Common use of Use of sub-processors Clause in Contracts

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- processor to fulfill its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days two weeks (where possible) in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third third-party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor Processor has the controllerController’s general authorisation authorization for the engagement of sub-processors Processors from an agreed list. The processor Processor shall specifically inform in writing the controller Controller of any intended changes of that list through the addition or replacement of sub-processors Processors at least 30 (thirty) days in advance, thereby giving the controller Controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(sProcessor(s). The processor Processor shall provide the controller Controller with the information necessary to enable the controller Controller to exercise the right to object. If the Controller does not object within 30 days, his respective consent shall be deemed granted. The Controller agrees herewith with the involvement of the Sub-Processors as listed in ▇▇▇▇▇ ▇▇▇. (b) Where the processor Processor engages a sub-processor Processor for carrying out specific processing activities (on behalf of the controllerController), it shall do so by way of a contract which imposes on the sub-processorProcessor, in substance, the same data protection obligations as the ones imposed on the data processor Processor in accordance with these Clauses. The processor Processor shall ensure that the sub-processor Processor complies with the obligations to which the processor Processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controllerController’s request, the processor Processor shall provide a copy of such a sub-processor Processor agreement and any subsequent amendments to the controllerController. To the extent necessary to protect business secret or other confidential information, including personal data, the processor Processor may redact the text of the agreement prior to sharing the copy. (d) The processor Processor shall remain fully responsible to the controller Controller for the performance of the sub- processorsub-Processor’s obligations in accordance with its contract with the processorProcessor. The processor Processor shall notify the controller Controller of any failure by the sub- processor sub-Processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 ten (10) days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. If the controller does notify the processor of such an objection, the parties will discuss the controller’s concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, the processor will, at its sole discretion, either not appoint the new sub- processor, or permit the controller to suspend or terminate the Agreement in accordance with the termination provisions of the Agreement without liability to either party (but without prejudice to any fees incurred by the controller prior to suspension or termination). (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor Processor has the controllerController’s general authorisation for the engagement of sub-processors from an agreed listprocessors. The processor Processor shall specifically inform the Controller in writing the controller writing, of any intended changes of that list through the addition sub-processing or replacement of change in sub-processors at least 30 days in advancethree weeks prior, thereby giving the controller Controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s)changes. The processor Processor shall provide the controller Controller with the information necessary to enable the controller Controller to exercise the right to object. (b. The use of the sub-processors listed in Annex 2 shall be deemed to be approved, provided that the prerequisites set out in Section 6(2) of this Agreement are implemented. Where the processor Processor engages a sub-processor for carrying out specific processing activities (on behalf of the controllerController), it shall do so by way of a contract written contract, which may also be concluded in an electronic format, which imposes on the sub-sub- processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clausesthe clauses in this Agreement. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controllerController’s request, the processor Processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controllerController. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor Processor shall remain fully responsible to the controller Controller for the performance of the sub- processor’s obligations in accordance with its contract with the processorProcessor. The processor Processor shall notify the controller Controller of any failure by the sub- processor to fulfill its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return fulfil its contractual obligations without undue delay. The Processor shall ensure compliance with the provisions of Articles 44 to 50 of the GDPR in the event of a subcontracting involving a transfer of personal datadata within the meaning of Chapter V of the GDPR by providing, where necessary, appropriate safeguards in accordance with Article 46 of the GDPR.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: 1. The processor has the controller’s general authorisation for the engagement of sub-sub- processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-sub- processors at least 30 days one month in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) 2. Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-sub- processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clausesthis Agreement. The processor shall ensure that the sub-sub- processor complies with the obligations to which the processor is subject pursuant to these Clauses this Agreement and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) 3. At the controller’s request, the processor shall provide a copy of such a sub-processor subprocessor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) 4. The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- processor to fulfill its contractual obligations.processor (e) 5. The processor shall agree to a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor subprocessor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has shall not subcontract any of its processing operations performed on behalf of the controller in accordance with these Clauses to a sub-processor, without the controller’s general authorisation for the engagement of sub-processors from an agreed listprior specific written authorisation. The processor shall specifically inform in writing submit the controller of any intended changes of that list through the addition or replacement of sub-processors request for specific authorisation at least 30 days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller in question, together with the information necessary to enable the controller to exercise decide on the right authorisation. The list of sub-processors authorised by the controller can be found in Annex IV. The Parties shall keep Annex IV up to objectdate. