{"component": "clause", "props": {"groups": [{"size": 11, "samples": [{"hash": "7P8jTV7O8hI", "uri": "/contracts/7P8jTV7O8hI#data-processing-terms", "label": "Data Processing Addendum", "score": 26.8726902008, "published": true}, {"hash": "78UetwOSRYy", "uri": "/contracts/78UetwOSRYy#data-processing-terms", "label": "Data Processing Addendum", "score": 26.7002048492, "published": true}], "snippet": "2.1 The Parties acknowledge that the Customer is the Data Controller and Blue Yonder is a Data Processor of Customer Personal Data. As between the Customer and Blue Yonder, the Customer remains the owner of all Customer Personal Data.\n2.2 This Data Processing Addendum only applies to the processing of Customer Personal Data by Blue Yonder in connection with the Services under the Agreement. The categories of Data Subjects and types of Customer Personal Data processed are set out in an Annex to the Letter. Customer Personal Data is processed for the purpose of providing the Services and other purposes as identified in the 'Processing activities' section of the Annex to the Letter. Blue Yonder shall process Customer Personal Data for the duration of the Agreement (or longer to the extent permitted by applicable law).\n2.3 Each party warrants that in relation to this Data Processing Addendum, it is compliant with and will remain compliant with all Applicable Laws.\n2.4 Notwithstanding anything to the contrary in the Agreement, in relation to Customer Personal Data, Blue Yonder shall:\n2.4.1 process Customer Personal Data only in accordance with the Customer's instructions as established in the Agreement or as provided in writing by the Customer from time to time, provided such instructions are reasonable and subject to Blue Yonder's right to charge additional sums at its current rates should the scope of the agreed services be exceeded. Notwithstanding the foregoing, Blue Yonder may process Customer Personal Data as required under Applicable Laws. In this situation, Blue Yonder will take reasonable steps to inform the Customer of such a requirement before Blue Yonder processes the data, unless the law prohibits this;\n2.4.2 ensure only its (or its Sub-Processors) personnel who are contractually bound to respect the confidentiality of Customer Personal Data shall have access to the same;\n2.4.3 implement appropriate technical and organizational measures to protect against unauthorized or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Customer Personal Data. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of Customer Personal Data and having regard to the nature of the Customer Personal Data which is to be protected and shall be as set forth in Schedule 1. Customer acknowledges that Blue Yonder may change the security measures through the adoption of new or enhanced security technologies and authorises Blue Yonder to make such changes provided that they do not materially diminish the level of protection. Blue Yonder shall make information about the most up to date security measures applicable to the Services available at \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/knowledge-center/gdpr/customer-security-measures;\n2.4.4 at the Customer\u2019s reasonable request and at the Customer\u2019s cost, taking into account the nature of the processing, assist the Customer by implementing appropriate technical and organisational measures, insofar as this is possible, to assist with the Customer's obligation to respond to requests from Data Subjects of Customer Personal Data seeking to exercise their rights under European Data Protection Law (to the extent that the Customer Personal Data is not accessible to the Customer through the Services provided under the Agreement);\n2.4.5 at the Customer\u2019s reasonable request and at the Customer\u2019s cost, taking into account the nature of processing and the information available to Blue Yonder, assist the Customer with its obligations under Articles 32 to 36 of the GDPR. Blue Yonder\u2019s assistance under this Clause 2.4.5 and at Clauses 2.4.3 and\n2.4.4 shall be chargeable, as incurred, at Blue Yonder\u2019s then current rates; and\n2.4.6 upon request by the Customer, delete or return to the Customer any such Customer Personal Data within the agreed period of time after the end of the provision of the Services as set out in the Agreement (or within a reasonable period of time if the Agreement is silent on this point), unless Applicable Laws requires storage of the Customer Personal Data. Unless otherwise provided in the Agreement, Blue Yonder reserves the right to charge for such deletion or return of such Customer Personal Data.\n2.5 The Customer agrees that Blue Yonder may transfer Customer Personal Data or give access to Customer Personal Data to Sub-Processors for the purposes of providing the Services or other purposes identified in the 'Processing activities' section of the Annex to the Letter, provided that Blue Yonder complies with the provisions of this Clause 2.5. Blue Yonder shall remain responsible for its Sub-Processor's compliance with the obligations of this Data Processing Addendum. Blue Yonder shall ensure that any Sub-Processors to whom Blue Yonder transfers Customer Personal Data enter into written agreements with Blue Yonder requiring that the subcontractor abide by terms no less protective, in any material respect, than this Data Processing Addendum. A current list of Sub-Processors approved as at the date of this Data Processing Addendum is available to Customer at \u2587\u2587\u2587\u2587://\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/legal/sub-processor-list. Blue Yonder can at any time and without justification make changes or additions to the Sub-Processor list provided that the Customer is given fifteen (15) days' prior notice and the Customer does not legitimately object to such changes within that timeframe. Blue Yonder shall provide notice through the current Sub-processor list on the website or, alternatively, if Customer has subscribed to notifications of changes or additions to the Sub- Processor list by clicking this link: \u2587\u2587\u2587\u2587\u2587://\u2587\u2587\u2587.