Supplementary Measures Clause Examples

Supplementary Measures. In respect of any ex-EEA Transfer or ex-UK Transfer, the following supplementary measures shall apply: 6.6.1 As of the date of this DPA, the Data Importer has not received any formal legal requests from any government intelligence or security service/agencies in the country to which the Personal Data is being exported, for access to (or for copies of) Customer’s Personal Data (“Government Agency Requests”); 6.6.2 If, after the date of this DPA, the Data Importer receives any Government Agency Requests, Company shall attempt to redirect the law enforcement or government agency to request that data directly from Customer. As part of this effort, Company may provide Customer’s basic contact information to the government agency. If compelled to disclose Customer’s Personal Data to a law enforcement or government agency, Company shall give Customer reasonable notice of the demand and cooperate to allow Customer to seek a protective order or other appropriate remedy unless Company is legally prohibited from doing so. Company shall not voluntarily disclose Personal Data to any law enforcement or government agency. Data Exporter and Data Importer shall (as soon as reasonably practicable) discuss and determine whether all or any transfers of Personal Data pursuant to this DPA should be suspended in the light of the such Government Agency Requests; and 6.6.3 The Data Exporter and Data Importer will meet as needed to consider whether: (i) the protection afforded by the laws of the country of the Data Importer to data subjects whose Personal Data is being transferred is sufficient to provide broadly equivalent protection to that afforded in the EEA or the UK, whichever the case may be; (ii) additional measures are reasonably necessary to enable the transfer to be compliant with the Data Protection Laws; and (iii) it is still appropriate for Personal Data to be transferred to the relevant Data Importer, taking into account all relevant information available to the parties, together with guidance provided by the supervisory authorities. 6.6.4 If Data Protection Laws require the Data Exporter to execute the Standard Contractual Clauses applicable to a particular transfer of Personal Data to a Data Importer as a separate agreement, the Data Importer shall, on request of the Data Exporter, promptly execute such Standard Contractual Clauses incorporating such amendments as may reasonably be required by the Data Exporter to reflect the applicable appendices and annexes, the ...

Supplementary Measures. In addition, in accordance with regulatory guidance following the European Court of Justice “Schrems II” decision, Provider further commits to maintaining the following additional technical, organizational and legal/contractual measures with respect to Accenture Data, including personal data. Accenture Data in transit between Provider entities will be strongly encrypted with encryption that:

Supplementary Measures. 5.1 This section supplements but does not modify the EU Clauses or the UK Addendum. 5.2 In the event that Personal Data is transferred to a country where the EU Clauses or the UK Addendum are required, and the third country does not ensure an essentially equivalent level of protection to Personal Data as the European Union or the UK, Splunk has put in place the following supplementary measures:

Supplementary Measures. In addition to the obligations under Sections 7(a)-(d), if and to the extent that the Parties will engage in cross-border Processing of Personal Data or will transmit, directly or indirectly, any Personal Data to a country outside of the country from which such Personal Data was collected (including without limitation transfers of Personal Data outside of the EEA, Switzerland or the UK), the Parties agree to the following supplementary measures: i. All Personal Data shall be encrypted both in transit and at rest using state of the art encryption technology that is robust against the performance of cryptanalysis; ii. Menlo Security warrants and represents that, as of the date of the Agreement, it has not received any national security data production orders (e.g., pursuant to Section 702 of the Foreign Intelligence Surveillance Act (“FISA Section 702”) or U.S. Presidential Policy Directive 28); iii. Menlo Security will use all reasonable legal mechanisms to challenge any demands for data access through the national security process that Menlo Security receives; and iv. Menlo Security will provide, up to once per calendar year upon Customer’s request, a transparency report indicating the types of binding legal demands for the Personal Data it has received, including national security orders and directives.

Supplementary Measures a. RingCentral warrants and represents that it shall use its best efforts to make Customer aware of any changes to the information that it has provided to the Customer under clause 14c of the EU Standard Contractual Clauses and shall advise Customer without undue delay of any changes to such information. b. RingCentral warrants and represents that: i. it has not purposefully created back doors or similar programming that could be used to access the personal data processed in connection with this DTA. ii. it has not purposefully created or changed its business processes in a manner that facilitates access to such personal data. c. RingCentral agrees to: i. provide the notification under clause 15.1 of the EU Standard Contractual Clauses before access is granted to personal data. ii. monitor any legal or policy developments that might lead to its inability to comply with its obligations under this DTA and promptly inform the Customer of any such changes and developments, if possible, ahead of their implementation. d. If RingCentral receives a request for the disclosure of personal data processed in connection with this DTA from a public authority in a third country, the RingCentral shall: i. inform the requesting public authority of any incompatibility of the order with the safeguards contained in the Standard Contractual Clauses and the resulting conflict of obligations for RingCentral. ii. notify as soon as possible the Customer insofar as possible under the third country legal order.

Supplementary Measures. 1. Implement a Comprehensive Information Security Programme Through the implementation of a Comprehensive Information Security Programme (CISP), maintain various administrative safeguards to protect personal data. These measures are designed to ensure: security, confidentiality and integrity of personal data protection against unauthorized access to or use of (stored) personal data in a manner that creates a substantial risk of identity theft or fraud that employees, contractors, consultants, temporaries, and other workers who have access to personal data only process such data on instructions from the data controller.

Supplementary Measures. To the extent required by Data Protection Laws, in cases where transfer of EU Area Personal Data to Third Countries which do not provide an equivalent level of protection as granted under applicable EU Area Laws, the Parties agree to implement additional supplementary measures as may be required on a case by case basis. Such supplementary measures may include the following:

Supplementary Measures. Bentley provides the following supplementary measures to ensure an adequate level of protection pursuant to Article 44 et seq. GDPR for Subscriber’s Personal Data transferred to Bentley Systems, Incorporated provided that Bentley is not barred under applicable law to comply with these supplementary measures: • Bentley shall notify the Subscriber without undue delay should any public authority request access to Subscriber’s Personal Data. Should Bentley be barred from notifying the Subscriber in a situation due to applicable law, Bentley shall without undue delay ensure that transfer of Personal Data to the country that requested the access is ceased and notify the Subscriber that it had to do so. The Parties shall enter into discussions how to mitigate the situation. • Bentley shall take without undue delay any available legal recourse against any data access requests by public authorities and not disclose any Personal Data until ordered so by final and binding court decision. • Bentley shall assist the Subscriber by providing any information to the extent reasonable if the Subscriber decides to inform the Data Subjects if their Personal Data are affected by a request on data access by a public authority. • Bentley will provide Subscriber on a regular basis with a transparency report about requests for access to Personal Data received from public authorities in an aggregated form, including at least information on the amount of data requests, the type of data requested, the requesting public authority and to what extent Bentley has disclosed personal data to such public authorities. • Bentley shall constantly monitor any legal or policy developments that might lead to its inability to comply with the obligations under the EU Standard Contractual Clauses and without undue delay inform the Subscriber of any such changes and developments. • Bentley hereby confirms that it has not purposefully created backdoors or similar programming that could be used to access Bentley’s systems and/or Subscriber’s personal data stored therein. Further information relating to supplementary safeguards is available upon request. This Schedule 2 specifies the information on the Processing and the transfer of Personal data in accordance with Section

Supplementary Measures. The parties acknowledge that it is the responsibility of the data exporter to verify whether the safeguards employed by data importer are sufficient to meet its obligations under Data Protection Law, including with respect to the provision of adequate safeguards necessary to secure the transfer of personal data through these clauses.