{"component": "clause", "props": {"groups": [{"snippet_links": [{"key": "conditions-for-international-processing", "type": "clause", "offset": [5, 44]}, {"key": "process-personal-data", "type": "definition", "offset": [70, 91]}, {"key": "in-accordance-with", "type": "clause", "offset": [127, 145]}, {"key": "the-country", "type": "definition", "offset": [163, 174]}, {"key": "the-customer", "type": "definition", "offset": [184, 196]}, {"key": "data-protection-law", "type": "clause", "offset": [227, 246]}], "samples": [{"hash": "6nKnzL0Ur27", "uri": "/contracts/6nKnzL0Ur27#international-processing", "label": "General Terms and Conditions for Cloud Services", "score": 33.0319442749, "published": true}, {"hash": "7Z9CaDZQoAE", "uri": "/contracts/7Z9CaDZQoAE#international-processing", "label": "Cloud Services Agreement", "score": 33.0294418335, "published": true}, {"hash": "U24KJwl2ii", "uri": "/contracts/U24KJwl2ii#international-processing", "label": "General Terms and Conditions for Cloud Services", "score": 33.0174484253, "published": true}], "size": 8, "snippet": "8.1. Conditions for International Processing SAP shall be entitled to process Personal Data, including by using Subprocessors, in accordance with this DPA outside the country in which the Customer is located as permitted under Data Protection Law.", "hash": "a10930ff6db3c147637618e1249aac55", "id": 2}, {"snippet_links": [{"key": "conditions-for-international-processing", "type": "clause", "offset": [5, 44]}, {"key": "process-personal-data", "type": "definition", "offset": [70, 91]}, {"key": "in-accordance-with", "type": "clause", "offset": [127, 145]}, {"key": "the-country", "type": "definition", "offset": [163, 174]}, {"key": "the-customer", "type": "definition", "offset": [184, 196]}, {"key": "of-the-standard", "type": "clause", "offset": [267, 282]}, {"key": "the-period", "type": "clause", "offset": [328, 338]}, {"key": "subject-to", "type": "clause", "offset": [416, 426]}, {"key": "third-country", "type": "clause", "offset": [450, 463]}, {"key": "where-personal-data", "type": "clause", "offset": [468, 487]}, {"key": "united-kingdom", "type": "clause", "offset": [502, 516]}, {"key": "the-laws", "type": "definition", "offset": [655, 663]}, {"key": "the-controller", "type": "clause", "offset": [682, 696]}, {"key": "entering-into", "type": "clause", "offset": [743, 756]}, {"key": "entered-into", "type": "clause", "offset": [930, 942]}, {"key": "sap-se", "type": "definition", "offset": [953, 959]}, {"key": "an-independent", "type": "clause", "offset": [984, 998]}, {"key": "rights-and-obligations", "type": "definition", "offset": [1008, 1030]}, {"key": "use-of-the-cloud-services", "type": "clause", "offset": [1062, 1087]}, {"key": "by-customer", "type": "clause", "offset": [1108, 1119]}, {"key": "the-agreement", "type": "clause", "offset": [1126, 1139]}, {"key": "the-relevant", "type": "clause", "offset": [1208, 1220]}, {"key": "in-the-same-manner", "type": "definition", "offset": [1235, 1253]}, {"key": "section-821", "type": "clause", "offset": [1285, 1298]}, {"key": "customer-will", "type": "clause", "offset": [1330, 1343]}, {"key": "on-behalf-of", "type": "definition", "offset": [1395, 1407]}, {"key": "relevant-controller", "type": "definition", "offset": [1535, 1554]}, {"key": "applicable-data-protection-law", "type": "definition", "offset": [1584, 1614]}, {"key": "new-standard-contractual-clauses", "type": "definition", "offset": [1626, 1658]}, {"key": "to-the-standard-contractual-clauses", "type": "clause", "offset": [1726, 1761]}, {"key": "section-83", "type": "clause", "offset": [1842, 1853]}], "samples": [{"hash": "fwawYhUGvCh", "uri": "/contracts/fwawYhUGvCh#international-processing", "label": "Data Processing Agreement", "score": 31.6055774689, "published": true}, {"hash": "g3X4nqI6Vll", "uri": "/contracts/g3X4nqI6Vll#international-processing", "label": "Data Processing Agreement", "score": 30.6639232635, "published": true}, {"hash": "kVEimGvxtXv", "uri": "/contracts/kVEimGvxtXv#international-processing", "label": "Data Processing Agreement", "score": 30.5927524567, "published": true}], "size": 21, "snippet": "8.1. Conditions for International Processing SAP shall be entitled to process Personal Data, including by using Subprocessors, in accordance with this DPA outside the country in which the Customer is located as permitted under Data Protection Law.\n8.2. Applicability of the Standard Contractual Clauses (2010)\n8.2.1. Where, for the period up to and including 26 September 2021, Personal Data of a Controller that is subject to GDPR is processed in a Third Country, or where Personal Data of a Swiss or United Kingdom based Controller or another Controller is processed in a Third Country and such international processing requires an adequacy means under the laws of the country of the Controller and the required adequacy means can be met by entering into Standard Contractual Clauses (2010), then:\na) SAP and Customer enter into the Standard Contractual Clauses (2010);\nb) Customer joins the Standard Contractual Clauses (2010) entered into by SAP or SAP SE and the Subprocessor as an independent owner of rights and obligations; or\nc) other Controllers whose use of the Cloud Services has been authorized by Customer under the Agreement may also enter into Standard Contractual Clauses (2010) with SAP or the relevant Subprocessors in the same manner as Customer in accordance with Section 8.2.1 a) and b) above. In such case, Customer will enter into the Standard Contractual Clauses (2010) on behalf of the other Controllers.\n8.2.2. The Standard Contractual Clauses (2010) shall be governed by the law of the country in which the relevant Controller is established.\n8.2.3. Where applicable Data Protection Law adopts the New Standard Contractual Clauses as meeting any required adequacy means as an alternative or update to the Standard Contractual Clauses (2010) then the New Standard Contractual Clauses shall apply in accordance with Section 8.3.", "hash": "be9aa305e2551897f9fa75d1e10a9a3d", "id": 1}, {"snippet_links": [{"key": "customer-acknowledges-and-agrees", "type": "clause", "offset": [0, 32]}, {"key": "process-personal-data", "type": "definition", "offset": [49, 70]}, {"key": "the-products", "type": "clause", "offset": [113, 125]}, {"key": "in-accordance-with-the-agreement", "type": "definition", "offset": [126, 158]}, {"key": "vendor-shall", "type": "clause", "offset": [160, 172]}, {"key": "the-requirements", "type": "clause", "offset": [223, 239]}, {"key": "applicable-data-protection-laws", "type": "definition", "offset": [243, 274]}], "samples": [{"hash": "fOnFCf6uqoY", "uri": "/contracts/fOnFCf6uqoY#international-processing", "label": "Data Processing Agreement", "score": 