\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587/sub-processor-sign-up.html, Blue Yonder will provide notice to Customer through e-mail. Legitimate objections must contain reasonable and documented grounds relating to a Sub-processor's non-compliance with applicable European Data Protection Law.\n2.6 The Customer acknowledges that as part of the Services the Customer Personal Data may be located in or accessed from the US or another Relevant Country. Where this involves Blue Yonder or its Affiliates, the Standard Contractual Clauses in Attachment 1 of this Data Processing Addendum (as supplemented by Annex 1 of the Letter) will apply in addition to the terms of this Data Processing Addendum. For other Sub- Processors based in Relevant Countries, the parties shall take steps to ensure that there is adequate protection for any such transfers of Customer Personal Data as defined in European Data Protection Laws. Where the Standard Contractual Clauses apply, the Customer acknowledges the following:", "snippet_links": [{"key": "the-parties-acknowledge", "type": "clause", "offset": [4, 27]}, {"key": "the-data-controller", "type": "definition", "offset": [49, 68]}, {"key": "blue-yonder", "type": "definition", "offset": [73, 84]}, {"key": "data-processor", "type": "clause", "offset": [90, 104]}, {"key": "the-owner", "type": "definition", "offset": [194, 203]}, {"key": "data-processing-addendum", "type": "definition", "offset": [244, 268]}, {"key": "applies-to", "type": "clause", "offset": [274, 284]}, {"key": "processing-of-customer-personal-data", "type": "clause", "offset": [289, 325]}, {"key": "in-connection-with", "type": "clause", "offset": [341, 359]}, {"key": "categories-of-data-subjects", "type": "definition", "offset": [398, 425]}, {"key": "personal-data-processed", "type": "clause", "offset": [448, 471]}, {"key": "set-out", "type": "definition", "offset": [476, 483]}, {"key": "for-the-purpose-of", "type": "definition", "offset": [547, 565]}, {"key": "services-and", "type": "clause", "offset": [580, 592]}, {"key": "other-purposes", "type": "clause", "offset": [593, 607]}, {"key": "processing-activities", "type": "definition", "offset": [630, 651]}, {"key": "duration-of-the-agreement", "type": "definition", "offset": [746, 771]}, {"key": "to-the-extent", "type": "clause", "offset": [783, 796]}, {"key": "each-party", "type": "definition", "offset": [831, 841]}, {"key": "in-relation-to", "type": "clause", "offset": [856, 870]}, {"key": "all-applicable-laws", "type": "definition", "offset": [954, 973]}, {"key": "notwithstanding-anything-to-the-contrary", "type": "clause", "offset": [979, 1019]}, {"key": "in-the-agreement", "type": "clause", "offset": [1020, 1036]}, {"key": "in-accordance-with", "type": "clause", "offset": [1138, 1156]}, {"key": "agreement-or", "type": "definition", "offset": [1207, 1219]}, {"key": "in-writing", "type": "clause", "offset": [1232, 1242]}, {"key": "from-time-to-time", "type": "clause", "offset": [1259, 1276]}, {"key": "subject-to", "type": "clause", "offset": [1324, 1334]}, {"key": "right-to-charge", "type": "clause", "offset": [1349, 1364]}, {"key": "additional-sums", "type": "clause", "offset": [1365, 1380]}, {"key": "current-rates", "type": "clause", "offset": [1388, 1401]}, {"key": "scope-of-the", "type": "clause", "offset": [1413, 1425]}, {"key": "agreed-services", "type": "clause", "offset": [1426, 1441]}, {"key": "notwithstanding-the-foregoing", "type": "clause", "offset": [1455, 1484]}, {"key": "as-required", "type": "clause", "offset": [1533, 1544]}, {"key": "reasonable-steps", "type": "definition", "offset": [1609, 1625]}, {"key": "the-law", "type": "clause", "offset": [1717, 1724]}, {"key": "access-to-the", "type": "clause", "offset": [1893, 1906]}, {"key": "measures-to", "type": "clause", "offset": [1970, 1981]}, {"key": "disclosure-of", "type": "clause", "offset": [2067, 2080]}, {"key": "accidental-loss", "type": "clause", "offset": [2232, 2247]}, {"key": "damage-or-theft", "type": "clause", "offset": [2262, 2277]}, {"key": "the-nature", "type": "clause", "offset": [2325, 2335]}, {"key": "of-the-customer", "type": "clause", "offset": [2336, 2351]}, {"key": "be-protected", "type": "clause", "offset": [2378, 2390]}, {"key": "schedule-1", "type": "definition", "offset": [2420, 2430]}, {"key": "security-measures", "type": "definition", "offset": [2486, 2503]}, {"key": "enhanced-security", "type": "clause", "offset": [2535, 2552]}, {"key": "provided-that", "type": "definition", "offset": [2614, 2627]}, {"key": "level-of-protection", "type": "clause", "offset": [2664, 2683]}, {"key": "up-to-date", "type": "definition", "offset": [2735, 2745]}, {"key": "available-at", "type": "definition", "offset": [2791, 2803]}, {"key": "reasonable-request", "type": "definition", "offset": [2901, 2919]}, {"key": "nature-of-the-processing", "type": "clause", "offset": [2972, 2996]}, {"key": "assist-the", "type": "clause", "offset": [2998, 3008]}, {"key": "appropriate-technical-and-organisational-measures", "type": "clause", "offset": [3034, 3083]}, {"key": "to-assist", "type": "clause", "offset": [3114, 3123]}, {"key": "respond-to", "type": "definition", "offset": [3158, 3168]}, {"key": "requests-from-data-subjects", "type": "clause", "offset": [3169, 3196]}, {"key": "to-exercise", "type": "clause", "offset": [3231, 3242]}, {"key": "not-accessible", "type": "definition", "offset": [3341, 3355]}, {"key": "services-provided-under-the-agreement", "type": "clause", "offset": [3384, 3421]}, {"key": "nature-of-processing", "type": "clause", "offset": [3519, 3539]}, {"key": "available-to", "type": "definition", "offset": [3560, 3572]}, {"key": "the-gdpr", "type": "definition", "offset": [3654, 3662]}, {"key": "this-clause", "type": "clause", "offset": [3695, 3706]}, {"key": "request-by-the-customer", "type": "clause", "offset": [3830, 3853]}, {"key": "return-to", "type": "definition", "offset": [3865, 3874]}, {"key": "agreed-period", "type": "definition", "offset": [3931, 3944]}, {"key": "the-provision-of-the-services", "type": "clause", "offset": [3970, 3999]}, {"key": "reasonable-period-of-time", "type": "clause", "offset": [4041, 