Common use of Records of Processing Activities Clause in Contracts

Records of Processing Activities. To the extent the GDPR requires Sales Cookie to collect and maintain records of certain information relating to Customer, Customer will, where requested, supply such information to Sales Cookie and keep it accurate and up to date. Sales Cookie may make any such information available to the supervisory authority if required by the GDPR. Data Security Security Practices and Policies Sales Cookie will implement and maintain appropriate technical and organizational measures to protect Customer Data and Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Those measures shall be set forth in a Sales Cookie Security Policy. Sales Cookie will make that policy available to Customer, along with descriptions of the security controls in place for the Services and other information reasonably requested by Customer regarding Sales Cookie security practices and policies. In addition, those measures shall comply with the requirements set forth in ISO 27001, ISO 27002, and ISO 27018. Services implement and maintain security measures set forth in Appendix A for the protection of Customer Data. Data Encryption Customer Data (including any Personal Data therein) in transit over public networks between Customer and Sales Cookie, or between Sales Cookie data centers, is encrypted by default. Sales Cookie also encrypts Customer Data stored at rest in Services. Data Access Sales Cookie employs least privilege access mechanisms to control access to Customer Data (including any Personal Data therein). For Services, Sales Cookie maintains Access Control mechanisms described in the table entitled “Security Measures” in Appendix A – Notices, and there is no standing access by Sales Cookie personnel to Customer Data. Role-based access controls are employed to ensure that access to Customer Data required for service operations is for an appropriate purpose, for a limited time, and approved with management oversight. Customer Responsibilities Customer is solely responsible for making an independent determination as to whether the technical and organizational measures for Services meet Customer’s requirements, including any of its security obligations under applicable Data Protection Requirements. Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing of its Personal Data as well as the risks to individuals) the security practices and policies implemented and maintained by Sales Cookie provide a level of security appropriate to the risk with respect to its Personal Data. Customer is responsible for implementing and maintaining privacy protections and security measures for components that Customer provides or controls.

Records of Processing Activities. To the extent the GDPR requires Sales Cookie GitHub to collect and maintain records of certain information relating to Customer, Customer will, where requested, supply such information to Sales Cookie GitHub and keep it accurate and up to up-to-date. Sales Cookie GitHub may make any such information available to the supervisory authority if required by the GDPR. Data Security Security Practices and Policies Sales Cookie GitHub will implement and maintain appropriate technical and organizational measures to protect Customer Data and Personal Data security safeguards against accidental or unlawful destruction, or loss, alteration, unauthorized disclosure of, of or access to, personal data transmitted, stored or otherwise processedCustomer Data and Personal Data processed by GitHub on behalf and in accordance with the documented instructions of Customer in connection with the Online Services. Those GitHub will regularly monitor compliance with these measures shall be set forth in a Sales Cookie Security Policy. Sales Cookie and safeguards and will make that policy available continue to Customer, along with descriptions take appropriate steps throughout the term of the security controls in place for the Services and other information reasonably requested by GitHub Customer regarding Sales Cookie security practices and policiesAgreement. In addition, those measures shall comply with the requirements set forth in ISO 27001, ISO 27002, and ISO 27018. Services implement and maintain security measures set forth in Appendix A for the protection of Customer Data. Data Encryption Customer Data (including any Personal Data therein) in transit over public networks between Customer and Sales Cookie, or between Sales Cookie data centers, is encrypted by default. Sales Cookie also encrypts Customer Data stored at rest in Services. Data Access Sales Cookie employs least privilege access mechanisms to control access to Customer Data (including any Personal Data therein). For Services, Sales Cookie maintains Access Control mechanisms described in the table entitled “Security Measures” in Appendix A – Notices, Security Safeguards contains a description of the technical and there is no standing access organizational measures and security safeguards implemented by Sales Cookie personnel to Customer DataGitHub. Role-based access controls are employed to ensure that access to Customer Data required for service operations is for an appropriate purpose, for a limited time, and approved with management oversight. Customer Responsibilities Customer is solely responsible for making an independent determination as to whether the technical and organizational measures and security safeguards for Services an Online Service meet Customer’s requirements, including any of its security obligations under applicable Data Protection Requirements. Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing of its Customer Data and Personal Data as well as the risks to individualsrisk of varying likelihood and severity for the rights and freedoms of natural persons) the technical and organizational measures and security practices and policies safeguards implemented and maintained by Sales Cookie GitHub provide a level of security appropriate to the risk with respect to its Customer Data and Personal Data. Customer is responsible for implementing and maintaining privacy protections and security measures for components that Customer provides or controls. GitHub will provide security compliance reporting such as external SOC1, type 2 and SOC2, type2 audit reports upon Customer request. Customer agrees that any information and audit rights granted by the applicable Data Protection Requirements (including, where applicable, Article 28(3)(h) of the GDPR) will be satisfied by these compliance reports, and will otherwise only arise to the extent that GitHub's provision of a compliance report does not provide sufficient information, or to the extent that Customer must respond to a regulatory or supervisory authority audit or investigation. Should Customer be subject to a regulatory or supervisory authority audit or investigation or carry out an audit or investigation in response to a request by a regulatory or supervisory authority that requires participation from GitHub, and Customers’ obligations cannot reasonably be satisfied (where allowable by Customer’s regulators) through audit reports, documentation, or compliance information that GitHub makes generally available to its customers, then GitHub will promptly respond to Customer’s additional instructions and requests for information, in accordance with the following terms and conditions: ● GitHub will provide access to relevant knowledgeable personnel, documentation, and application software. ● Customer and GitHub will mutually agree in a prior written agreement (email is acceptable) upon the scope, timing, duration, control and evidence requirements, provided that this requirement to agree will not permit GitHub to unreasonably delay its cooperation. ● Customer must ensure its regulator’s use of an independent, accredited third-party audit firm, during regular business hours, with reasonable advance written notice to GitHub, and subject to reasonable confidentiality procedures. Neither Customer, its regulators, nor its regulators’ delegates shall have access to any data from GitHub’s other customers or to GitHub systems or facilities not involved in the Online Services. ● Customer is responsible for all costs and fees related to GitHub’s cooperation with the regulatory audit of Customer, including all reasonable costs and fees for any and all time GitHub expends, in addition to the rates for services performed by GitHub. ● If the report generated from GitHub’s cooperation with the regulatory audit of Customer includes any findings pertaining to GitHub, Customer will share such report, findings, and recommended actions with GitHub where allowed by Customer’s regulators.