34.4897460938, "published": true}, {"hash": "hWsRPdwpkGd", "uri": "/contracts/hWsRPdwpkGd#international-processing", "label": "Data Processing Agreement", "score": 34.4322624207, "published": true}, {"hash": "7ce7eXarBBn", "uri": "/contracts/7ce7eXarBBn#international-processing", "label": "Data Processing Agreement", "score": 34.4147453308, "published": true}], "size": 6, "snippet": "Customer acknowledges and agrees that Vendor may Process Personal Data on a global basis as necessary to provide the Products in accordance with the Agreement. Vendor shall ensure such transfers are made in compliance with the requirements of applicable Data Protection Laws.", "hash": "dcbd0c0972c4f37c6654bf673f25478f", "id": 3}, {"snippet_links": [{"key": "notwithstanding-section-8", "type": "clause", "offset": [0, 25]}, {"key": "customer-data", "type": "clause", "offset": [61, 74]}, {"key": "state-of-israel", "type": "clause", "offset": [107, 122]}, {"key": "the-eu", "type": "clause", "offset": [124, 130]}, {"key": "transfer-mechanisms", "type": "clause", "offset": [180, 199]}, {"key": "protection-of-privacy", "type": "clause", "offset": [210, 231]}, {"key": "transfer-of-data", "type": "clause", "offset": [233, 249]}, {"key": "customer-shall", "type": "clause", "offset": [295, 309]}, {"key": "data-subjects", "type": "definition", "offset": [360, 373]}, {"key": "legal-bases", "type": "clause", "offset": [394, 405]}, {"key": "relevant-data-protection-laws", "type": "definition", "offset": [423, 452]}, {"key": "the-processing", "type": "clause", "offset": [480, 494]}, {"key": "necessary-data", "type": "clause", "offset": [505, 519]}, {"key": "record-of", "type": "clause", "offset": [580, 589]}, {"key": "the-fact", "type": "clause", "offset": [695, 703]}, {"key": "to-customer", "type": "clause", "offset": [758, 769]}], "samples": [{"hash": "e4FyaNvLAUQ", "uri": "/contracts/e4FyaNvLAUQ#international-processing", "label": "Data Processing Agreement", "score": 31.6165275574, "published": true}, {"hash": "3QWdP0aXEs1", "uri": "/contracts/3QWdP0aXEs1#international-processing", "label": "Data Processing Agreement", "score": 30.7022457123, "published": true}, {"hash": "g3X4nqI6Vll", "uri": "/contracts/g3X4nqI6Vll#international-processing", "label": "Data Processing Agreement", "score": 30.6639232635, "published": true}], "size": 4, "snippet": "Notwithstanding Section 8 of the DPA, SAP confirms that when Customer Data is processed by SAP outside the State of Israel, the EU or the EEA or UK, SAP complies with the approved transfer mechanisms under the Protection of Privacy (Transfer of Data to Databases Abroad) Regulations, 5761-2001. Customer shall ensure that all necessary notices are provided to Data Subjects, and unless another legal bases set forth in the relevant data protection laws supports the lawfulness of the processing, that any necessary Data Subject consents to the processing are obtained, and that a record of such consent is maintained. Should such consent be revoked by a Data Subject, Customer shall communicate the fact of such revocation to SAP, and SAP shall act pursuant to Customer's instructions as seems appropriate.", "hash": "74a884ce8287879cb8bf4623c7cf1b79", "id": 4}, {"snippet_links": [{"key": "cross-border", "type": "definition", "offset": [4, 16]}, {"key": "customer-personal-data", "type": "clause", "offset": [28, 50]}, {"key": "the-united-states", "type": "definition", "offset": [148, 165]}, {"key": "transfer-of-customer", "type": "clause", "offset": [304, 324]}, {"key": "process-personal-data", "type": "definition", "offset": [376, 397]}, {"key": "the-services", "type": "definition", "offset": [418, 430]}, {"key": "applicable-data-protection-law", "type": "definition", "offset": [450, 480]}], "samples": [{"hash": "JSQ1mIDVUC", "uri": "/contracts/JSQ1mIDVUC#international-processing", "label": "End User License Agreement", "score": 32.8774442021, "published": true}, {"hash": "9FIKAOLW89e", "uri": "/contracts/9FIKAOLW89e#international-processing", "label": "Data Processing Addendum", "score": 27.2737846375, "published": true}, {"hash": "ksVylGGlPBW", "uri": "/contracts/ksVylGGlPBW#international-processing", "label": "Data Processing Addendum", "score": 27.0328540802, "published": true}], "size": 3, "snippet": "(a) Cross Border Transfers. Customer Personal Data that Riverbed Processes on Customer\u2019s behalf may be transferred to, and stored and Processed in, the United States or any other country in which the Riverbed Group or its Subprocessors maintain facilities. Customer appoints Riverbed to perform any such transfer of Customer Personal Data to any such country and to store and Process Personal Data in order to provide the Services as permitted under Applicable Data Protection Law.", "hash": "b9432156ad5619ef7da3809d7866392d", "id": 5}, {"snippet_links": [{"key": "process-personal-data", "type": "definition", "offset": [29, 50]}, {"key": "in-accordance-with", "type": "clause", "offset": [104, 122]}, {"key": "this-exhibit", "type": "definition", "offset": [123, 135]}, {"key": "the-country", "type": "definition", "offset": [144, 155]}, {"key": "data-protection-law", "type": "clause", "offset": [204, 223]}, {"key": "outside-the-european-union", "type": "clause", "offset": [259, 285]}, {"key": "provided-that", "type": "definition", "offset": [286, 299]}, {"key": "covered-by", "type": "definition", "offset": [333, 343]}, {"key": "adequacy-decision", "type": "definition", "offset": [347, 364]}, {"key": "the-european-commission", "type": "clause", "offset": [368, 391]}, {"key": "the-transfer", "type": "clause", "offset": [398, 410]}, {"key": "signature-of", "type": "definition", "offset": [460, 472]}, {"key": "standard-contractual-clauses", "type": "clause", "offset": [473, 501]}], "samples": [{"hash": "cDs0LjRDonn", "uri": "/contracts/cDs0LjRDonn#international-processing", "label": "Master Services and Software Agreement", "score": 34.9787750244, "published": true}], "size": 2, "snippet": "Company shall be entitled to process Personal Data, including by using Subprocessors or its Affiliates, in accordance with this Exhibit outside the country in which Customer is located as permitted under Data Protection Law. Company may process Personal Data outside the European Union provided that: - the country of destination is covered by an adequacy decision by the European Commission; or - the transfer is covered by appropriate guarantees such as the signature of Standard Contractual Clauses adopted by the European Commission.", "hash": "0e7e043bf927e5ea7d87d79c375afb99", "id": 6}, {"snippet_links": [{"key": "conditions-for-international-processing", "type": "clause", "offset": [5, 44]}, {"key": "process-personal-data", "type": "definition", "offset": [70, 91]}, {"key": "in-accordance-with", "type": "clause", "offset": [127, 145]}, {"key": "the-country", "type": "definition", "offset": [163, 