Common use of Transfer Mechanisms for Customer Personal Data Transfers Clause in Contracts

Transfer Mechanisms for Customer Personal Data Transfers. To the extent your use of the Services requires a cross border data transfer mechanism to lawfully export Customer Personal Data from a jurisdiction (e.g. the EEA, California, Singapore, Switzerland, the or the United Kingdom) to us located outside of that jurisdiction this section will apply. If, in the performance of the Services, Customer Personal Data that is subject to the GDPR or any other law relating to the protection or privacy of individuals that applies to this DPA is transferred to MessageBird located in countries which do not ensure an adequate level of data protection within the meaning of the Data Protection Legislation, the transfer mechanisms listed below shall apply to such transfers and can be directly enforced by the parties to the extent such transfers are subject to the Data Protection Legislation: 9.3.1 The parties agree that the Standard Contractual Clauses will apply to Customer Personal Data that is transferred via the Services from the EEA or Switzerland, either directly or via onward transfer, to a MessageBird entity located in a country outside the EEA or Switzerland that is not recognized by the European Commission (or, in the case of transfers from Switzerland, the competent authority for Switzerland) as providing an adequate level of protection for personal data. 9.3.1.1 When you are acting as a data controller and MessageBird is a data processor the EU Controller-to-Processor Standard Contractual Clauses will apply to any such transfer of Customer Personal Data from the EEA. When you are acting as a data processor and MessageBird is a subprocessor the Processor-to-Subprocessor Standard Contractual Clauses will apply to any such transfer of Customer Personal Data from the EEA. 9.3.1.2 MessageBird will be deemed the data importer and you will be deemed the data exporter under the Standard Contractual Clauses. Each party’s signing of this DPA, will be treated as signing of the applicable Standard Contractual Clauses, which will be deemed incorporated into this DPA. Details required under Annex 1 and Annex 2 to the Standard Contractual Clauses are available in Appendix I and Appendix II to this DPA. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail solely with respect to a transfer of Customer Personal Data from the EEA. 9.3.1.3 Where the Standard Contractual Clauses require the parties to choose between optional clauses and to input information, the parties have done so as set out below: i. The Optional Clause 7 “Docking clause” shall not be adopted. ii. For Clause 9 “Use of sub-processors”, the parties elect the following option: “Option 2 General written authorisation: the data importer has the controller’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the controller in writing of any intended changes to that list through the addition or replacement of subprocessors at least 10 business days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object. The data importer shall inform the data exporter of the engagement of the sub-processor(s).” iii. For Clause 11 (a) “Redress”, the parties do not adopt the Option. iv. For Clause 17 “Governing law”, the parties elect the following option: “ Option 1. These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of the Netherlands.” v. For Clause 18 (b) “Choice of Forum and Jurisdiction”: “The Parties agree that those shall be the courts of the Netherlands.” 9.3.2 The parties agree that the UK Controller-to-Processor Standard Contractual Clauses will apply to Customer Personal Data that is transferred via the Services from the United Kingdom, either directly or via onward transfer, to a MessageBird entity located in a country outside the United Kingdom that is not recognized by the competent United Kingdom regulatory authority or governmental body for the United Kingdom as providing an adequate level of protection for personal data. 9.3.2.1 MessageBird will be deemed the data importer and you will be deemed the data exporter under the UK Controller-to-Processor Standard Contractual Clauses. Each party’s signing of this DPA, will be treated as signing of the UK Controller-to-Processor Standard Contractual Clauses, which will be deemed incorporated into this DPA. Details required under Annex 1 and Annex 2 to the UK Controller-to-Processor Standard Contractual Clauses are available in Appendix I and Appendix II to this DPA. In the event of any conflict or inconsistency between this DPA and the UK Controller-to-Processor Standard Contractual Clauses, the UK Controller-to-Processor Standard Contractual Clauses shall prevail solely with respect to transfer of Customer Personal Data from the United Kingdom.

