Data Protection Audit Clause Samples

POPULAR SAMPLE Copied 88 times
Data Protection Audit. Upon prior written request by Customer, to the extent required under the Data Protection Legislation, Elastic agrees to cooperate and within reasonable time provide Customer with: (a) a summary of any required audit reports demonstrating Elastic’s compliance with EU Data Protection obligations under this Addendum (without any confidential or commercially sensitive information); and (b) confirmation that such audit has not revealed any material vulnerability in Elastic’s systems, or to the extent that any such vulnerability was detected, that Elastic has fully remedied such vulnerability. If the above measures are not sufficient to confirm compliance with Data Protection Legislation or reveal some material issues, subject to the strictest confidentiality obligations, Elastic allows Customer to request an audit of Elastic’s data protection compliance program by external independent auditors, which are jointly selected by the Parties, at Customer’s sole expense. The Parties will mutually agree upon the scope, timing, and duration of the audit. Elastic will make available to Customer the result of the audit of its data protection compliance program.
View SourceView Similar (2)
Data Protection Audit a) During the term of this Data Processing Agreement the User and/or a reputable independent third- party auditor the User designates will have the right to examine the Service Provider and its subprocessors’ facilities, moreover to verify whether or not the Service Provider operates its data protection system in compliance with the provisions set out in this Data Processing Agreement, if it is suspected that the Processor fails to comply with any provision in this agreement. b) Notwithstanding the above, this audit may not extend to the examination of data belonging to the Service Provider’s clients, furthermore will not grant access to information related to the Service Provider’s security systems/measures. The Processor must be notified about audits initiated by the User at least 30 days in advance. The notification shall reason the necessity of the audit and shall describe its envisaged scope. Audits may not trigger the unreasonable interruption of the Processor’s workflows, and may not exceed a duration of 30 days, which may be extended once in justified cases. Auditing may not involve (i) direct access to the qualified trust service provider’s IT systems and premises, (ii) disturbing the Processor’s employees and causing significant extra work for them. To avoid any misunderstanding, the Parties confirm that the User will bear the costs related to data protection audits.
View Source
Data Protection Audit. 1.5.1 The Service Provider shall produce and maintain a Data Protection audit plan to be agreed by TTL, which shall include: a) timescales for preparation and conduct of the annual Data Protection audit; b) the Data Protection audit strategy and planned outputs; c) details of the independent Third Party undertaking the Data Protection audit; d) the Service Provider Personnel responsible for fulfilment of the Data Protection audit plan; and e) the Service Provider Personnel responsible for the management of the independent Third Party undertaking the Data Protection audit. 1.5.2 The Service Provider shall implement a comprehensive Data Protection audit, to be undertaken by an independent Third Party approved by TTL, covering all Data Processing undertaken by the Service Provider. The Data Protection audit will be completed at no cost to TTL. 1.5.3 The Service Provider shall conduct the Data Protection audit annually (or at a frequency agreed with TTL) and report the findings to TTL. 1.5.4 The Service Provider shall act on the findings from any Data Protection audits to ensure (within timescales agreed by TTL) that the Service Provider's Processing, storage, disclosure and destruction of Personal Data are conducted in accordance with: a) the Data Protection Legislation; b) the provisions of Clause 50 (Information Compliance); c) Schedule 15 (Information Compliance); and d) Schedule 5 (Service Level Agreement).
View Source
Data Protection Audit. 6.1. Upon prior written request by Data Controller, Data Processor agrees to cooperate and within reasonable time provide to Data Controller with: (a) a summary of the audit reports demonstrating Data Processor’s compliance with its obligations under this Agreement, after redacting any confidential and commercially sensitive information; and (b) confirmation that the audit has not revealed any material vulnerability in Data Processor’s systems, or to the extent that any such vulnerability was detected, that Data Processor has fully remedied such vulnerability. 6.2. If the above measures are not sufficient to confirm compliance with GDPR or reveal some material issues, subject to the strictest confidentiality obligations, Data Processor allows Data Controller to request an audit of Data Processor’s data protection compliance program by external independent auditors, which are jointly selected by the parties. The external independent auditor cannot be a competitor of Data Processor, and the parties will mutually agree upon the scope, timing, and duration of the audit. The audit may not start with less than 30 days from the first request of the Data Controller. Data Processor will make available to Data Controller the result of the audit of its data protection compliance program. Data Controller shall bear the cost of such audit and must fully reimburse Data Processor for all expenses and costs related to such audit.
View Source
Data Protection Audit. Upon prior written request by Merchant, ▇▇▇▇▇▇▇▇.▇▇▇ agrees to cooperate and within reasonable time provide Merchant with: (a) a summary of the audit reports demonstrating ▇▇▇▇▇▇▇▇.▇▇▇’s compliance with EU Data Protection obligations under this Agreement, after redacting any confidential and commercially sensitive information; and (b) confirmation that the audit has not revealed any material vulnerability in ▇▇▇▇▇▇▇▇.▇▇▇’s systems, or to the extent that any such vulnerability was detected, that ▇▇▇▇▇▇▇▇.▇▇▇ has fully remedied such vulnerability. If the above measures are not sufficient to confirm compliance with EU Data Protection law or reveal some material issues, subject to the strictest confidentiality obligations, ▇▇▇▇▇▇▇▇.▇▇▇ allows Merchant to request an audit of ▇▇▇▇▇▇▇▇.▇▇▇’s data protection compliance program by external independent auditors, which are jointly selected by the Parties. The external independent auditor cannot be a competitor of ▇▇▇▇▇▇▇▇.▇▇▇, and the Parties will mutually agree upon the scope, timing, and duration of the audit. ▇▇▇▇▇▇▇▇.▇▇▇ will make available to Merchant the result of the audit of its data protection compliance program.
View Source
Data Protection Audit. 7.1. Customer, acting by itself or through its appointed representative (acting pursuant to an NDA approved by Drift), shall have the right during the term of the Agreement and for as long thereafter as Drift processes Personal Data regarding which Customer is a Controller, to assess compliance by Drift with the applicable requirements of the EU Data Protection Law and/or this Addendum, and to review the technical and organizational measures taken by Drift against the unauthorized or unlawful processing of Personal Data and against the unauthorized access to, accidental loss or destruction of, or damage to, Personal Data, on at least thirty (30) days’ advance notice to Drift. Before the commencement of any audit, Customer and Drift shall mutually agree upon the scope, timing, and duration of the audit, and Customer shall take all reasonable measures to limit any adverse impact thereof on Drift. 7.2. To the extent permitted by applicable law, Customer shall bear the costs and expenses incurred in respect of the parties’ compliance with their obligations under this clause, unless the audit identifies that the Drift is not in compliance with the applicable requirements of the EU Data Protection Law and/or this Addendum, in which case Drift shall reimburse Customer for all reasonable costs and expenses incurred by Customer and Drift in connection with the audit.
View Source