174]}, {"key": "the-customer", "type": "definition", "offset": [184, 196]}, {"key": "data-protection-law", "type": "clause", "offset": [227, 246]}, {"key": "applicability-of-new-standard-contractual-clauses", "type": "clause", "offset": [253, 302]}, {"key": "in-respect-of", "type": "definition", "offset": [343, 356]}, {"key": "relevant-transfers", "type": "clause", "offset": [365, 383]}, {"key": "located-in", "type": "definition", "offset": [411, 421]}, {"key": "third-country", "type": "clause", "offset": [424, 437]}, {"key": "data-exporter", "type": "definition", "offset": [452, 465]}, {"key": "sap-se", "type": "definition", "offset": [475, 481]}, {"key": "data-importer", "type": "clause", "offset": [582, 595]}, {"key": "module-3", "type": "definition", "offset": [597, 605]}, {"key": "controller-to-processor", "type": "clause", "offset": [948, 971]}, {"key": "customer-acts", "type": "clause", "offset": [1107, 1120]}, {"key": "use-of-the-cloud-services", "type": "clause", "offset": [1354, 1379]}, {"key": "by-customer", "type": "clause", "offset": [1400, 1411]}, {"key": "the-agreement", "type": "clause", "offset": [1418, 1431]}, {"key": "in-the-same-manner", "type": "definition", "offset": [1498, 1516]}, {"key": "on-behalf-of", "type": "definition", "offset": [1650, 1662]}, {"key": "with-respect-to", "type": "clause", "offset": [1707, 1722]}, {"key": "new-scc-relevant-transfer", "type": "definition", "offset": [1725, 1750]}, {"key": "on-request", "type": "definition", "offset": [1752, 1762]}, {"key": "subject-to-the", "type": "definition", "offset": [1775, 1789]}, {"key": "customer-may", "type": "clause", "offset": [1800, 1812]}, {"key": "a-copy-of", "type": "clause", "offset": [1818, 1827]}, {"key": "entered-into", "type": "clause", "offset": [1882, 1894]}, {"key": "the-relevant", "type": "clause", "offset": [1931, 1943]}, {"key": "available-to", "type": "definition", "offset": [1956, 1968]}, {"key": "data-subjects", "type": "definition", "offset": [1969, 1982]}], "samples": [{"hash": "6pjfuBFPJsK", "uri": "/contracts/6pjfuBFPJsK#international-processing", "label": "Data Processing Agreement", "score": 31.6931743622, "published": true}], "size": 1, "snippet": "8.1. Conditions for International Processing SAP shall be entitled to process Personal Data, including by using Subprocessors, in accordance with this DPA outside the country in which the Customer is located as permitted under Data Protection Law.\n8.2. Applicability of New Standard Contractual Clauses\n8.2.1. The following shall solely apply in respect of New SCC Relevant Transfers:\n8.2.1.1. Where SAP is not located in a Third Country and acts as a data exporter, SAP (or SAP SE on its behalf) has entered in to the New Standard Contractual Clauses with each Subprocessor as the data importer. Module 3 (Processor to Processor) of the New Standard Contractual Clauses shall apply to such New SCC Relevant Transfers.\n8.2.1.2. Where SAP is located in a Third Country: SAP and Customer hereby enter into the New Standard Contractual Clauses with Customer as the data exporter and SAP as the data importer which shall apply as follows:\na) Module 2 (Controller to Processor) shall apply where Customer is a Controller; and\nb) Module 3 (Processor to Processor) shall apply where Customer is a Processor. Where Customer acts as Processor under Module 3 (Processor to Processor) of the New Standard Contractual Clauses, SAP acknowledges that Customer acts as Processor under the instructions of its Controller(s).\n8.2.2. Other Controllers or Processors whose use of the Cloud Services has been authorized by Customer under the Agreement may also enter into the New Standard Contractual Clauses with SAP in the same manner as Customer in accordance with Section 8.2.1.28.2.1.2 above. In such case, Customer enters into the New Standard Contractual Clauses on behalf of the other Controllers or Processors.\n8.2.3. With respect to a New SCC Relevant Transfer, on request from a Data Subject to the Customer, Customer may make a copy of Module 2 or 3 of the New Standard Contractual Clauses entered into between Customer and SAP (including the relevant Schedules), available to Data Subjects.", "hash": "41a776fd9418c9327835f73e036c64a4", "id": 7}, {"snippet_links": [{"key": "with-respect-to", "type": "clause", "offset": [32, 47]}, {"key": "international-member", "type": "definition", "offset": [148, 168]}, {"key": "notice-to", "type": "definition", "offset": [195, 204]}, {"key": "international-provider", "type": "definition", "offset": [205, 227]}, {"key": "sole-discretion", "type": "clause", "offset": [301, 316]}, {"key": "applicable-countries", "type": "definition", "offset": [348, 368]}, {"key": "schedule-c", "type": "clause", "offset": [397, 407]}, {"key": "after-the-effective-date", "type": "clause", "offset": [408, 432]}, {"key": "new-schedule", "type": "clause", "offset": [451, 463]}, {"key": "in-writing", "type": "clause", "offset": [474, 484]}, {"key": "by-company", "type": "clause", "offset": [496, 506]}, {"key": "where-required-by", "type": "clause", "offset": [567, 584]}, {"key": "processing-of-transactions", "type": "clause", "offset": [597, 623]}, {"key": "value-added-tax", "type": "clause", "offset": [633, 648]}, {"key": "summary-of-transactions", "type": "clause", "offset": [669, 692]}, {"key": "in-respect-of", "type": "definition", "offset": [715, 728]}, {"key": "the-agreement", "type": "clause", "offset": [783, 796]}, {"key": "pay-to", "type": "definition", "offset": [812, 818]}, {"key": "the-rate", "type": "definition", "offset": [852, 860]}, {"key": "services-supplied", "type": "clause", "offset": [928, 945]}, {"key": "representations-of-the", "type": "clause", "offset": [1064, 1086]}, {"key": "business-purposes", "type": "definition", "offset": [1141, 1158]}, {"key": "household-purposes", "type": "definition", "offset": [1191, 1209]}, {"key": "neither-company", "type": "definition", "offset": [1216, 1231]}, {"key": "each-party", "type": "clause", "offset": [1281, 1291]}, {"key": "engaged-in", "type": "definition", "offset": [1295, 1305]}, {"key": "where-relevant", "type": "clause", "offset": [1381, 1395]}, {"key": "payment-services-regulations-2017", "type": "definition", "offset": [1419, 1452]}, {"key": "the-united-kingdom", "type": "clause", "offset": [1493, 1511]}, {"key": "to-the-fullest-extent", "type": "clause", "offset": [1532, 1553]}, {"key": "not-limited", "type": "clause", "offset": [1587, 1598]}, {"key": "part-6", "type": "definition", "offset": [1618, 1624]}, {"key": "part-7", "type": "definition", "offset": [1669, 1675]}, {"key": "master-services-agreement", "type": "clause", "offset": [1767, 1792]}, {"key": "general-terms-and-conditions", "type": "clause", "offset": [1804, 1832]}, {"key": "for-purposes-of-this-section", "type": "clause", "offset": [1839, 