Common use of Access to Personal Data Clause in Contracts

Access to Personal Data. 4.1 The Processor limits access to Personal Data for Employees, Sub-processors, Third Parties and other Recipients of Personal Data to a necessary minimum. 4.2 The Processor shall only provide access to those Employees for whom such access to Personal Data is necessary for the performance of the Agreement. The categories of Employees have been specified in Annex A . 4.3 The Processor shall not provide Sub-processors with access to Personal Data without the prior general or specific Written consent of the Controller. General permission In Writting for engaging Sub-processors has only been granted if this has explicitly been included in Annex A . Specific permission for the use of Sub-processors has only been granted to Sub-processors specified in Annex A . 4.4 The Sub-processors engaged by the Processor in the performance of the Agreement have been listed in Annex A. 4.5 The Processor shall inform the Controller in the event of general consent In Writing for engaging Sub- processors no later than three (3) months prior to intended changes regarding the addition, replacement or change of Sub-processors and the amendment to Annex A required as a result of this, In Writing, whereby the Controller shall be given the opportunity to object to these changes In Writing within one (1) month after the Controller has been informed by the Processor of the intended change. The parties will enter into negotiations on this matter. 4.6 The general or specific consent of the Controller for engaging Sub-processors shall not affect the obligations of the Processor arising from the Processing Agreement, including but not limited to Article 8. The Controller may revoke its general or specific Written consent for engaging Sub-processors if the Processor fails to comply or no longer complies with the obligations under the Processing Agreement, the GDPR and/or other applicable laws and regulations regarding the Processing of Personal Data. 4.7 The Processor shall impose the obligations set out in the Processing Agreement on the Sub-processors engaged by the Processor by means of a Written Agreement. 4.8 At the request of the Controller, the Processor shall provide evidence that the Processor, Sub-processors engaged by the Processor, the persons authorised to process the Personal Data and other Recipients of Personal Data comply with Article 4.7. 4.9 With regard to the Controller, the Processor shall remain fully responsible and fully liable for the fulfilment of the obligations by the (legal or natural) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors and/or Recipients, arising from the GDPR and/or other applicable laws and regulations concerning the Processing of Personal Data and the obligations arising from the Agreement and the Processing Agreement.

Access to Personal Data. 4.1 The 5.1 Data Processor limits will restrict access to Personal Data for to Employees, Sub-processorsData Processors, Third Parties and other Recipients of Personal Data to a necessary minimum. 4.2 The 5.2 Data Processor shall only provide access to those Employees for whom such access to Personal Data is necessary for the performance of the Agreement. The categories of Employees have been are specified in Annex A .Appendix A. 4.3 The 5.3 Data Processor shall not provide Sub-processors Data Processors with access to Personal Data without the prior general or specific Written written consent of the Data Controller. General permission In Writting for engaging Sub-processors has only been granted if this has explicitly been included in Annex A . Specific permission for the use of Sub-processors has only been granted to Sub-processors , as specified in Annex A . 4.4 The Sub-processors engaged by the Processor in the performance of the Agreement have been listed in Annex Schedule A. 4.5 The 5.4 Data Processor shall inform informs the Data Controller in the event of general consent In Writing for engaging Sub- processors written permission to engage Sub-Data Processors no later than three (3) months prior to intended changes regarding to the addition, replacement or change modification of Sub-processors and the amendment to Annex A required as a result of thisData Processor(s), In Writingin writing, whereby the Data Controller shall be is given the opportunity to object to these changes changes. In Writing within one (1) month after the Controller has been informed by event that the Processor of Party responsible for processing objects, the intended change. The parties will Parties shall enter into negotiations on this matterconsultations with a view to reaching a mutually appropriate solution. 