Common use of Appointment and Data Processing Clause in Contracts

Appointment and Data Processing. 2.1 Subject to the terms of the Agreement, the Customer is the sole Data Controller of the Customer Data or has been instructed by and obtained the authorization of the relevant Data Controller(s) to enter into this DPA in the name and on behalf of such Data Controller(s). The Customer is responsible for obtaining all of the necessary authorizations and approvals to enter, use, provide, store, and Process Customer Data to enable Qencode to provide the Services. 2.2 The Customer, as the Data Controller, hereby appoints Qencode as the Data Processor in respect of all Processing operations required to be carried out by Qencode on Customer Data in order to provide the Services in accordance with the terms of the Agreement. 2.3 Qencode shall Process Customer Data only in accordance with the Customer’s documented lawful instructions as set forth in the Agreement, as necessary to comply with applicable law, or as otherwise agreed in writing. The parties agree that the Agreement sets out the Customer’s complete and final instructions to Qencode in relation to the Processing of Customer Data, and Processing outside the scope of these instructions (if any) shall require prior written agreement between the parties. 2.4 The Customer will not provide (or cause to be provided) any Sensitive Data to Qencode for Processing under the Agreement, and Qencode will have no liability whatsoever for Sensitive Data, whether in connection with a Data Breach or otherwise. For the avoidance of doubt, this DPA will not apply to Sensitive Data. 2.5 The Customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its Processing of Customer Data and any Processing instructions it issues to Qencode; and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for Qencode to Process Customer Data for the purposes described in the Agreement. The Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Data and the means by which the Customer acquired Customer Data. 2.6 The Customer will ensure that Qencode's Processing of Customer Data in accordance with Customer’s instructions will not cause Qencode to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws. Qencode shall immediately notify the Customer, where in its opinion an instruction of the Customer infringes any Data Protection Laws and request the Customer to withdraw, amend, or confirm the relevant instruction. Pending the decision on the withdrawal, amendment, or confirmation of the relevant instruction, Qencode shall be entitled to suspend the implementation of the relevant instruction. 2.7 The subject matter, nature, purpose, and duration of the Processing of Customer Data, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPA. 2.8 Qencode shall maintain complete, accurate, and up to date written records of all Processing activities carried out on behalf of the Customer containing information as required under any applicable Data Protection Laws. 2.9 Qencode acknowledges that it has no right, title, or interest in the Customer Data and may not sell, rent, or lease the Customer Data to anyone.

Appointment and Data Processing. 2.1 Subject to the terms of the Agreement, the Customer is the sole Data Controller of the Customer Personal Data or has been instructed by and obtained the authorization of the relevant Data Controller(s) to enter into this DPA in the name and on behalf of such Data Controller(s). The Customer is responsible for obtaining all of the necessary authorizations and approvals to enter, use, provide, store, and Process Customer Personal Data to enable Qencode Docebo to provide the Services. 2.2 The Customer, as the Data Controller, hereby appoints Qencode Docebo as the Data Processor in respect of all Processing operations required to be carried out by Qencode Docebo on Customer Personal Data in order to provide the Services in accordance with the terms of the Agreement. 2.3 Qencode Docebo shall collect, retain, use, disclose, and otherwise Process the Customer Personal Data only in accordance with the Customer’s documented documented, lawful instructions as set forth in the AgreementAgreement and this DPA, as necessary to comply with applicable lawData Protection Laws, or as otherwise agreed in writing. The parties Parties agree that the Agreement sets and this DPA set out the Customer’s complete and final instructions to Qencode Docebo in relation to the Processing of Customer Personal Data, and . Processing outside the scope of these instructions (if any) shall require prior written agreement between the partiesParties and shall be subject to any additional costs that Docebo may incur in implementing such additional instructions. If, for any reason, Docebo refuses to comply with any such additional instructions, then the Customer may terminate the Agreement (and this DPA) except if the Customer’s instructions infringe Data Protection Laws or other applicable law. 2.4 The Customer instructs Docebo to Process collected Customer Personal Data for the following purposes: (a) Processing in accordance with the Agreement and this DPA; (b) Processing initiated by Docebo Software users in their use of the Services; and (c) Processing to comply with other documented reasonable instructions provided by the Customer where such instructions are consistent with the terms of the Agreement. Docebo will Process Customer Personal Data pursuant to this DPA for the duration of the Services, and this DPA will terminate when Customer Personal Data is no longer stored and Processed by Docebo. 