1867]}, {"key": "the-terms", "type": "definition", "offset": [1874, 1883]}, {"key": "data-protection-rules", "type": "definition", "offset": [1974, 1995]}, {"key": "the-controller", "type": "clause", "offset": [2008, 2022]}, {"key": "the-processor", "type": "clause", "offset": [2052, 2065]}, {"key": "in-relation-to", "type": "clause", "offset": [2067, 2081]}, {"key": "in-connection-with", "type": "clause", "offset": [2130, 2148]}, {"key": "activities-carried", "type": "clause", "offset": [2207, 2225]}, {"key": "subject-matter-and-duration-of-processing", "type": "clause", "offset": [2270, 2311]}, {"key": "for-the-purpose-of", "type": "definition", "offset": [2340, 2358]}, {"key": "services-under-this-agreement", "type": "clause", "offset": [2380, 2409]}, {"key": "during-the-term-of-this-agreement", "type": "clause", "offset": [2410, 2443]}, {"key": "nature-and-purpose-of-the-processing", "type": "clause", "offset": [2445, 2481]}, {"key": "types-of-personal-data", "type": "clause", "offset": [2586, 2608]}, {"key": "cardholder-data", "type": "definition", "offset": [2610, 2625]}, {"key": "in-the-course-of", "type": "definition", "offset": [2668, 2684]}, {"key": "providing-the", "type": "clause", "offset": [2685, 2698]}, {"key": "categories-of-data-subject", "type": "definition", "offset": [2720, 2746]}, {"key": "applicable-data", "type": "clause", "offset": [2878, 2893]}, {"key": "to-company", "type": "definition", "offset": [2925, 2935]}, {"key": "data-controller", "type": "definition", "offset": [2951, 2966]}, {"key": "without-limitation", "type": "clause", "offset": [3118, 3136]}, {"key": "fraud-prevention", "type": "clause", "offset": [3151, 3167]}, {"key": "money-laundering", "type": "clause", "offset": [3181, 3197]}, {"key": "use-of-aggregated-data", "type": "clause", "offset": [3209, 3231]}, {"key": "company-warrants", "type": "clause", "offset": [3334, 3350]}, {"key": "data-processor", "type": "definition", "offset": [3503, 3517]}, {"key": "at-all-times", "type": "definition", "offset": [3524, 3536]}, {"key": "in-accordance-with", "type": "clause", "offset": [3540, 3558]}, {"key": "processing-of-the-personal-data", "type": "clause", "offset": [3636, 3667]}, {"key": "by-this-agreement", "type": "clause", "offset": [3681, 3698]}, {"key": "breach-of-the", "type": "clause", "offset": [3721, 3734]}, {"key": "compliance-with-section", "type": "clause", "offset": [3923, 3946]}, {"key": "instructions-from-company", "type": "clause", "offset": [3974, 3999]}, {"key": "the-processing-of-personal-data", "type": "clause", "offset": [4010, 4041]}, {"key": "for-the-purposes-of", "type": "clause", "offset": [4091, 4110]}, {"key": "services-and", "type": "clause", "offset": [4136, 4148]}, {"key": "comply-with-legal-requirements", "type": "clause", "offset": [4152, 4182]}, {"key": "security-policies", "type": "definition", "offset": [4280, 4297]}, {"key": "security-procedures", "type": "definition", "offset": [4312, 4331]}, {"key": "agreed-between-the-parties", "type": "clause", "offset": [4332, 4358]}, {"key": "from-time-to-time", "type": "clause", "offset": [4359, 4376]}, {"key": "to-ensure", "type": "clause", "offset": [4396, 4405]}, {"key": "appropriate-technical-and-organisational-measures", "type": "definition", "offset": [4411, 4460]}, {"key": "loss-or-destruction", "type": "clause", "offset": [4564, 4583]}, {"key": "state-of", "type": "clause", "offset": [4641, 4649]}, {"key": "cost-of", "type": "clause", "offset": [4688, 4695]}, {"key": "the-nature", "type": "clause", "offset": [4832, 4842]}, {"key": "be-protected", "type": "clause", "offset": [4867, 4879]}, {"key": "to-the-extent", "type": "clause", "offset": [4932, 4945]}, {"key": "responsible-for", "type": "clause", "offset": [5066, 5081]}, {"key": "access-to-the", "type": "clause", "offset": [5169, 5182]}, {"key": "personal-data-provided", "type": "clause", "offset": [5183, 5205]}, {"key": "employees-and-subcontractors", "type": "clause", "offset": [5244, 5272]}, {"key": "obligations-of-confidentiality", "type": "clause", "offset": [5288, 5318]}, {"key": "personal-data-processed", "type": "clause", "offset": [5338, 5361]}, {"key": "provision-of-the", "type": "clause", "offset": [5385, 5401]}, {"key": "notify-company", "type": "clause", "offset": [5436, 5450]}, {"key": "enforcement-agencies", "type": "definition", "offset": [5528, 5548]}, {"key": "nature-of-the-processing", "type": "definition", "offset": [5739, 5763]}, {"key": "requests-from-data-subjects", "type": "clause", "offset": [5882, 5909]}, {"key": "available-to", "type": "definition", "offset": [6081, 6093]}, {"key": "notification-of-data-breaches", "type": "clause", "offset": [6186, 6215]}, {"key": "conduct-of", "type": "clause", "offset": [6256, 6266]}, {"key": "data-protection-impact-assessments", "type": "clause", "offset": [6267, 6301]}, {"key": "prior-consultation", "type": "clause", "offset": [6311, 6329]}, {"key": "each-case", "type": "definition", "offset": [6366, 6375]}, {"key": "legally-required", "type": "definition", "offset": [6414, 6430]}, {"key": "upon-request", "type": "clause", "offset": [6468, 6480]}, {"key": "confidentiality-obligations", "type": "definition", "offset": [6496, 6523]}, {"key": "make-available", "type": "definition", "offset": [6552, 6566]}, {"key": "information-regarding", "type": "clause", "offset": [6578, 6599]}, {"key": "compliance-with-this-section", "type": "clause", "offset": [6623, 6651]}, {"key": "costs-of-the-audit", "type": "clause", "offset": [6840, 6858]}, {"key": "standard-rates", "type": "clause", "offset": [6885, 6899]}, {"key": "scope-and", "type": "clause", "offset": [6905, 6914]}, {"key": "timing-of-the", "type": "clause", "offset": [6915, 6928]}, {"key": "in-advance", "type": "clause", "offset": [6951, 6961]}, {"key": "subject-to-the", "type": "definition", "offset": [7025, 7039]}, {"key": "set-out", "type": "definition", "offset": [7068, 7075]}, {"key": "in-this-agreement", "type": "definition", "offset": [7076, 7093]}, {"key": "agreement-to", "type": "clause", "offset": [7124, 7136]}, {"key": "company-agrees", "type": "clause", "offset": [7233, 7247]}, {"key": "comply-with-applicable-laws", "type": "clause", "offset": [7377, 7404]}, {"key": "payment-network-regulations", "type": "definition", "offset": [7408, 7435]}, {"key": "authorised-by", "type": "clause", "offset": [7452, 7465]}, {"key": "third-party", "type": "clause", "offset": [7693, 7704]}, {"key": "equivalent-obligations", "type": "definition", "offset": [7808, 7830]}, {"key": "contained-in", "type": "definition", "offset": [7840, 7852]}, {"key": "written-contract", "type": "clause", "offset": [7884, 7900]}, {"key": "the-european-union", "type": "clause", "offset": [8059, 8077]}, {"key": "european-economic-area", "type": "clause", "offset": [8089, 