Subcontracting relationships Clause Samples

Subcontracting relationships. 1. The commissioning of subcontractors for the fulfilment of the order is only permitted with the written consent of the client. meetyoo assures that it has carefully selected the subcontractor with particular regard to the suitability of the technical and organisational measures it has taken. 2. The client acknowledges the contractually agreed services or the partial services described below shall be carried out using the following subcontractors: MEETYOO GO Services Name/Company: Amazon Web Services EMEA SARL Function/Activity: Provision of server capacities at the Frankfurt/Backup Paris site Registered office [city, country]: Luxembourg, Luxembourg Certification: ISO 9001, ISO 27001, ISO 27017, ISO 27018 Name/Company: Stripe Payments Europe Ltd. Function/Activity: Payment processing Registered office: Dublin, Ireland Certification: PCI-DSS, SOC 1/2 3. The client agrees that meetyoo may use subcontractors. Before calling in or replacing subcontractors, meetyoo will inform the client. The client may reasonably object to the change in writing within a period of ten days for good cause. If no objection is made within this period, the change will be deemed to have been accepted. 4. No consent is required for the involvement of subcontractors where the subcontractor merely makes use of an ancillary service to support the provision of services under the main contract, even if access to the client's data cannot be ruled out in the process (transport services of postal or courier services as well as money transport services, etc.). meetyoo will conclude confidentiality agreements customary in the industry with such subcontractors. 5. The subcontracting data processing agreement must have an adequate level of protection comparable to that of this contract. meetyoo will regularly check compliance with the subcontractor's obligations. meetyoo must in particular check in advance and regularly during the term of the contract that the subcontractor has taken the technical and organisational measures for the protection of personal data required under Article 32 (1)

Subcontracting relationships. (1) If and to the extent that the Contractor wishes to use subcontractors to provide the contractually agreed services and if it cannot be ruled out that these subcontractors have the possibility of obtaining knowledge of the Client's data in the course of their activities, the Contractor may only and only then commission the subcontractor and enable it to obtain knowledge of the Client's data if it has informed the Client specifically and in detail in text form about the points in item 6.2, has given the Client the opportunity to object (see item 7.3) and the Client has not raised an objection within the objection period. Subcontractors who are already in a subcontracting relationship with ▇▇▇▇▇▇ at the time the contract is concluded are listed in Annex 2. (2) The information of the Contractor according to item 7.1 must contain at least in concrete and detailed form: a. the identity of the subcontractor, b. The specific services to be provided by the subcontractor to the contractor; and c. Subcontractor's warranties or representations that it will comply with the provisions of this Order accordingly. (3) The Customer shall be entitled to object to the assignment of a subcontractor in text form within 14 days after receipt of the information pursuant to Section 7.2, provided that this is not done arbitrarily. (4) If and to the extent that data of the Customer becomes accessible to the subcontractor, the Contractor shall be obliged to agree in writing with the subcontractor, prior to the first making accessible of data of the Contractor, on a contract processing agreement imposing corresponding obligations on the subcontractor as regulated in this Agreement. Upon request of the Customer, the Contractor shall provide a copy of the order processing agreement and evidence of the Subcontractor's compliance with the obligations resulting therefrom. The Contractor shall ensure by agreement with its subcontractor that it is entitled to disclose this information to the Customer and that the Customer may also exercise its control rights pursuant to 7. directly against the subcontractor. (5) Notwithstanding the provisions of Clauses 7.1-7.5, the Contractor shall be fully responsible for the Subcontractor and shall be liable for the Subcontractor's compliance with its obligations towards the Client. (6) Not to be understood as a subcontracting relationship within the meaning of this provision are those services which the Contractor uses from third parties as an ancill...