4.6 5.5 The general or specific consent permission of the Data Controller for engaging Sub-processors shall Data Processors does not affect the obligations of Data Controller for the Processor Sub-Data Processors arising from the Processing Agreement, including but not limited to Article 8article 9. The Data Controller may revoke its general or specific Written written consent for engaging to engage Sub-processors Data Processors if the Data Processor fails to comply or no longer complies with the its obligations under the Processing Agreement, the GDPR and/or other applicable laws Applicable Laws and regulations regarding Regulations governing the Processing of Personal Data. 4.7 5.6 The Data Processor shall impose imposes the obligations set out contained in the Data Processing Agreement on the Sub-processors engaged by the Processor by means of a Written Agreement. 4.8 At the request of the Controller, the Processor shall provide evidence that the Processor, Sub-processors engaged by the Processor, the persons authorised to process the Personal Data and other Recipients of Personal Data comply with Article 4.7. 4.9 With regard to the Controller, the Processor shall remain fully responsible and fully liable for the fulfilment of the obligations by the (legal or naturallegal) persons engaged by the Data Processor, including but not limited to Employees and/or Sub-processors Data Processors. Data Processor shall ensure that the (legal) persons engaged by Data Processor, including but not limited to Employees and/or RecipientsSub-Data Processors, comply with the obligations contained in the Data Processor Agreement on the basis of a written agreement. 5.7 The Data Controller will be notified immediately if the Data Processor and/or (legal) persons engaged by the Data Processor, including but not limited to Employees and/or Sub-Data Processors, act contrary to the Data Processing Agreement and/or the written agreement concluded with the Data Processor as referred to in Article 5.6. 5.8 The Data Processor remains responsible to the Data Controller for the performance of the specific obligations by the (legal) persons engaged by the Data Processor, including but not limited to Employees and/or Sub-Data Processors, arising from the GDPR and/or other applicable laws Applicable Laws and regulations Regulations concerning the Processing of Personal Data and the obligations arising from the Agreement and the Data Processing Agreement.

Access to Personal Data. 4.1 The Processor limits access to Personal Data for Employees, Sub-processors, Third Parties and other Recipients of Personal Data to a necessary minimum. 4.2 . The Processor shall only provide access to those Employees for whom such access to Personal Data is necessary for the performance of the Agreement. The categories of Employees have been specified in Annex A . 4.3 A. The Processor shall not provide Sub-processors with access to Personal Data without the prior general or specific Written consent of the Controller. General Written permission In Writting for engaging Sub-Sub- processors has only been granted if this has explicitly been included in Annex A . A. Specific permission for the use of Sub-processors has only been granted to Sub-processors specified in Annex A . 4.4 A. The Sub-processors engaged by the Processor in the performance of the Agreement have been listed in Annex A. 4.5 A. The Processor shall inform the Controller in the event of general consent In Writing for engaging Sub- processors Subprocessors no later than three (3) months prior to intended changes regarding the addition, replacement or change of Sub-processors and the amendment to Annex A required as a result of this, In Writing, whereby the Controller shall be given the opportunity to object to these changes In Writing within one (1) month after the Controller has been informed by the Processor of the intended change. The parties will enter into negotiations on this matter. 4.6 . The general or specific consent of the Controller for engaging Sub-processors shall not affect the obligations of the Processor arising from the Processing Agreement, including but not limited to Article 8. The Controller may revoke its general or specific Written consent for engaging Sub-Sub- processors if the Processor fails to comply or no longer complies with the obligations under the Processing Agreement, the GDPR and/or other applicable laws and regulations regarding the Processing of Personal Data. 4.7 . The Processor shall impose the obligations set out in the Processing Agreement on the Sub-Sub- processors engaged by the Processor by means of a Written Agreement. 4.8 At the request of the Controller, the . The Processor shall provide evidence guarantees that the Processor, Sub-processors engaged by the Processor, the persons authorised to process the Personal Data and other Recipients of Personal Data comply with Article 4.7have undertaken to observe confidentiality or are bound by an appropriate legal obligation of confidentiality. 4.9 With regard to the Controller, the Processor shall remain fully responsible and fully liable for the fulfilment of the obligations by the (legal or natural) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors and/or Recipients, arising from the GDPR and/or other applicable laws and regulations concerning the Processing of Personal Data and the obligations arising from the Agreement and the Processing Agreement.

