Common use of Processing of Shipment Data Clause in Contracts

Processing of Shipment Data. The Shipment Data which will be transferred to and processed by the Consignor Platform contains personal datai pertaining to the Customer's customers. The Customer shall be considered as the controller for any processing of such personal data, and the Supplier shall be considered as a data processor. The Customer shall thus remain fully responsible for the lawfulness of any such personal data processing. The Customer shall be responsible for deciding when Shipment Data shall be deleted, and for deleting such data as set out in Section 2.2. The Supplier will delete Shipment Data upon termination of the Subscription Agreement, as set out in Section 10.2. The processing of personal data on behalf of The Customer will cease at the time of deletion. The Supplier shall be entitled to process the Customer's personal data only on documented instructions from the Customer. The Supplier shall hereunder be entitled to process the personal data to the extent this is necessary for the delivery of services under the Subscription Agreement, including, but not limited to, processing for the purpose of data security and investigation of any security breaches. The Supplier shall ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Supplier undertakes to keep all Shipment Data confidential from third parties, with the exception of third parties that contribute to the deliveries to the Customer as set out in the Subscription Agreement. The Supplier undertakes to implement appropriate technical and organizational measures to ensure that Shipment Data is protected against accidental or unlawful destruction, loss, alteration, or unauthorized access by any third party. In the unlikely event that any Shipment Data have been compromised, the Supplier undertakes to inform the Customer without undue delay after becoming aware of the personal data breach. The Customer is responsible for notifying the personal data breach to the competent supervisory authority and to the data subjects, to the extent this is required under the applicable law. No later than 24 hours after the data breach, the Supplier will send out information about the data breach to all registered users of the Customer. In case non-Consignor-users of the Customer wants to be informed, please sign them up on the Data Security Information Letter: xxxx://xxxxxx.xxx/du6o49 The Supplier undertakes to assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests from the Customer's customers. The Supplier will make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this section 7 and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer. If this requires delivery of services from the Supplier beyond what is covered by the standard functionality of the Consignor Platform, the Supplier may charge an additional fee in accordance with its standard prices in force from time to time. If the Supplier is in the opinion that an instruction by the Customer infringes the Personal Data Regulation, the Supplier shall immediately inform the Customer. The Supplier is audited once a year by an independent third-party agency as a part of an ISO 27001 certificate and the audit report is available on request. In addition to this the Supplier offers the Customer the possibility of extended Audits, which are packaged and priced separately. The Supplier is open for audits and physical inspections as per ordered auditing package – please contact your Consignor Account Manager for more information. The sub-suppliers of the Supplier are global cloud-based companies which in nature cannot be audited directly by the Customer but are audited by other representatives. To the extent the Processor use such sub-suppliers to fulfil the obligations under the Subscription Agreement, the Processor shall ensure that the sub-suppliers undertake responsibilities corresponding to the obligations set out in this Section 7. The Supplier shall be entitled to employ sub-suppliers, such as IaaS (Infrastructure as a Service) suppliers or other third-party technical suppliers, in connection with the operation of the Consignor Platform, and to transfer Shipment Data to such third-party suppliers. The Supplier shall enter contracts with sub-suppliers whereby they agree to adhere to the provisions of this Section 7. If the use of the sub-supplier involves transfer of Shipment Data to a third country outside the EU/EEA, the Supplier shall implement additional security measures, such as the EU Model Clauses. In the event that the Supplier needs to add or change a sub-supplier for the benefit of carrying out the services of the Consignor Platform, the Supplier will inform the Customer about the changes without undue delay. Changes about sub-suppliers are sent to all Customers that have subscribed to Data Security Information letter on xxxx://xxxxxx.xxx/du6o49. The Customer holds the right in writing to object against changes in sub-suppliers. Objections against or comments on changed sub-suppliers must be send to the Supplier within 10 days from receival of information.