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third third-party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has shall not subcontract any of its processing operations performed on behalf of the controller in accordance with these Clauses to a sub-processor, without the controller’s general authorisation for the engagement of sub-processors from an agreed listprior specific written authorisation. The processor shall specifically inform in writing submit the controller of any intended changes of that list through the addition or replacement of sub-processors request for specific authorisation at least 30 days in advance, thereby giving the controller sufficient time to be able to object to such changes [SPECIFY TIME PERIOD] prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller in question, together with the information necessary to enable the controller to exercise decide on the right authorisation. The list of sub-processors authorised by the controller can be found in Annex IV. The Parties shall keep Annex IV up to object. (b) date. Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) . At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) . The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) . The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: a. The processor has the controller’s general authorisation for the engagement of sub-processors processor(s) from an agreed list. The processor shall specifically inform the controller in writing the controller of any intended changes of to that list through the addition or replacement of sub-processors at least 30 days 2 months in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide provides the controller with the necessary information necessary as described in Clause 2.c, to enable the controller to exercise the its right to object. All further use of the services is considered an active acceptance of the changes. (b) b. Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/17252016/679. (c) c. At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret secrets or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) d. The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- processor to fulfill its contractual obligations. (e) e. The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended in- tended changes of that list through the addition or replacement of sub-processors at least 30 15 days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide pro- vide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation Regula- tion (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement agree- ment and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent insol- vent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor Data Processor has the controller’s Data Controllerʼs general authorisation for the engagement of sub-processors from an agreed list. The processor Data Processor shall specifically inform in writing the controller Data Controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 thirty (30) calendar days in advance, thereby giving the controller Data Controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor Data Processor shall provide the controller Data Controller with the information necessary to enable the controller Data Controller to exercise the right to object. (b) Where the processor Data Processor engages a sub-processor for carrying out specific processing activities (on behalf of the controllerData Controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor Data Processor in accordance with these Clauses. The processor Data Processor shall ensure that the sub-processor complies with the obligations to which the processor Data Processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s Data Controllerʼs request, the processor Data Processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controllerData Controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor Data Processor may redact the text of the agreement prior to sharing the copy. (d) The processor Data Processor shall remain fully responsible to the controller Data Controller for the performance of the sub- processor’s sub-processorʼs obligations in accordance with its contract with the processorData Processor. The processor Data Processor shall notify the controller Data Controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor Data Processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor Data Processor has factually disappeared, ceased to exist in law or has become insolvent - the controller Data Controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-sub- processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-sub- processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor Processor has the controllerController’s general authorisation for the engagement of sub-processors from an agreed listprocessors. The processor Processor shall specifically inform the Controller in writing the controller writing, of any intended changes of that list through the addition sub-processing or replacement of change in sub-processors at least 30 days in advancethree weeks prior, thereby giving the controller Controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s)changes. The processor Processor shall provide the controller Controller with the information necessary to enable the controller Controller to exercise the right to object. (b. The use of the sub-processors listed in Annex 2 shall be deemed to be approved, provided that the prerequisites set out in Section 7(2) of this Agreement are implemented. Where the processor Processor engages a sub-processor for carrying out specific processing activities (on behalf of the controllerController), it shall do so by way of a contract written contract, which may also be concluded in an electronic format, which imposes on the sub-sub- processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clausesthe clauses in this Agreement. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controllerController’s request, the processor Processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controllerController. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor Processor shall remain fully responsible to the controller Controller for the performance of the sub- processor’s obligations in accordance with its contract with the processorProcessor. The processor Processor shall notify the controller Controller of any failure by the sub- processor to fulfill its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return fulfil its contractual obligations without undue delay. The Processor shall ensure compliance with the provisions of Articles 44 to 50 of the GDPR in the event of a subcontracting involving a transfer of personal datadata within the meaning of Chapter V of the GDPR by providing, where necessary, appropriate safeguards in accordance with Article 46 of the GDPR.

