance.

Third-Party Certifications and Audits. VTEX Retool has obtained the third-party certifications and audits set forth in the Security Practices Data SheetPage. Upon Customer’s request, and subject to the confidentiality obligations set forth in the Agreement, VTEX Retool shall make available to Customer (or Customer’s independent, third-party auditor) information regarding the VTEX GroupRetool’s compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits set forth in the Security Practices Data SheetPage. Retool shall also permit and contribute to audits of the processing activities covered by this DPA, at reasonable intervals or: (a) if there are indications, in Customer’s reasonable opinion, of non-compliance with this DPA; (b) where requested by a Supervisory Authority. To this end, Customer may contact VTEX Retool in accordance with notice provisions in the Agreement to request an on-site audit of VTEX's Retool’s procedures relevant to the protection of Relevant Personal Data, but only to the extent required under applicable Data Protection LawLaws. Before the commencement of any such on-site audit, Customer and Retool shall mutually agree upon the scope, timing, and duration of the audit, in addition to the reimbursement rate for which Customer shall be responsible. Customer shall reimburse VTEX Retool for any time expended for any such on-site audit at the VTEX Retool Group’s then-current rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and VTEX shall mutually agree upon the scope, timing, and duration of the audit and any measures to protect the security of third party personal data or VTEX confidential information, in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by VTEXRetool. Customer shall promptly notify VTEX Retool with information regarding any non-compliance discovered during the course of an audit, and VTEX Retool shall use commercially reasonable efforts to address any confirmed non-compliance.compliance.‌

Third-Party Certifications and Audits. VTEX Retool has obtained the third-party certifications and audits set forth in the Security Practices Data SheetPage. Upon Customer’s request, and subject to the confidentiality obligations set forth in the Agreement, VTEX Retool shall make available to Customer (or Customer’s independent, third-party auditor) information regarding the VTEX GroupRetool’s compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits set forth in the Security Practices Data SheetPage. Retool shall also permit and contribute to audits of the processing activities covered by this DPA, at reasonable intervals or: (a) if there are indications, in Customer’s reasonable opinion, of non-compliance with this DPA; (b) where requested by a Supervisory Authority. To this end, Customer may contact VTEX Retool in accordance with notice provisions in the Agreement to request an on-site audit of VTEX's Retool’s procedures relevant to the protection of Relevant Personal Data, but only to the extent required under applicable Data Protection LawLaws. Before the commencement of any such on-site audit, Customer and Retool shall mutually agree upon the scope, timing, and duration of the audit, in addition to the reimbursement rate for which Customer shall be responsible. Customer shall reimburse VTEX Retool for any time expended for any such on-site audit at the VTEX Retool Group’s then-current rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and VTEX shall mutually agree upon the scope, timing, and duration of the audit and any measures to protect the security of third party personal data or VTEX confidential information, in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by VTEXRetool. Customer shall promptly notify VTEX Retool with information regarding any non-compliance discovered during the course of an audit, and VTEX Retool shall use commercially reasonable efforts to address any confirmed non-compliance.

Third-Party Certifications and Audits. VTEX has obtained the third-party certifications and audits set forth in the Security Practices Data SheetAppendix 2. Upon CustomerContractor’s request, and subject to the confidentiality obligations set forth in the Agreement, VTEX shall make available to Customer Contractor (or CustomerContractor’s independent, third-party auditor) information regarding the VTEX Group’s compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits set forth in the Security Practices Data Sheet. Customer Appendix 2t. Contractor may contact VTEX to request an on-site audit of VTEX's procedures relevant to the protection of Personal DataData in the context of the provision of the Services, but only to the extent required under applicable Data Protection LawLaws. Customer Contractor shall reimburse VTEX for any time expended for any such on-site audit at the VTEX Group’s then-current rates, which shall be made available to Customer Contractor upon request. Before the commencement of any such on-site audit, Customer Contractor and VTEX shall mutually agree upon the scope, timing, and duration of the audit and any measures to protect the security of third party personal data or VTEX confidential information, in addition to the reimbursement rate for which Customer Contractor shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by VTEX. Customer Contractor shall promptly notify VTEX with information regarding any non-compliance discovered during the course of an audit, and VTEX shall use commercially reasonable efforts to address any confirmed non-compliance.

Third-Party Certifications and Audits. VTEX has obtained the third-party certifications and audits set forth in the Security Practices Data Sheet. Upon CustomerContractor’s request, and subject to the confidentiality obligations set forth in the Agreement, VTEX shall make available to Customer Contractor (or CustomerContractor’s independent, third-party auditor) information regarding the VTEX Group’s compliance with the obligations set forth in this DPA in the form of the third-party certifications and audits set forth in the Security Practices Data Sheet. Customer Contractor may contact VTEX to request an on-site audit of VTEX's procedures relevant to the protection of Personal DataData in the context of the Services, but only to the extent required under applicable Data Protection LawLaws. Customer Contractor shall reimburse VTEX for any time expended for any such on-site audit at the VTEX Group’s then-current rates, which shall be made available to Customer Contractor upon request. Before the commencement of any such on-site audit, Customer Contractor and VTEX shall mutually agree upon the scope, timing, and duration of the audit and any measures to protect the security of third party personal data or VTEX confidential information, in addition to the reimbursement rate for which Customer Contractor shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by VTEX. Customer Contractor shall promptly notify VTEX with information regarding any non-compliance discovered during the course of an audit, and VTEX shall use commercially reasonable efforts to address any confirmed non-compliance.