Processing of Shipment Data. The Shipment Data which will be transferred to and processed by the Consignor Platform contains personal datai data pertaining to the Customer's customers. The Customer shall be considered as the controller for any processing of such personal data, and the Supplier shall be considered as a data processor. The Customer shall thus remain fully responsible for the lawfulness of any such personal data processing. The Customer shall be responsible for deciding when Shipment Data shall be deleted, and for deleting such data as set out in Section 2.2. The Supplier will delete Shipment Data upon termination of the Subscription Agreement, as set out in Section 10.2. The processing of personal data on behalf of The Customer will cease at the time of deletion. The Supplier shall be entitled to process the Customer's personal data only on documented instructions from the Customer. The Supplier shall hereunder be entitled to process the personal data to the extent this is necessary for or the delivery of services under the Subscription Agreement, including, but not limited to, processing for the purpose of data security and investigation of any security breaches. The Supplier shall ensure that persons authorized authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Supplier undertakes to keep all Shipment Data confidential from third parties, with the exception of third parties that contribute to the deliveries to the Customer as set out in the Subscription Agreement. The Supplier undertakes to implement appropriate technical and organizational organisational measures to ensure that Shipment Data is protected against accidental or unlawful destruction, loss, alteration, or unauthorized unauthorised access by any third party. In the unlikely event that any Shipment Data have been compromised, the Supplier undertakes to inform the Customer without undue delay after becoming aware of the personal data breach. The Customer is responsible for notifying the personal data breach to the competent supervisory authority and to the data subjects, to the extent this is required under the applicable law. No later than 24 hours after the data breach, the Supplier will send out information about the data breach to all registered users of the Customer. In case non-Consignor-users of the Customer wants to be informed, please sign them up on the Data Security Information Letter: xxxx://xxxxxx.xxx/du6o49 The Supplier undertakes to assist the Customer by appropriate technical and organizational organisational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests from the Customer's customers. The Supplier will make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this section 7 and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer. If this requires delivery of services from the Supplier beyond what is covered by the standard functionality of the Consignor Platform, the Supplier may charge an additional fee in accordance with its standard prices in force from time to time. If the The Supplier is may not use any Shipment Data in any other way than as described in the opinion that an instruction by the Customer infringes the Personal Data Regulation, the Supplier shall immediately inform the Customer. The Supplier is audited once a year by an independent third-party agency as a part of an ISO 27001 certificate and the audit report is available on request. In addition to this the Supplier offers the Customer the possibility of extended Audits, which are packaged and priced separately. The Supplier is open for audits and physical inspections as per ordered auditing package – please contact your Consignor Account Manager for more information. The sub-suppliers of the Supplier are global cloud-based companies which in nature cannot be audited directly by the Customer but are audited by other representatives. To the extent the Processor use such sub-suppliers to fulfil the obligations under the Subscription Agreement, the Processor shall ensure that the sub-suppliers undertake responsibilities corresponding to the obligations set out in this Section 7. The Supplier shall be entitled to employ third party sub-suppliers, such as IaaS (Infrastructure as a Service) suppliers or other third-third party technical suppliers, in connection with the operation of the Consignor Platform, and to transfer Shipment Data to such third-party suppliers. The Supplier shall enter contracts with sub-suppliers whereby they agree to adhere to the provisions of this Section 7. If the use of the sub-sub- supplier involves transfer of Shipment Data to a third country outside the EU/EEA, the Supplier shall implement additional security measures, such as the EU Model Clauses. In Clauses and seek approval from the event that the Supplier needs to add or change a sub-supplier for the benefit of carrying out the services of the Consignor Platform, the Supplier will inform the Customer about the changes without undue delay. Changes about sub-suppliers are sent to all Customers that have subscribed to Data Security Information letter on xxxx://xxxxxx.xxx/du6o49. The Customer holds the right in writing to object against changes in sub-suppliers. Objections against or comments on changed sub-suppliers must be send to the Supplier within 10 days from receival of informationCustomer.