8111]}, {"key": "the-united-states-of-america", "type": "clause", "offset": [8122, 8150]}, {"key": "provided-that", "type": "definition", "offset": [8211, 8224]}, {"key": "the-general-data-protection-regulation", "type": "clause", "offset": [8252, 8290]}, {"key": "provisions-of-this-agreement", "type": "clause", "offset": [8295, 8323]}, {"key": "payment-data", "type": "definition", "offset": [8631, 8643]}, {"key": "company-will", "type": "clause", "offset": [8645, 8657]}, {"key": "security-measures", "type": "definition", "offset": [8668, 8685]}, {"key": "it-infrastructure", "type": "definition", "offset": [8699, 8716]}, {"key": "internet-payment", "type": "clause", "offset": [8774, 8790]}, {"key": "attention-to", "type": "definition", "offset": [8826, 8838]}, {"key": "segregation-of-duties", "type": "clause", "offset": [8852, 8873]}, {"key": "information-technology", "type": "definition", "offset": [8877, 8899]}, {"key": "the-development", "type": "clause", "offset": [8924, 8939]}, {"key": "production-environments", "type": "clause", "offset": [8950, 8973]}, {"key": "proper-implementation", "type": "clause", "offset": [8983, 9004]}, {"key": "least-privilege", "type": "definition", "offset": [9013, 9028]}, {"key": "the-basis", "type": "clause", "offset": [9043, 9052]}, {"key": "identity-and-access-management", "type": "clause", "offset": [9063, 9093]}, {"key": "security-solutions", "type": "definition", "offset": [9129, 9147]}, {"key": "in-place", "type": "clause", "offset": [9148, 9156]}, {"key": "communication-links", "type": "clause", "offset": [9200, 9219]}, {"key": "in-order-to", "type": "clause", "offset": [9302, 9313]}, {"key": "at-risk", "type": "definition", "offset": [9392, 9399]}, {"key": "resources-required", "type": "clause", "offset": [9452, 9470]}, {"key": "following-the", "type": "definition", "offset": [9505, 9518]}, {"key": "transactional-websites", "type": "clause", "offset": [9597, 9619]}, {"key": "restrict-access", "type": "clause", "offset": [9923, 9938]}, {"key": "audit-trails", "type": "clause", "offset": [10142, 10154]}, {"key": "services-company", "type": "definition", "offset": [10526, 10542]}, {"key": "data-minimisation", "type": "definition", "offset": [10560, 10577]}, {"key": "core-functionality", "type": "definition", "offset": [10611, 10629]}, {"key": "minimum-level", "type": "definition", "offset": [10761, 10774]}, {"key": "for-internet", "type": "clause", "offset": [10798, 10810]}, {"key": "under-the-supervision-of", "type": "definition", "offset": [10843, 10867]}, {"key": "management-function", "type": "clause", "offset": [10883, 10902]}, {"key": "a-formal", "type": "clause", "offset": [10976, 10984]}, {"key": "change-management-process", "type": "definition", "offset": [10985, 11010]}, {"key": "basis-of", "type": "clause", "offset": [11097, 11105]}, {"key": "the-security", "type": "clause", "offset": [11127, 11139]}, {"key": "frequency-and", "type": "definition", "offset": [11477, 11490]}, {"key": "risks-involved", "type": "clause", "offset": [11582, 11596]}, {"key": "not-involved", "type": "clause", "offset": [11684, 11696]}, {"key": "the-internet", "type": "clause", "offset": [11772, 11784]}, {"key": "related-to", "type": "definition", "offset": [11854, 11864]}, {"key": "security-of", "type": "clause", "offset": [11869, 11880]}, {"key": "the-principles", "type": "clause", "offset": [11908, 11922]}, {"key": "the-final", "type": "clause", "offset": [11946, 11955]}, {"key": "european-banking-authority", "type": "definition", "offset": [12021, 12047]}, {"key": "made-pursuant-to", "type": "clause", "offset": [12184, 12200]}, {"key": "this-clause", "type": "clause", "offset": [12201, 12212]}, {"key": "in-the-event-of-a", "type": "clause", "offset": [12252, 12269]}, {"key": "other-provision-of-this-agreement", "type": "clause", "offset": [12360, 12393]}, {"key": "customer-experience", "type": "clause", "offset": [12541, 12560]}, {"key": "not-met", "type": "definition", "offset": [12618, 12625]}, {"key": "your-expectations", "type": "clause", "offset": [12626, 12643]}, {"key": "our-service", "type": "definition", "offset": [12733, 12744]}, {"key": "please-contact", "type": "clause", "offset": [12746, 12760]}, {"key": "by-telephone", "type": "clause", "offset": [12782, 12794]}, {"key": "service-centre", "type": "clause", "offset": [12821, 12835]}, {"key": "a-day", "type": "definition", "offset": [12898, 12903]}, {"key": "a-week", "type": "definition", "offset": [12912, 12918]}, {"key": "business-days-of", "type": "clause", "offset": [13293, 13309]}, {"key": "point-of-contact", "type": "clause", "offset": [13381, 13397]}, {"key": "to-handle", "type": "definition", "offset": [13398, 13407]}, {"key": "written-response", "type": "definition", "offset": [13506, 13522]}, {"key": "respond-to", "type": "definition", "offset": [13588, 13598]}, {"key": "as-soon-as-possible", "type": "definition", "offset": [13607, 13626]}], "samples": [{"hash": "j9dQbAVbDxD", "uri": "/contracts/j9dQbAVbDxD#international-processing", "label": "Master Services Agreement (Global Crossing Airlines Group Inc.)", "score": 30.9479808807, "published": true}], "size": 1, "snippet": "This Section shall apply solely with respect to Transactions originating in jurisdictions other than the United States or Canada.\n38.1. Company and International Member may, on thirty (30) days\u2019 notice to International Provider (or such shorter notice to which International Provider may agree in its sole discretion), add countries to the list of Applicable Countries for International Member in Schedule C after the Effective Date by substituting a new Schedule C that is in writing and signed by Company and International Member.\n38.2. International Member shall, where required by Laws in the processing of Transactions, issue a Value Added Tax (\u201cVAT\u201d) invoice and summary of Transactions. If VAT is chargeable in respect of all or any amounts paid to International Member under the Agreement, Company shall pay to International Member such VAT at the rate properly chargeable, in respect of the relevant supply of goods or services supplied by International Member.