Transfer Mechanisms for Customer Personal Data Transfers. To the extent your use of the Services requires a cross border data transfer mechanism to lawfully export Customer Personal Data from a jurisdiction (e.g. the EEA, California, Singapore, Switzerland, the or the United Kingdom) to us located outside of that jurisdiction this section will apply. If, in the performance of the Services, Customer Personal Data that is subject to the GDPR or any other law relating to the protection or privacy of individuals that applies to this DPA is transferred to MessageBird located in countries which do not ensure an adequate level of data protection within the meaning of the Data Protection LegislationLaws, the transfer mechanisms listed below shall apply to such transfers and can be directly enforced by the parties to the extent such transfers are subject to the Data Protection Legislation:Laws. 9.3.1 The parties agree that the Standard Contractual Clauses will apply to Customer Personal Data that is transferred via the Services from the EEA or Switzerland, either directly or via onward transfer, to a MessageBird entity located in a country outside the EEA or Switzerland that is not recognized by the European Commission (or, in the case of transfers from Switzerland, the competent authority for Switzerland) as providing an adequate level of protection for personal data. 9.3.1.1 When you are acting as a data controller and MessageBird is a data processor the EU Controller-to-Processor (Module Two) of the Standard Contractual Clauses will apply to any such transfer of Customer Personal Data from the EEA. When you are acting as a data processor and MessageBird is a subprocessor sub-processor the Processor-to-Subprocessor Processor (Module Three) of the Standard Contractual Clauses will apply to any such transfer of Customer Personal Data from the EEA. 9.3.1.2 MessageBird will be deemed the data importer and you will be deemed the data exporter under the Standard Contractual Clauses. Each party’s signing of this DPA, will be treated as signing of the applicable Standard Contractual Clauses, which will be deemed incorporated into this DPA. Details required under Annex 1 and Annex 2 to the Standard Contractual Clauses are available in Appendix I and Appendix II to this DPA. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail solely with respect to a transfer of Customer Personal Data from the EEA. 9.3.1.3 Where the Standard Contractual Clauses require the parties to choose between optional clauses and to input information, the parties have done so as set out below: i. The Optional Clause 7 “Docking clause” shall not be adopted. ii. For Clause 9 “Use of sub-processors”, the parties elect the following option: “Option 2 General written authorisation: the data importer has the controller’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the controller in writing of any intended changes to that list through the addition or replacement of subprocessors sub-processors at least 10 business days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object. The data importer shall inform the data exporter of the engagement of the sub-processor(s).” iii. For Clause 11 (a) “Redress”, the parties do not adopt the Option. iv. For Clause 17 “Governing law”, the parties elect the following option: “ Option 1. These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of the Netherlands.” v. For Clause 18 (b) “Choice of Forum and Jurisdiction”: “The Parties agree that those shall be the courts of the Netherlands.” 9.3.2 The parties agree that the UK Controller-to-Processor Standard Contractual Clauses will apply to Customer Personal Data that is transferred via the Services from the United Kingdom, either directly or via onward transfer, to a MessageBird entity located in a country outside the United Kingdom that is not recognized by the competent United Kingdom regulatory authority or governmental body for the United Kingdom as providing an adequate level of protection for personal data. 9.3.2.1 MessageBird will be deemed the data importer and you will be deemed the data exporter under the UK Controller-to-Processor Standard Contractual Clauses. Each party’s signing of this DPA, will be treated as signing of the UK Controller-to-Processor Standard Contractual Clauses, which will be deemed incorporated into this DPA. Details required under Annex 1 and Annex 2 to the UK Controller-to-Processor Standard Contractual Clauses are available in Appendix I and Appendix II to this DPA. In the event of any conflict or inconsistency between this DPA and the UK Controller-to-Processor Standard Contractual Clauses, the UK Controller-to-Processor Standard Contractual Clauses shall prevail solely with respect to transfer of Customer Personal Data from the United Kingdom.

