Common use of Processing Terms Clause in Contracts

Processing Terms. When Processing Personal Data on behalf of the Customer, the Company shall: a) only Process Personal Data according to the Customer’s written instructions unless required otherwise by applicable Law, in which case the Company shall inform the Customer of that legal requirement before commencing processing (unless that law prohibits such information on important grounds of public interest); b) immediately inform Customer if the Company is of the opinion that an instruction of the Customer regarding Processing Personal Data infringes Data Protection Laws; c) ensure that all Company personnel who have access to Personal Data are subject to suitable confidentiality obligations; d) be generally permitted to use sub-processors to fulfill its contractual obligations under this Addendum, and shall make available to the Customer a current list of sub-processors and shall inform the Customer of any intended changes concerning the addition or replacement of a sub-processor. The Company shall ensure that sub-processors are bound to confidentiality and privacy obligations that are no less onerous than those set forth in this Addendum. If the Customer objects to the Company’s change of sub-processor, the Customer shall inform the Company of its objections in writing within five (5) business days of receipt of information about the change from the Company and shall be entitled to terminate access to the part of the Company Platform to which the change in subcontracting relates with immediate effect and without liability in the event the Company does not take into consideration the Customer’s objections; e) be fully responsible for all acts or omissions of its employees, agents, and sub-processors in the same manner as for its own acts or omissions; f) implement and maintain technical and organizational measures designed to prevent a breach of Personal Data, and in the event of a breach of Personal Data, the Company shall notify the Customer without undue delay and undertake all remediation efforts reasonably necessary to rectify the breach of Personal Data; g) promptly notify the Customer without undue delay of any request: i. for information from or complaint by a data protection authority in relation to Personal Data that the Company Processes for the purpose of providing access to the Company Platform; and, ii. to the Company by an individual to exercise rights under Data Protection Laws such as to access, rectify, amend, correct, share, delete or cease processing his or her personal data; h) provide all assistance to the Customer as reasonably necessary for the Customer to meet its obligations under Articles 32-36 of the GDPR at the Customer’s cost; i) at the choice of the Customer, promptly delete or return all Personal Data on the Customer’s request or the termination of this Agreement, unless required otherwise by the Law of the European Union or a member state thereof; j) upon the Customer’s request, make available information reasonably necessary to demonstrate the Company’s compliance with its obligations under the GDPR, and allow for the Customer or another auditor mandated by the Customer to annually audit such compliance; and k) Process Personal Data only at the locations and/or geographies set out in the Agreement and shall not change them without informing and receiving approval from the Customer. Company agrees to assist the Customer in putting in place additional safeguards, such as data transfer contracts, as required by Data Protection Laws.

Processing Terms. When Processing Personal Data on behalf of the Customer, the Company shall: a) only Process Personal Data according to the Customer’s written instructions unless required otherwise by applicable Law, in which case the Company shall inform the Customer of that legal requirement before commencing processing (unless that law prohibits such information on important grounds of public interest); b) immediately inform Customer if the Company is of the opinion that an instruction of the Customer regarding Processing Personal Data infringes Data Protection Laws; c) ensure that all Company personnel who have access to Personal Data are subject to suitable confidentiality obligations; d) be generally permitted to use sub-processors to fulfill its contractual obligations under this Addendum, and shall make available to the Customer a current list of sub-processors and shall inform the Customer of any intended changes concerning the addition or replacement of a sub-processor. The Company shall ensure that sub-processors are bound to confidentiality and privacy obligations that are no less onerous than those set forth in this Addendum. If the Customer objects to the Company’s change of sub-processor, the Customer shall inform the Company of its objections in writing within five (5) business days of receipt of information about the change from the Company and shall be entitled to terminate access to the part of the Company Platform to which the change in subcontracting relates with immediate effect and without liability in the event the Company does not take into consideration the Customer’s objections; e) be fully responsible for all acts or omissions of its employees, agents, and sub-processors in the same manner as for its own acts or omissions; f) implement and maintain technical and organizational measures designed to prevent a breach of Personal Data, and in the event of a breach of Personal Data, the Company shall notify the Customer without undue delay and undertake all remediation efforts reasonably necessary to rectify the breach of Personal Data; g) promptly notify the Customer without undue delay of any request: i. for information from or complaint by a data protection authority in relation to Personal Data that the Company Processes for the purpose of providing access to the Company Platform; and, ii. to the Company by an individual to exercise rights under Data Protection Laws such as to access, rectify, amend, correct, share, delete or cease processing his or her personal data; h) provide all assistance to the Customer as reasonably necessary for the Customer to meet its obligations under Articles 32-36 of the GDPR at the Customer’s cost; i) at the choice of the Customer, promptly delete or return all Personal Data on the Customer’s request or the termination of this Agreement, unless required otherwise by the Law of the European Union or a member state thereof; j) upon the Customer’s request, make available information reasonably necessary to demonstrate the Company’s compliance with its obligations under the GDPR, and allow for the Customer or another auditor mandated by the Customer to annually audit such compliance; and k) Process Personal Data only at the locations and/or geographies set out in the Agreement and shall not change them without informing and receiving approval from the Customer. Company agrees to assist the Customer in putting in place additional safeguards, such as data transfer contracts, as required by Data Protection Laws.additional