Subprocessors. 3.1 Customer (also on behalf of its Data Controllers) hereby authorizes SAP (also for the purpose of Clause 11 paragraph 1 of the Standard Contractual Clauses) to engage subcontractors for the processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or omissions of its Subprocessors in the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the Subprocessor concerned SAP shall have the right to cure the objection through one of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written notice.

Appears in 5 contracts

Sources: Oem License Agreement, Oem License Agreement, Oem License Agreement

Subprocessors. ~~3.1~~ Findmyshift shall be entitled to engage Subprocessors to fulfil Findmyshift’s obligations defined in the Agreement only with Customer’s written consent. For these purposes, Customer ~~(also on behalf~~ consents to the engagement as Subprocessors of ~~its Data Controllers) hereby authorizes SAP (also~~ the third parties listed in Annex 4. For the avoidance of doubt, the above authorisation constitutes Customer’s prior written consent to the sub- processing by Findmyshift for ~~the purpose~~ purposes of Clause ~~11 paragraph 1~~ 9 of the Standard Contractual Clauses. 4.7.1. If Findmyshift intends to instruct Subprocessors other than the companies listed in Annex 4, Findmyshift will notify the Customer thereof in writing (email to the email address(es) on record in Findmyshift’s account information for Customer is sufficient) and will give the Customer the opportunity to ~~engage subcontractors~~ object to the engagement of the new Subprocessors within 30 days after being notified. The objection must be based on reasonable grounds (e.g., if the Customer proves that significant risks for the ~~processing~~ protection of its Personal Data ~~(each~~ exist at the Subprocessor). It is possible that Findmyshift will not be able to guarantee continuous delivery of the Subscription Services in case of disagreements regarding a “Subprocessor”) , and Findmyshift cannot be held liable for such implementation delays due to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or omissions of its Subprocessors in the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard discussions related to the Subprocessor~~’s services to be provided to SAP)~~. ~~3.2 SAP~~ 4.7.2. When instructing Subprocessors other than the companies listed in Annex 4, and before that Subprocessor first Processes Customer Personal Data, Findmyshift agrees to carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Personal Data required by the Agreement. 4.7.3. Where Findmyshift engages Subprocessors, Findmyshift will ~~inform~~ enter into a contract with the Subprocessor that imposes on the Subprocessor the same obligations that apply to Findmyshift under this DPA. Where the Subprocessor fails to fulfil its data protection obligations, Findmyshift will remain liable to the Customer ~~upon its request by email about~~ for the ~~name~~performance of such Subprocessors obligations. 4.7.4. Where a Subprocessor is engaged, ~~address~~ the Customer must be granted the right to monitor and ~~role of each Subprocessor it uses to provide~~ inspect the ~~Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion~~ Subprocessor’s activities in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with DPA and ~~are bound by applicable~~ Data Protection ~~Law or~~Laws, including to obtain information from Findmyshift, upon written request, on the substance of the contract and the implementation of the data protection obligations under the sub- processing contract, where necessary by inspecting the relevant contract documents. 4.7.5. The provisions of this Section 4.6 shall mutually apply if Findmyshift engages a Subprocessor ~~is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located~~ in a country ~~without~~ outside the European Economic Area (“EEA”) not recognised by the European Commission as providing an adequate level of ~~data~~ protection ~~and Customer needs~~ for personal data. If, in the performance of this DPA, Findmyshift transfers any Personal Data to ~~complete additional formalities as~~ a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use sub- processor located outside of the ~~Subprocessor concerned SAP shall have the right~~ EEA, Findmyshift shall, in advance of any such transfer, ensure that a legal mechanism to ~~cure the objection through one~~ achieve adequacy in respect of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer that processing is in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written noticeplace.

Appears in 5 contracts

Sources: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement

Subprocessors. ~~3.1 Customer~~ 10.1. Controller authorizes KnowBe4 to appoint (also on behalf of its Data Controllers) hereby authorizes SAP (also for the purpose of Clause 11 paragraph 1 of the Standard Contractual Clauses) to engage subcontractors for the processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or omissions of its Subprocessors in the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of permit each Subprocessor ~~it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion~~ appointed in accordance with this Section 310 to appoint) Subprocessors in accordance with this Section 10 and any restrictions in the Agreement. 10.2. ~~SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes~~ Notwithstanding anything to the contrary in this DPA or the Agreement, KnowBe4 may continue to use all Subprocessors (including Affiliates) already engaged by KnowBe4 as of the Effective Date, subject to KnowBe4 promptly meeting the obligations set forth in Section 10.4. Customer may request a list of ~~Subprocessors~~KnowBe4’s current Subprocessors by emailing ▇▇▇▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇.▇▇▇, ~~which~~ provided Customer has executed this DPA or upon the execution of an agreement with KnowBe4 containing obligations of confidentiality. 10.3. KnowBe4 shall ~~be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if~~ provide reasonable advanced notification to Customer where KnowBe4 wishes to engage a Subprocessor ~~is incorporated outside the EEA~~to process Customer Data and shall provide, upon Customer’s request, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection identity and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use location of the Subprocessor ~~concerned SAP shall have the right to cure the objection through one~~ and a description of the ~~following options (~~processing to be ~~selected at SAP’s sole discretion): (a) SAP~~ subcontracted or outsourced to such Subprocessor. Where KnowBe4 wishes to appoint a Subprocessor under this DPA, KnowBe4 will ~~abort its plans to use~~ select the Subprocessor with ~~regard~~ due diligence and will verify prior to ~~Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use~~ engaging the Subprocessor that such Subprocessor is capable of complying with ~~regard~~ the obligations of KnowBe4 towards Customer, to ~~Personal Data;~~ the extent applicable to the Services assigned to that Subprocessor. If, within five (5) days of receipt of such notice, Customer notifies KnowBe4 in writing of any objections (on reasonable grounds) to the proposed appointment, then KnowBe4 shall not appoint (or ~~(c) SAP may cease to provide or~~ disclose any Customer ~~may agree not to use (temporarily or permanently~~Data to) the ~~particular aspect~~ proposed Subprocessor until reasonable steps have been taken to address the reasonable objections raised by Customer, and KnowBe4 has been provided a reasonable written explanation of the ~~Service that would involve use of~~ steps taken. 10.4. KnowBe4 shall enter into a contract with each Subprocessor whereby KnowBe4 shall require the Subprocessor to comply with ~~regard to Personal Data~~obligations no less onerous than KnowBe4’s obligations under this DPA. ~~If none~~ KnowBe4 shall ensure the subcontracting agreement with such Subprocessor includes appropriate contractual provisions in accordance with Data Privacy Laws. 10.5. Such subcontracting under this Section 10 shall not release KnowBe4 from its responsibility under the Agreement. KnowBe4 shall be responsible for the work and activities of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written noticeall Subprocessors.