Subcontracting relationships. 10.1 The Controller agrees that the Processor may use subcontractors to carry out certain processing activities with regard to Personal Data. 10.2 The current subcontractors are listed in the Schedule. 10.3 If the Processor engages additional subcontractors or replaces or removes subcontractors, it will (i) inform the Controller of this in good time in advance and (ii) enter into a written contract with the subcontractor which imposes the obligations set out in Article 28 (3) and (4) GDPR on the subcontractor. The Controller may object to the engagement of subcontractors within 30 days in writing with appropriate justification if the engagement of a subcontractor violates this Contract Data Processing Agreement or Data Protection Laws. 10.4 The Processor's contract with the subcontractor must comply with the requirements of the Data Protection Laws, in particular Article 28

Subcontracting relationships. (1) For the purposes of this provision, subcontracting relationships are deemed to relate directly to the provision of the main service. Subcontracted ancillary services, which do not primarily concern personal data processing, e.g. services around post, telecommunication, logistics, cleaning and skilled trades, are not included. However, even in the case of subcontracted ancillary services, the Contractor shall ensure the protection and security of the Client’s data by means of adequate and legally compliant agreements and supervisory measures. (2) The Contractor may appoint an external processor (hereinafter referred to as the Subcontractor). By signing this Agreement, the data controller gives the Contractor general permission to employ a Subcontractor. The Contractor shall inform the Client of any intended change regarding the use of Sub- contractors, including their replacement. The Client may voice objections in relation to a Subcontractor and, if these are not resolved amicably, may terminate this Agreement as of the date on which the change takes effect. Currently, no subcontractors are engaged, unless such are listed in Appendix 3 - Subcontractors. (3) The Contractor shall, as a minimum and in compliance with applicable data protection law, transfer to Subcontractors the relevant obligations under this Agreement by way of (sub-)processing agree- ments, including appropriate technical and organisational measures to be taken. (4) The Contractor shall conclude confidentiality agreements with all Subcontractors, unless an ▇▇▇- ▇▇▇▇▇ statutory confidentiality obligation applies.

Subcontracting relationships. (1) The commissioning of subcontractors for the fulfillment of the order is only permitted with the written consent of the client. meetyoo assures that it has carefully selected the subcontractor with particular regard to the suitability of the technical and organizational measures it has taken. (2) he contractually agreed services or the partial services described below shall be carried out using the following subcontractors: meetyoo conferencing GmbH ▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇ ▇▇▇ ▇▇▇▇▇ ▇▇▇▇▇▇, ▇▇▇▇▇▇▇ Name/Company: Amazon Web Services EMEA SARL Function/Activity: Provision of server capacities at the Frankfurt/Backup Paris site Registered office [city, country]: Luxembourg, Luxembourg Certification: Privacy Shield, ISO 9001, ISO 27001, ISO 27017, ISO 27018 Name/Company:: Stripe Payments Europe Ltd. Function/Activity: Payment processing Registered office: Dublin, Ireland Certification: : PCI-DSS, SOC 1/2

Subcontracting relationships. (1) The Client agrees in principle that the Contractor may subcontract to carefully selected third-party com- panies. The Contractor shall inform the Client in good time before any intended change with regard to the en- gagement or replacement of other third-party compan- ies. In this case, the Client may object to the engage- ment or replacement. If this makes it impossible for the Contractor to perform the subject-matter of this Agree- ment, the Contractor may extraordinarily terminate this Agreement and the contract for the provision of hosting services at the time of the intended engagement or re- placement. (2) When subcontracting, the Contractor shall comply with the requirements of Article 28