2.5 Docebo acknowledges that it has no right, title, or interest in the Customer Personal Data and may not sell, rent, or lease the Customer Personal Data to anyone. 2.6 The subject matter and duration of the Processing, the nature and purpose of the Processing, the type of Personal Data that will be Processed, and the categories of Data Subjects whose Personal Data is transferred to Docebo as set out in the Agreement, including this DPA, are specified in Annex B, attached hereto. 2.7 Unless otherwise agreed by Docebo, the Customer will not provide (or cause to be provided) any Sensitive Data to Qencode Docebo for Processing processing under the Agreement, and Qencode Docebo will have no liability whatsoever for Sensitive Data, whether in connection with a Data Security Breach or otherwise. For the avoidance of doubt, this DPA will not apply to Sensitive Data. 2.5 The Customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its Processing of Customer Data and any Processing instructions it issues to Qencode; and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for Qencode to Process Customer Data for the purposes described in the Agreement. The Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Data and the means by which the Customer acquired Customer Data. 2.6 The Customer will ensure that Qencode's Processing of Customer Data in accordance with Customer’s instructions will not cause Qencode to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws. Qencode shall immediately notify the Customer, where in its opinion an instruction of the Customer infringes any Data Protection Laws and request the Customer to withdraw, amend, or confirm the relevant instruction. Pending the decision on the withdrawal, amendment, or confirmation of the relevant instruction, Qencode shall be entitled to suspend the implementation of the relevant instruction. 2.7 The subject matter, nature, purpose, and duration of the Processing of Customer Data, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPA. 2.8 Qencode Docebo shall maintain complete, accurate, and up to date written records of all Processing activities carried out on behalf of the Customer containing information as required under any applicable Data Protection Laws. 2.9 Qencode acknowledges that it has no rightThrough the use of the Docebo Software, titleby means of Docebo’s marketplace integrations features, or interest as further described in the Agreement, the Customer, via its administrator(s), may elect to grant third-parties visibility to Customer Data Data. Nothing in this DPA prohibits (and, for the avoidance of doubt, Sections 3, 7 and may 10 do not sell, rent, apply) Docebo transferring or lease the making visible Customer Data to anyonethird-parties consistent with this Section 2.9, as directed by the Customer or the End Users through the Docebo Software.

Appointment and Data Processing. 2.1 3.1 Subject to the terms of the Agreement, the Customer is the sole Data Controller of the Customer Personal Data or has been instructed by and obtained the authorization of the relevant Data Controller(s) to enter into this DPA in the name and on behalf of such Data Controller(s). The Customer is responsible for obtaining all of the necessary authorizations and approvals to enter, use, provide, store, and Process Customer Personal Data to enable Qencode Omniplex and its Subcontractors to provide the Services. 2.2 3.2 The Customer, as the Data Controller, hereby appoints Qencode Omniplex as the Data Processor in respect of all Processing operations required to be carried out by Qencode Omniplex on Customer Personal Data in order to provide the Services in accordance with the terms of the Agreement. 2.3 Qencode 3.3 Omniplex shall collect, retain, use, disclose, and otherwise Process the Customer Personal Data only in accordance with the Customer’s documented documented, lawful instructions as set forth in the AgreementAgreement and this DPA, as necessary to comply with applicable lawData Protection Laws, or as otherwise agreed in writing. The parties Parties agree that the Agreement sets and this DPA set out the Customer’s complete and final instructions to Qencode Omniplex in relation to the Processing of Customer Personal Data, and . Processing outside the scope of these instructions (if any) shall require prior written agreement between the partiesParties and shall be subject to any additional costs that Omniplex may incur in implementing such additional instructions. 