Transfers of Personal. Data originating from other locations globally to Agilysys Affiliates or Third Party Subprocessors are subject to (i) for Agilysys Affiliates, the terms of the Agilysys Intra-Company Data Processing and Transfer Agreement entered into between Agilysys Corporation and the Agilysys Affiliates, which requires all transfers of Personal Data to be made in compliance with all applicable Agilysys security and data privacy policies and standards; and (ii) for Third Party Subprocessors, the terms of the relevant Agilysys Third Party Subprocessor agreement incorporating security and data privacy requirements consistent with the relevant requirements of this Data Processing Agreement.
Transfers of Personal. Data subject to Swiss FADP or Revised FADP. The Parties agree that transfers of Personal Data subject to the Swiss FADP or Revised FADP are made pursuant to the EU SCCs with the following modifications:
(a) the terms “General Data Protection Regulation” or “Regulation (EU) 2016/679” as utilized in the EU SCCs shall be interpreted as references to the Swiss FADP with respect to data transfers subject to the FADP;
(b) references to specific Articles of “Regulation (EU) 2016/679” shall be replaced with the equivalent article or section of the Swiss FADP;
(c) references to Regulation (EU) 2018/1725 shall be removed;
(d) references to “EU”, “Union” and “Member State” shall be replaced with references to “Switzerland”;
(e) Clause 13(a) and Part C of Xxxxx XX are not used, and the “competent supervisory authority” shall be the Swiss Federal Data Protection Information Commissioner;
(f) references to the “competent supervisory authority” and “competent courts” shall be replaced with references to the “Swiss Federal Data Protection Information Commissioner” and “applicable courts of Switzerland”;
(g) in Clause 17, the Standard Contractual Clauses shall be governed by the laws of Switzerland;
(h) to the extent the Swiss FADP applies to the processing, Clause 18 shall be replaced to state: “Any dispute arising from these Clauses shall be resolved by the competent courts of Switzerland. The Parties agree to submit themselves to the jurisdiction of such courts”; and
(i) the terms of the EU SCCs shall be interpreted to protect the data of legal entities until the effective date of the Revised FADP. If the Swiss FADP or Revised FADP is applicable to the Parties, each party is deemed to have executed the EU SCCs by executing this DPA.
Transfers of Personal. Data from jurisdictions other than the EEA, Switzerland or UK to third countries. For jurisdictions other than the EEA or Switzerland, Cisco shall not transfer Personal Data outside of the jurisdiction where the Personal Data is obtained unless permitted under Data Protection Laws. Where Cisco Processes Personal Data from an APEC Member Economy on behalf of Customer, Cisco shall perform such Processing in a manner consistent with the APEC Cross Border Privacy Rules Systems requirements (“CBPRs”) (see xxx.xxxxx.xxx) to the extent the requirements are applicable to Cisco’s Processing of the Personal Data. If Cisco is unable to provide the same level of protection as required by the CBPRs, Cisco shall promptly notify Customer and cease Processing. In such event, Customer may terminate the Agreement with respect only to those Products and/or Services for which Cisco is unable to provide the same level of protection as required by the CBPRs by written notice within 30 days.
Transfers of Personal. Data from jurisdictions other than the EEA, Switzerland or UK to third countries. For jurisdictions other than the EEA, UK, or Switzerland, Vertice shall not transfer Personal Data outside of the jurisdiction where the Personal Data is obtained unless permitted under Data Protection Laws. Where Vertice Processes Personal Data from an APEC Member Economy on behalf of Customer, Vertice shall perform such Processing in a manner consistent with the APEC Cross Border Privacy Rules Systems requirements (“CBPRs”) (see xxx.xxxxx.xxx) to the extent the requirements are applicable to Vertice’s Processing of the Personal Data. If Vertice is unable to provide the same level of protection as required by the CBPRs, Vertice shall promptly notify Customer and cease Processing. In such event, Customer may terminate the Agreement with respect only to those Services for which Xxxxxxx is unable to provide the same level of protection as required by the CBPRs by written notice within 30 days.
Transfers of Personal. Data Out of the European Economic Area. Either party may transfer Personal Data outside the European Economic Area if it complies with the provisions on the transfer of personal data to third countries in the Data Protection Laws (such as through the use of model clauses or transfer of Personal Data to jurisdictions that have adequate legal protections for data, as determined by the European Commission).
Transfers of Personal. Data Sched shall:
(a) not transfer Personal Data to, or process Personal Data in, any third country or territory without the prior written consent of Customer (which consent may be conditional upon Sched or the relevant third parties entering into an agreement containing similar terms to these GDPR Terms with Customer) unless (and for so long as):
(i) there has been a European Community finding of adequacy pursuant to Article 25(6) of Directive 95/46/EC or, after 24 May 2018, Article 45 of the GDPR in respect of that country or territory;
(ii) the transfer is to the United States to an importing entity that is a certified member of the EU-US Privacy Shield [On July 16, 2020, the European Court of Justice invalidated Privacy Shield as a Transfer Mechanism for data between EU and US companies. Even though Privacy Shield was invalidated, Sched will continue to honor its commitments with respect to EU personal data transferred pursuant to Privacy Shield before July 16, 2020. Sched intends to utilize alternate transfer mechanisms going forward for data transfers]; or
(iii) Customer and the relevant importing entity are party to a contract in relation to the export of Personal Data incorporating standard contractual clauses in the form adopted by the European Commission under Decision 2010/87/EU or an equivalent data transfer agreement meeting the requirements of Data Protection Laws.
(b) Where any mechanism for cross-border transfers of Personal Data is found by a supervisory authority, court of competent jurisdiction or other governmental authority to be an invalid means of complying with the restrictions on transferring Personal Data to a third country or territory as set out in Data Protection Laws, the parties shall act in good faith to agree the implementation of an alternative solution to enable Customer to comply with the provisions of Data Protection Laws in respect of any such transfer.
Transfers of Personal. Data from APEC Member Economies to third countries. Where Supplier Processes Personal Data from an APEC Member Economy on behalf of Cisco, Supplier shall perform such Processing in a manner consistent with the APEC Cross Border Privacy Rules system (“CBPRs”) and Privacy Recognition for Processors (“PRP”) (see xxx.xxxxx.xxx) to the extent the requirements are applicable to Supplier’s Processing of such data. If Supplier is unable to provide the same level of protection as required by the CBPRs and PRP, Supplier shall promptly notify Cisco and cease Processing. In such event, Cisco may terminate the applicable Performance of such Processing by written notice within thirty (30) days.
Transfers of Personal. Data from the EEA
Transfers of Personal. Data from the UK
Transfers of Personal. Data subject to the EU GDPR. The Parties agree that transfers of Personal Data subject to the EU GDPR are made pursuant to the EU SCCs and choose Module 2 of the EU SCC with the following specifications:
(a) Annexes I and II are located at Exhibit 1 of this DPA;
(b) the “data exporter” and the “data importer” are the Parties identified in Annex I.A;
(c) Clause 7, the optional docking clause will not apply;
(d) with respect to Clause 9, Option 2 will apply, and the time period for the above-mentioned option shall be as set out in Section 6.3.1. of this DPA. Annex III shall not apply;
(e) in Clause 11, the optional clause will not apply;
(f) in Clause 17, the Parties agree on the laws of Iceland; and
(g) in Clause 18 (b), the Parties agree that any dispute arising from the EU SCCs shall be resolved by the courts of Iceland. If the EU SCCs are applicable to the Parties, each party is deemed to have executed the EU SCCs by executing this DPA.