4066]}, {"key": "the-right", "type": "clause", "offset": [4246, 4255]}, {"key": "return-of", "type": "clause", "offset": [4287, 4296]}, {"key": "customer-agrees-that", "type": "clause", "offset": [4334, 4354]}, {"key": "for-the-purposes-of", "type": "clause", "offset": [4462, 4481]}, {"key": "the-provisions-of-this", "type": "clause", "offset": [4641, 4663]}, {"key": "responsible-for", "type": "clause", "offset": [4701, 4716]}, {"key": "obligations-of", "type": "clause", "offset": [4757, 4771]}, {"key": "written-agreements", "type": "clause", "offset": [4916, 4934]}, {"key": "the-subcontractor", "type": "clause", "offset": [4967, 4984]}, {"key": "material-respect", "type": "definition", "offset": [5027, 5043]}, {"key": "date-of-this", "type": "clause", "offset": [5133, 5145]}, {"key": "at-any-time", "type": "clause", "offset": [5263, 5274]}, {"key": "changes-or-additions", "type": "clause", "offset": [5306, 5326]}, {"key": "prior-notice", "type": "definition", "offset": [5408, 5420]}, {"key": "provide-notice", "type": "clause", "offset": [5524, 5538]}, {"key": "the-current", "type": "clause", "offset": [5547, 5558]}, {"key": "the-website", "type": "clause", "offset": [5581, 5592]}, {"key": "notifications-of-changes", "type": "clause", "offset": [5642, 5666]}, {"key": "will-provide", "type": "clause", "offset": [5797, 5809]}, {"key": "notice-to-customer", "type": "definition", "offset": [5810, 5828]}, {"key": "relating-to", "type": "definition", "offset": [5914, 5925]}, {"key": "applicable-european-data-protection-law", "type": "definition", "offset": [5964, 6003]}, {"key": "the-customer-acknowledges", "type": "clause", "offset": [6009, 6034]}, {"key": "located-in", "type": "definition", "offset": [6098, 6108]}, {"key": "relevant-country", "type": "definition", "offset": [6144, 6160]}, {"key": "standard-contractual-clauses", "type": "definition", "offset": [6217, 6245]}, {"key": "attachment-1", "type": "definition", "offset": [6249, 6261]}, {"key": "annex-1", "type": "clause", "offset": [6315, 6322]}, {"key": "terms-of", "type": "definition", "offset": [6368, 6376]}, {"key": "relevant-countries", "type": "definition", "offset": [6443, 6461]}, {"key": "the-parties-shall", "type": "clause", "offset": [6463, 6480]}, {"key": "to-ensure", "type": "clause", "offset": [6492, 6501]}, {"key": "adequate-protection", "type": "definition", "offset": [6516, 6535]}, {"key": "transfers-of-customer-personal-data", "type": "clause", "offset": [6549, 6584]}, {"key": "european-data-protection-laws", "type": "definition", "offset": [6599, 6628]}], "hash": "d07792cb2fc0ae029eda95e21a142d85", "id": 2}, {"size": 14, "samples": [{"hash": "2mHxXrzARoU", "uri": "/contracts/2mHxXrzARoU#data-processing-terms", "label": "Model Non Commercial Participant Identification Centre Agreement (Mnc Pica)", "score": 28.4548683167, "published": true}, {"hash": "chLk4XqOfCG", "uri": "/contracts/chLk4XqOfCG#data-processing-terms", "label": "Model Non Commercial Participant Identification Centre Agreement (Mnc Pica)", "score": 24.315536499, "published": true}, {"hash": "5C16UThBLMO", "uri": "/contracts/5C16UThBLMO#data-processing-terms", "label": "Participant Identification Centre Agreement", "score": 23.8405208588, "published": true}], "snippet": "For the purposes of the Data Protection Legislation, the Sponsor is the Controller, the Participating Site is the Sponsor's Processor and the PIC is the Sub-Processor of the Participating Site in relation to all Processing of Personal Data that is Processed for the purpose of this Study and for any future research use under the Controllership of the Sponsor, that would not have taken place but for this Agreement regardless where that Processing takes place. The Parties acknowledge that whereas the Sponsor is the Controller in accordance with Clause 3.2, the PIC is the Controller of the Personal Data collected for the purpose of providing clinical care to the Participants. This Personal Data may be the same Personal Data, collected transparently and processed for research and for care purposes under the separate Controllerships of the Sponsor and PIC. Where the PIC is the Participating Site's Sub-Processor and thus where the Processing is undertaken by the PIC for the purposes of the Study, Clauses 3.5 to 3.9 below will apply. For the avoidance of doubt, such Clauses do not apply where the PIC is Processing the Participant Personal Data as a Controller. The PIC agrees only to Process Personal Data for and on behalf of the Participating Site in accordance with the instructions of the Participating Site or Sponsor and for the purpose of the Study and to ensure the Sponsor\u2019s and Participating Site\u2019s compliance with the Data Protection Legislation; The PIC agrees to comply with the obligations applicable to Processors described by Article 28 GDPR including, but not limited to, the following: to implement and maintain appropriate technical and organisational security measures sufficient to comply at least with the obligations imposed on the Controller by Article 28(1); to not engage another Processor without the prior written authorisation of the Sponsor (Article 28(2)); to Process the Personal Data only on documented instructions from the Participating Site or Sponsor unless required to do otherwise by legislation, in which case the PIC shall notify the Participating Site before Processing, or as soon as possible after Processing if legislation requires that the Processing occurs immediately, unless legislation prohibits such notification on important grounds of public interest (Article 28(3a)).; to ensure that personnel authorised to Process Personal Data are under confidentiality obligations (Article 28(3b)); to take all measures required by Article 32 GDPR in relation to the security of processing (Article 28(3c)); to respect the conditions described in Article 28(2) and (4) for engaging another Processor (Article 28(3d)); to, taking into account the nature of the Processing, assist the Participating Site and/or the Sponsor, by appropriate technical and organisational measures, insofar as this is possible, to