Processing Requirements. Ganttic will: a. Process Customer Personal Data (i) only for the purpose of providing, supporting and improving Ganttic’s services, using appropriate technical and organizational security measures; and (ii) in compliance with the instructions (e.g. the purpose to use Ganttic services) received from Customer. Ganttic will not use or process the Customer Personal Data for any other purpose. Ganttic will promptly inform Customer if it cannot comply with the requirements under Sections 5-8 of this DPA, in which case Customer may terminate the DPA or take any other reasonable action, including suspending data processing operations; b. Inform Customer promptly if, in Ganttic’s opinion, an instruction from Customer violates applicable Data Protection Requirements; c. Take commercially reasonable steps to ensure that (i) persons employed by it and (ii) other persons engaged to perform on ▇▇▇▇▇▇▇’s behalf comply with the terms of the DPA; d. Ensure that its employees, authorized agents and any Subprocessors are required to comply with and acknowledge and respect the confidentiality of the Customer Personal Data, including after the end of their respective employment, contract or assignment; e. If it intends to engage Subprocessors to help it satisfy its obligations in accordance with this DPA or to delegate all or part of the processing activities to such Subprocessors, (i) exclusive of the list of Subprocessors Ganttic maintains online, obtain the prior written consent of Customer to such subcontracting, such consent to not be unreasonably withheld; (ii) remain liable to Customer for the Subprocessors’ acts and omissions with regard to data protection where such Subprocessors act on Ganttic’s instructions; and (iii) enter into contractual arrangements with such Subprocessors binding them to provide the same level of data protection and information security to that provided for herein; Ganttic may make changes to the use of Subprocessors provided that the Customer is notified. Changes that entail the transfer of personal data to countries outside the EEA (third countries) must be notified no later than one month before the change takes effect. If the Customer opposes the change, Ganttic must be notified as soon as possible. The Customer may only object to the change on reasonable and justifiable grounds. g. Upon request, provide Customer with a summary of ▇▇▇▇▇▇▇’s privacy and security policies; and h. Inform Customer if Ganttic undertakes an independent security review.
Appears in 1 contract
Sources: Data Processing Agreement
Processing Requirements. Ganttic LinkedIn will:
a. Process Customer Personal Data (i) only for the purpose of providing, supporting and improving GantticLinkedIn’s servicesservices (including to provide insights and other reporting), using appropriate technical and organizational security measures; and (ii) in compliance with the instructions (e.g. the purpose to use Ganttic services) received from Customer. Ganttic LinkedIn will not use or process Process the Customer Personal Data for any other purpose. Ganttic LinkedIn will promptly inform Customer in writing if it cannot comply with the requirements under Sections 5-8 of this DPA, in which case Customer may terminate the DPA Agreement or take any other reasonable action, including suspending data processing operations;
b. Inform Customer promptly if, in GantticLinkedIn’s opinion, an instruction from Customer violates applicable Data Protection Requirements;
c. If LinkedIn is collecting Customer Personal Data from individuals on behalf of Customer, follow Customer’s instructions regarding such Customer Personal Data collection (including with regard to the provision of notice and exercise of choice);
d. Take commercially reasonable steps to ensure that (i) persons employed by it and (ii) other persons engaged to perform on ▇▇▇▇▇▇▇LinkedIn’s behalf comply with the terms of the DPAAgreement;
d. e. Ensure that its employees, authorized agents and any Subprocessors are required to comply with and acknowledge and respect the confidentiality of the Customer Personal Data, including after the end of their respective employment, contract or assignment;
e. f. If it intends to engage Subprocessors to help it satisfy its obligations in accordance with this DPA or to delegate all or part of the processing activities to such Subprocessors, (i) exclusive of the list of Subprocessors Ganttic LinkedIn and its Affiliates maintains onlineonline (currently available at ▇▇▇▇▇://▇▇▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/customer- subprocessors), the use of which Customer approves, obtain the prior written consent of Customer to such subcontractingsubprocessing, such consent to not be unreasonably withheld; (ii) remain liable to Customer for the Subprocessors’ acts and omissions with regard to data protection where such Subprocessors act on GantticLinkedIn’s instructions; and (iii) enter into contractual arrangements with such Subprocessors binding them to provide the same level of data protection and information security to that provided for herein; Ganttic may make changes to the use of Subprocessors provided that the Customer is notified. Changes that entail the transfer of personal data to countries outside the EEA (third countries) must be notified no later than one month before the change takes effect. If the Customer opposes the change, Ganttic must be notified as soon as possible. The Customer may only object to the change on reasonable and justifiable grounds.and
g. Upon request, provide Customer with a summary mapping of ▇▇▇▇▇▇▇’s privacy and LinkedIn's security policies; and
h. Inform Customer if Ganttic undertakes an independent security reviewpolicies to the controls set forth in the International Organization for Standardization (ISO) / International Electrotechnical Commission (IEC) 27001 standard.