Appears in 2 contracts

Sources: Data Processing Agreement, Data Processing Agreement

Subprocessors. ~~3.1 Customer (also~~ Client provides general authorization to Red Hat to engage and use Subprocessors to fulfil its contractual obligations to Client under the Agreement or to provide certain Online Services on behalf of ~~its Data Controllers) hereby authorizes SAP (also~~ Red Hat, such as providing hosting and infrastructure services. Client consents to Red Hat’s use of Subprocessors for ~~the purpose of Clause 11 paragraph 1~~ such purposes. A list of the ~~Standard Contractual Clauses~~current applicable Subprocessors is available on the Red Hat Customer Portal (▇▇▇▇▇://▇▇▇.▇▇/subprocessors) or on written request from Client. Red Hat will provide advance notice to ~~engage subcontractors for~~ Client of any addition or replacement of the ~~processing~~ Subprocessors by updating the Subprocessor list published on the Red Hat Customer Portal or as otherwise agreed upon by the parties in writing. Additionally, Client may subscribe on the Red Hat Customer Portal to an automatic notification of changes to the Subprocessor list. Within thirty (30) days after Red Hat’s notification of the intended change, Client can object to any new Subprocessor on the basis that such addition would cause Client to violate applicable legal requirements. If Client objects to Red Hat’s use of any new Subprocessor by giving written notice to Red Hat within thirty (30) days of being informed by Red Hat of the appointment of such new Subprocessor and Red Hat fails to provide a commercially reasonable alternative to avoid the Processing of Personal Data by such Subprocessor within thirty (~~each a “~~30) days of Red Hat’s receipt of Client’s objection, Client may, as its sole and exclusive remedy, terminate any Online Services that cannot be provided by Red Hat without the use of the objected to new Subprocessor”) . If Client does not object within such period, the respective Subprocessor may be commissioned to Process Personal Data. Client agrees to treat the ~~extent necessary for fulfilling its contractual obligations~~ list of Subprocessors as Red Hat’s Confidential Information under the ~~Agreement~~ terms of the Agreement. Subprocessors are required to abide by the same level of data protection and security as ~~long~~ Red Hat under this Addendum as ~~SAP remains~~ applicable to their Processing of Personal Data and Red Hat will remain responsible to Client for any acts or omissions of ~~its Subprocessors in~~ any Subprocessor that cause Red Hat to breach any of Red Hat’s obligations under this Addendum. Red Hat will restrict the ~~same manner as for its own acts~~ Subprocessors’ access to, and ~~omissions hereunder. SAP shall pass on~~ Processing of, Personal Data only to ~~Subprocessors SAP's obligation as Data Processor (~~what is necessary to provide products or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion Client in accordance with ~~this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to~~ the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the Subprocessor concerned SAP shall have the right to cure the objection through one of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written noticeAgreement.

Appears in 2 contracts

Sources: Data Processing Addendum, Data Processing Addendum

Subprocessors. ~~3.1~~ Findmyshift sha l be entitled to engage Subprocessors to fulfil Findmyshift’s obligations defined in the Agreement only with Customer’s written consent. For these purposes, Customer ~~(also on behalf~~ consents to the engagement as Subprocessors of ~~its Data Controllers) hereby authorizes SAP (also~~ the third parties listed in Annex 4. For the avoidance of doubt, the above authorisation constitutes Customer’s prior written consent to the sub-Processing by Findmyshift for ~~the purpose~~ purposes of Clause 11 ~~paragraph 1~~ of the Standard Contractual Clauses) . 1. If Findmyshift intends to ~~engage subcontractors for~~ instruct Subprocessors other than the ~~processing of Personal Data~~ companies listed in Annex 4, Findmyshift wil notify the Customer thereof in writing (~~each a “Subprocessor”)~~ email to the ~~extent necessary~~ email address(es) on record in Findmyshift’s account information for ~~fulfilling its contractual obligations under~~ Customer is su ficient) and wil give the ~~Agreement as long as SAP remains responsible for any acts or omissions of its Subprocessors in~~ Customer the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason opportunity to object to ~~SAP’s use~~ the engagement of ~~a Subprocessor~~ the new Subprocessors within 30 days after being notified. The objection must be based on reasonable grounds (e.g. if the ~~Subprocessor is located in a country without an adequate level~~ Customer proves that significant risks for the protection of ~~data protection~~ its Personal Data exist at the Subprocessor). If Findmyshift and Customer ~~needs~~ are unable to ~~complete additional formalities as a Data Controller prior to the use of~~ resolve such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the Subprocessor concerned SAP shall have the right to cure the objection through one of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the ~~affected Service~~ Agreement by providing written notice to the other party. Customer sha l receive a refund of any prepaid but unused fees for the period fo lowing the e fective date of termination. 2. When instructing Subprocessors other than the companies listed in Annex 4, and before that Subprocessor first Processes Customer Personal Data, Findmyshift agrees to carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Personal Data required by the Agreement. 3. Where Findmyshift engages Subprocessors, Findmyshift wil enter into a contract with ~~reasonable prior~~ the Subprocessor that imposes on the Subprocessor the same obligations that apply to Findmyshift under this DPA. Where the Subprocessor fails to fulfil its data protection obligations, Findmyshift wil remain liable to the Customer for the performance of such Subprocessors obligations. 4. Where a Subprocessor is engaged, the Customer must be granted the right to monitor and inspect the Subprocessor’s activities in accordance with this DPA and Data Protection Laws, including to obtain information from Findmyshift, upon written ~~notice~~request, on the substance of the contract and the implementation of the data protection obligations under the sub-Processing contract, where necessary by inspecting the relevant contract documents. 5. The provisions of this Section 4.6 sha l mutua ly apply if Findmyshift engages a Subprocessor in a country outside the European Economic Area (“EEA”) not recognised by the European Commission as providing an adequate level of protection for personal data. If, in the performance of this DPA, Findmyshift transfers any Personal Data to a sub-processor located outside of the EEA, Findmyshift sha l, in advance of any such transfer, ensure that a legal mechanism to achieve adequacy in respect of that processing is in place.