Processing of Shipment Data. The Shipment Data which will be transferred to and processed by the Consignor Platform nShift DeliveryHub contains personal datai pertaining to the Customer's customers. The Customer shall be considered as the controller for any processing of such personal data, and the Supplier shall be considered as a data processor. The Customer shall thus remain fully responsible for the lawfulness of any such personal data processing. The Customer shall be responsible for deciding when Shipment Data shall be deleted, and for deleting such data as set out in Section 2.2. The Supplier will delete Shipment Data upon termination of the Subscription Agreement, as set out in Section 10.2. The processing of personal data on behalf of The Customer will cease at the time of deletion. The Supplier shall be entitled to process the Customer's personal data only on documented instructions from the Customer. The Supplier shall hereunder be entitled to process the personal data to the extent this that is necessary for the delivery of services under the Subscription Agreement, including, but not limited to, processing for the purpose of data security and investigation of any security breaches. The Supplier shall ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Supplier undertakes to keep all Shipment Data confidential from third parties, with the exception of third parties that contribute to the deliveries to the Customer as set out in the Subscription Agreement. The Supplier undertakes to implement appropriate technical and organizational measures to ensure that Shipment Data is protected against accidental or unlawful destruction, loss, alteration, or unauthorized access by any third party. In the unlikely event that any Shipment Data have has been compromised, the Supplier undertakes to inform the Customer without undue delay after becoming aware of the personal data breach. The Customer is responsible for notifying the personal data breach to the competent supervisory authority and to the data subjects, to the extent this is required under the applicable law. No later than 24 hours after the data breach, the Supplier will send out information about the data breach to all registered users of the Customer. In case non-ConsignornShift-users of the Customer wants to be kept informed, please ask them to sign them up on the Data Security Information Letter: xxxx://xxxxxx.xxx/du6o49 xxxxx://xxxxxx.xxx/terms-and-conditions. The Supplier undertakes to assist the Customer by providing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests from the Customer's customers. The Supplier will make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this section 7 and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer. If this requires delivery of services from the Supplier beyond what is covered by the standard functionality of the Consignor PlatformnShift DeliveryHub, the Supplier may charge an additional fee in accordance with its standard prices in force from time to time. If the Supplier is in of the opinion that an instruction by the Customer infringes the Personal Data Regulation, the Supplier shall immediately inform the Customer. The Supplier is audited once a year by an independent third-party agency as a part of an ISO 27001 certificate and the audit report is available on request. In addition to this the Supplier offers the Customer the possibility of extended Audits, which are packaged and priced separately. The Supplier is open for audits and physical inspections as per ordered auditing package – please contact your Consignor Account Manager nShift Contact person for more information. The sub-suppliers of the Supplier are global cloud-based companies which in nature cannot be audited directly by the Customer but are audited by other representatives. To the extent the Processor use such sub-suppliers to fulfil the obligations under the Subscription Agreement, the Processor shall ensure that the sub-suppliers undertake responsibilities corresponding to the obligations set out in this Section 7. The Supplier shall be entitled to employ sub-suppliers, such as IaaS (Infrastructure as a Service) suppliers or other third-party technical suppliers, in connection with the operation of the Consignor PlatformnShift DeliveryHub, and to transfer Shipment Data to such third-party suppliers. The Supplier shall enter contracts with sub-suppliers whereby they agree to adhere to the provisions of this Section 7. If the use of the sub-supplier involves transfer of Shipment Data to a third country outside the EU/EEA, the Supplier shall implement additional security measures, such as the EU Model Clauses. In the event that the Supplier needs to add or change a sub-supplier for the benefit of carrying out the services of the Consignor PlatformnShift DeliveryHub, the Supplier will inform the Customer about the changes without undue delay. Changes about sub-suppliers are sent to all Customers that have subscribed to Data Security Information letter on xxxx://xxxxxx.xxx/du6o49. xxxxx://xxxxxx.xxx/terms-and-conditions The Customer holds the right in writing to object against changes in sub-sub- suppliers. Objections against or comments on changed sub-suppliers must be send sent to the Supplier within 10 days from receival receiving of the information.