Access to Personal Data. 4.1 The Processor limits access to Personal Data for Employees, Sub-processors, Third Parties and other Recipients of Personal Data to a necessary minimum. 4.2 The Processor shall only provide access to those Employees for whom such access to Personal Data is necessary for the performance of the Agreement. The categories of Employees have been specified in Annex A . 4.3 The Processor shall not provide Sub-processors with access to Personal Data without the prior general or specific Written consent of the Controller. General permission In Writting for engaging Sub-processors has only been granted if this has explicitly been included in Annex A . Specific permission for the use of Sub-processors has only been granted to Sub-processors specified in Annex A . 4.4 The Sub-processors engaged by the Processor in the performance of the Agreement have been listed in Annex A. 4.5 The Processor shall inform the Controller in the event of general consent In Writing for engaging Sub- Sub-processors no later than three (3) months prior to intended changes regarding the addition, replacement or change of Sub-processors and the amendment to Annex A required as a result of this, In Writing, whereby the Controller shall be given the opportunity to object to these changes In Writing within one (1) month after the Controller has been informed by the Processor of the intended change. The parties will enter into negotiations on this matter. 4.6 The general or specific consent of the Controller for engaging Sub-processors shall not affect the obligations of the Processor arising from the Processing Agreement, including but not limited to Article 8. The Controller may revoke its general or specific Written consent for engaging Sub-processors if the Processor fails to comply or no longer complies with the obligations under the Processing Agreement, the GDPR and/or other applicable laws and regulations regarding the Processing of Personal Data. 4.7 The Processor shall impose the obligations set out in the Processing Agreement on the Sub-processors engaged by the Processor by means of a Written Agreement. The Processor guarantees that the persons authorised to process the Personal Data and other Recipients of Personal Data have undertaken to observe confidentiality or are bound by an appropriate legal obligation of confidentiality. 4.8 At the request of the Controller, the Processor shall provide evidence that the Processor, Sub-processors engaged by the Processor, the persons authorised to process the Personal Data and other Recipients of Personal Data comply with Article 4.7. 4.9 With regard to the Controller, the Processor shall remain fully responsible and fully liable for the fulfilment of the obligations by the (legal or natural) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors and/or Recipients, arising from the GDPR and/or other applicable laws and regulations concerning the Processing of Personal Data and the obligations arising from the Agreement and the Processing Agreement.

Access to Personal Data. 4.1 The Processor limits access to Personal Data for Employees, Sub-processors, Third Parties and other Recipients of Personal Data to a necessary minimum. 4.2 The Processor shall only provide access to those Employees for whom such access to Personal Data is necessary for the performance of the Agreement. The categories of Employees have been specified in Annex A .A. 4.3 The Processor shall not provide Sub-processors with access to Personal Data without the prior general or specific Written consent of the Controller. General permission In Writting Writing for engaging Sub-processors has only been granted if this has explicitly been included in Annex A . Specific permission for the use of Sub-processors has only been granted to Sub-processors specified in Annex A . 4.4 The Sub-processors engaged by the Processor in the performance of the Agreement have been listed in Annex A. 4.5 The Processor shall inform the Controller in the event of general consent In Writing for engaging Sub- Sub-processors no later than three (3) months prior to intended changes regarding the addition, replacement or change of Sub-processors and the amendment to Annex A required as a result of this, In Writing, whereby the Controller shall be given the opportunity to object to these changes In Writing within one (1) month after the Controller has been informed by the Processor of the intended change. The parties will enter into negotiations on this matter. 4.6 The general or specific consent of the Controller for engaging Sub-processors shall not affect the obligations of the Processor arising from the Processing Agreement, including but not limited to Article 8. The Controller may revoke its general or specific Written consent for engaging Sub-processors if the Processor fails to comply or no longer complies with the obligations under the Processing Agreement, the GDPR and/or other applicable laws and regulations regarding the Processing of Personal Data. 4.7 The Processor shall impose the obligations set out in the Processing Agreement on the Sub-processors engaged by the Processor by means of a Written Agreement. The Processor guarantees that the persons authorized to process the Personal Data and other Recipients of Personal Data have undertaken to observe confidentiality or are bound by an appropriate legal obligation of confidentiality. 4.8 At the request of the Controller, the Processor shall provide evidence that the Processor, Sub-processors engaged by the Processor, the persons authorised authorized to process the Personal Data and other Recipients of Personal Data comply with Article 4.7. 4.9 With regard to the Controller, the Processor shall remain fully responsible and fully liable for the fulfilment of the obligations by the (legal or natural) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors and/or Recipients, arising from the GDPR and/or other applicable laws and regulations concerning the Processing of Personal Data and the obligations arising from the Agreement and the Processing Agreement.