Appears in 1 contract
Sources: Data Processing Agreement
Processing Requirements. Ganttic willAs a Data Processor, OpenAI agrees to:
a. Process process Customer Personal Data only (i) only on Customer’s behalf for the purpose of providingproviding and supporting OpenAI’s Services (including to provide insights, supporting reporting, analytics and improving Ganttic’s servicesplatform abuse, using appropriate technical trust and organizational security measuressafety monitoring);; and (ii) in compliance with the written instructions (e.g. the purpose to use Ganttic services) received from Customer. Ganttic will not use or process ; and (iii) in a manner that provides no less than the Customer Personal level of privacy protection required by Data for any other purpose. Ganttic will Protection Laws;
b. promptly inform Customer in writing if it OpenAI cannot comply with the requirements under Sections 5-8 of this DPA, in which case Customer may terminate the DPA or take any other reasonable action, including suspending data processing operations;
b. Inform c. not provide Customer with remuneration in exchange for Customer Data from Customer. The parties acknowledge and agree that Customer has not “sold” (as such term is defined by the CCPA) Customer Data to OpenAI; d. not “sell” (as such term is defined by U.S. Privacy Laws) or “share” (as such term is defined by the CCPA) Personal Data;
e. inform Customer promptly if, in GantticOpenAI’s opinion, an instruction from Customer violates applicable Data Protection RequirementsLaws;
c. Take commercially reasonable steps to ensure that f. require (i) persons employed by it and (ii) other persons engaged to perform on OpenAI’s behalf to be subject to a duty of confidentiality with respect to the Customer Data and to comply with the data protection obligations applicable to OpenAI under the Agreement and this DPA;
g. engage the organizations or persons listed at ▇▇▇▇▇://▇▇▇▇▇▇▇’s behalf comply with ▇.▇▇▇▇▇▇.▇▇▇/subprocessors to process Customer Data (each a “Subprocessor,” and the terms of list at the DPA;
d. Ensure that its employeesforegoing URL, authorized agents and any Subprocessors are required to comply with and acknowledge and respect the confidentiality of the Customer Personal Data, including after the end of their respective employment, contract or assignment;
e. If it intends to engage Subprocessors “Subprocessor List”) to help it OpenAI satisfy its obligations in accordance with this DPA or to delegate all or part of the processing activities to such Subprocessors. Customer hereby consents to the use of such Subprocessors. If Customer subscribes to email notifications as provided on the Subprocessor List website, then OpenAI will notify Customer of any changes OpenAI intends to make to the Subprocessor List at least 15 days before the changes take effect (which may be via email, a posting, or notification on an online portal for our services or other reasonable means). In the event that Customer does not wish to consent to the use of such additional Subprocessor, Customer may notify OpenAI that Customer does not consent within fifteen (15) days on reasonable grounds relating to the protection of Customer Data by following the instructions set forth in the Subprocessor List or contacting ▇▇▇▇▇▇▇@▇▇▇▇▇▇.▇▇▇. In such case, OpenAI shall have the right to cure the objection through one of the following options: (i) exclusive of OpenAI will cancel its plans to use the list of Subprocessors Ganttic maintains online, obtain the prior written consent of Subprocessor with regards to processing Customer Data or will offer an alternative to provide its Services or services without such subcontracting, such consent to not be unreasonably withheldSubprocessor; (ii) remain liable OpenAI will take the corrective steps requested by Customer in Customer objection notice and proceed to Customer for use the Subprocessors’ acts and omissions with regard to data protection where such Subprocessors act on Ganttic’s instructionsSubprocessor; and (iii) OpenAI may cease to provide, or Customer may agree not to use whether temporarily or permanently, the particular aspect or feature of the OpenAI Services or services that would involve the use of such Subprocessor; or (iv) Customer may cease providing Customer Data to OpenAI for processing involving such Subprocessor. If none of the above options are commercially feasible, in OpenAI’s reasonable judgment, and the objection(s) have not been resolved to the satisfaction of the parties within thirty (30) days of OpenAI’s receipt of Customer’s objection notice, then either party may terminate any subscriptions, order forms or usage regarding the Services that cannot be provided without the use of the new Subprocessor for cause and in such case, Customer will be refunded any pre-paid fees for the applicable subscriptions, order forms or usage to the extent they cover periods or terms following the date of such termination. Such termination right is Customer’s sole and exclusive remedy if Customer objects to any new Subprocessor. OpenAI shall enter into contractual arrangements with such Subprocessors each Subprocessor binding them to provide the same a comparable level of data protection and information security to that provided for herein; Ganttic may make changes . Subject to the use limitations of liability included in the Agreement, OpenAI agrees to be liable for the acts and omissions of its Subprocessors provided that the Customer is notified. Changes that entail the transfer of personal data to countries outside the EEA (third countries) must be notified no later than one month before the change takes effect. If the Customer opposes the change, Ganttic must be notified as soon as possible. The Customer may only object to the change on same extent OpenAI would be liable under the terms of the DPA if it performed such acts or omissions itself;