Appears in 2 contracts

Sources: Data Processing Agreement, Data Processing Agreement

Subprocessors. ~~3.1 Customer (also on behalf of its Data Controllers) hereby authorizes SAP (also for~~ a. Bluecore shall not engage third-party Subprocessors in connection with the ~~purpose of Clause 11 paragraph 1~~ provision of the Standard Contractual Clauses) to engage subcontractors for the processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or omissions of its Subprocessors in the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion Services except in accordance with this Section 36. ~~SAP~~ Any such Subprocessors will ~~inform Customer~~ be permitted to obtain Personal Data only to deliver the services Bluecore has retained them to provide, and are prohibited from using Personal Data for any other purpose. Bluecore will have a written agreement with each Subprocessor and agrees that any agreement with a Subprocessor will include data protection obligations no less protective than those set out in this DPA b. Bluecore shall be liable for the acts and omissions of its Subprocessors and compliance with all the obligations of this DPA by ~~email in advance (except for Emergency Replacements under Section 3.3) of any changes~~ such Subprocessors to the same extent Bluecore would be liable if performing the services of each Subprocessor directly under the terms of this DPA. To this end, Bluecore will conduct proper due diligence on all Subprocessors to ensure each Subprocess can comply with Data Protection Laws and all applicable terms and conditions of this DPA. c. Customer acknowledges and agrees that Third Party Partners are not Subprocessors and Bluecore assumes no responsibility or liability for the acts or omissions of such Third Party Partners. Subprocessors retained by Bluecore to provide Services for Customer will at all times be deemed Subprocessors of Bluecore and shall not under any circumstance be construed or deemed to be employees or Subprocessors of Customer. d. A list of ~~Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor~~ Bluecore’s authorized Subprocessors is ~~incorporated outside the EEA, the Standard Contractual Clauses)~~available upon Customer’s request. ~~If Customer has a legitimate reason~~ Bluecore may add additional Subprocessors to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within this list provided that it gives thirty (30) ~~days after receipt~~ days’ prior written notification of ~~SAP’s notice. If~~ the identity of the Subprocessor to Customer and Customer does not object ~~during such time period~~ to the ~~new Subprocessor(s) shall be deemed accepted~~appointment within that period. If In the event Customer objects to a new Subprocessor, Bluecore will use reasonable efforts to make available to Customer a change in the affected Services or recommend a commercially reasonable change to Customer’s use of the affected Services to avoid Processing of Personal Data by the objected- to new Subprocessor without unreasonably burdening Customer. If Bluecore is unable to make available such change within a reasonable period of time, which shall not exceed thirty (30) days, Customer may terminate the Agreement and applicable SOW(s) in respect to those Services which cannot be provided by Bluecore without the use of the ~~Subprocessor concerned SAP~~ objected-to new Subprocessor, by providing written notice to Bluecore, without Bluecore imposing a penalty for such termination on Customer. Customer shall ~~have~~ receive a refund of any prepaid fees for the ~~right to cure~~ period following the ~~objection through one~~ effective date of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer termination in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect respect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written noticesuch terminated Services.

Appears in 2 contracts

Sources: Data Processing Agreement, Data Processing Agreement

Subprocessors. ~~3.1~~ 6.1. Customer authorizes Datadog’s use of Datadog’s Affiliates as Subprocessors and both Datadog’s and its Affiliates’ use of third-party Subprocessors in connection with the provision of Services. As a condition to permitting a Subprocessor to Process Customer Personal Data, Datadog or a Datadog Affiliate will enter into a written agreement with the Subprocessor containing data protection obligations no less protective than those in this DPA with respect to Customer Personal Data. Datadog will restrict its Subprocessors’ access to only what is necessary to maintain the Services or to provide the Services to Customer and Authorized Users. Subject to this Section 6, Datadog reserves the right to engage and substitute Subprocessors as it deems appropriate, but shall: (~~also on behalf of its Data Controllers~~a) ~~hereby authorizes SAP (also~~ remain responsible to Customer for the ~~purpose of Clause 11 paragraph 1~~ provision of the ~~Standard Contractual Clauses~~Services and (b) ~~to engage subcontractors~~ be liable for the ~~processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or~~ actions and omissions of its Subprocessors undertaken in connection with Datadog’s performance of this DPA to the same extent Datadog would be liable if performing the Services directly. 6.2. Datadog’s current Subprocessors are listed in the ~~same manner as for its own acts and omissions hereunder~~Subprocessor List. ~~SAP shall pass~~ Upon execution of this DPA, Datadog will subscribe Customer’s email address listed on the signature page of this DPA to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices notifications of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAPDatadog’s use of new Subprocessors (“Change Notices”). Datadog will send a Change Notice before a new Subprocessor ~~(e.g. if the~~ Processes any Customer Personal Data. Customer may object to any new Subprocessor ~~is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior~~ on reasonable grounds relating to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use protection of the ~~Subprocessor concerned SAP~~ Customer Personal Data, in which case Datadog shall have the right to ~~cure~~ satisfy the objection through one of the ~~following options (to be selected at SAP’s sole discretion):~~ following: (a) ~~SAP~~ Datadog will ~~abort~~ cancel its plans to use the Subprocessor with regard to Customer Personal ~~Data;~~ Data or will offer an alternative to provide the Services without such Subprocessor; (b) ~~SAP~~ Datadog will take the corrective steps requested by Customer in its ~~objection~~ Objection Notice (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Customer Personal Data; or or (c) ~~SAP~~ Datadog may cease to ~~provide~~ provide, or Customer may agree not to use (temporarily or permanently) ), the particular aspect of the ~~Service~~ Services that would involve the use of ~~the~~ such Subprocessor with regard to Personal Data, subject to a mutual agreement of the Parties to adjust the remuneration for the Services considering their reduced scope. 6.3. All objections under Section 6.2 must be submitted by email to Datadog at ▇▇▇▇@▇▇▇▇▇▇▇▇▇.▇▇▇ within 14 days of the Change Notice (each, an “Objection Notice”). If none of the ~~above~~ options ~~are reasonably available and the objection has not been cured within thirty~~ outlined in Clause (30a), (b) ~~days after SAP’s receipt~~ or (c) of ~~Customer’s objection, either party may terminate the affected Service with reasonable prior written notice.~~Section