\n38.3. Company and International Member further agree that they have mutually relied upon the representations of the other that the Agreement is entered for commercial or business purposes and not for personal, family or household purposes, that neither Company nor International Member is a consumer, and that each Party is engaged in their common trade. Company and International Member explicitly agree that where relevant, the provisions of the Payment Services Regulations 2017 (the \u201cPSR\u201d) passed by the Parliament of the United Kingdom shall be disapplied to the fullest extent allowed under law, including but not limited to the entirety of Part 6 of the PSR, together with all provisions of Part 7 of the PSR, which Company and International Member are entitled to contractually disapply. Master Services Agreement (v.1.8.21) General Terms and Conditions\n38.4. For purposes of this Section 38.4, the terms \u201cprocessing,\u201d \u201ccontroller\u201d and \u201cprocessor\u201d shall have the meaning ascribed to them by the Data Protection Rules. Company is the controller, and International Member is the processor, in relation to processing of Transaction-related personal data in connection with the provision of Processing Services. The data processing activities carried out by International Member are as follows: Subject matter and duration of processing: Personal data is processed for the purpose of providing Processing Services under this Agreement during the term of this Agreement. Nature and purpose of the processing: Obtaining, recording, storing and transmitting personal data for the purpose of enabling Transactions. Types of personal data: Cardholder data that is necessary to process transactions in the course of providing the Processing Services. Categories of data subject: Customers who purchase goods or services.\n(a) Company shall, in relation to the provision of Processing Services, comply with all applicable Data Protection Rules as they apply to Company in its role as data controller. When International Member processes such personal data for any purpose other than in connection with the provision of Processing Services (including, without limitation, carrying out fraud prevention checks, anti-money laundering checks and use of aggregated data for analysis purposes), International Member shall be a controller in respect of such processing.\n(b) Company warrants and undertakes that any instructions given by Company to International Member in respect of the personal data where International Member is acting as a data processor shall at all times be in accordance with the Data Protection Rules and that compliance with such instructions and the processing of the personal data as permitted by this Agreement shall not result in a breach of the Data Protection Rules by Company or International Member.\n(c) Where International Member is acting as a processor on Company\u2019s behalf, International Member shall: (i) subject to Company\u2019s compliance with Section 38.4(b) above, only act on instructions from Company regarding the processing of personal data, including as permitted under this Agreement and for the purposes of providing the Processing Services and to comply with legal requirements in connection with the provision of Processing Services; (ii) comply with International Member\u2019s security policies and any other security procedures agreed between the parties from time to time which are intended to ensure that appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of the personal data and against accidental loss or destruction of, or damage to, the personal data having regard to the state of the technological development and the cost of implementing the measures, so as to ensure a level of security appropriate to the harm that may result from breach of such measures and the nature of the personal data to be protected; (iii) maintain all applicable PCI-DSS requirements to the extent International Member possesses or otherwise stores, processes or transmits cardholder data on Company\u2019s behalf; (iv) be responsible for the reliability of any of International Member\u2019s employees or sub-contractors who have access to the personal data provided by Company and shall ensure that such employees and subcontractors are subject to obligations of confidentiality in relation to the personal data processed in connection with the provision of the Processing Services; (v) promptly notify Company of any requests made by any data subjects under the Data Protection Rules or enforcement agencies in relation to the processing of personal data so that Master Services Agreement (v.1.8.21) General Terms and Conditions Company may deal with any such request; (vi) taking into account the nature of the processing undertaken by International Member, assist Company, in so far as is reasonably and legally possible, in responding to requests from data subjects exercising their rights under the Data Protection Rules; and (vii) taking into account the nature of the processing undertaken by International Member and the information available to International Member, assist Company, in so far as is reasonably and legally possible, with notification of data breaches to regulators and individuals, with the conduct of data protection impact assessments and with prior consultation with data protection regulators, in each case to the extent that such assistance is legally required under the Data Protection Rules.\n(d) Upon request and subject to confidentiality obligations, International Member shall make available to Company information regarding International Member\u2019s compliance with this Section 38.4 not more than once in any 12 month period. Company may request an audit to check International Member\u2019s compliance with this Section 38.4. Company shall be responsible for paying the costs of the audit at International Member\u2019s standard rates. The scope and timing of the audit shall be agreed in advance and any information accessed as a result of the audit shall be subject to the confidentiality obligations set out in this Agreement.\n(e) Upon termination of this agreement to the extent that International Member holds any personal data on Company\u2019s behalf as a processor Company agrees that International Member shall delete such personal data unless International Member is required to retain the personal data to comply with applicable laws or Payment Network Regulations or is otherwise authorised by law to retain the personal data.\n(f) Company agrees that International Member may appoint International Member\u2019s Affiliates as sub-processors and that both International Member and International Member\u2019s Affiliates may appoint third party sub-processors in connection with the provision of the Processing Services, provided in each case that equivalent obligations to those contained in Section 38.4 are included in a written contract with all sub-processors.\n(g) Company acknowledges and agrees that International Member may transfer personal data to countries outside of the United Kingdom, the European Union and/or the European Economic Area including the United States of America in connection with the provision of the Processing Services provided that such transfers comply with the General Data Protection Regulation and provisions of this Agreement, including Section 7.2(d)(v).