Related to Data Protection Audit

  • Data Protection All personal data contained in the agreement shall be processed in accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data. Such data shall be processed solely in connection with the implementation and follow-up of the agreement by the sending institution, the National Agency and the European Commission, without prejudice to the possibility of passing the data to the bodies responsible for inspection and audit in accordance with EU legislation (Court of Auditors or European Antifraud Office (▇▇▇▇)). The participant may, on written request, gain access to his personal data and correct any information that is inaccurate or incomplete. He/she should address any questions regarding the processing of his/her personal data to the sending institution and/or the National Agency. The participant may lodge a complaint against the processing of his personal data with the [national supervising body for data protection] with regard to the use of these data by the sending institution, the National Agency, or to the European Data Protection Supervisor with regard to the use of the data by the European Commission.

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Data Protection Impact Assessments Workday will, at Customer’s request and subject to the confidentiality terms set forth in the UMSA, make its most recent Audit Reports and Certifications available to Customer. To the extent Customer requires additional assistance to meet its obligations under applicable Data Protection Laws to carry out a data protection impact assessment and prior consultation with the competent supervisory authority related to Customer’s use of the Covered Service, Workday will, taking into account the nature of Processing and the information available to Workday, provide reasonable assistance to Customer.

  • Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

  • Records Retention Audits CENTOCOR, its Affiliates and Sublicensees shall keep for three (3) years from the date of each payment of royalties complete and accurate records of sales by CENTOCOR and its Affiliates and Sublicensees of each Licensed Product in sufficient detail to allow the accruing royalties to be determined accurately. MORPHOSYS shall have the right for a period of three (3) years after receiving any report or statement with respect to royalties due and payable to appoint an independent certified public accountant reasonably acceptable to CENTOCOR to inspect the relevant records of CENTOCOR and its Affiliates and Sublicensees to verify such report or statement. CENTOCOR and its Affiliates and Sublicensees shall each make its records available for inspection by such independent certified public accountant during regular business hours at such place or places where such records are customarily kept, upon reasonable notice from MORPHOSYS, solely to verify the accuracy of the reports and payments. Such inspection right shall not be exercised more than once in any calendar year nor more than once with respect to sales of any Licensed Product in any given payment period. MORPHOSYS agrees to hold in strict confidence all information concerning royalty payments and reports, and all information learned in the course of any audit or inspection, except to the extent necessary for MORPHOSYS to reveal such information in order to enforce its rights under this Agreement or if disclosure is required by law, regulation or judicial order. The results of each inspection, if any, shall be binding on both Parties. MORPHOSYS shall pay for such inspections, except that in the event there is any upward adjustment in aggregate royalties payable for any year shown by such inspection of more than […***…] of the amount paid, CENTOCOR shall pay for such inspection. CONFIDENTIAL