2.4 3.4 The Customer instructs Omniplex to Process collected Customer Personal Data for the following purposes: (a) Processing in accordance with the Agreement and this DPA; (b) Processing initiated by Docebo Software users in their use of the Services; and (c) Processing to comply with other documented reasonable instructions provided by the Customer where such instructions are consistent with the terms of the Agreement. Omniplex will Process Customer Personal Data pursuant to this DPA for the duration of the Services, and this DPA will terminate when Customer Personal Data is no longer stored and Processed by Omniplex. 3.5 Omniplex acknowledges that it has no right, title, or interest in the Customer Personal Data (including all intellectual property or proprietary information) and may not sell, rent, or lease the Customer Personal Data to anyone. 3.6 The subject matter and duration of the Processing, the nature and purpose of the Processing, the type of Customer Personal Data that will be Processed, and the categories of Data Subjects whose Personal Data is transferred to Omniplex as set out in the Agreement, including this DPA, are specified in Annex B, attached hereto. 3.7 Unless otherwise agreed by Omniplex, the Customer will not provide (or cause to be provided) any Sensitive Data to Qencode Omniplex for Processing processing under the Agreement, and Qencode Omniplex will have no liability (whether in contract, tort (including negligence) breach of statutory duty misrepresentation (whether innocent or negligent), restitution or otherwise howsoever arising) whatsoever for Sensitive Data, whether in connection with a Personal Data Breach or otherwise. For the avoidance of doubt, this DPA will not apply to Sensitive Data. 2.5 The Customer represents and warrants that (i) it has complied, and will continue to comply, with all applicable laws, including Data Protection Laws, in respect of its Processing of Customer Data and any Processing instructions it issues to Qencode; and (ii) it has provided, and will continue to provide, all notice and has obtained, and will continue to obtain, all consents and rights necessary under Data Protection Laws for Qencode to Process Customer Data for the purposes described in the Agreement. The Customer shall have sole responsibility for the accuracy, quality, and legality of Customer Data and the means by which the Customer acquired Customer Data. 2.6 The Customer will ensure that Qencode's Processing of Customer Data in accordance with Customer’s instructions will not cause Qencode to violate any applicable law, regulation, or rule, including, without limitation, Data Protection Laws. Qencode shall immediately notify the Customer, where in its opinion an instruction of the Customer infringes any Data Protection Laws and request the Customer to withdraw, amend, or confirm the relevant instruction. Pending the decision on the withdrawal, amendment, or confirmation of the relevant instruction, Qencode shall be entitled to suspend the implementation of the relevant instruction. 2.7 The subject matter, nature, purpose, and duration of the Processing of Customer Data, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this DPA. 2.8 Qencode 3.8 Omniplex shall maintain complete, accurate, and up to date written records of all Processing activities carried out on behalf of the Customer containing information as required under any applicable Data Protection LawsLaws and make such record available upon request to the Customer, ICO and/or relevant Supervisory Authority. 2.9 Qencode acknowledges that it has no right3.9 Through the use of the Docebo Software, titleby means of Docebo’s marketplace integrations features, or interest as further described in the Agreement, the Customer, via its administrator(s), may elect to grant third-parties visibility to Customer Data Data. Nothing in this DPA prohibits (and, for the avoidance of doubt, Sections 3, 7 and may 10 do not sell, rent, apply) Omniplex transferring or lease the making visible Customer Data to anyonethird-parties consistent with this Section 2.9, as directed by the Customer or the End Users through the Docebo Software. 3.10 To the extent that both Omniplex and the Customer are Controllers in relation to any Customer Personal Data Processed in connection with this DPA, then both parties shall perform their respective duties under Data Protection Laws and shall give all reasonable assistance to each other where appropriate or necessary to comply with such duties, including dealing with complaints.