Access to Personal Data. 4.1 4.1. The Processor limits access to Personal Data for to Employees, Sub-processors, Third Parties and other Recipients of Personal Data to a minimum necessary minimum. 4.2 The Processor shall only provide access to those Employees for whom such access to Personal Data which is necessary for the performance of the Agreement. 4.2. The categories of Employees have been specified in Annex A . 4.3 The Controller grants general written authorisation to the Processor shall not provide to engage Sub-processors with access to for Processing of Personal Data without in accordance with the prior general or specific Written consent GDPR and Applicable laws and regulations regarding the Processing of the ControllerPersonal Data. General permission In Writting for engaging Sub-processors has only been granted if this has explicitly been included in Annex A . Specific permission for the use The list of Sub-processors has only been granted to Sub-processors specified in Annex A . 4.4 The Sub-processors engaged Processors used by the Processor in shall be made available on the performance of the Agreement have been listed in Annex A.Privacy Policy or can be accessed by clicking here. 4.5 4.3. The Processor shall inform the Controller in Writing about the changes to the Sub-Processors used by the Processor, by updating the Privacy Policy. The Controller can choose to opt-in to receive active notifications about changes to the list of sub-processors and Privacy Policy by clicking here. 4.4. The Controller may object to changes to the Sub-Processors used by the Processor, but this may not be done without important data protection reasons. Objection to the intended amendment to the Sub-Processors used by the Processor must be lodged In Writing to the Processor within fifteen days of notification of the change being made available on: ▇▇▇▇▇▇▇@▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇. 4.5. In the event of general consent In Writing for engaging Sub- processors no later than three (3) months prior to an objection by the Controller, the Processor may, at his own discretion, render the service without the intended changes regarding the addition, replacement or change of the Sub-Processor. In the event of an objection by the Controller, when the performance of the service is unreasonable for the Processor without the intended change to the Sub-Processor, the Parties may then enter into voluntary discussions to seek a resolution or the Parties can terminate the service in accordance with the Agreement. 4.6. The general written authorisation of the Controller to engage Sub-processors and the amendment to Annex A required as a result of this, In Writing, whereby the Controller shall be given the opportunity to object to these changes In Writing within one (1) month after the Controller has been informed by the Processor of the intended change. The parties will enter into negotiations on this matter. 4.6 The general or specific consent of the Controller for engaging Sub-processors shall does not affect the obligations of the Processor arising from the Processing Agreement, including but not limited to Article 89 of this Processing Agreement. 4.7. The Controller may revoke its general or specific Written consent for engaging Sub-processors if Processor imposes the Processor fails to comply or no longer complies with the similar relevant obligations under the Processing Agreement, the GDPR and/or other applicable laws and regulations regarding the Processing of Personal Data. 4.7 The Processor shall impose the obligations set out included in the Processing Agreement on the Sub-processors engaged by the Processor by means of a Written Agreement. 4.8 At the request of the Controller, the Processor shall provide evidence that the Processor, Sub-processors engaged by the Processor, the persons authorised to process the Personal Data and other Recipients of Personal Data comply with Article 4.7. 4.9 With regard to the Controller, the Processor shall remain fully responsible and fully liable for the fulfilment of the obligations by the (legal or naturallegal) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors processors. 4.8. The Processor shall ensure that the persons authorised to process the Personal Data and other Recipients of Personal Data have undertaken to observe confidentiality or are bound by an appropriate legal obligation of confidentiality. 4.9. The Processor remains fully responsible and fully liable to the Controller for the fulfilment of the obligations by the (legal) persons engaged by the Processor, including but not limited to Employees and/or RecipientsSub-processors, arising from the GDPR and/or other applicable Applicable laws and regulations concerning regarding the Processing of Personal Data and the obligations arising from the Agreement and the Processing Agreement.

