Common use of Processing of Controller Personal Data Clause in Contracts

Processing of Controller Personal Data. 2.1. Processor shall not Process Controller Personal Data other than on the Controller’s documented reasonable and customary instructions as specified in the Agreement or this DPA, unless such Processing is required by Applicable Laws to which the Processor is subject or as strictly necessary for the provision of Processor's services under the Agreement. 2.2. Controller instructs Processor (and authorizes Processor to instruct each Sub Processor) to (i) Process Controller Personal Data; and (ii) in particular, transfer Controller Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with the Agreement and in accordance with Applicable Laws. 2.3. Furthermore, Controller warrants and represents that it is and will remain duly and effectively authorized to give the instruction set out in Section 2.1 and any additional instructions as provided pursuant to the Agreement and/or in connection with the performance thereof, on behalf of itself and each relevant Controller Affiliate, at all relevant times and at least for as long as the Agreement is in effect and for any additional period during which Processor is lawfully processing the Controller Personal Data. 2.4. Controller sets forth the details of the Processing of Controller Personal Data, as required by article 28(3) of the GDPR in Annex 1 (Details of Processing of Controller Personal Data) hereto. 2.5. Without derogating from the provisions of the Agreement, solely Controller (and not Processor) shall be liable for any excess Controller Personal Data provided or otherwise made available to Processor or any Sub Processor in the course of providing Processor's Services under the Agreement or this DPA. Processor's obligations under the Agreement or this DPA shall not apply to any such excess Controller Personal Data.

Processing of Controller Personal Data. 2.1. Processor shall and each Processor Affiliate shall: (a) comply with all applicable Data Protection Laws in the Processing of Controller Personal Data; and (b) not Process Controller Personal Data other than on the Controllerrelevant Controller Group Member’s documented reasonable and customary instructions as specified in the Agreement or this DPA, unless such Processing is required by Applicable Data Protection Laws to which the relevant Contracted Processor is subject subject, in which case Processor or as strictly necessary for the provision relevant Processor Affiliate shall to the extent permitted by Data Protection Laws inform the relevant Controller Group Member of Processor's services under that legal requirement before the Agreementrelevant Processing of that Personal Data. 2.2. Each Controller Group Member (where applicable): (a) instructs Processor and each Processor Affiliate (and authorizes authorises Processor and each Processor Affiliate to instruct each Sub ProcessorSubprocessor) to to: (i) Process Controller Personal Data; and and (ii) in particular, transfer Controller Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with the Agreement and in accordance with Applicable Laws.Principal Agreement; and 2.3. Furthermore, Controller (b) warrants and represents that it is and will at all relevant times remain duly and effectively authorized authorised to give the instruction set out in Section 2.1 and any additional instructions as provided pursuant to the Agreement and/or in connection with the performance thereof, section 2.2(a) on behalf of itself and each relevant Controller Affiliate, at all relevant times and at least for as long as . 2.3. Annex 1 to this Addendum sets out certain information regarding the Agreement is in effect and for any additional period during which Processor is lawfully processing Contracted Processors' Processing of the Controller Personal Data. 2.4. Controller sets forth the details of the Processing of Controller Personal Data, Data as required by article 28(3) of the GDPR (and, possibly, equivalent requirements of other Data Protection Laws). Controller may make reasonable amendments to Annex 1 by written notice to Processor from time to time as Controller reasonably considers necessary to meet those requirements. Nothing in Annex 1 (Details of Processing of Controller Personal Dataincluding as amended pursuant to this section 2.3) heretoconfers any right or imposes any obligation on any party to this Addendum. 2.5. Without derogating from the provisions of the Agreement, solely Controller (and not Processor) shall be liable for any excess Controller Personal Data provided or otherwise made available to Processor or any Sub Processor in the course of providing Processor's Services under the Agreement or this DPA. Processor's obligations under the Agreement or this DPA shall not apply to any such excess Controller Personal Data.

Processing of Controller Personal Data. 2.13.1. Processor shall not Process Controller Personal Data other than on the Controller’s documented reasonable and customary instructions as specified specified in the Agreement or this DPA, unless such Processing is required by Applicable Laws to which the Processor is subject or as strictly necessary for the provision of Processor's services under the Agreement. 2.23.2. Controller instructs Processor (and authorizes Processor to instruct each Sub Processor) to (i) Process Controller Personal Data; and (ii) in particular, transfer Controller Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with the Agreement and in accordance with Applicable Laws. 2.33.3. Furthermore, Controller warrants and represents that it is and will remain duly and effectively authorized to give the instruction set out in Section 2.1 and any additional instructions as provided pursuant to the Agreement and/or in connection with the performance thereof, on behalf of itself and each relevant Controller AffiliateAffiliate, at all relevant times and at least for as long as the Agreement is in effect and for any additional period during which Processor is lawfully processing the Controller Personal Data. 2.43.4. Controller sets forth the details of the Processing of Controller Personal Data, as required by article 28(3) of the GDPR in Annex 1 (Details of Processing of Controller Personal Data) hereto. 2.53.5. Without derogating from the provisions of the Agreement, solely Controller (and not Processor) shall be liable for any excess Controller Personal Data provided or otherwise made available to Processor or any Sub Processor in the course of providing Processor's Services under the Agreement or this DPA. Processor's obligations under the Agreement or this DPA shall not apply to any such excess Controller Personal Data.

Processing of Controller Personal Data. 2.1. Processor shall not Process Controller Personal Data other than on the Controller’s documented reasonable and customary instructions Instructions as specified in the Agreement or this DPA, unless such Processing is required by Applicable Laws to which the Processor is subject or as strictly necessary for the provision of Processor's services under the Agreementsubject. 2.2. Controller instructs Processor (and authorizes Processor to instruct each Sub Processor) to to (i) Process Controller Personal Data; and (ii) in particular, transfer Controller Personal Data to any country or territory, all as reasonably necessary for the provision of the Services and consistent with the Agreement (including the Privacy Policy, as defined under the Agreement) and in accordance with Applicable Laws. 2.3. Furthermore, Controller warrants and represents that it is and will remain duly and effectively authorized to give the instruction set out in Section 2.1 2.2 and any additional instructions (email is sufficient) as provided pursuant to the Agreement and/or in connection with the performance thereof, on behalf of itself and each relevant Controller Affiliate, at all relevant times and at least for as long as the Agreement is in effect and for any additional period during which Processor is lawfully processing the Controller Personal Data. 2.4. Controller sets forth the details of the Processing of Controller Personal Data, as required by article 28(3) of the GDPR in Annex 1 (Details of Processing of Controller Personal Data) ), attached hereto. 2.5. Without derogating from Controller’s obligations hereunder, including Section 19 to the provisions of the AgreementAgreement (“Data, solely Privacy, Retention and Restricted Data”), Controller may only provide to Processor, or otherwise have Processor (or anyone on its behalf) process, such Controller Data types and parameters which are explicitly permitted under Processor’s Privacy Policy (“Permitted Controller Personal Data Types and Parameters”). Solely Controller (and not Processor) shall be liable for any excess Controller Personal Data data which is provided or otherwise made available to Processor or any Sub anyone on its behalf in excess of the Permitted Controller Personal Data Types and Parameters (“Excess Data”). Processor in the course of providing Processor's Services under the Agreement or this DPA. Processor's obligations under the Agreement or this DPA shall not apply to any such excess Controller Personal Excess Data.