h. upon reasonable and justifiable grounds.
g. Upon requestrequest no more than once per year, provide Customer with a summary of ▇▇▇▇▇▇▇OpenAI’s privacy and security policiespolicies and other such information necessary to demonstrate compliance with the obligations set forth in this DPA and applicable Data Protection Laws;
i. where required by law and upon reasonable notice and appropriate confidentiality agreements, cooperate with assessments, audits, or other steps performed by or on behalf of Customer at Customer’s sole expense and in a manner that is minimally disruptive to OpenAI’s business that are necessary to confirm that OpenAI is processing Customer Data in a manner consistent with this DPA. Where permitted by law, OpenAI may instead make available to customer a summary of the results of a third-party audit or certification reports relevant to OpenAI’s compliance with this DPA. Such results, and/or the results of any such assessments, audits, or other steps shall be the Confidential Information of OpenAI;
j. to the extent that Customer permits or instructs OpenAI to process Customer Data subject to U.S. Privacy Laws in a deidentified, anonymized, and/or aggregated form as part of the Services, OpenAI, OpenAI shall (i) adopt reasonable measures to prevent such deidentified data from being used to infer information about, or otherwise being linked to, a particular natural person or household; and(ii) not attempt to reidentify the information, except that OpenAI may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes comply with Data Protection Laws or are functioning as intended; and (iii) before sharing deidentified data with any other party, including Subprocessors, contractually obligate any such recipients to comply with the requirements of this provision;
h. Inform k. where the Customer if Ganttic undertakes an independent security review.Data is subject to the CCPA, not (i) retain, use, disclose, or otherwise process Customer Data except as necessary for the business purposes specified in the Agreement or this DPA;
Appears in 1 contract
Sources: Data Processing Agreement
Processing Requirements. Ganttic will:
a. Process Customer Personal Data (i) only for the purpose of providing, supporting and improving Ganttic’s services, using appropriate technical and organizational security measures; and (ii) in compliance with the instructions (e.g. the purpose to use Ganttic services) received from Customer. Ganttic will not use or process the Customer Personal Data for any other purpose. Ganttic will promptly inform Customer if it cannot comply with the requirements under Sections 5-8 of this DPA, in which case Customer may terminate the DPA or take any other reasonable action, including suspending data processing operations;
b. Inform Customer promptly if, in Ganttic’s opinion, an instruction from Customer violates applicable Data Protection Requirements;
c. Take commercially reasonable steps to ensure that (i) persons employed by it and (ii) other persons engaged to perform on ▇▇▇▇▇▇▇Ganttic’s behalf comply with the terms of the DPA;
d. Ensure that its employees, authorized agents and any Subprocessors are required to comply with and acknowledge and respect the confidentiality of the Customer Personal Data, including after the end of their respective employment, contract or assignment;
e. If it intends to engage Subprocessors to help it satisfy its obligations in accordance with this DPA or to delegate all or part of the processing activities to such Subprocessors, (i) exclusive of the list of Subprocessors Ganttic maintains online, obtain the prior written consent of Customer to such subcontracting, such consent to not be unreasonably withheld; (ii) remain liable to Customer for the Subprocessors’ acts and omissions with regard to data protection where such Subprocessors act on Ganttic’s instructions; and (iii) enter into contractual arrangements with such Subprocessors binding them to provide the same level of data protection and information security to that provided for herein; Ganttic may make changes to the use of Subprocessors provided that the Customer is notified. Changes that entail the transfer of personal data to countries outside the EEA (third countries) must be notified no later than one month before the change takes effect. If the Customer opposes the change, Ganttic must be notified as soon as possible. The Customer may only object to the change on reasonable and justifiable grounds.