Use of sub-processors. (a) GENERAL WRITTEN PRIOR SPECIFIC AUTHORISATION: The processor has shall not subcontract any of its processing operations performed on behalf of the controller in accordance with these Clauses to a sub-processor, without the controller’s general authorisation for the engagement of sub-processors from an agreed listprior specific written authorisation. The processor shall specifically inform in writing submit the controller of any intended changes of that list through the addition or replacement of sub-processors request for specific authorisation at least 30 10 (ten) business days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller in question, together with the information necessary to enable the controller to exercise decide on the right authorisation. The list of sub-processors authorised by the controller can be found in Annex IV. The Parties shall keep Annex IV up to objectdate. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725the applicable data protection law. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors pro- cessors from an agreed list. The processor shall specifically inform in writing the controller control- ler of any intended changes of that list through the addition or replacement of sub-sub- processors at least 30 days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(sproces- sor(s). The processor shall provide the controller con- troller with the information necessary to enable ena- ble the controller to exercise the right to objectob- ject. (b) Where the processor engages a sub-processor proces- sor for carrying out specific processing activities activ- ities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations ob- ligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/17252016/679. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor pro- cessor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary bene- ficiary clause with the sub-processor whereby - in the event the processor has factually disappeareddis- appeared, ceased to exist in law or has become be- come insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has shall not subcontract any of its processing operations performed on behalf of the controller in accordance with these Clauses to a sub-processor, without the controller’s general authorisation for the engagement of sub-processors from an agreed listprior specific written authorisation. The processor shall specifically inform in writing submit the controller of any intended changes of that list through the addition or replacement of sub-processors request for specific authorisation at least 30 days in advance, thereby giving the controller sufficient time to be able to object to such changes [SPECIFY TIME PERIOD] prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller in question, together with the information necessary to enable the controller to exercise decide on the right authorisation. The list of sub-processors authorised by the controller can be found in Annex IV. The Parties shall keep Annex IV up to object. (b) date. Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) . At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) . The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) . The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-sub- processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days four weeks in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-sub- processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-sub- processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list, which can be found here: ▇▇▇▇▇://▇▇▇▇.▇▇▇▇▇.▇▇▇/en/articles/1937299-general-data- protection-regulation-gdpr-at-Jotta#sub-processors. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-sub- processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days two weeks in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-sub- processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: a. The processor has the controller’s general authorisation for the engagement of sub-processors processor(s) from an agreed list. The processor shall specifically inform the controller in writing the controller of any intended changes of to that list through the addition or replacement of sub-processors at least 30 days 2 months in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide provides the controller with the necessary information necessary as described in Clause 2.c, to enable the controller to exercise the its right to object. All further use of the services is considered an active acceptance of the changes. (b) b. Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/17252016/679. (c) c. At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret secrets or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) d. The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- processor to fulfill fulfil its contractual obligations. (e) e. The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days in advance, thereby giving the controller sufficient sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- processor to fulfill fulfill its contractual obligations. (e) The processor shall agree a third party beneficiary beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 ten (10) days in advance, thereby giving the controller sufficient time to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller with the information necessary to enable the controller to exercise the right to object. If the controller does notify the processor of such an objection, the parties will discuss the controller’s concerns in good faith with a view to achieving a commercially reasonable resolution. If no such resolution can be reached, the processor will, at its sole discretion, either not appoint the new sub-processor, or permit the controller to suspend or terminate the Agreement in accordance with the termination provisions of the Agreement without liability to either party (but without prejudice to any fees incurred by the controller prior to suspension or termination). (b) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance with these Clauses. The processor shall ensure that the sub-processor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. (c) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controller. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (d) The processor shall remain fully responsible to the controller for the performance of the sub- processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (e) The processor shall agree a third party beneficiary clause with the sub-processor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-sub- processor to erase or return the personal data.

Use of sub-processors. (a) GENERAL WRITTEN AUTHORISATION: The processor has the controller’s general authorisation for the engagement of sub-processors from an agreed list. The processor shall specifically inform in- form in writing the controller of any intended changes of that list through the addition or replacement of sub-processors at least 30 days four weeks in advance, thereby giving the controller sufficient time (within 2 weeks of receipt of the information) to be able to object to such changes prior to the engagement of the concerned sub-processor(s). The processor shall provide the controller control- ler with the information necessary to enable the controller to exercise the right to object. (b) The list of sub-processors authorised by the controller can be found in Annex V. The Parties shall keep Annex V up to date. (c) Where the processor engages a sub-processor for carrying out specific processing activities (on behalf of the controller), it shall do so by way of a contract which imposes on the sub-processor, in substance, the same data protection obligations as the ones imposed on the data processor in accordance accor- dance with these Clauses. The processor shall ensure that the sub-processor proces- sor complies with the obligations to which the processor is subject pursuant to these Clauses and to Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725the GDPR. (cd) At the controller’s request, the processor shall provide a copy of such a sub-processor agreement and any subsequent amendments to the controllercontrol- ler. To the extent necessary to protect business secret or other confidential information, including personal data, the processor may redact the text of the agreement prior to sharing the copy. (de) The processor shall remain fully responsible to the controller for the performance perfor- ▇▇▇▇▇ of the sub- sub-processor’s obligations in accordance with its contract with the processor. The processor shall notify the controller of any failure by the sub- sub-processor to fulfill fulfil its contractual obligations. (ef) The processor shall agree a third party beneficiary clause with the sub-processor pro- cessor whereby - in the event the processor has factually disappeared, ceased to exist in law or has become insolvent - the controller shall have the right to terminate the sub-processor contract and to instruct the sub-processor pro- cessor to erase or return the personal data.