Processing of Shipment Data. The Shipment Data which will be transferred to and processed by the Consignor Platform contains personal datai data pertaining to the Customer's customers. The Customer shall be considered as the controller for any processing of such personal data, and the Supplier shall be considered as a data processor. The Customer shall thus remain fully responsible for the lawfulness of any such personal data processing. The Customer shall be responsible for deciding when Shipment Data shall be deleted, and for deleting such data as set out in Section 2.2. The Supplier will delete Shipment Data upon termination of the Subscription Agreement, as set out in Section 10.2. The processing of personal data on behalf of The Customer will cease at the time of deletion. The Supplier shall be entitled to process the Customer's personal data only on documented instructions from the Customer. The Supplier shall hereunder be entitled to process the personal data to the extent this is necessary for or the delivery of services under the Subscription Agreement, including, but not limited to, processing for the purpose of data security and investigation of any security breaches. The Supplier shall ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Supplier undertakes to keep all Shipment Data confidential from third parties, with the exception of third parties that contribute to the deliveries to the Customer as set out in the Subscription Agreement. The Supplier undertakes to implement appropriate technical and organizational measures to ensure that Shipment Data is protected against accidental or unlawful destruction, loss, alteration, or unauthorized access by any third party. In the unlikely event that any Shipment Data have been compromised, the Supplier undertakes to inform the Customer without undue delay after becoming aware of the personal data breach. The Customer is responsible for notifying the personal data breach to the competent supervisory authority and to the data subjects, to the extent this is required under the applicable law. No later than 24 hours after the data breach, the Supplier will send out information about the data breach to all registered users of the Customer. In case non-Consignor-users of the Customer wants to be informed, please sign them up on the Data Security Information Letter: xxxx://xxxxxx.xxx/du6o49 The Supplier undertakes to assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests from the Customer's customers. The Supplier will make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this section 7 and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer. If this requires delivery of services from the Supplier beyond what is covered by the standard functionality of the Consignor Platform, the Supplier may charge an additional fee in accordance with its standard prices in force from time to time. If the Supplier is in the opinion that an instruction by the Customer infringes the Personal Data Regulation, the Supplier shall immediately inform the Customer. The Supplier is will be audited once a year by an independent third-party agency as a part of an ISO 27001 certificate and the audit report is will be available in the Data Security Information Letter or on request. In addition to this the Supplier offers the Customer the possibility of extended Audits, which are packaged and priced separately. The Supplier is open for audits and physical inspections as per ordered auditing package – please contact your Consignor Account Manager for more information. The sub-suppliers of the Supplier Consignor are global cloud-based companies which in nature cannot be audited directly by the Customer but are audited by other representatives. To The Supplier undertakes the extent responsibility to go through and evaluate available audit reports from the Processor use such sub-suppliers. Audit documentation on sub-suppliers to fulfil the obligations under can be forwarded on request. The Supplier may not use any Shipment Data in any other way than as described in the Subscription Agreement, the Processor shall ensure that the sub-suppliers undertake responsibilities corresponding to the obligations set out in this Section 7. The Supplier shall be entitled to employ third party sub-suppliers, such as IaaS (Infrastructure as a Service) suppliers or other third-party technical suppliers, in connection with the operation of the Consignor Platform, and to transfer Shipment Data to such third-party suppliers. The Supplier shall enter contracts with sub-suppliers whereby they agree to adhere to the provisions of this Section 7. If the use of the sub-sub- supplier involves transfer of Shipment Data to a third country outside the EU/EEA, the Supplier shall implement additional security measures, such as the EU Model Clauses. In the event that the Supplier needs to add or change a sub-supplier for the benefit of carrying out the services of the Consignor Platform, the Supplier will inform the Customer about the changes without undue delay. Changes about sub-suppliers are sent to all Customers that have subscribed to Data Security Information letter on xxxx://xxxxxx.xxx/du6o49. The Customer holds the right in writing to object against changes in sub-suppliers. Objections against or comments on changed sub-suppliers must be send to the Supplier within 10 days from receival of information.