Appears in 1 contract

Sources: Data Processing Agreement

Subprocessors. ~~3.1~~ a. You consent and authorize BMS to continue to use the Subprocessors already engaged by BMS as of the date of this DPA. Those Subprocessors are listed in Schedule 2 of this DPA. b. BMS agree to respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another Processor, namely that BMS may not engage another Subprocessor to process Customer ~~(also on behalf~~ Personal Data without your prior authorization. BMS agrees to send via e- mails prior written notice of its ~~Data Controllers) hereby authorizes SAP (also for the purpose of Clause 11 paragraph 1~~ intent to appoint any new Subprocessor with full details of the ~~Standard Contractual Clauses)~~ Processing to ~~engage subcontractors for~~ be undertaken by the ~~processing~~ Subprocessor. If within 10 days of ~~Personal Data~~ receipt of each such notice, you do not explicitly notify BMS in writing of any objections (~~each a “Subprocessor”~~on reasonable grounds) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or omissions of its Subprocessors in the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which proposed appointment, it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed ~~accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside~~ that you have consented to the ~~EEA, the Standard Contractual Clauses)~~proposed appointment. If ~~Customer has a legitimate reason to~~ you object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior to the use of ~~such~~ a Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the Subprocessor concerned SAP , BMS shall have the ~~right~~ right, at its discretion, to cure the objection through one of the following ~~options~~ options: (~~to be selected at SAP’s sole discretion): (a~~i) ~~SAP~~ BMS will ~~abort its plans~~ cease to use the Subprocessor with regard to Personal Data~~; or~~ , (bii) ~~SAP~~ BMS will take the corrective steps requested by ~~Customer~~ you in ~~its~~ your objection ~~(which remove Customer’s objection)~~ and proceed to use the Subprocessor ~~with regard~~ to process Personal Data; or (ciii) ~~SAP~~ BMS may cease to provide or ~~Customer~~ you may agree not to use (temporarily or permanently) the ~~particular aspect of the Service~~ Services that would involve use of the Subprocessor ~~with regard~~ to process Personal Data~~. If none~~ . c. Before a Subprocessor can processes Customer Personal Data, BMS will carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by this DPA and applicable Data Protection Laws; and ensure that the arrangement is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this DPA, and that such terms meet the requirements of Article 28(3) of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written noticeGDPR.

Appears in 1 contract

Sources: Data Processing Addendum

Subprocessors. ~~3.1~~ Customer hereby authorizes CCH to appoint Subprocessors in accordance with this Section 7, subject to any restrictions in the Agreement. CCH will bind Subprocessors with written agreements that require them to provide at least the level of data protection required of CCH by this Addendum relative to the Subprocessor’s activities relating to the Services. Customer authorizes CCH’s engagement of CCH’s Affiliates, and the third party(ies) listed in Annex 1, as Subprocessors. In case CCH intends to engage new or additional Subprocessors, CCH will inform Customer in writing (~~also on behalf~~ which may be by email or other Product‐enabled notification to Customer’s Product Administrator) of such additions or replacements (the “Subprocessor Notice”). If Customer has reasonable grounds proving that significant risks for the protection of its Customer Personal Data ~~Controllers) hereby authorizes SAP (also~~ exist with such new or additional Subprocessor(s), Customer will notify CCH in writing within 30 days of the date of the Subprocessor Notice, detailing the basis for the ~~purpose of Clause 11 paragraph 1~~ objection. CCH will work with Customer in good faith to make available a commercially reasonable change in the provision of the ~~Standard Contractual Clauses~~Services or recommend a commercially reasonable change to such Customer’s configuration or use of the Services to avoid processing of Customer Personal Data by the objected‐to new or additional Subprocessor(s) without unreasonably burdening Customer, in either case which avoids the use of the Subprocessor(s). Where such a change cannot be made within 90 days from CCH’s receipt of Customer’s objection notice, notwithstanding anything in the Agreement, Customer, may, as its sole remedy, by written notice to ~~engage subcontractors~~ CCH with immediate effect terminate that portion of the Agreement that relates to the Services that require the use of such new or additional Processor. CCH shall be responsible for the ~~processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any~~ acts or and omissions of ~~its~~ any Subprocessors ~~in the same manner~~ as it is to Customer for its own acts and omissions ~~hereunder. SAP shall pass on~~ in relation to ~~Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and~~ the ~~respective Data Controllers as set out~~ matters provided in this ~~Exhibit~~Addendum. ~~SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices~~ The provisions of ~~a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor~~ this Section 7 shall ~~possess a security certification that evidences appropriate security measures are in place with regard~~ not apply to the ~~Subprocessor’s services~~ extent Customer instructs CCH to ~~be provided~~ allow a third party to ~~SAP). 3.2 SAP will inform~~ Process Customer ~~upon its request by email about the name, address and role of each Subprocessor it uses~~ Personal Data pursuant to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a ~~Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If~~ contract that Customer has ~~a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if~~ directly with the Subprocessor is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the Subprocessor concerned SAP shall have the right to cure the objection through one of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written noticethird party.

Appears in 1 contract

Sources: Data Processing Addendum

Subprocessors. ~~3.1~~ 3.1. Customer (also on behalf of its Data Controllers) hereby authorizes ~~SAP~~ Resolve Systems (also for the purpose of Clause 11 paragraph 1 of ~~the Standard Contractual Clauses~~this Exhibit) to engage subcontractors for the processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as ~~SAP~~ Resolve Systems remains responsible for any acts or omissions of its Subprocessors in the same manner as for its own acts and omissions hereunder. ~~SAP~~ Resolve Systems shall pass on to Subprocessors ~~SAP's~~ Resolve Systems’ obligation as Data Processor (or Subprocessor) vis-àa-vis Customer and the respective Data Controllers as set out in this Exhibit. ~~SAP~~ Resolve Systems undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s 's services to be provided to ~~SAP~~Resolve Systems). ~~3.2 SAP~~ 3.2. Resolve Systems will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. ~~SAP~~ Resolve Systems may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. ~~SAP~~ Resolve Systems will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason to object to ~~SAP’s~~ Resolve Systems’ use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify ~~SAP~~ Resolve Systems thereof in writing within thirty (30) days after receipt of ~~SAP’s~~ Resolve Systems’ notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the Subprocessor concerned ~~SAP~~ Resolve Systems shall have the right to cure the objection through one of the following options (to be selected at ~~SAP’s~~ Resolve Systems’ sole discretion): (a) ~~SAP~~ Resolve Systems will abort its plans to use the Subprocessor with regard to Personal Data; or (b) ~~SAP~~ Resolve Systems will take the corrective steps requested by Customer in its objection (which remove Customer’s 's objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) ~~SAP~~ Resolve Systems may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after ~~SAP’s~~ Resolve Systems’ receipt of Customer’s 's objection, either party may terminate the affected Service with reasonable prior written notice.