respond to requests for exercising Data Subjects\u2019 rights (Article 28(3e)); to assist the Controller, to ensure compliance with the obligations pursuant to Articles 32 to 36 GDPR taking into account the nature of the Processing and the information available to the PIC (Article 28(3f)); to, at the choice of the Sponsor, destroy or return all Personal Data to the Sponsor at the expiry or early termination of the Agreement, unless storage is legally required (Article 28(3g)) or where that Personal Data is held by the PIC as Controller for the purpose of clinical care or other legal purposes; and", "snippet_links": [{"key": "for-the-purposes-of", "type": "clause", "offset": [0, 19]}, {"key": "the-sponsor", "type": "clause", "offset": [53, 64]}, {"key": "the-controller", "type": "clause", "offset": [68, 82]}, {"key": "participating-site", "type": "definition", "offset": [88, 106]}, {"key": "the-sub", "type": "clause", "offset": [149, 156]}, {"key": "in-relation-to", "type": "clause", "offset": [193, 207]}, {"key": "processing-of-personal-data", "type": "clause", "offset": [212, 239]}, {"key": "for-the-purpose-of-this", "type": "clause", "offset": [258, 281]}, {"key": "research-use", "type": "clause", "offset": [307, 319]}, {"key": "this-agreement", "type": "clause", "offset": [401, 415]}, {"key": "the-parties-acknowledge", "type": "clause", "offset": [462, 485]}, {"key": "in-accordance-with", "type": "clause", "offset": [529, 547]}, {"key": "data-collected", "type": "clause", "offset": [602, 616]}, {"key": "clinical-care", "type": "definition", "offset": [646, 659]}, {"key": "the-participants", "type": "clause", "offset": [663, 679]}, {"key": "for-research", "type": "clause", "offset": [769, 781]}, {"key": "purposes-of-the-study", "type": "clause", "offset": [982, 1003]}, {"key": "for-the-avoidance-of-doubt", "type": "clause", "offset": [1042, 1068]}, {"key": "participant-personal-data", "type": "definition", "offset": [1128, 1153]}, {"key": "process-personal-data", "type": "definition", "offset": [1194, 1215]}, {"key": "for-and-on-behalf-of", "type": "clause", "offset": [1216, 1236]}, {"key": "purpose-of-the-study", "type": "clause", "offset": [1345, 1365]}, {"key": "to-ensure", "type": "clause", "offset": [1370, 1379]}, {"key": "compliance-with-the-data-protection-legislation", "type": "clause", "offset": [1419, 1466]}, {"key": "agrees-to", "type": "clause", "offset": [1476, 1485]}, {"key": "the-obligations", "type": "clause", "offset": [1498, 1513]}, {"key": "applicable-to", "type": "clause", "offset": [1514, 1527]}, {"key": "article-28", "type": "definition", "offset": [1552, 1562]}, {"key": "not-limited", "type": "clause", "offset": [1583, 1594]}, {"key": "technical-and-organisational-security-measures", "type": "clause", "offset": [1652, 1698]}, {"key": "documented-instructions", "type": "clause", "offset": [1935, 1958]}, {"key": "notify-the", "type": "clause", "offset": [2074, 2084]}, {"key": "as-soon-as-possible", "type": "definition", "offset": [2126, 2145]}, {"key": "public-interest", "type": "definition", "offset": [2298, 2313]}, {"key": "confidentiality-obligations", "type": "definition", "offset": [2404, 2431]}, {"key": "required-by", "type": "definition", "offset": [2471, 2482]}, {"key": "security-of-processing", "type": "clause", "offset": [2518, 2540]}, {"key": "the-conditions", "type": "clause", "offset": [2570, 2584]}, {"key": "nature-of-the-processing", "type": "clause", "offset": [2697, 2721]}, {"key": "assist-the", "type": "clause", "offset": [2723, 2733]}, {"key": "appropriate-technical-and-organisational-measures", "type": "clause", "offset": [2776, 2825]}, {"key": "respond-to", "type": "definition", "offset": [2859, 2869]}, {"key": "requests-for", "type": "clause", "offset": [2870, 2882]}, {"key": "data-subjects", "type": "clause", "offset": [2894, 2907]}, {"key": "to-assist", "type": "clause", "offset": [2934, 2943]}, {"key": "ensure-compliance", "type": "definition", "offset": [2963, 2980]}, {"key": "pursuant-to-articles", "type": "clause", "offset": [3002, 3022]}, {"key": "available-to", "type": "definition", "offset": [3106, 3118]}, {"key": "all-personal-data", "type": "definition", "offset": [3197, 3214]}, {"key": "early-termination-of-the-agreement", "type": "clause", "offset": [3247, 3281]}, {"key": "legally-required", "type": "definition", "offset": [3301, 3317]}, {"key": "legal-purposes", "type": "clause", "offset": [3438, 3452]}], "hash": "1afa6dc82a9c803e0da4ec43679c6a89", "id": 1}, {"size": 7, "samples": [{"hash": "hmHPriRdM5S", "uri": "/contracts/hmHPriRdM5S#data-processing-terms", "label": "Data Processing Addendum", "score": 36.5523605347, "published": true}, {"hash": "H5llkO2FUe", "uri": "/contracts/H5llkO2FUe#data-processing-terms", "label": "Data Processing Addendum", "score": 35.1029167175, "published": true}, {"hash": "TJ0yNiFfqt", "uri": "/contracts/TJ0yNiFfqt#data-processing-terms", "label": "Data Processing Addendum", "score": 34.5935707092, "published": true}], "snippet": "This DPA applies where Cloudflare processes Personal Data as a Processor (or sub-Processor as applicable) on behalf of Customer to provide the Services and such Personal Data is subject to Applicable Data Protection Laws (as defined below). The parties have agreed to enter into this DPA in order to ensure that appropriate safeguards are in place to protect such Personal Data in accordance with Applicable Data Protection Laws. Accordingly, Cloudflare agrees to comply with the following provisions with respect to any Personal Data that it processes as a Processor (or sub-Processor as applicable) on behalf of Customer.", "snippet_links": [{"key": "dpa-applies", "type": "clause", "offset": [5, 16]}, {"key": "personal-data", "type": "definition", "offset": [44, 57]}, {"key": "services-and", "type": "clause", "offset": [143, 155]}, {"key": "subject-to", "type": "clause", "offset": [178, 188]}, {"key": "applicable-data-protection-laws", "type": "clause", "offset": [189, 220]}, {"key": "the-parties", "type": "definition", "offset": [241, 252]}, {"key": "to-enter", "type": "definition", "offset": [265, 