Common use of Scope of Application and Responsibilities Clause in Contracts

Scope of Application and Responsibilities. 3.1 The Parties acknowledge and agree that with regard to the Processing of Personal Data, the Customer is the Data Controller and Onapsis is the Data Processor within the meaning of Article 4 no. 7 and no. 8 GDPR and that this DPA supplements the Agreement and applies only where in the course of providing Services to Customer, Onapsis is Processing Personal Data on behalf of the Customer within the meaning of Art. 4 No. 2 and Art. 28 GDPR. 3.2 Onapsis shall process Data on behalf of Customer. Such Contract Processing shall include all activities detailed in the Agreement. Within the scope of this DPA, Customer shall be solely responsible for compliance with the applicable statutory requirements on data protection, including, but not limited to, the lawfulness of disclosing Personal Data to Onapsis and the lawfulness of having Personal Data processed on behalf of Customer. Onapsis shall be responsible for complying with all Data Protection Laws applicable to its provision of the Services in its role as Data Processor. 3.3 Customer’s individual instructions on the Processing under this DPA shall, initially, be as detailed in the Agreement and Onapsis will not use or disclose the Personal Data for its own purposes except where expressly permitted by Article 28 (3)(a) of the GDPR. Customer's instructions for the Processing of Personal Data shall comply with the Data Protection Laws. Customer shall have sole responsibility for the accuracy, quality and legality of the Personal Data and the means by which the Customer acquired the Personal Data. Without any obligation to perform a legal examination, Onapsis shall notify Customer without undue delay in case it believes that an instruction would be in breach of the applicable data protection law (Art. 28 para. 3 sentence 3 GDPR). ▇▇▇▇▇▇▇ shall be entitled to suspending performance on such instruction until Customer confirms or modifies such instruction. 3.4 Customer shall, subsequently, be entitled to, in writing or in a machine-readable format (in text form), issue individual to the point of contact designated by Onapsis. Any additional or alternate instructions must be agreed to according to the process for amending the Agreement. In any instance where the GDPR applies and Customer is a Data Processor Customer warrants to Onapsis that Customer's instructions, including appointment of Onapsis as a Data Processor or Subprocessor, have been authorized by the relevant Data Controller.

Scope of Application and Responsibilities. 3.1 The Parties acknowledge and agree that with regard to the Processing of Personal Data, the Customer is the Data Controller and Onapsis is the Data Processor within the meaning of Article 4 no. 7 and no. 8 GDPR and that this DPA Data Processing Annex supplements the Agreement and applies only where in the course of providing Services to Customer, Onapsis is Processing Personal Data on behalf of the Customer within the meaning of Art. 4 No. 2 and Art. 28 GDPR. 3.2 Onapsis shall process Data on behalf of Customer. Such Contract Processing shall include all activities detailed in the Agreement. Within the scope of this DPAData processing Annex, Customer shall be solely responsible for compliance with the applicable statutory requirements on data protection, including, but not limited to, the lawfulness of disclosing Personal Data to Onapsis and the lawfulness of having Personal Data processed on behalf of Customer. Onapsis shall be responsible for complying with all Data Protection Laws applicable to its provision of the Services in its role as Data Processor. 3.3 Customer’s individual instructions on the Processing under this DPA Data processing Annex shall, initially, be as detailed in the Agreement and Onapsis will not use or disclose the Personal Data for its own purposes except where expressly permitted by Article 28 (3)(a) of the GDPR. Customer's instructions for the Processing of Personal Data shall comply with the Data Protection Laws. Customer shall have sole responsibility for the accuracy, quality and legality of the Personal Data and the means by which the Customer acquired the Personal Data. Without any obligation to perform a legal examination, Onapsis shall notify Customer without undue delay in case it believes that an instruction would be in breach of the applicable data protection law (Art. 28 para. 3 sentence 3 GDPR). ▇▇▇▇▇▇▇ Onapsis shall be entitled to suspending performance on such instruction until Customer confirms or modifies such instruction. 3.4 Customer shall, subsequently, be entitled to, in writing or in a machine-readable format (in text form), issue individual to the point of contact designated by Onapsis. Any additional or alternate instructions must be agreed to according to the process for amending the Agreement. In any instance where the GDPR applies and Customer is a Data Processor Customer warrants to Onapsis that Customer's instructions, including appointment of Onapsis as a Data Processor or Subprocessor, have been authorized by the relevant Data Controller.