Appears in 1 contract

Sources: Data Processing Agreement

Subprocessors. ~~3.1 Customer~~ 10.1. Controller authorizes Service Provider to appoint (also on behalf of its Data Controllers) hereby authorizes SAP (also for the purpose of Clause 11 paragraph 1 of the Standard Contractual Clauses) to engage subcontractors for the processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or omissions of its Subprocessors in the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of permit each Subprocessor ~~it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion~~ appointed in accordance with this Section 310 to appoint) Subprocessors in accordance with this Section 10 and any restrictions in the Services Agreement. 10.2. ~~SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes~~ Notwithstanding anything to the ~~list~~ contrary in this Data Processing Agreement or the Services Agreement, Service Provider may continue to use all Subprocessors (including Affiliates) already engaged by Service Provider as of ~~Subprocessors~~the Effective Date, ~~which~~ subject to Service Provider promptly meeting the obligations set forth in Section 10.4. 10.3. Service Provider shall ~~be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if~~ provide reasonable advanced notification to Customer where Service Provider wishes to engage a Subprocessor ~~is incorporated outside the EEA~~to process Customer Data and shall provide, upon Customer’s request, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection identity and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use location of the Subprocessor ~~concerned SAP shall have the right to cure the objection through one~~ and a description of the ~~following options (~~processing to be ~~selected at SAP’s sole discretion): (a) SAP~~ subcontracted or outsourced to such Subprocessor. Where Service Provider wishes to appoint a Subprocessor under this Data Processing Agreement, Service Provider will ~~abort its plans to use~~ select the Subprocessor with ~~regard~~ due diligence and will verify prior to ~~Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use~~ engaging the Subprocessor that such Subprocessor is capable of complying with ~~regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently)~~ the ~~particular aspect~~ obligations of the Service Provider towards Customer, to the extent applicable to the Services assigned to that ~~would involve use~~ Subprocessor. If, within five (5) days of receipt of such notice, Customer notifies Service Provider in writing of any objections (on reasonable grounds) to the proposed appointment, then Service Provider shall not appoint (or disclose any Customer Data to) the proposed Subprocessor until reasonable steps have been taken to address the reasonable objections raised by Customer, and Customer has been provided with a reasonable written explanation of the steps taken. 10.4. The Service Provider shall enter into a contract with each Subprocessor whereby the Service Provider shall require the Subprocessor to comply with ~~regard to Personal Data~~obligations no less onerous than the Service Provider’s obligations under this Data Processing Agreement. ~~If none~~ Service Provider shall ensure the subcontracting agreement with such Subprocessor includes appropriate contractual provisions in accordance with Data Privacy Laws. 10.5. Such subcontracting under this Section 10 shall not release the Service Provider from their responsibility for their obligations under the Services Agreement. The Service Provider shall be responsible for the work and activities of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written noticeall Subprocessors.

Appears in 1 contract

Sources: Data Processing Agreement

Appears in 1 contract

Sources: Data Processing Agreement

Subprocessors. ~~3.1 Customer~~ ‌ a. Juniper grants its general advance written permission for Supplier to delegate Processing to other processors (also on behalf of its Data Controllers) hereby authorizes SAP (also for the purpose of Clause 11 paragraph 1 of the Standard Contractual Clauses) to engage subcontractors for the processing of Personal Data (each “Subprocessors”). Supplier shall provide Juniper a ~~“Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or omissions~~ list of its Subprocessors in upon request or provide Juniper with a link to a published list of Subprocessors. Supplier shall impose on any Subprocessors contractual obligations no less stringent than the requirements applicable to Supplier under the Contract and this DPA as well as any terms required to be included under applicable Data Protection Requirements, and if Subprocessors further delegate their own obligations to additional third parties, Supplier shall require its Subprocessors to impose the same ~~manner as for its own acts~~ restrictions on such third parties. Upon ▇▇▇▇▇▇▇’s written request, Supplier shall promptly provide to Juniper copies of the data protection, data privacy, and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which information security terms it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are has in place with ~~regard~~ its Subprocessors, provided Supplier may redact confidential terms unrelated to the ~~Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request~~ foregoing. Third parties engaged by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which Supplier shall be deemed ~~accepted~~ the Subprocessors of Supplier and shall not be the employees, contractors, or Subprocessors of Juniper. Supplier shall be fully liable for the actions of its Subprocessors as ~~long as they comply with and are bound~~ if performed by Supplier itself.‌ b. To the extent required under applicable Data Protection ~~Law or~~Requirements, ~~if a Subprocessor is incorporated outside~~ Supplier shall inform Juniper of any intended changes concerning the ~~EEA~~addition or replacement of any Subprocessors, and Juniper shall have the ~~Standard Contractual Clauses). If Customer has a legitimate reason~~ opportunity to object to ~~SAP’s use of~~ any such Subprocessors. If the Parties are unable to resolve an objection based on a ~~Subprocessor (e.g. if~~ reasonable belief that the Subprocessor ~~is located in~~ would be unable to comply with the requirements of this DPA, Juniper may terminate the Contract and receive a ~~country without an adequate level~~ refund of ~~data protection~~ any unused prepaid fees and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be ~~deemed accepted. If Customer objects~~ entitled to any other rights it has under the ~~use~~ Contract. c. Notwithstanding the provisions of ~~the Subprocessor concerned SAP shall have the right to cure the objection through one~~ Section 5(a), prior express written approval of ~~the following options (to be selected at SAP’s sole discretion):~~ Juniper is required for any Subprocessors that are (a) ~~SAP will abort its plans~~ banned from providing products or services to ~~use~~ the ~~Subprocessor with regard to Personal Data;~~ United States government or any other government in the applicable territory covered by the Contract or (b) ~~SAP will take~~ listed on the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect United States Department of ~~the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably~~ The Treasury SDN List available ~~and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written notice~~at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/resource- center/sanctions/SDN-List/Pages/default.aspx.