g. Upon request, provide Customer with a summary of ▇▇▇▇▇▇▇Ganttic’s privacy and security policies; and
h. Inform Customer if Ganttic undertakes an independent security review.
Appears in 1 contract
Sources: Data Processing Agreement
Processing Requirements. Ganttic willAs a Data Processor, OpenAI agrees to:
a. Process process Customer Personal Data only (i) only on Customer’s behalf for the purpose of providingproviding and supporting OpenAI’s Services (including to provide insights, supporting reporting, analytics and improving Ganttic’s servicesplatform abuse, using appropriate technical trust and organizational security measuressafety monitoring); and (ii) in compliance with the written instructions (e.g. the purpose to use Ganttic services) received from Customer. Ganttic will not use or process ; and (iii) in a manner that provides no less than the Customer Personal level of privacy protection required of it by Data for any other purpose. Ganttic will Protection Laws;
b. promptly inform Customer in writing if it OpenAI cannot comply with the requirements under Sections 5-8 of this DPA, in which case Customer may terminate the DPA or take any other reasonable action, including suspending data processing operations;
b. Inform c. not provide Customer with remuneration in exchange for Customer Data from Customer. The parties acknowledge and agree that Customer has not “sold” (as such term is defined by the CCPA) Customer Data to OpenAI; d. not “sell” (as such term is defined by U.S. Privacy Laws) or “share” (as such term is defined by the CCPA) Personal Data;
e. inform Customer promptly if, in GantticOpenAI’s opinion, an instruction from Customer violates applicable Data Protection RequirementsLaws;
c. Take commercially reasonable steps to ensure that f. require (i) persons employed by it and (ii) other persons engaged to perform on OpenAI’s behalf to be subject to a duty of confidentiality with respect to the Customer Data and to comply with the data protection obligations applicable to OpenAI under the Agreement and this DPA;
g. engage the organizations or persons listed at ▇▇▇▇▇://▇▇▇▇▇▇▇’s behalf comply with ▇.▇▇▇▇▇▇.▇▇▇/subprocessors to process Customer Data (each a “Subprocessor,” and the terms of list at the DPA;
d. Ensure that its employeesforegoing URL, authorized agents and any Subprocessors are required to comply with and acknowledge and respect the confidentiality of the Customer Personal Data, including after the end of their respective employment, contract or assignment;
e. If it intends to engage Subprocessors “Subprocessor List”) to help it OpenAI satisfy its obligations in accordance with this DPA or to delegate all or part of the processing activities to such Subprocessors. Customer hereby consents to the use of such Subprocessors. If Customer subscribes to email notifications as provided on the Subprocessor List website, then OpenAI will notify Customer of any changes OpenAI intends to make to the Subprocessor List at least 15 days before the changes take effect (which may be via email, a posting, or notification on an online portal for our services or other reasonable means). In the event that Customer does not wish to consent to the use of such additional Subprocessor, Customer may notify OpenAI that Customer does not consent within fifteen (15) days on reasonable grounds relating to the protection of Customer Data by following the instructions set forth in the Subprocessor List or contacting ▇▇▇▇▇▇▇@▇▇▇▇▇▇.▇▇▇. In such case, OpenAI shall have the right to cure the objection through one of the following options: (i) exclusive of OpenAI will cancel its plans to use the list of Subprocessors Ganttic maintains online, obtain the prior written consent of Subprocessor with regards to processing Customer Data or will offer an alternative to provide its Services or services without such subcontracting, such consent to not be unreasonably withheldSubprocessor; (ii) remain liable OpenAI will take the corrective steps requested by Customer in Customer objection notice and proceed to Customer for use the Subprocessors’ acts and omissions with regard to data