273]}, {"key": "in-order-to-ensure", "type": "clause", "offset": [288, 306]}, {"key": "appropriate-safeguards", "type": "clause", "offset": [312, 334]}, {"key": "in-place", "type": "definition", "offset": [339, 347]}, {"key": "in-accordance-with", "type": "clause", "offset": [378, 396]}, {"key": "agrees-to", "type": "clause", "offset": [454, 463]}, {"key": "comply-with-the", "type": "clause", "offset": [464, 479]}, {"key": "with-respect-to", "type": "clause", "offset": [501, 516]}], "hash": "01ab8b1383b07b55adcf44306547e575", "id": 3}, {"size": 6, "samples": [{"hash": "dYLRTlKw320", "uri": "/contracts/dYLRTlKw320#data-processing-terms", "label": "Data Processing Addendum", "score": 33.8327789307, "published": true}, {"hash": "5H2Bgf2AFZd", "uri": "/contracts/5H2Bgf2AFZd#data-processing-terms", "label": "Data Processing Addendum", "score": 33.3701629639, "published": true}, {"hash": "6EaPGsnqzK6", "uri": "/contracts/6EaPGsnqzK6#data-processing-terms", "label": "Data Processing Addendum", "score": 32.7843666077, "published": true}], "snippet": "For the duration of the Agreement and in the course of providing the Services to Customer pursuant to the Agreement, Xactly may Process Personal Data on behalf of Customer. Xactly and Customer each agree to comply with the following provisions with respect to any Personal Data submitted by or on behalf of Customer to the Services.", "snippet_links": [{"key": "duration-of-the-agreement", "type": "definition", "offset": [8, 33]}, {"key": "in-the-course-of", "type": "definition", "offset": [38, 54]}, {"key": "services-to-customer", "type": "clause", "offset": [69, 89]}, {"key": "pursuant-to-the-agreement", "type": "clause", "offset": [90, 115]}, {"key": "process-personal-data", "type": "definition", "offset": [128, 149]}, {"key": "of-customer", "type": "clause", "offset": [160, 171]}, {"key": "agree-to", "type": "clause", "offset": [198, 206]}, {"key": "comply-with-the", "type": "clause", "offset": [207, 222]}, {"key": "with-respect-to", "type": "clause", "offset": [244, 259]}, {"key": "by-or-on-behalf-of", "type": "definition", "offset": [288, 306]}, {"key": "to-the-services", "type": "clause", "offset": [316, 331]}], "hash": "73380296f3aeab6af2876e7a3a123692", "id": 4}, {"size": 6, "samples": [{"hash": "kqTMFV2iR5p", "uri": "/contracts/kqTMFV2iR5p#data-processing-terms", "label": "Data Processing Agreement", "score": 32.871963501, "published": true}, {"hash": "coraSCNfFWt", "uri": "/contracts/coraSCNfFWt#data-processing-terms", "label": "Data Processing Agreement", "score": 32.8692245483, "published": true}, {"hash": "5jvluEYGsrW", "uri": "/contracts/5jvluEYGsrW#data-processing-terms", "label": "Data Processing Agreement", "score": 32.8692245483, "published": true}], "snippet": "In the course of providing the Service to Customer pursuant to the Main Agreement, CloudLinux may Process Personal Data on behalf of Customer. CloudLinux agrees to comply with the following provisions with respect to any Personal Data submitted by or for Customer to CloudLinux or collected and processed by or for Customer using CloudLinux\u2019s Services. The parties agree that the obligations under this DPA that are specific to the GDPR shall not apply until the GDPR has come into full force and effect.", "snippet_links": [{"key": "in-the-course-of", "type": "definition", "offset": [0, 16]}, {"key": "providing-the-service", "type": "clause", "offset": [17, 38]}, {"key": "to-customer", "type": "clause", "offset": [39, 50]}, {"key": "pursuant-to-the", "type": "clause", "offset": [51, 66]}, {"key": "main-agreement", "type": "definition", "offset": [67, 81]}, {"key": "process-personal-data", "type": "definition", "offset": [98, 119]}, {"key": "of-customer", "type": "clause", "offset": [130, 141]}, {"key": "agrees-to", "type": "clause", "offset": [154, 163]}, {"key": "comply-with-the", "type": "clause", "offset": [164, 179]}, {"key": "with-respect-to", "type": "clause", "offset": [201, 216]}, {"key": "submitted-by", "type": "definition", "offset": [235, 247]}, {"key": "for-customer", "type": "clause", "offset": [251, 263]}, {"key": "the-parties-agree-that", "type": "clause", "offset": [353, 375]}, {"key": "the-obligations", "type": "clause", "offset": [376, 391]}, {"key": "the-gdpr", "type": "definition", "offset": [428, 436]}, {"key": "full-force-and-effect", "type": "definition", "offset": [482, 503]}], "hash": "510844b452f55b0c80d816a0ad9d3b2f", "id": 5}, {"size": 5, "samples": [{"hash": "aLfZg4txzY5", "uri": "/contracts/aLfZg4txzY5#data-processing-terms", "label": "Data Processing Addendum", "score": 32.1246604919, "published": true}, {"hash": "dvPRbEFbRXu", "uri": "/contracts/dvPRbEFbRXu#data-processing-terms", "label": "Data Processing Addendum", "score": 25.2053394318, "published": true}, {"hash": "k3xEGbA3eWx", "uri": "/contracts/k3xEGbA3eWx#data-processing-terms", "label": "Data Processing Addendum", "score": 25.1765918732, "published": true}], "snippet": "In the course of providing the Service (defined in the Agreement) to You pursuant to the Agreement, Conga may Process Personal Data on behalf of You. Conga agrees to comply with the following provisions with respect to any Personal Data submitted by or for You to the Service or collected and Processed by or for You using the Service.", "snippet_links": [{"key": "in-the-course-of", "type": "definition", "offset": [0, 16]}, {"key": "providing-the-service", "type": "clause", "offset": [17, 38]}, {"key": "in-the-agreement", "type": "clause", "offset": [48, 64]}, {"key": "pursuant-to-the-agreement", "type": "clause", "offset": [73, 98]}, {"key": "process-personal-data", "type": "definition", "offset": [110, 131]}, {"key": "on-behalf-of", "type": "definition", "offset": [132, 144]}, {"key": "agrees-to", "type": "clause", "offset": [156, 165]}, {"key": "comply-with-the", "type": "clause", "offset": [166, 181]}, {"key": "with-respect-to", "type": "clause", "offset": [203, 218]}, {"key": "submitted-by", "type": "definition", "offset": [237, 249]}, {"key": "to-the-service", "type": "clause", "offset": [261, 275]}, {"key": "using-the-service", "type": "clause", "offset": [317, 334]}], "hash": "13da3a7cc82f9ccc5275115851f44dcb", "id": 