Subcontracting relationships. (1) For the purposes of this agreement, subcontracting shall mean services which relate directly to the provision of the main service. This does not include ancillary services which the Contractor uses e.g. as telecommunications services, postal/transport services, maintenance and user services or the disposal of data carriers as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing systems. However, the Contractor shall be obliged to take appropriate and legally compliant contractual agreements and control measures to guarantee the data protection and data security of the Principal's data even in the case of outsourced ancillary services. (2) The Contractor may only commission subcontractors (further contract processors) with the prior express written or documented consent of the Principal. a) The Principal agrees to commission the subcontractors named in Annex 2 subject to a contractual agreement in accordance with Art. 28 para. 2-4 GDPR. b) Changes of existing subcontractors are permitted, insofar as: - the Contractor notifies the Principal of such outsourcing to subcontractors in advance in writing or in text form, and - the Principal does not object to the planned outsourcing in writing or in text form to the Contractor until the data has been handed over, and - a contractual agreement in accordance with Art. 28 para. 2-4 GDPR is applied. (3) If the subcontractor renders the agreed service outside the EU/EEA, the Contractor shall ensure the permissibility under data protection law by appropriate measures. The same shall apply if service providers within the meaning of para. 1 sentence 2 are to be used. All contractual regulations in the contract chain must also be imposed on the further subcontractor.

Subcontracting relationships. 7.1 Subcontracting relationships within the meaning of this provision are services that relate directly to the provision of the main service. This does not include ancillary services that the contractor z. B. as telecommunications services, mail/transport services, maintenance and user service or the disposal of data carriers as well as other measures to ensure the confidentiality, availability, integrity and resilience of the hardware and software of data processing systems. However, the contractor is obliged to take appropriate and legally compliant contractual agreements and control measures to ensure data protection and data security of the client's data, even in the case of outsourced ancillary services. 7.2 The Contractor may only commission subcontractors (other processors) with the prior express written or documented consent of the Client. The client agrees to the commissioning of the subcontractors listed in Annex 2 under the following conditions: Outsourcing to subcontractors is permitted if the contractor notifies the client of such outsourcing to subcontractors a reasonable time in advance in writing or in text form and the client does not object to the planned outsourcing in writing or in text form to the contractor by the time the data is handed over. 7.3 The transfer of the client's personal data to the subcontractor and his first action are only permitted if all the requirements for subcontracting are met. 7.4 If subcontractors are to be involved in a third country, the contractor must ensure that an appropriate level of data protection is guaranteed for the respective subcontractor (e.g. by concluding an agreement based on the EU standard data protection clauses). Upon request, the contractor will provide the client with evidence of the conclusion of the aforementioned agreements with its subcontractors. 7.5 Another outsourcing by the subcontractor ☐ is not permitted; ☒ requires the express consent of the main client (at least text form); ☐ requires the express consent of the main contractor (at least text form); 7.6 All contractual provisions in the contract chain are also to be imposed on the other subcontractor. The parties make it clear that the contractor is always liable to the client for compliance with the obligations of the subcontractor. In the event of a breach of the obligations arising from the agreement with the contractor or a breach of relevant legal requirements by the subcontractor, the contractor remains fully responsibl...

Subcontracting relationships. 11.1. The Processor is only permitted to commission subcontractors for the Controller’s data processing with the Controller’s prior written consent. This approval shall be given by the authorized person or representative in writing (electronically or in paper), but not verbally. 11.2. The Processor shall conclude subcontracting agreements in writing. This form of requirement is also met if it is in electronic format. 11.3. The Processor shall ensure that the subcontractor(s) are obliged in the subcontracting agreement to provide a standard in writing that does not fall short of the standard agreed herein. Furthermore, the Processor ensures that the responsibilities between Processor and subcontractor and also between multiple subcontractors are clearly delineated. The Processor shall ensure that the Controller is entitled to carry out an appropriate evaluation and inspection with subcontractors, also on site, if necessary, or have these carried out by third parties commissioned by it, unless proof of GDPR compliance can be provided by certification or approval. 11.4. The Processor shall notify the Controller in a timely manner of any intended changes regarding the addition of new or the replacement of previous Subcontractors. The Controller shall have the opportunity to object to these changes for good cause within 30 days. This objection must be in writing and substantiated. Unless approved or objected to within the 30-day period, the relevant subcontractor shall be deemed approved. If the Controller lawfully objects and the Processor cannot comply with the objection, the Processor shall immediately notify the Controller thereof. Within one month of notification by the Processor, the Controller shall be entitled to terminate the Terms of Use in writing.