Appears in 1 contract

Sources: Supplier Data Protection Agreement

Subprocessors. ~~3.1 Customer~~ 10.1. Controller authorizes Service Provider to appoint (also on behalf of its Data Controllers) hereby authorizes SAP (also for the purpose of Clause 11 paragraph 1 of the Standard Contractual Clauses) to engage subcontractors for the processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or omissions of its Subprocessors in the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of permit each Subprocessor ~~it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion~~ appointed in accordance with this Section 310 to appoint) Subprocessors in accordance with this Section 10 and any restrictions in the Terms of Service. 10.2. ~~SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes~~ Notwithstanding anything to the ~~list~~ contrary in this Data Processing Agreement or the Terms of ~~Subprocessors~~Service, ~~which~~ Service Provider may continue to use all Subprocessors (including Affiliates) already engaged by Service Provider as of the Effective Date, subject to Service Provider promptly meeting the obligations set forth in Section 10.4. 10.3. Service Provider shall ~~be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if~~ provide reasonable advanced notification to Customer where Service Provider wishes to engage a Subprocessor ~~is incorporated outside the EEA~~to process Customer Data and shall provide, upon Customer’s request, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection identity and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use location of the Subprocessor ~~concerned SAP shall have the right to cure the objection through one~~ and a description of the ~~following options (~~processing to be ~~selected at SAP’s sole discretion): (a) SAP~~ subcontracted or outsourced to such Subprocessor. Where Service Provider wishes to appoint a Subprocessor under this Data Processing Agreement, Service Provider will ~~abort its plans to use~~ select the Subprocessor with ~~regard~~ due diligence and will verify prior to ~~Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use~~ engaging the Subprocessor that such Subprocessor is capable of complying with ~~regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently)~~ the ~~particular aspect~~ obligations of the Service Provider towards Customer, to the extent applicable to the services assigned to that ~~would involve use~~ Subprocessor. If, within five (5) days of receipt of such notice, Customer notifies Service Provider in writing of any objections (on reasonable grounds) to the proposed appointment, then Service Provider shall not appoint (or disclose any Customer Data to) the proposed Subprocessor until reasonable steps have been taken to address the reasonable objections raised by Customer, and Customer has been provided with a reasonable written explanation of the steps taken. 10.4. The Service Provider shall enter into a contract with each Subprocessor whereby the Service Provider shall require the Subprocessor to comply with ~~regard to Personal Data~~obligations no less onerous than the Service Provider’s obligations under this Data Processing Agreement. ~~If none~~ Service Provider shall ensure the subcontracting agreement with such Subprocessor includes appropriate contractual provisions in accordance with Data Privacy Laws. 10.5. Such subcontracting under this Section 10 shall not release the Service Provider from their responsibility for their obligations under the Terms of Service. The Service Provider shall be responsible for the ~~above options are reasonably available~~ work and ~~the objection has not been cured within thirty (30) days after SAP’s receipt~~ activities of ~~Customer’s objection, either party may terminate the affected Service with reasonable prior written notice~~all Subprocessors.

Appears in 1 contract

Sources: Data Processing Agreement

Subprocessors. ~~3.1 Customer~~ a) Provider has Innomotics’ general authorization for the engagement of Subprocessors. A current list of Subprocessors commissioned by Provider is contained in ▇▇▇▇▇ ▇▇▇. b) The Provider shall specifically inform Innomotics in writing of any intended changes to that list through the addition or replacement of Subprocessors at least 30 days in advance. Provider shall provide Innomotics with the information necessary to enable Innomotics to exercise the right to object. If Innomotics raises no objections within this 30-day period, then this shall be taken as an approval of the new Subprocessor. If Innomotics raises objections, Provider will - before authorizing the Sub- processor to access Personal Data - use reasonable efforts to address the concerns and reservations expressed by Innomotics and (~~also~~ i) refrain from using the Subprocessor or (ii) propose to Innomotics a reasonable change in the Services or Innomotics’ configuration or use of the Services to avoid Processing of Personal Data by the objected-to new Subprocessor. If Provider is unable to eliminate the grounds for the objection by Innomotics, Innomotics is entitled to terminate the affected Services without any damages or penalties. In the event of termination by Innomotics, Provider will refund any prepaid amounts for the applicable Service on a pro-rata basis. c) Where the Provider engages a Subprocessor to carry out specific processing activities (on behalf of ~~its Data Controllers~~Innomotics and/or Authorized Entities), it shall do so by way of a written contract that provides for, in substance, the same data protection obli- gations as those binding the Provider under this DPA. d) ~~hereby authorizes SAP (also for the purpose~~ Provider shall provide, at Innomotics’ request, a copy of ~~Clause 11 paragraph 1 of the Standard Contractual Clauses)~~ such a Subprocessor contract and any subsequent amendments to ~~engage subcontractors for the processing of Personal Data (each a “Subprocessor”) to~~ Innomotics. To the extent necessary ~~for fulfilling its contractual obligations under~~ to protect business secrets or other confidential information, including Personal Data, Provider may redact the ~~Agreement as long as SAP remains responsible for any acts or omissions~~ text of ~~its Subprocessors in~~ the ~~same manner as for its own acts~~ contract prior to sharing a copy. e) Provider shall adequately and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, regularly audit the Subprocessor with respect to compliance with these requirements and document the results of such audits. f) Provider shall ~~possess a security certification that evidences appropriate security measures are in place with regard~~ remain fully responsible to Innomotics for the performance of the Subprocessor’s ~~services to be provided to SAP). 3.2 SAP will~~ obligations under its con- tract with the Provider. Provider shall immediately inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) Innomotics of any ~~changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound~~ failure by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor ~~is located in a country without an adequate level of data protection and Customer needs~~ to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the Subprocessor concerned SAP shall have the right to cure the objection through one of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort fulfil its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service obligations under that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written noticecontract.