6}, {"size": 5, "samples": [{"hash": "8kmS8rMSwm3", "uri": "/contracts/8kmS8rMSwm3#data-processing-terms", "label": "Data Processing Addendum", "score": 32.7241439819, "published": true}, {"hash": "5VkyM3fwC3z", "uri": "/contracts/5VkyM3fwC3z#data-processing-terms", "label": "Data Processing Addendum", "score": 31.9768447876, "published": true}, {"hash": "ddCHJWsjN4G", "uri": "/contracts/ddCHJWsjN4G#data-processing-terms", "label": "Data Processing Addendum", "score": 31.5662384033, "published": true}], "snippet": "In the course of providing the Cloudinary's image and video management service (\"Service\") to Customer pursuant to the Subscription Agreement, Cloudinary may Process Personal Data on behalf of Customer. The parties agree to comply with the following provisions with respect to Personal Data Processed by Cloudinary as part of the Service for Customer.", "snippet_links": [{"key": "in-the-course-of", "type": "definition", "offset": [0, 16]}, {"key": "providing-the", "type": "clause", "offset": [17, 30]}, {"key": "management-service", "type": "definition", "offset": [60, 78]}, {"key": "to-customer", "type": "clause", "offset": [91, 102]}, {"key": "the-subscription-agreement", "type": "clause", "offset": [115, 141]}, {"key": "process-personal-data", "type": "definition", "offset": [158, 179]}, {"key": "of-customer", "type": "clause", "offset": [190, 201]}, {"key": "agree-to", "type": "clause", "offset": [215, 223]}, {"key": "comply-with-the", "type": "clause", "offset": [224, 239]}, {"key": "with-respect-to", "type": "clause", "offset": [261, 276]}, {"key": "personal-data-processed", "type": "clause", "offset": [277, 300]}, {"key": "the-service", "type": "definition", "offset": [326, 337]}, {"key": "for-customer", "type": "clause", "offset": [338, 350]}], "hash": "795e654209e8220f15d1ee70220591e1", "id": 7}, {"size": 5, "samples": [{"hash": "fGkroiddGgm", "uri": "/contracts/fGkroiddGgm#data-processing-terms", "label": "Data Processing Agreement", "score": 29.2613754272, "published": true}, {"hash": "ay2TYnYjMj0", "uri": "/contracts/ay2TYnYjMj0#data-processing-terms", "label": "Data Processing Agreement", "score": 27.1861743927, "published": true}], "snippet": "2.1 In the course of providing the Services and/or Products to the Controller pursuant to the Principal Agreement, the Processor may process Controller personal data on behalf of the Controller as per the terms of this Addendum. The Processor agrees to comply with the following provisions with respect to any Controller personal data.\n2.2 To the extent required by applicable Data Protection Laws, the Processor shall obtain and maintain all necessary licenses, authorizations and permits necessary to process personal data including personal data mentioned in Annex 1. The Processor shall maintain all the technical and organizational measures to comply with the requirements set forth in the Addendum and its Annexes.", "snippet_links": [{"key": "in-the-course-of", "type": "definition", "offset": [4, 20]}, {"key": "providing-the-services", "type": "clause", "offset": [21, 43]}, {"key": "the-controller", "type": "clause", "offset": [63, 77]}, {"key": "principal-agreement", "type": "clause", "offset": [94, 113]}, {"key": "the-processor", "type": "clause", "offset": [115, 128]}, {"key": "controller-personal-data", "type": "definition", "offset": [141, 165]}, {"key": "on-behalf-of", "type": "definition", "offset": [166, 178]}, {"key": "terms-of", "type": "definition", "offset": [205, 213]}, {"key": "this-addendum", "type": "definition", "offset": [214, 227]}, {"key": "agrees-to", "type": "clause", "offset": [243, 252]}, {"key": "comply-with-the", "type": "clause", "offset": [253, 268]}, {"key": "with-respect-to", "type": "clause", "offset": [290, 305]}, {"key": "to-the-extent", "type": "clause", "offset": [340, 353]}, {"key": "required-by", "type": "definition", "offset": [354, 365]}, {"key": "applicable-data-protection-laws", "type": "clause", "offset": [366, 397]}, {"key": "all-necessary-licenses", "type": "clause", "offset": [439, 461]}, {"key": "authorizations-and-permits", "type": "definition", "offset": [463, 489]}, {"key": "process-personal-data", "type": "definition", "offset": [503, 524]}, {"key": "annex-1", "type": "clause", "offset": [562, 569]}, {"key": "measures-to", "type": "clause", "offset": [637, 648]}, {"key": "the-requirements", "type": "clause", "offset": [661, 677]}], "hash": "64bde1f4887b85f10509f5690887e6a2", "id": 8}, {"size": 5, "samples": [{"hash": "1Rw7bNb17se", "uri": "/contracts/1Rw7bNb17se#data-processing-terms", "label": "End User License Agreement (Eula)", "score": 27.0150585175, "published": true}, {"hash": "kJMAV920vgB", "uri": "/contracts/kJMAV920vgB#data-processing-terms", "label": "End User License Agreement (Eula)", "score": 26.7248458862, "published": true}], "snippet": "2.1 The parties to this \u2587\u2587\u2587\u2587 hereby agree that they must comply with their respective obligations under all Data Protection Legislation, to the extent that the Data Protection Legislation is applicable to any processing of Customer Personal Data in connection with this \u2587\u2587\u2587\u2587.\n2.2 We acknowledge that, for the purposes of Data Protection Legislation, if we process any Customer Personal Data when performing our obligations under this \u2587\u2587\u2587\u2587, you are the controller. You acknowledge that we are the processor of Customer Personal Data. A description of the scope, nature and purpose of processing by us, the duration of the processing and the types of personal data is set out in paragraph 3 of these Data Processing Terms.\n2.3 Without prejudice to the generality of paragraph 2.1, you must ensure that you have all necessary appropriate consents and notices in place to enable lawful transfer of the Customer Personal Data to us for the duration and purposes of this \u2587\u2587\u2587\u2587 so that we may lawfully use, process and transfer the Customer Personal Data in accordance with this \u2587\u2587\u2587\u2587 on your behalf.