Common use of Use of Sub Clause in Contracts

Use of Sub. processors and export of data The Data Processor's use of sub-processors to process personal data shall be agreed in writing with the Data Controller before the processing by the sub-processor commences unless the use of sub-processor already results from the Subscription Agreement. The Data Processor will ensure that any sub-processors only access and use personal data in accordance with the terms of this data processor agreement and that such sub-processors are bound by written agreements that require them to provide at least the level of data protection required by Applicable Data Protection Legislation. The Data Controller may, on reasonable and justifiable grounds, refuse to approve new sub-processors. The sub-processor's listed on the following website, are hereby approved by the Data Controller: xxxxx://xxxxxxxxxxx.xxx/global/gdpr/subprocessors. Should the Data Controller require more detailed information related to processing locations in order to comply with legal requirements or requests from data protection authorities, the Data Processor shall assist the Data Controller to address such compliance needs, provided that, prior to any such provision of information, the Data Controller has entered into appropriate confidentiality obligations where this is deemed necessary by the Data Processor. Changes concerning an addition or a replacement of an entity listed in the aforementioned list shall be made available to the Data Controller, including by announcing them to the Data Controller through automated notices or other means where appropriate. Within 4 weeks of receiving such notice, the Data Controller may object to any such change or addition solely on reasonable grounds. The Data Processor is responsible towards the Data Controller for the sub-processor's actions and omissions in the same manner as if these were the Data Processor's own acts or omissions. The Data Processor is responsible for ensuring that the sub-processor is familiar with the Data Processor's contractual and statutory duties, and that the sub-processor performs them in a similar manner vis-à-vis the Data Processor. The Data Processor, and any potential sub-processor, cannot transfer Personal Data outside the EU/EEA-area or pre-approved third countries without the prior written consent of the Data Controller. Data Controller's access to or use of Personal Data from or in a Third Country shall not, on the account of the Data Processor or any sub-processor, be considered Transfer of Personal Data to such Third Country. To the extent such transfer of personal data is taking place, either to Data Processor entities or other third party sub-processors located in countries outside the EU/EEA- area, such transfers shall be subject to binding and appropriate transfer mechanisms which provide an adequate level of protection in compliance with Applicable Data Protection Legislation.