Appears in 1 contract

Sources: Data Protection Agreement

Subprocessors. ~~3.1~~ Findmyshift shal be entitled to engage Subprocessors to fulfil Findmyshift’s obligations defined in the Agreement only with Customer’s written consent. For these purposes, Customer ~~(also on behalf~~ consents to the engagement as Subprocessors of ~~its Data Controllers) hereby authorizes SAP (also~~ the third parties listed in Annex 4. For the avoidance of doubt, the above authorisation constitutes Customer’s prior written consent to the sub-Processing by Findmyshift for ~~the purpose~~ purposes of Clause 11 ~~paragraph 1~~ of the Standard Contractual Clauses) . 1. If Findmyshift intends to ~~engage subcontractors for~~ instruct Subprocessors other than the ~~processing of Personal Data~~ companies listed in Annex 4, Findmyshift wil notify the Customer thereof in writing (~~each a “Subprocessor”)~~ email to the ~~extent necessary~~ email address(es) on record in Findmyshift’s account information for ~~fulfilling its contractual obligations under~~ Customer is suf icient) and wil give the ~~Agreement as long as SAP remains responsible for any acts or omissions of its Subprocessors in~~ Customer the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). 3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason opportunity to object to ~~SAP’s use~~ the engagement of ~~a Subprocessor~~ the new Subprocessors within 30 days after being notified. The objection must be based on reasonable grounds (e.g. if the ~~Subprocessor is located in a country without an adequate level~~ Customer proves that significant risks for the protection of ~~data protection~~ its Personal Data exist at the Subprocessor). If Findmyshift and Customer ~~needs~~ are unable to ~~complete additional formalities as a Data Controller prior to the use of~~ resolve such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the Subprocessor concerned SAP shall have the right to cure the objection through one of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the ~~affected Service~~ Agreement by providing written notice to the other party. Customer shal receive a refund of any prepaid but unused fees for the period folowing the ef ective date of termination. 2. When instructing Subprocessors other than the companies listed in Annex 4, and before that Subprocessor first Processes Customer Personal Data, Findmyshift agrees to carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Personal Data required by the Agreement. 3. Where Findmyshift engages Subprocessors, Findmyshift wil enter into a contract with ~~reasonable prior~~ the Subprocessor that imposes on the Subprocessor the same obligations that apply to Findmyshift under this DPA. Where the Subprocessor fails to fulfil its data protection obligations, Findmyshift wil remain liable to the Customer for the performance of such Subprocessors obligations. 4. Where a Subprocessor is engaged, the Customer must be granted the right to monitor and inspect the Subprocessor’s activities in accordance with this DPA and Data Protection Laws, including to obtain information from Findmyshift, upon written ~~notice~~request, on the substance of the contract and the implementation of the data protection obligations under the sub-Processing contract, where necessary by inspecting the relevant contract documents. 5. The provisions of this Section 4.6 shal mutualy apply if Findmyshift engages a Subprocessor in a country outside the European Economic Area (“EEA”) not recognised by the European Commission as providing an adequate level of protection for personal data. If, in the performance of this DPA, Findmyshift transfers any Personal Data to a sub-processor located outside of the EEA, Findmyshift shal, in advance of any such transfer, ensure that a legal mechanism to achieve adequacy in respect of that processing is in place.

Appears in 1 contract

Sources: Data Processing Agreement

Subprocessors. ~~3.1 Customer~~ Partner hereby authorizes the use of Subprocessor(s) engaged by WKH for the provision of the Services. Partner approves the WKH Subprocessors set forth here: ▇▇▇▇▇://▇▇▇.▇▇▇/Pages/subprocessors.aspx. In case WKH intends to engage new or additional Subprocessors, WKH will inform Partner of such addition or replacement of Subprocessors (~~also~~ the “Subprocessor Notice”), which Subprocessor Notice may be by email to the email address(es) on ~~behalf~~ record in WKH’s account information for Partner. If Partner has a reasonable basis to object to the use of any such new or additional Subprocessors because Partner is able to prove that significant risks for the protection of its Partner Personal Data ~~Controllers) hereby authorizes SAP (also~~ exist with such Subprocessors, Partner will notify WKH in writing within 30 days of the date of the Subprocessor Notice, detailing the basis for such objection. WKH will work with Partner in good faith to make available a commercially reasonable change in the provision of the Services or recommend a commercially reasonable change to such Partner’s configuration or use of the Services to avoid processing of Partner Personal Data by the objected-to new or additional Subprocessor without unreasonably burdening Partner, in either case which avoids the use of the Subprocessor. Where such a change cannot be made within 90 days from WKH’s receipt of Partner’s objection notice, notwithstanding anything in the Agreement, Partner, may, as its sole remedy, by written notice to WKH with immediate effect terminate that portion of the Agreement that relates to the Services that require the use of such new or additional Subprocessors. WKH will bind Subprocessors with written agreements that require them to provide at least the level of data protection required of WKH by this Addendum relative to the Subprocessor’s activities relating to the Services. WKH shall be responsible for the purpose of Clause 11 paragraph 1 of the Standard Contractual Clauses) to engage subcontractors for the processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement as long as SAP remains responsible for any acts or and omissions of ~~its~~ any Subprocessors ~~in the same manner~~ as it is to Partner for its own acts and omissions ~~hereunder. SAP shall pass on~~ in relation to ~~Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and~~ the ~~respective Data Controllers as set out~~ matters provided in this ~~Exhibit~~Addendum. ~~SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices~~ The provisions of ~~a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor~~ this Section 7 shall ~~possess a security certification that evidences appropriate security measures are in place with regard~~ not apply to the ~~Subprocessor’s services~~ extent Partner instructs WKH to ~~be provided~~ allow a third party to ~~SAP)~~process Partner Personal Data pursuant to a contract that Partner has directly with the third party. 3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP may remove or appoint suitable and reliable other Subprocessors at its own discretion in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the Subprocessor concerned SAP shall have the right to cure the objection through one of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written notice.

