TRANSFERS TO THIRD COUNTRIES. The Processor is entitled to transfer personal data outside the EU/EEA, or engage a Sub-Processor to process Personal Data outside of the EU/EEA, provided the Processor has an applicable legal ground for such transfer. The Processor shall upon the Controller’s request provide documented evidence showing the applicable legal ground for the transfer.
TRANSFERS TO THIRD COUNTRIES. The Processor may not transfer personal data outside the EU/EEA, or engage a Sub- Processor to process personal data outside of the EU/EEA, without at least one of the following prerequisites fulfilled:
(i) the receiving country has an adequate level of protection of personal data as decided by the European Commission,
(ii) the transfer is subject to the European Commission’s Standard Contractual Clauses for transfer of personal data to third countries, or
(iii) the Sub-Processor is subject to Binding Corporate Rules and the receiving party in the third country is also subject to the Binding Corporate Rules.
TRANSFERS TO THIRD COUNTRIES. 6.1 The Sub-processor shall ensure that the Personal Data will be handled and stored within the EU/EEA by a natural or legal person who is established in the EU/EEA. The location(s) of the Processing of Personal Data (are) is set out in the Order.
TRANSFERS TO THIRD COUNTRIES. 8.1 The Supplier may not cause or allow the transfer of Personal Data to countries outside the European Economic Area (EEA) unless such transfer is included in the Instruction or the Customer has given its prior written consent to such a transfer.
8.2 Insofar as the Customer has allowed a transfer in accordance with Section 8.1, the Supplier must ensure that there is a legal basis for the transfer according to the Data Protection Legislation.
TRANSFERS TO THIRD COUNTRIES. 8.1 The Supplier may not cause or allow the transfer of Personal Data to countries outside the European Economic Area (EEA) unless such transfer is included in the Instruction or the Customer has given its prior written consent to such a transfer.
8.2 Insofar as the Customer has allowed a transfer in accordance with Section 8.1, the Supplier must ensure that there is a legal basis for the transfer according to the Data Protection Legislation.
8.3 The data controller’s instructions regarding the transfer of personal data to a third country including, if applicable, the transfer tool under Chapter V GDPR on which they are based, shall be set out in Appendix C of this Agreement.
8.4 If the data controller is established in a non-EEA country which has not been deemed by the EU Commission to provide adequate protection of personal data through an adequacy decision, the parties by virtue of accepting this Data Processing Agreement agree to be bound by the Standard Contractual Clauses (SCC’s) for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council – module 4 (P2C) (COMMISSION IMPLEMENTING DECISION (EU) 2021/914 of 4 June 2021) as attached in Appendix D of this Agreement.
TRANSFERS TO THIRD COUNTRIES. The Processor may not transfer Data outside of the EU/EEA without the Controller’s written consent. In addition, such transfer may only be carried out if at least one of the following prerequisites is fulfilled:
(i) the receiving country has an adequate level of protection of Data as decided by the European Commission,
(ii) the Controller confirms that the data subject has given his/her consent to the transfer,
(iii) the transfer is subject to the European Commission’s standard contractual clauses for transfer of personal data to third countries,
(iv) the Processor is subject to Binding Corporate Rules to which the receiving party in the third country is also subject, or
(v) for transfers to the United States, the receiving legal entity is certified under the EU-U.S. Privacy Shield.
TRANSFERS TO THIRD COUNTRIES. To the extent that Terryberry processes any personal data under this Addendum that originates from the European Economic Area (“EEA”) or Switzerland in a country that has not been designated by the European Commission or the Swiss Federal Data Protection Authority (as applicable) as providing an adequate level of protection for personal data, or from one jurisdiction to another jurisdiction not recognized as adequate by the authorities of the exporter’s jurisdiction, the parties agree to enter into the Standard Contractual Clauses for the transfer of personal data to third countries as set out in the Annex to Commission Decision (EU) 2021/914 adopted on June 4, 2021 (“Standard Contractual Clauses”) which are hereby incorporated into and form part of this Addendum. The Parties agree to include the optional Clause 7 (Docking clause) to the Standard Contractual Clauses incorporated into this Addendum. With regards to clauses 8 to 18 of the Standard Contractual Clauses, the different modules will apply as follows:
i. Where Customer acts as a processor and Terryberry as a sub-processor (as applicable), both parties agree that Module Three will apply;
ii. Where Customer acts as a controller and Terryberry a processor (as applicable), both parties agree that Module Two will apply;
iii. Where Standard Contractual Clauses apply to transfers of personal data from Switzerland, the term 'member state' in the Standard Contractual Clauses must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the Standard Contractual Clauses.
iv. Where the Standard Contractual Clauses apply to the transfer of personal data from one jurisdiction (not being the EEA, the UK or Switzerland) to another jurisdiction not recognized as adequate by the authorities of the exporter’s jurisdiction, the competent supervisory authority and the governing law shall be those of the exporter’s jurisdiction. The term ‘member state’ in the Standard Contractual Clauses shall refer to the jurisdiction of the exporter.
TRANSFERS TO THIRD COUNTRIES for Processing under the DPA, clause 13.2, may only take place if they comply with the Data Protection Legislation and fulfil the requirements for Processing set out in the DPA and Instructions.
TRANSFERS TO THIRD COUNTRIES. 7.1. VEO may not cause or allow the transfer of Personal Data to countries outside the European Economic Area (EEA) unless such transfer is included in the Instruction or Publisher has given its prior written consent to such a transfer.
7.2. Insofar as Publisher has allowed a transfer in accordance with Section 7.1, VEO must ensure that there is a legal basis for the transfer according to the Data Protection Legislation.
TRANSFERS TO THIRD COUNTRIES. A1.6.1 The Sub-processor shall ensure that the Personal Data will be handled and stored within the EU/EEA by a natural or legal person who is established in the EU/EEA. The location(s) of the Processing of Personal Data (are) is set out in the Order.
A1.6.2 The Parties are aware that changes in legislation, changes in practices and/or other events (such as Public authorities requests) may occur during the term of the Agreement. As a result, it may be necessary to re-assess whether measures taken need to be adjusted or measures need to be taken. To ensure that the Processor is at all times able to (re-)assess whether amended and/or additional measures are required to comply with the EU level of protection of Personal Data, the Sub-Processor shall keep itself informed of all developments concerning changes in the third country's legislation and practices and all relevant requests of public authorities that may lead to its inability to comply with its contractual obligations and to ensure a level of protection, equivalent to the GDPR. The Sub-Processor shall inform the Processor promptly of any such changes and/or events.
A1.6.3 The Sub-Processor shall inform the Processor about additional technical and/or organizational measures that are required to ensure a level of protection, equivalent to the GDPR.