Common use of Data Transmission Control Clause in Contracts

Data Transmission Control. Except as necessary for the provision of the Cloud Services in accordance with the Agreement, Personal Data must not be read, copied, modified or removed without authorization during transfer. Where data carriers are physically transported, adequate measures are implemented at SAP to provide the agreed-upon service levels (for example, encryption and lead-lined containers). Measures: • Personal Data in transfer over SAP internal networks is protected according to SAP Security Policy. • When data is transferred between SAP and its customers, the protection measures for the transferred Personal Data are mutually agreed upon and made part of the relevant agreement. This applies to both physical and network based data transfer. In any case, the Customer assumes responsibility for any data transfer once it is outside of SAP-controlled systems (e.g. data being transmitted outside the firewall of the SAP Data Center).

Data Transmission Control. Except as necessary for the provision of the Cloud Services in accordance with the Agreement, Personal Data must not be read, copied, modified or removed without authorization during transfer. Where data carriers are physically transported, adequate measures are implemented at SAP to provide the agreed-upon service levels (for example, encryption and lead-lined containers). Measures: • Personal Data in transfer over SAP internal networks is protected according to SAP Security Policy. • When data is transferred between SAP and its customers, the protection measures for the transferred Personal Data are mutually agreed upon and made part of the relevant agreement. This applies to both physical and network network-based data transfer. In any case, the Customer assumes responsibility for any data transfer once it is outside of SAP-controlled systems (e.g. data being transmitted outside the firewall of the SAP Data Center).

Data Transmission Control. Except as necessary for the provision of the Cloud Services in accordance with the Agreementrelevant service agreement, Personal Data must not be read, copied, modified or removed without authorization during transfer. Where data carriers are physically transported, adequate measures are implemented at SAP to provide ensure the agreed-upon service levels (for example, encryption and lead-lined containers). Measures: • Personal Data in transfer over SAP internal networks is are protected in the same manner as any other confidential data according to SAP Security Policy. • When data is transferred between SAP and its customers, the protection measures for the transferred Personal Data are mutually agreed upon and made part of the relevant agreementAgreement. This applies to both physical and network based data transfer. In any case, the Customer assumes responsibility for any data transfer once it is outside of SAP-controlled systems (e.g. data being transmitted outside the firewall of the SAP Data Center).

Data Transmission Control. Except as necessary for the provision of the Cloud Services in accordance with the Agreementrelevant service agreement, Personal Data must not be read, copied, modified or removed without authorization during transfer. Where data carriers are physically transported, adequate measures are implemented at SAP to provide ensure the agreed-agreed- upon service levels (for example, encryption and lead-lined containers). Measures: • Personal Data in transfer over SAP internal networks is are protected in the same manner as any other confidential data according to SAP Security Policy. • When data is transferred between SAP and its customers, the protection measures for the transferred Personal Data are mutually agreed upon and made part of the relevant agreementAgreement. This applies to both physical and network based data transfer. In any case, the Customer assumes responsibility for any data transfer once it is outside of SAP-SAP- controlled systems (e.g. data being transmitted outside the firewall of the SAP Data Center).

Data Transmission Control. Except as necessary for the provision of the Cloud Services in accordance with the Agreement, Personal Data must not be read, copied, modified or removed without authorization during transfer. Where data carriers are physically transported, adequate measures are implemented at SAP to provide the agreed-upon service levels (for example, encryption and lead-lined containers). Measures: • Personal Data in transfer over SAP internal networks is protected according to SAP Security Policy. • When data is transferred between SAP and its customers, the protection measures for the transferred Personal Data are mutually agreed upon and made part of the relevant agreement. This applies to both physical and network based data transfer. In any case, the Customer assumes responsibility for any data transfer once it is outside of SAP-SAP- controlled systems (e.g. data being transmitted outside the firewall of the SAP Data Center).

Data Transmission Control. Except as necessary for the provision of the Cloud Services in accordance with the Agreement, Personal Data must not be read, copied, modified or removed without authorization during transfer. Where data carriers are physically transported, adequate measures are implemented at SAP NS2 to provide the agreed-upon service levels (for example, encryption and lead-lined containersencryption). Measures: • Personal Data in transfer over SAP NS2 internal networks is protected according to SAP Security Policyprotected. • When data is transferred between SAP NS2 and its customers, the protection measures for the transferred Personal Data are mutually agreed upon and made part of the relevant agreement. This applies to both physical and network based data transfer. In any case, the Customer assumes responsibility for any data transfer once it is outside of SAPSAP NS2-controlled systems (e.g. data being transmitted outside the firewall of the SAP NS2 Data Center).