Appears in 1 contract

Sources: Data Processing Addendum

Subprocessors. ~~3.1~~ ‌ 8.1 Customer ~~(also on behalf of its Data Controllers)~~ hereby authorizes ~~SAP (also for the purpose of Clause 11 paragraph 1 of the Standard Contractual Clauses)~~ SmartRecruiters to engage ~~subcontractors for the processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling its contractual obligations under the Agreement~~ Subprocessors as ~~long as SAP~~ further specified in Annex 3 – Subprocessors, provided that SmartRecruiters remains responsible for any acts or omissions of its Subprocessors in the same manner as for its own acts and omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor) vis-à-vis Customer and the respective Data Controllers as set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP). ~~3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service. SAP~~ 8.2 SmartRecruiters may remove or appoint suitable and reliable ~~other~~ o t h e r Subprocessors at its own discretion in accordance with this Section ~~3. SAP will~~ 8.2:‌ (a) S m a r t R e c r u i t e r s shall inform Customer ~~by email~~ 30 days in advance ~~(except for Emergency Replacements under Section 3.3)~~ of any envisaged changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). Subprocessors.‌ (b) If Customer has a legitimate data protection related reason to object to ~~SAP’s~~ SmartRecruiters’ use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) , Customer shall notify ~~SAP thereof in writing~~ SmartRecruiters within ~~thirty~~ fourteen (3014) days after receipt of ~~SAP’s notice~~SmartRecruiters’ notice according to Section (a)8.2(a) above. If Customer does not object during ~~such~~ this time ~~period~~ period, the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use of the ~~Subprocessor concerned SAP~~ Subprocessor(s) concerned, SmartRecruiters shall have the right to cure the objection through one of the following options (to be selected at ~~SAP’s~~ SmartRecruiters’ sole discretion): (a) ~~SAP~~ SmartRecruiters will abort its plans to use the Subprocessor with regard to Customer’s Personal Data; or (b) ~~SAP~~ SmartRecruiters will take ~~the~~ corrective steps ~~requested by Customer in its objection (which remove Customer’s objection)~~ and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Customer’s Personal Data. If ~~none~~ SmartRecruiters decides not to implement option (a) or (b) above, SmartRecruiters shall notify Customer without undue delay. In this case Customer shall be entitled within further fourteen (14) days to notify in writing SmartRecruiters about its termination of the ~~above options are reasonably available~~ Main Agreement and any such termination would become effective upon the ~~objection has not been cured within thirty~~ expiry of the second (302nd) ~~days~~ calendar month after ~~SAP’s~~ SmartRecruiters’ receipt of the termination notice. (c) For the avoidance of doubt, irrespective of any Customer objection according to lit. (b) above, SmartRecruiters shall be entitled to engage any Subprocessor, it being understood that Customer’s ~~objection, either party may terminate the affected Service~~ termination right in accordance with ~~reasonable prior written notice~~lit. (b) above remains unaffected. 8.3 SmartRecruiters shall pass on to it s subcontractors acting as Subprocessors SmartRecruiters’ obligations under this Data Processing Agreement.

Appears in 1 contract

Sources: Data Processing Agreement

Subprocessors. ~~3.1~~ 1. Customer ~~(also on behalf of its Data Controllers) hereby authorizes SAP (also for the purpose of Clause 11 paragraph 1 of the Standard Contractual Clauses)~~ agrees that Civic may use sub-processors to ~~engage subcontractors for the processing of Personal Data (each a “Subprocessor”) to the extent necessary for fulfilling~~ fulfil its contractual obligations under the ~~Agreement~~ Agreement. Where Civic authorizes any sub-processor as ~~long~~ described in this Section 4, Civic agrees to impose data protection terms on any sub-processor it appoints that require it to protect the Customer Personal Data to the standard required by applicable Data Protection Laws, such as ~~SAP remains responsible for any acts or omissions~~ including the same data protection obligations referred to in Article 28(3) of ~~its Subprocessors~~ the GDPR, in particular providing sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of the Data Protection Laws. 2. Civic shall make available to Customer the current list of sub-processors utilised, in Appendix 2 . Civic may continue to use those Sub-processors already engaged as at the date of this DPA. 3. Civic will notify the Customer of new sub-processors by email. If, within a reasonable time specified in the notice, Customer notifies Civic in writing of any objections to the proposed appointment based on reasonable grounds relating to data protection: Civic shall work with Customer in good faith to make available a commercially reasonable change in the provision of the Services which avoids the use of that proposed sub-processor. Where such a change cannot be made, notwithstanding anything in the Terms, Customer may by written notice to Civic with immediate effect terminate the relationship. Such termination is without prejudice to any fees incurred by Customer prior to the termination. 4. Where Civic utilises sub-processors, Civic shall remain the Customer's sole point of contact for all matters falling within the scope of this DPA, and shall procure that its sub-processor complies with and is bound by the requirements of this DPA as they apply to Civic. 5. Civic shall procure that all sub-processors used by it in the provision of the Services from time to time under this Agreement execute a confidentiality undertaking on terms that are substantially the same ~~manner~~ as ~~for its own acts~~ (and ~~omissions hereunder. SAP shall pass on to Subprocessors SAP's obligation as Data Processor (or Subprocessor~~no less onerous than) ~~vis-à-vis Customer and the respective Data Controllers as~~ those set out in this Exhibit. SAP undertakes to have a selection process by which it evaluates the security, privacy and confidentiality practices of a Subprocessor in regard to data handling on a scheduled basis (alternatively, the Subprocessor shall possess a security certification that evidences appropriate security measures are in place with regard to the Subprocessor’s services to be provided to SAP)DPA. ~~3.2 SAP will inform Customer upon its request by email about the name, address and role of each Subprocessor it uses to provide the Service~~6. ~~SAP may remove or appoint suitable and reliable other~~ The Subprocessors ~~at its own discretion~~ listed in accordance with this Section 3. SAP will inform Customer by email in advance (except for Emergency Replacements under Section 3.3) of any changes to the list of Subprocessors, which shall be deemed accepted as long as they comply with and are bound by applicable Data Protection Law or, if a Subprocessor is incorporated outside the EEA, the Standard Contractual Clauses). If Customer has a legitimate reason to object to SAP’s use of a Subprocessor (e.g. if the Subprocessor is located in a country without an adequate level of data protection and Customer needs to complete additional formalities as a Data Controller prior to the use of such Subprocessor) Customer shall notify SAP thereof in writing within thirty (30) days after receipt of SAP’s notice. If Customer does not object during such time period the new Subprocessor(s) shall be deemed accepted. If Customer objects to the use Appendix 2 of the ~~Subprocessor concerned SAP shall have~~ DPA are approved for processing of Personal Data under the right to cure the objection through one of the following options (to be selected at SAP’s sole discretion): (a) SAP will abort its plans to use the Subprocessor with regard to Personal Data; or (b) SAP will take the corrective steps requested by Customer circumstances specified in its objection (which remove Customer’s objection) and proceed to use the Subprocessor with regard to Personal Data; or (c) SAP may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve use of the Subprocessor with regard to Personal Data. If none of the above options are reasonably available and the objection has not been cured within thirty (30) days after SAP’s receipt of Customer’s objection, either party may terminate the affected Service with reasonable prior written noticethis DPA.

Appears in 1 contract

Sources: Data Processing Agreement

Common use of Subprocessors Clause in Contracts