Records of Processing Activities. To the extent the GDPR requires Sales Cookie Client Engager to collect and maintain records of certain information relating to Customer, Customer will, where requested, supply such information to Sales Cookie Client Engager and keep it accurate and up to up-to-date. Sales Cookie Client Engager may make any such information available to the supervisory authority if required by the GDPR. Data Security Security Practices and Policies Sales Cookie Client Engager will implement and maintain appropriate technical and organizational measures to protect Customer Data and Personal Product Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed. Those measures shall be set forth in a Sales Cookie Client Engager Security Policy. Sales Cookie will make that policy available to Customer, along with descriptions of the security controls in place for the Services and other information reasonably requested by Customer regarding Sales Cookie security practices and policies. In addition, those measures shall comply with the requirements set forth in ISO 27001, ISO 27002, and ISO 27018. Services implement and maintain security measures set forth in Appendix A for the protection of Customer Data. Data Encryption Customer Product Data (including any Personal Data therein) in transit over public networks between Customer and Sales CookieClient Engager, or between Sales Cookie Client Engager data centers, is encrypted by default. Sales Cookie also encrypts Customer Data stored at rest in Services. Data Access Sales Cookie Client Engager employs least privilege access mechanisms to control access to Customer Product Data (including any Personal Data therein). For Services, Sales Cookie Client Engager maintains Access Control mechanisms described in the table entitled “Security Measures” in Appendix A – Notices, and there is no standing access by Sales Cookie personnel to Customer Data. Role-based access controls are employed to ensure that access to Customer Product Data required for service operations is for an appropriate purpose, for a limited time, purpose and approved with management oversight. Customer Responsibilities Customer is solely responsible for making an independent determination as to whether the technical and organizational measures for Services Product meet Customer’s requirements, including any of its security obligations under applicable Data Protection Requirements. Customer acknowledges and agrees that (taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of the processing of its Personal Data as well as the risks to individuals) the security practices and policies implemented and maintained by Sales Cookie Client Engager provide a level of security appropriate to the risk with respect to its Personal Data. Customer is responsible for implementing and maintaining privacy protections and security measures for components that Customer provides or controls.. Auditing Compliance Client Engager will conduct audits of the security of the computers, computing environment and physical data centers that it uses in processing Product Data from time to time. The Client Engager Audit Report will be Client Engager’s Confidential Information and not be disclosed. Nothing in this section of the DPA varies or modifies the Standard Contractual Clauses or the GDPR Terms or affects any supervisory authority’s or data subject’s rights under the Standard Contractual Clauses or Data Protection Requirements. Client Engager Corporation is an intended third-party beneficiary of this section. Security Incident Notification If Client Engager becomes aware of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Product Data while processed by Client Engager (each a “Security Incident”), Client Engager will promptly and without undue delay