Data Processor’s Processing of Personal Data. Subject to the Agreement with Customer, Data Processor shall Process Personal Data in accordance with Customer’s documented instructions regarding the manner in which the Data Processor will process the Personal Data, for the following purposes: (i) Processing in accordance with the Agreement and this DPA; (ii) Processing for Customer to be able to use the Services; (iii) Processing to comply with other Personal Data related requests provided by Customer where such requests are consistent with the terms of the Agreement; (iv) Processing as required by Union or Member State law to which Data Processor is subject; in such a case, Data Processor shall inform the Customer of the legal requirement before processing, unless that law prohibits such information on important grounds of public interest. To the extent that Data Processor cannot comply with a request from Customer and/or its Authorized Users (including, without limitation, any instruction, direction, code of conduct, certification, or change of any kind), Data Processor (i) shall inform Customer, providing relevant details of the problem, (ii) Data Processor may, without any kind of liability to Customer, temporarily cease all Processing of the affected Personal Data (other than securely storing those data) and/or suspend access to the Account, and (iii) if the Parties do not agree on a resolution to the issue in question and the costs thereof, Customer may, as its sole remedy, terminate the Agreement and this DPA with respect to the affected Processing, and Customer shall pay to Data Processor all the amounts owed to Data Processor or due before the date of termination. Customer will have no further claims against Data Processor (including, without limitation, requesting refunds for Services) due to the termination of the Agreement and the DPA in the situation described in this paragraph.
Data Processor’s Processing of Personal Data. Data Processor will only Process Personal Data on behalf of and in accordance with Data Controller’s instructions and in relation to the Agreement and its purpose (the “Purpose”), and will treat Personal Data as Confidential Information. By entering into this DPA, Data Controller instructs Data Processor to Process Personal Data in accordance with the Purpose. Data Controller may issue additional instructions to Data Processor, and Data Processor shall promptly comply with all such additional instructions, as long as such instructions (i) comply with applicable Data Protection Laws and Regulations, (ii) are issued by Data Controller to Data Processor in writing and with sufficient advance notice for Data Processor to review, consider and act on such instructions, do not provide Data Processor with additional sensitive or special Personal Data that imposes additional data security or data protection obligations on Data Processor beyond those which are already contemplated in the Agreement (iii) and (iv) Data Processor has the means and authority to so act. To the extent that Data Processor expects to incur additional charges or fees not contemplated or covered by the Agreement and with respect to any additional instructions, the Parties shall, without prejudice, negotiate in good faith as to which Party or Parties bear the cost of the additional instructions.