\n(h) Sections 38.4(c) through (g) above only apply where International Member is acting as processor on Company\u2019s behalf and do not apply where International Member is acting as controller of personal data.\n38.5. In handling (i.e. storing, processing or transmitting) sensitive payment data, Company will implement security measures in Company\u2019s IT infrastructure as follows:\n(a) In designing, developing and maintaining internet payment services, Company will pay special attention to the adequate segregation of duties in information technology (IT) environments (e.g. the development, test and production environments) and the proper implementation of the \u201cleast privilege\u201d principle as the basis for sound identity and access management.\n(b) Company will have appropriate security solutions in place to protect networks, websites, servers and communication links against abuse or attacks. Company will strip servers of all superfluous functions in order to protect (\u2587\u2587\u2587\u2587\u2587\u2587) them and eliminate or reduce vulnerabilities of applications at risk. Access by the various applications to the data and resources required shall be kept to a strict minimum following the \u201cleast privilege\u201d principle. In order to restrict the use of \u201cfake\u201d websites, transactional websites offering internet payment services shall be identified by extended validation certificates drawn up in Company\u2019s name or by other similar authentication methods. Master Services Agreement (v.1.8.21) General Terms and Conditions\n(c) Company will have appropriate processes in place to monitor, track and restrict access to: (i) sensitive payment data, and (ii) logical and physical critical resources, such as networks, systems, databases, security modules, etc. Company will create, store and analyse appropriate logs and audit trails.\n(d) Company will have appropriate processes in place to monitor, track and restrict access to: (i) sensitive payment data, and (ii) logical and physical critical resources, such as networks, systems, databases, security modules, etc. Company will create, store and analyse appropriate logs and audit trails.\n(e) In designing, developing and maintaining internet payment services Company will ensure that data minimisation is an essential component of the core functionality: the gathering, routing, processing, storing and/or archiving, and visualisation of sensitive payment data is kept at the absolute minimum level.\n(f) Security measures for internet payment services will be tested under the supervision of Company\u2019s risk management function to ensure their robustness and effectiveness. All changes are subject to a formal change management process ensuring that changes are properly planned, tested, documented and authorised. On the basis of the changes made and the security threats observed, tests are repeated regularly and include scenarios of relevant and known potential attacks.\n(g) Company\u2019s security measures for internet payment services will be periodically audited to ensure their robustness and effectiveness. The implementation and functioning of internet payment services will also be audited. The frequency and focus of such audits should take into consideration, and be in proportion to, the security risks involved. Trusted and independent (internal or external) experts carry out the audits. They are not involved in any way in the development, implementation or operational management of the internet payment services provided.\n(h) Whenever Company outsources functions related to the security of internet payment services, the principles and recommendations of the Final Guidelines on the Security of Internet Payments published by the European Banking Authority shall be complied with.\n38.6. International Member shall immediately inform Company if, in its opinion, an instruction given or request made pursuant to this clause infringes Data Protection Rules.\n38.7. In the event of a conflict between any provision(s) of Sections 38.4 through 38.6 of this Agreement and any other provision of this Agreement, the provision(s) of Sections 38.4 through 38.6 of this Agreement shall control.\n38.8. International Member is committed to providing an excellent customer experience; however, if Company feels that International Member has not met your expectations, International Member would like to know. If Company is not satisfied with any aspect of our service, please contact International Member by telephone at International Member\u2019s Service Centre 0345 850 0195. International Member\u2019s lines are open 24 hours a day, 7 days a week. Alternatively, write to International Member at: International Member Processing Services, \u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587 \u2587, \u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587 \u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587 \u2587\u2587\u2587\u2587, \u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587, \u2587\u2587. \u2587\u2587\u2587\u2587\u2587\u2587 or send an email to complaints@International \u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587. If International Member cannot resolve the matter to Company\u2019s satisfaction informally International Member will send Company a written acknowledgement within 5 business days of having received Company\u2019s complaint. Company will be provided with one point of contact to handle any questions Company may have, and International Member will ensure that Company receives a full written response. International Member\u2019s aim is to resolve Company\u2019s concerns and respond to Company as soon as possible and no later than 15 business", "hash": "a17a39a7fcca8c49c09aed6adacda3d3", "id": 8}, {"snippet_links": [{"key": "conditions-for-international-processing", "type": "clause", "offset": [7, 46]}, {"key": "process-personal-data", "type": "definition", "offset": [75, 96]}, {"key": "in-accordance-with", "type": "clause", "offset": [132, 150]}, {"key": "the-country", "type": "definition", "offset": [168, 179]}, {"key": "the-customer", "type": "definition", "offset": [189, 201]}, {"key": "data-protection-law", "type": "clause", "offset": [232, 251]}, {"key": "standard-contractual-clauses", "type": "clause", "offset": [279, 307]}, {"key": "the-period", "type": "clause", "offset": [333, 343]}, {"key": "subject-to", "type": "clause", "offset": [421, 431]}, {"key": "third-country", "type": "clause", "offset": [455, 468]}, {"key": "where-personal-data", "type": "clause", "offset": [473, 492]}, {"key": "united-kingdom", "type": "clause", "offset": [507, 521]}, {"key": "the-laws", "type": "definition", "offset": [660, 668]}, {"key": "the-controller", "type": "clause", "offset": [687, 701]}, {"key": "entering-into", "type": "clause", "offset": [748, 761]}, {"key": "entered-into", "type": "clause", "offset": [938, 