Transfer Mechanisms for Customer Personal Data Transfers. To the extent your use of the Services requires a cross border data transfer mechanism to lawfully export Customer Personal Data from a jurisdiction (e.g. the EEA, California, Singapore, Switzerland, the or the United Kingdom) to us located outside of that jurisdiction this section will apply. If, in the performance of the Services, Customer Personal Data that is subject to the GDPR or any other law relating to the protection or privacy of individuals that applies to this DPA is transferred to MessageBird a Provider entity located in countries which do not ensure an adequate level of data protection within the meaning of the Data Protection LegislationLaws, the transfer mechanisms listed below shall apply to such transfers and can be directly enforced by the parties to the extent such transfers are subject to the Data Protection Legislation:Laws. 9.3.1 The parties agree that the Standard Contractual Clauses will apply to Customer Personal Data that is transferred via the Services from the EEA or Switzerland, either directly or via onward transfer, to a MessageBird Provider entity located in a country outside the EEA or Switzerland that is not recognized by the European Commission (or, in the case of transfers from Switzerland, the competent authority for Switzerland) as providing an adequate level of protection for personal data. 9.3.1.1 When you are acting as a data controller and MessageBird is we are a data processor the EU Controller-to-Processor (Module Two) of the Standard Contractual Clauses will apply to any such transfer of Customer Personal Data from the EEA. When you are acting as a data processor and MessageBird is we are a subprocessor sub-processor the Processor-to-Subprocessor Processor (Module Three) of the Standard Contractual Clauses will apply to any such transfer of Customer Personal Data from the EEA. 9.3.1.2 MessageBird We will be deemed the data importer and you will be deemed the data exporter under the Standard Contractual Clauses. Each party’s signing of this DPA, will be treated as signing of the applicable Standard Contractual Clauses, which will be deemed incorporated into this DPA. Details required under Annex 1 and Annex 2 to the Standard Contractual Clauses are available in Appendix I and Appendix II to this DPA. In the event of any conflict or inconsistency between this DPA and the Standard Contractual Clauses, the Standard Contractual Clauses shall prevail solely with respect to a transfer of Customer Personal Data from the EEA. 9.3.1.3 Where the Standard Contractual Clauses require the parties to choose between optional clauses and to input information, the parties have done so as set out below: i. The Optional Clause 7 “Docking clause” shall not be adopted. ii. For Clause 9 “Use of sub-processors”, the parties elect the following option: “Option 2 General written authorisation: the data importer has the controller’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the controller in writing of any intended changes to that list through the addition or replacement of subprocessors sub-processors at least 10 business days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object. The data importer shall inform the data exporter of the engagement of the sub-processor(s).” iii. For Clause 11 (a) “Redress”, the parties do not adopt the Option. iv. For Clause 17 “Governing law”, the parties elect the following option: “ Option 1. These Clauses shall be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this shall be the law of the Netherlands.” v. For Clause 18 (b) “Choice of Forum and Jurisdiction”: “The Parties agree that those shall be the courts of the Netherlands.” 9.3.2 The parties agree that the UK Controller-to-Processor Standard Contractual Clauses will apply to Customer Personal Data that is transferred via the Services from the United Kingdom, either directly or via onward transfer, to a MessageBird Provider entity located in a country outside the United Kingdom that is not recognized by the competent United Kingdom regulatory authority or governmental body for the United Kingdom as providing an adequate level of protection for personal data. 9.3.2.1 MessageBird We will be deemed the data importer and you will be deemed the data exporter under the UK Controller-to-Processor Standard Contractual Clauses. Each party’s signing of this DPA, will be treated as signing of the UK Controller-to-Processor Standard Contractual Clauses, which will be deemed incorporated into this DPA. Details required under Annex 1 and Annex 2 to the UK Controller-to-Processor Standard Contractual Clauses are available in Appendix I and Appendix II to this DPA. In the event of any conflict or inconsistency between this DPA and the UK Controller-to-Processor Standard Contractual Clauses, the UK Controller-to-Processor Standard Contractual Clauses shall prevail solely with respect to transfer of Customer Personal Data from the United Kingdom.