\n2.4 We must, in relation to any Customer Personal Data processed in connection with the provision of Support and the performance of our obligations under the \u2587\u2587\u2587\u2587:\n2.4.1 only process the Customer Personal Data for the purpose set out in paragraph 3 of these Data Processing Terms and not for any other purpose unless we are acting on your documented written instructions or where otherwise required to do so by the laws of Australia, the European Union, the United States or by any laws applicable to us (Applicable Law). Where we are relying on Applicable Law as the basis for processing Customer Personal Data, we will notify you of this reliance before performing the processing required by the Applicable Law (unless prohibited by such Applicable Law);\n2.4.2 ensure that we have in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, Customer Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Customer Personal Data,\n2.4.3 ensure that all personnel who have access to and/or process personal data are obliged to keep the Customer Personal Data confidential;\n2.4.4 ensure we take such measures required pursuant to the Privacy Act, Article 32 of the GDPR and all other applicable Data Protection Legislation;\n2.4.5 at your expense, assist you in responding to any request from a data subject and in ensuring compliance with your obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;\n2.4.6 notify you without as soon as reasonably practicable after becoming aware of a personal data breach in relation to the Customer Personal Data;\n2.4.7 on your written direction, delete or return the Customer Personal Data and copies thereof to you on termination of this \u2587\u2587\u2587\u2587 unless required by Applicable Law to retain and store the Customer Personal Data; and\n2.4.8 maintain complete and accurate records and information to demonstrate our compliance with these Data Processing Terms and allow for audits, including inspections by you or your designated auditor and as soon as reasonably practicable inform you if, in our opinion, an instruction infringes the applicable Data Protection Legislation.\n2.5 You warrant and undertake that any processing of Customer Personal Data which is, or may occur in accordance with this \u2587\u2587\u2587\u2587 has a lawful basis and that any such Personal Data may properly be processed in accordance with the terms of this \u2587\u2587\u2587\u2587.\n2.6 You agree that we may appoint such sub-processors to process the Customer Personal Data as we deem appropriate for the proper performance of the \u2587\u2587\u2587\u2587, provided that we impose contractual obligations on the sub-processor which are no less onerous\n2.7 Without prejudice to the generality of any other provisions of the \u2587\u2587\u2587\u2587, we may revise these Data Processing Terms by replacing them with any applicable controller to processor standard clauses or similar terms from time to time (which will apply when replaced by attachment to this \u2587\u2587\u2587\u2587).", "snippet_links": [{"key": "the-parties", "type": "definition", "offset": [4, 15]}, {"key": "comply-with", "type": "definition", "offset": [57, 68]}, {"key": "respective-obligations", "type": "clause", "offset": [75, 97]}, {"key": "to-the-extent", "type": "clause", "offset": [137, 150]}, {"key": "the-data-protection-legislation", "type": "definition", "offset": [156, 187]}, {"key": "applicable-to", "type": "clause", "offset": [191, 204]}, {"key": "processing-of-customer-personal-data", "type": "clause", "offset": [209, 245]}, {"key": "in-connection-with", "type": "clause", "offset": [246, 264]}, {"key": "purposes-of-data", "type": "clause", "offset": [309, 325]}, {"key": "the-controller", "type": "clause", "offset": [448, 462]}, {"key": "you-acknowledge", "type": "clause", "offset": [464, 479]}, {"key": "the-processor", "type": "clause", "offset": [492, 505]}, {"key": "the-scope", "type": "clause", "offset": [550, 559]}, {"key": "nature-and-purpose-of-processing", "type": "clause", "offset": [561, 593]}, {"key": "duration-of-the-processing", "type": "clause", "offset": [605, 631]}, {"key": "types-of-personal-data", "type": "clause", "offset": [640, 662]}, {"key": "set-out", "type": "definition", "offset": [666, 673]}, {"key": "paragraph-3", "type": "definition", "offset": [677, 688]}, {"key": "without-prejudice-to-the-generality-of-paragraph", "type": "clause", "offset": [725, 773]}, {"key": "in-place", "type": "definition", "offset": [856, 864]}, {"key": "of-the-customer", "type": "clause", "offset": [891, 906]}, {"key": "duration-and", "type": "clause", "offset": [935, 947]}, {"key": "in-accordance-with", "type": "clause", "offset": [1047, 1065]}, {"key": "in-relation-to", "type": "clause", "offset": [1105, 1119]}, {"key": "personal-data-processed", "type": "clause", "offset": [1133, 1156]}, {"key": "provision-of-support", "type": "clause", "offset": [1180, 1200]}, {"key": "the-performance", "type": "clause", "offset": [1205, 1220]}, {"key": "the-\u2587", "type": "clause", "offset": [1246, 1251]}, {"key": "terms-and", "type": "clause", "offset": [1366, 1375]}, {"key": "written-instructions", "type": "clause", "offset": [1442, 1462]}, {"key": "the-laws", "type": "definition", "offset": [1503, 1511]}, {"key": "the-european-union", "type": "clause", "offset": [1526, 1544]}, {"key": "the-united-states", "type": "definition", "offset": [1546, 1563]}, {"key": "laws-applicable", "type": "clause", "offset": [1574, 1589]}, {"key": "the-basis", "type": "clause", "offset": [1656, 1665]}, {"key": "processing-customer-personal-data", "type": "clause", "offset": [1670, 1703]}, {"key": "required-by", "type": "definition", "offset": [1774, 1785]}, {"key": "the-applicable-law", "type": "clause", "offset": [1786, 1804]}, {"key": "measures-to", "type": "clause", "offset": [1925, 1936]}, {"key": "processing-of-personal-data", "type": "clause", "offset": [1978, 2005]}, {"key": "loss-or-destruction", "type": "clause", "offset": [2029, 2048]}, {"key": "destruction-or-damage", "type": "clause", "offset": [2198, 2219]}, {"key": "nature-of-the-data", "type": "clause", "offset": [2228, 2246]}, {"key": "be-protected", "type": "clause", "offset": [2250, 