950]}, {"key": "an-independent", "type": "clause", "offset": [985, 999]}, {"key": "rights-and-obligations", "type": "definition", "offset": [1009, 1031]}, {"key": "use-of-the-cloud-services", "type": "clause", "offset": [1063, 1088]}, {"key": "by-customer", "type": "clause", "offset": [1109, 1120]}, {"key": "the-agreement", "type": "clause", "offset": [1127, 1140]}, {"key": "the-relevant", "type": "clause", "offset": [1212, 1224]}, {"key": "in-the-same-manner", "type": "definition", "offset": [1239, 1257]}, {"key": "section-821", "type": "clause", "offset": [1289, 1302]}], "samples": [{"hash": "f4XKzQ3HGRY", "uri": "/contracts/f4XKzQ3HGRY#international-processing", "label": "Data Processing Agreement", "score": 31.320892334, "published": true}], "size": 1, "snippet": "\u200c\n8.1. Conditions for International Processing RELISH shall be entitled to process Personal Data, including by using Subprocessors, in accordance with this DPA outside the country in which the Customer is located as permitted under Data Protection Law.\n8.2. Applicability of the Standard Contractual Clauses (2010)\n8.2.1. Where, for the period up to and including 26 September 2021, Personal Data of a Controller that is subject to GDPR is processed in a Third Country, or where Personal Data of a Swiss or United Kingdom based Controller or another Controller is processed in a Third Country and such international processing requires an adequacy means under the laws of the country of the Controller and the required adequacy means can be met by entering into Standard Contractual Clauses (2010), then:\na) RELISH and Customer enter into the Standard Contractual Clauses (2010);\nb) Customer joins the Standard Contractual Clauses (2010) entered into by RELISH and the Subprocessor as an independent owner of rights and obligations; or\nc) other Controllers whose use of the Cloud Services has been authorized by Customer under the Agreement may also enter into Standard Contractual Clauses (2010) with RELISH or the relevant Subprocessors in the same manner as Customer in accordance with Section 8.2.1 a) and b) above. In", "hash": "21b9494908b7e447bbdd582193579475", "id": 9}, {"snippet_links": [{"key": "process-personal-data", "type": "definition", "offset": [23, 44]}, {"key": "our-affiliates", "type": "definition", "offset": [82, 96]}, {"key": "in-accordance-with", "type": "clause", "offset": [97, 115]}, {"key": "this-exhibit", "type": "definition", "offset": [116, 128]}, {"key": "the-country", "type": "definition", "offset": [137, 148]}, {"key": "data-protection-law", "type": "clause", "offset": [193, 212]}, {"key": "outside-the-european-union", "type": "clause", "offset": [243, 269]}, {"key": "provided-that", "type": "definition", "offset": [270, 283]}, {"key": "covered-by", "type": "definition", "offset": [317, 327]}, {"key": "adequacy-decision", "type": "definition", "offset": [331, 348]}, {"key": "the-european-commission", "type": "clause", "offset": [352, 375]}, {"key": "the-transfer", "type": "clause", "offset": [382, 394]}, {"key": "signature-of", "type": "definition", "offset": [444, 456]}, {"key": "standard-contractual-clauses", "type": "clause", "offset": [457, 485]}], "samples": [{"hash": "2K4bS3nFVAW", "uri": "/contracts/2K4bS3nFVAW#international-processing", "label": "Terms of Use", "score": 35.1385040283, "published": true}], "size": 1, "snippet": "We will be entitled to process Personal Data, including by using Subprocessors or Our Affiliates in accordance with this Exhibit outside the country in which You are located as permitted under Data Protection Law. We may process Personal Data outside the European Union provided that: - the country of destination is covered by an adequacy decision by the European Commission; or - the transfer is covered by appropriate guarantees such as the signature of Standard Contractual Clauses adopted by the European Commission.", "hash": "beca6dc04b3dc005f283094ee4264fe8", "id": 10}], "next_curs": "CmESW2oVc35sYXdpbnNpZGVyY29udHJhY3Rzcj0LEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IiFpbnRlcm5hdGlvbmFsLXByb2Nlc3NpbmcjMDAwMDAwMGEMogECZW4YACAA", "clause": {"parents": [["miscellaneous", "Miscellaneous"], ["assignment", "Assignment"], ["qualtrics", "Qualtrics"], ["international-processing", "International Processing"], ["competent-supervisory-authority", "COMPETENT SUPERVISORY AUTHORITY"]], "title": "International Processing", "size": 179, "children": [["standard-contractual-clauses", "Standard Contractual Clauses"], ["conditions-for-international-processing", "Conditions for International Processing"], ["governing-law-of-the-standard-contractual-clauses", "Governing Law of the Standard Contractual Clauses"], ["relation-of-the-standard-contractual-clauses-to-the-agreement", "Relation of the Standard Contractual Clauses to the Agreement"], ["applicability-of-new-standard-contractual-clauses", "Applicability of New Standard Contractual Clauses"]], "id": "international-processing", "related": [["international-transport", "INTERNATIONAL TRANSPORT", "INTERNATIONAL TRANSPORT"], ["international", "International", "International"], ["data-services", "Data Services", "Data Services"], ["procurement-of-goods-and-services", "Procurement of Goods and Services", "Procurement of Goods and Services"], ["international-shopping", "International Shopping", "International Shopping"]], "related_snippets": [], "updated": "2025-07-24T04:27:57+00:00", "also_ask": ["What jurisdiction\u2019s data protection laws govern international processing under this clause?", "How can we ensure enforceability of cross-border data transfer obligations in court?", "What safeguards must be included to mitigate regulatory and contractual risks?", "Are there industry-standard clauses or frameworks (e.g., SCCs, BCRs) that should be referenced or incorporated?", "What negotiation leverage exists regarding liability allocation for international data breaches?"], "drafting_tip": "Specify permitted jurisdictions, require compliance with local laws, and mandate data transfer safeguards to ensure legal clarity, regulatory adherence, and data protection.", "explanation": "The INTERNATIONAL PROCESSING clause defines the terms under which data or materials may be processed, stored, or transferred across international borders. Typically, this clause outlines the responsibilities of the parties to comply with relevant data protection laws, such as GDPR, and may specify the countries where processing is permitted or require certain safeguards for cross-border transfers. Its core practical function is to ensure legal compliance and protect sensitive information when business operations involve multiple jurisdictions, thereby mitigating the risks associated with international data handling."}, "json": true, "cursor": ""}}