Common use of CONTROLLER-TO-CONTROLLER SCENARIOS Clause in Contracts

CONTROLLER-TO-CONTROLLER SCENARIOS. Each party will, to the extent that it, along with the other party, acts as data controller, as the term is defined in applicable Data Protection Requirements, with respect to Personal Data, reasonably cooperate with the other party to enable the exercise of data protection rights as set forth in the General Data Protection Regulation and in other Data Protection Requirements. Where both parties each act as data controller with respect to Personal Data, and the transfer of data between the parties results in a transfer of EU Personal Data to a jurisdiction other than a jurisdiction in the EU, the EEA, or the European Commission-approved countries providing ‘adequate’ data protection, each party agrees it will (a) provide at least the same level of privacy protection for EU Personal Data as required under the U.S.-EU and U.S.-Swiss Privacy Shield frameworks; or (b) use the Controller-to-Controller SCCs, which are incorporated herein by reference. If data transfers under this DPA rely on Controller-to-Controller SCCs to enable the lawful transfer of Personal Data, as set forth in the preceding sentence, the parties agree that the following terms apply: (i) Data subjects for whom a Customer processes EU Personal Data are third-party beneficiaries under the Controller-to-Controller SCCs; (ii) Annex A to this DPA shall apply as Annex A of the Controller-to-Controller SCCs; and (iii) for purpose of Section II(h), the data importer will process the EU Personal Data, at its option, in accordance with “the relevant provisions of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorisation or decision and is based in a country to which such an authorisation or decision pertains, but is not covered by such authorisation or decision for the purposes of the transfer(s) of the personal data.” The parties acknowledge and agree that each is acting independently as Data Controller with respect of Personal Information and the parties are not joint controllers as defined in the General Data Protection Regulation.

CONTROLLER-TO-CONTROLLER SCENARIOS. Certain Services may offer integrated viewing and export of Personal Data of LinkedIn members that Customer already may access on LinkedIn’s website, ▇▇▇▇▇▇▇▇.▇▇▇, consistent with member privacy settings. For purposes of GDPR, where there is a member-directed export of Personal Data or where Customer already may access such Personal Data, both Customer and LinkedIn will be independent controllers of Personal Data originally derived on the LinkedIn Services. The parties agree that, for such cases, LinkedIn and Customer would each act as a data controller with respect to their particular copy of the Personal Data. Each party will, to the extent that it, along with the other party, acts as data controller, as the term is defined in applicable Data Protection Requirements, with respect to Personal Data, reasonably cooperate with the other party to enable the exercise of data protection rights as set forth in the General Data Protection Regulation and in other Data Protection Requirements. Where both parties each act as data controller with respect to Personal Data, and the transfer of data between the parties results in a transfer of EU Personal Data to a jurisdiction other than a jurisdiction in the EU, the EEA, or the European Commission-approved countries providing ‘adequate’ data protection, each party agrees it will use Module 1 of the SCCs, which are incorporated herein by reference. The parties agree that the following terms apply: (ai) provide at least the same level Data Protection Commission of privacy protection Ireland shall be the competent Supervisory Authority pursuant to Clause 13 of the SCCs; (ii) data subjects for whom a LinkedIn entity processes EU Personal Data as required are third-party beneficiaries under the U.S.-EU applicable SCCs; (iii) the SCCs shall be governed by the law of Ireland, which allows for third-party beneficiary rights pursuant to Clause 17 of the SCCs; and U.S.-Swiss Privacy Shield frameworks; (iv) any dispute arising from the SCCs shall be resolved by the courts of Ireland pursuant to Clause 18 of the SCCs. Notwithstanding the foregoing, where the transfers contemplated under this Section 9 results in a transfer of UK Personal Data to a jurisdiction other than in the UK or UK Information Commissioner’s Office-approved countries providing ‘adequate’ data protection, (b1) use the 2004 Controller-to-Controller SCCs, which are incorporated herein by reference. If data , will apply for so long as such SCCs are lawfully permitted for such transfers under this DPA rely on Controller-to-Controller SCCs to enable the lawful transfer of UK Personal Data, as set forth in the preceding sentence, the parties agree that the following terms apply: (i2) Data subjects for whom a Customer processes EU Personal Data are third-party beneficiaries under the Controller-to-Controller SCCs; (ii) Annex Schedule A to this DPA and Schedule D shall apply as Annex A of the Controller-to-Controller SCCs; B and Annex II, respectively, and (iii3) for purpose of Section II(h), the data importer will process the EU UK Personal Data, at its option, in accordance with “the relevant provisions of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with processing principles set out in Annex A of the relevant provisions Controller-to-Controller SCCs. In the event that the UK Information Commissioner’s Office confirms that a UK Addendum is required to rely lawfully on the SCCs contemplated under this Section 9 for transfers of UK Personal Data, then (a) SCCs used for EU Personal Data under this Section 9 shall also apply to transfers of UK Personal Data; (b) the UK Addendum shall be deemed executed between Customer and LinkedIn; and (c) the SCCs between the parties shall be deemed amended as specified in the UK Addendum in respect of the transfer of such an authorisation or decision and is based UK Personal Data.. Unless otherwise agreed in a country to which such an authorisation or decision pertainswriting, but is not covered by such authorisation or decision for the purposes of the transfer(s) of the personal data.” The parties acknowledge and agree that each is acting independently as Data Controller with respect of Personal Information Data and the parties are not joint controllers as defined in the General Data Protection RegulationRegulation and UK GDPR.