Common use of Controller Responsibilities Clause in Contracts

Controller Responsibilities. 3.1 Within the scope of the Subscription Agreement and in its use of the Services, Subscriber will be responsible for complying with all requirements that apply to it under applicable Data Protection Laws with respect to its Processing of Personal Data and the instructions it issues to HackTheBox. In particular but without prejudice to the generality of the foregoing, Subscriber acknowledges and agrees that will be solely responsible for (i) the accuracy and legality of Subscriber Data and the means by which Subscriber acquired Personal Data; (ii) complying with all necessary transparency and lawfulness requirements under applicable Data Protection Laws for the collection and use of the Personal Data, including obtaining any necessary consents and authorizations; (iii) ensuring Subscriber has the right to transfer, or provide access to, the Personal Data to HackTheBox for Processing in accordance with the terms of the Subscription Agreement (including this DPA); and (v) complying with all applicable laws related to the use of the Services. 3.2 The parties agree that the Subscription Agreement (including this DPA), together with Subscriber’s use of the Service in accordance with the Subscription Agreement, constitute Subscriber’s complete Instructions to HackTheBox in relation to the Processing of Personal Data, so long as Subscriber may provide additional written instructions during the subscription term that are consistent with the Subscription Agreement, the nature and lawful use of the Service. 3.3 Subscriber is responsible for independently determining whether the data security provided for in the Service adequately meets its obligations under applicable privacy and data protection laws. 3.4 Subscriber will retain control of the Personal Data and remain responsible for its compliance obligations under the applicable privacy and data protection requirements. Without limitation, Subscriber agrees that is solely responsible for providing any required notices and obtaining any required consents for the processing instructions it gives to HackTheBox and its secure use of the Services, including (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Personal Data; (b) securing the account authentication credentials, systems and devices Subscriber and its Authorised Users use to access and use the Services; (c) securing Subscriber’s systems and devices that it uses to access and use the Services; and (d) maintaining its own backups of Personal Data. 3.5 Subscriber agrees to immediately notify HackTheBox if it becomes aware of any unauthorized or unlawful processing of the Personal Data; or any security breach. 3.6 Subscriber acknowledges that HackTheBox is under no duty to investigate the completeness, accuracy, or sufficiency of any specific Subscriber instructions or the Personal Data other than as required under applicable law.