protection where such Subprocessors act on Ganttic’s instructionsSubprocessor; and (iii) OpenAI may cease to provide, or Customer may agree not to use whether temporarily or permanently, the particular aspect or feature of the OpenAI Services or services that would involve the use of such Subprocessor; or (iv) Customer may cease providing Customer Data to OpenAI for processing involving such Subprocessor. If none of the above options are commercially feasible, in OpenAI’s reasonable judgment, and the objection(s) have not been resolved to the satisfaction of the parties within thirty (30) days of OpenAI’s receipt of Customer’s objection notice, then either party may terminate any subscriptions, order forms or usage regarding the Services that cannot be provided without the use of the new Subprocessor for cause and in such case, Customer will be refunded any pre-paid fees for the applicable subscriptions, order forms or usage to the extent they cover periods or terms following the date of such termination. Such termination right is Customer’s sole and exclusive remedy if Customer objects to any new Subprocessor. OpenAI shall enter into contractual arrangements with such Subprocessors each Subprocessor binding them to provide the same a comparable level of data protection and information security to that provided for herein; Ganttic may make changes . Subject to the use limitations of liability included in the Agreement, OpenAI agrees to be liable for the acts and omissions of its Subprocessors provided that the Customer is notified. Changes that entail the transfer of personal data to countries outside the EEA (third countries) must be notified no later than one month before the change takes effect. If the Customer opposes the change, Ganttic must be notified as soon as possible. The Customer may only object to the change on same extent OpenAI would be liable under the terms of the DPA if it performed such acts or omissions itself;
h. upon reasonable and justifiable grounds.
g. Upon requestrequest no more than once per year, provide Customer with a summary of ▇▇▇▇▇▇▇OpenAI’s privacy and security policiespolicies and other such information necessary to demonstrate compliance with the obligations set forth in this DPA and applicable Data Protection Laws;
i. where required by law and upon reasonable notice and appropriate confidentiality agreements, cooperate with assessments, audits, or other steps performed by or on behalf of Customer at Customer’s sole expense and in a manner that is minimally disruptive to OpenAI’s business that are necessary to confirm that OpenAI is processing Customer Data in a manner consistent with this DPA. Where permitted by law, OpenAI may instead make available to customer a summary of the results of a third-party audit or certification reports relevant to OpenAI’s compliance with this DPA. Such results, and/or the results of any such assessments, audits, or other steps shall be the Confidential Information of OpenAI;
j. to the extent that Customer permits or instructs OpenAI to process Customer Data subject to U.S. Privacy Laws in a deidentified, anonymized, and/or aggregated form as part of the Services, OpenAI, OpenAI shall (i) adopt reasonable measures to prevent such deidentified data from being used to infer information about, or otherwise being linked to, a particular natural person or household; and(ii) not attempt to reidentify the information, except that OpenAI may attempt to reidentify the information solely for the purpose of determining whether its deidentification processes comply with Data Protection Laws or are functioning as intended; and (iii) before sharing deidentified data with any other party, including Subprocessors, contractually obligate any such recipients to comply with the requirements of this provision;
h. Inform k. where the Customer if Ganttic undertakes an independent security review.Data is subject to the CCPA, not (i) retain, use, disclose, or otherwise process Customer Data except as necessary for the business purposes specified in the Agreement or this DPA;
Appears in 1 contract
Sources: Data Processing Agreement