Common use of Processing location Clause in Contracts

Processing location. Processing of the personal data under the DPA cannot be performed at other locations than the following without the controller’s prior written authorisation. Please see table in this Annex IV.2., locations of data processing. IV.6 Instruction on the transfer of personal data to third countries IV.7 Procedures for the controller’s audits, including inspections, of the processing of personal data being performed by the processor IV.8 Procedures for audits, including inspections, of the processing of personal data being performed by sub-processors (i) Will be performed at least annually (ii) Will be performed according to ISO 27001 & ISO 27701 standards or such other alternative standards that are substantially equivalent to ISO 27001 & ISO 27701 (iii) Will be performed by independent third party security professionals at the processor’s selection and expense. At the controller’s written request and without charge, the processor will provide the controller with a confidential summary of the report (“Summary Report”) so the controller can reasonably verify the processor’s compliance with the security and audit obligations under this DPA. The Summary Report will constitute the processor’s confidential information under the confidentiality provisions of the Agreement.