2262]}, {"key": "state-of", "type": "clause", "offset": [2285, 2293]}, {"key": "cost-of", "type": "definition", "offset": [2328, 2335]}, {"key": "where-appropriate", "type": "clause", "offset": [2391, 2408]}, {"key": "all-personnel", "type": "clause", "offset": [2482, 2495]}, {"key": "access-to", "type": "clause", "offset": [2505, 2514]}, {"key": "process-personal-data", "type": "definition", "offset": [2522, 2543]}, {"key": "the-privacy-act", "type": "clause", "offset": [2661, 2676]}, {"key": "the-gdpr", "type": "definition", "offset": [2692, 2700]}, {"key": "applicable-data-protection-legislation", "type": "definition", "offset": [2715, 2753]}, {"key": "responding-to", "type": "clause", "offset": [2792, 2805]}, {"key": "data-subject", "type": "clause", "offset": [2825, 2837]}, {"key": "compliance-with", "type": "clause", "offset": [2854, 2869]}, {"key": "your-obligations", "type": "definition", "offset": [2870, 2886]}, {"key": "with-respect-to", "type": "clause", "offset": [2925, 2940]}, {"key": "breach-notifications", "type": "clause", "offset": [2951, 2971]}, {"key": "impact-assessments-and-consultations", "type": "clause", "offset": [2973, 3009]}, {"key": "supervisory-authorities", "type": "clause", "offset": [3015, 3038]}, {"key": "personal-data-breach", "type": "definition", "offset": [3139, 3159]}, {"key": "written-direction", "type": "definition", "offset": [3217, 3234]}, {"key": "delete-or-return", "type": "clause", "offset": [3236, 3252]}, {"key": "termination-of-this", "type": "clause", "offset": [3309, 3328]}, {"key": "records-and-information", "type": "clause", "offset": [3457, 3480]}, {"key": "you-warrant", "type": "clause", "offset": [3764, 3775]}, {"key": "lawful-basis", "type": "clause", "offset": [3894, 3906]}, {"key": "terms-of", "type": "definition", "offset": [3988, 3996]}, {"key": "you-agree", "type": "clause", "offset": [4012, 4021]}, {"key": "provided-that", "type": "definition", "offset": [4163, 4176]}, {"key": "contractual-obligations", "type": "clause", "offset": [4187, 4210]}, {"key": "the-sub", "type": "clause", "offset": [4214, 4221]}, {"key": "provisions-of-the", "type": "clause", "offset": [4311, 4328]}, {"key": "controller-to-processor-standard-clauses", "type": "definition", "offset": [4415, 4455]}, {"key": "similar-terms", "type": "clause", "offset": [4459, 4472]}, {"key": "from-time-to-time", "type": "clause", "offset": [4473, 4490]}], "hash": "74fdf2ef29f213a6cf225e2cffd6cc2d", "id": 9}, {"size": 4, "samples": [{"hash": "1U9ZJkgyvKf", "uri": "/contracts/1U9ZJkgyvKf#data-processing-terms", "label": "Data Processing Addendum", "score": 28.0102672577, "published": true}, {"hash": "kgkee7NmWpY", "uri": "/contracts/kgkee7NmWpY#data-processing-terms", "label": "Data Processing Addendum", "score": 26.5236148834, "published": true}, {"hash": "hquJnGIfmns", "uri": "/contracts/hquJnGIfmns#data-processing-terms", "label": "Data Processing Addendum", "score": 26.4428482056, "published": true}], "snippet": "Customer and Flipnode hereby agree to the following provisions with respect to any Personal Data Customer processed by Flipnode in relation to the provision of the Services under the Agreement.", "snippet_links": [{"key": "agree-to", "type": "clause", "offset": [29, 37]}, {"key": "with-respect-to", "type": "clause", "offset": [63, 78]}, {"key": "personal-data", "type": "definition", "offset": [83, 96]}, {"key": "in-relation-to", "type": "clause", "offset": [128, 142]}, {"key": "the-provision-of-the-services", "type": "clause", "offset": [143, 172]}, {"key": "the-agreement", "type": "clause", "offset": [179, 192]}], "hash": "b896b185baf209f954a97eb216b35525", "id": 10}], "next_curs": "Cl4SWGoVc35sYXdpbnNpZGVyY29udHJhY3RzcjoLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2Ih5kYXRhLXByb2Nlc3NpbmctdGVybXMjMDAwMDAwMGEMogECZW4YACAA", "clause": {"size": 192, "children": [["", ""], ["definitions", "Definitions"], ["sub-processors", "Sub-Processors"], ["data-subject-rights", "Data Subject Rights"], ["conflict", "Conflict"]], "parents": [["data-protection", "Data Protection"], ["miscellaneous", "Miscellaneous"], ["verifone-cloud-services-data-security-and-privacy", "VERIFONE CLOUD SERVICES; DATA SECURITY AND PRIVACY"], ["other-important-terms", "OTHER IMPORTANT TERMS"], ["law", "Law"]], "title": "DATA PROCESSING TERMS", "id": "data-processing-terms", "related": [["data-processing-agreement", "Data Processing Agreement", "Data Processing Agreement"], ["data-processing-addendum", "Data Processing Addendum", "Data Processing Addendum"], ["data-processing", "Data Processing", "Data Processing"], ["details-of-data-processing", "Details of Data Processing", "Details of Data Processing"], ["personal-data-processing", "Personal Data Processing", "Personal Data Processing"]], "related_snippets": [], "updated": "2025-09-10T05:50:56+00:00", "also_ask": ["What are the essential data protection obligations that must be included to ensure compliance with applicable laws?", "How can liability and indemnity provisions be strategically negotiated in data processing terms?", "What are the most common enforceability challenges for data processing clauses in court?", "How do these data processing terms compare to industry-standard or regulatory requirements (e.g., GDPR, CCPA)?", "What are the critical risks if data breach notification or audit rights are omitted or weakly drafted?"], "drafting_tip": "Specify data types and processing purposes to ensure compliance; define roles and responsibilities to clarify obligations; require security measures to protect data integrity.", "explanation": "The Data Processing Terms clause defines the rules and obligations governing how personal or sensitive data is handled between parties. It typically outlines the responsibilities of each party regarding data collection, storage, processing, and sharing, and may specify requirements for data security, breach notification, and compliance with relevant privacy laws such as GDPR. This clause ensures that both parties understand their roles in protecting data, thereby reducing the risk of unauthorized access or misuse and helping to maintain legal compliance."}, "json": true, "cursor": ""}}