Processing of Shipment Data. The Shipment Data which will be transferred to and processed by the Consignor Platform nShift DeliveryHub contains personal datai pertaining to the Customer's customers. The Customer shall be considered as the controller for any processing of such personal data, and the Supplier shall be considered as a data processor. The Customer shall thus remain fully responsible for the lawfulness of any such personal data processing. The Customer shall be responsible for deciding when Shipment Data shall be deleted, and for deleting such data as set out in Section 2.2. The Supplier will delete Shipment Data upon termination of the Subscription Agreement, as set out in Section 10.2. The processing of personal data on behalf of The Customer will cease at the time of deletion. The Supplier shall be entitled to process the Customer's personal data only on documented instructions from the Customer. The Supplier shall hereunder be entitled to process the personal data to the extent this that is necessary for the delivery of services under the Subscription Agreement, including, but not limited to, processing for the purpose of data security and investigation of any security breaches. The Supplier shall ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Supplier undertakes to keep all Shipment Data confidential from third parties, with the exception of third parties that contribute to the deliveries to the Customer as set out in the Subscription Agreement. The Supplier undertakes to implement appropriate technical and organizational measures to ensure that Shipment Data is protected against accidental or unlawful destruction, loss, alteration, or unauthorized access by any third party. In the unlikely event that any Shipment Data have has been compromised, the Supplier undertakes to inform the Customer without undue delay after becoming aware of the personal data breach. The Customer is responsible for notifying the personal data breach to the competent supervisory authority and to the data subjects, to the extent this is required under the applicable law. No later than 24 hours after the data breach, the Supplier will send out information about the data breach to all registered users of the Customer. In case non-ConsignornShift-users of the Customer wants to be kept informed, please ask them to sign them up on the Data Security Information Letter: xxxx://xxxxxx.xxx/du6o49 xxxxx://xxx.xxxxxx.xxx/data-security-newsletter/ The Supplier undertakes to assist the Customer by providing appropriate technical and organizational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to requests from the Customer's customers. The Supplier will make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this section 7 and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer. If this requires delivery of services from the Supplier beyond what is covered by the standard functionality of the Consignor PlatformnShift DeliveryHub, the Supplier may charge an additional fee in accordance with its standard prices in force from time to time. If the Supplier is in of the opinion that an instruction by the Customer infringes the Personal Data Regulation, the Supplier shall immediately inform the Customer. The Supplier is audited once a year by an independent third-party agency as a part of an ISO 27001 certificate and the audit report is available on request. In addition to this the Supplier offers the Customer the possibility of extended Audits, which are packaged and priced separately. The Supplier is open for audits and physical inspections as per ordered auditing package – please contact your Consignor Account Manager nShift Contact person for more information. The sub-suppliers of the Supplier are global cloud-based companies which in nature cannot be audited directly by the Customer but are audited by other representatives. To the extent the Processor use such sub-suppliers to fulfil the obligations under the Subscription Agreement, the Processor shall ensure that the sub-suppliers undertake responsibilities corresponding to the obligations set out in this Section 7. The Supplier shall be entitled to employ sub-suppliers, such as IaaS (Infrastructure as a Service) suppliers or other third-party technical suppliers, in connection with the operation of the Consignor PlatformnShift DeliveryHub, and to transfer Shipment Data to such third-party suppliers. The Supplier shall enter contracts with sub-suppliers whereby they agree to adhere to the provisions of this Section 7. If the use of the sub-supplier involves transfer of Shipment Data to a third country outside the EU/EEA, the Supplier shall implement additional security measures, such as the EU Model Clauses. In the event that the Supplier needs to add or change a sub-supplier for the benefit of carrying out the services of the Consignor PlatformnShift DeliveryHub, the Supplier will inform the Customer about the changes without undue delay. Changes about sub-suppliers are sent to all Customers that have subscribed to Data Security Information letter on xxxx://xxxxxx.xxx/du6o49. xxxxx://xxx.xxxxxx.xxx/data-security/ The Customer holds the right in writing to object against changes in sub-sub- suppliers. Objections against or comments on changed sub-suppliers must be send sent to the Supplier within 10 days from receival receiving of the information.