Access to Personal Data. 4.1 5.1 The Processor limits shall limit access to Personal Data for by Employees, Sub-processors, Third Parties and other Recipients of Personal Data to a necessary minimum. 4.2 5.2 The Processor shall only exclusively provide access to those Employees for whom such who must have this access to Personal Data is necessary for in the performance of the Agreement. The categories of Employees have been specified in Annex A . 4.3 5.3 The Processor shall not provide Sub-processors with access to Personal Data without the prior general or specific Written previous consent of In Writing from the Controller. General permission In Writting for engaging Sub-processors has only been granted if this has explicitly been included in Annex A . Specific permission Consent for the use engagement of Sub-processors has is only been granted given to Sub-processors who are specified in Annex A . 4.4 The Sub-processors engaged by the Processor in the performance of the Agreement have been listed in Annex A. 4.5 5.4 The Processor shall inform Controller’s consent for the Controller in the event of general consent In Writing for engaging Sub- processors no later than three (3) months prior to intended changes regarding the addition, replacement or change engagement of Sub-processors and does not prejudice the amendment to Annex A required as a result of this, In Writing, whereby the Controller shall be given the opportunity to object to these changes In Writing within one (1) month after the Controller has been informed by the Processor of the intended change. The parties will enter into negotiations on this matter. 4.6 The general or specific consent of the Controller for engaging Sub-processors shall not affect the Processor’s obligations of the Processor arising ensuing from the Data Processing Agreement, including but not limited to Article 8Clause 9. The Controller may revoke withdraw its general or specific Written consent In Writing for engaging the engagement of Sub-processors if the Processor fails to comply does not satisfy or no longer complies with satisfies the obligations under the Data Processing Agreement, the GDPR and/or other applicable laws Applicable Legislation and regulations regarding Regulations concerning the Processing of Personal Data. 4.7 5.5 The Processor shall impose the obligations set out included in the Data Processing Agreement on the Employees and/or Sub-processors. The Processor shall ensure that the Employees and/or Sub-processors comply with the obligations included in the Data Processing Agreement by means of an agreement In Writing. 5.6 The Processor shall immediately notify the Controller if the Processor and/or Sub-processors, act in breach of the Data Processing Agreement and/or of the agreement In Writing concluded with the Processor as referred to in Clause 5.6. 5.7 At the Controller’s request, the Processor shall provide the Controller with a copy of the agreement In Writing between the Processor and the Sub-processors. 5.8 In respect of the Controller, the Processor remains completely responsible and completely liable for compliance by the Sub-processors engaged by the Processor by means of a Written Agreement. 4.8 At the request of the Controller, the Processor shall provide evidence that the Processor, Sub-processors engaged by the Processor, the persons authorised to process the Personal Data and other Recipients of Personal Data comply with Article 4.7. 4.9 With regard to the Controller, the Processor shall remain fully responsible and fully liable for the fulfilment of the obligations by the (legal or natural) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors and/or Recipients, arising ensuing from the GDPR and/or other applicable laws Applicable Legislation and regulations Regulations concerning the Processing of Personal Data and the obligations arising ensuing from the Agreement and the Data Processing Agreement.

Access to Personal Data. 4.1 The Processor limits access to Personal Data for Employees, Sub-processors, Third Parties and other Recipients recipients of Personal Data to a necessary minimum. 4.2 The Processor shall only provide access to those Employees for whom such access to Personal Data is necessary for the performance of the Agreement. The categories of Employees have been specified in Annex A . 4.3 The Processor shall not provide Sub-processors with access to Personal Data without the prior general or specific Written consent of the Controller. General permission consent In Writting Writing for engaging Sub-processors has only been granted if this has explicitly been included in Annex A . A. Specific permission consent for the use of Sub-processors has only been granted to Sub-processors specified in Annex A . 4.4 The Sub-processors engaged by the Processor in the performance of the Agreement have been listed in Annex A. 4.5 4.3 The Processor shall inform the Controller in the event of general consent In Writing for engaging Sub- Sub-processors no later than three (3) months prior to intended changes regarding the addition, replacement or change of Sub-processors and the amendment to Annex A required as a result of this, In Writing, whereby the Controller shall be given the opportunity to object to these changes In Writing within one (1) month after the Controller has been informed by the Processor of the intended change. The parties Parties will enter into negotiations on this matter. 4.6 4.4 The general or specific consent of the Controller for engaging Sub-processors shall not affect the obligations of the Processor arising from the Processing Processor Agreement, including but not limited to Article 8. The Controller may revoke its general or specific Written consent for engaging Sub-processors if the Processor fails to comply or no longer complies with the obligations under the Processing Processor Agreement, the GDPR and/or other applicable laws Applicable Laws and regulations Regulations regarding the Processing of Personal Data. 4.7 4.5 The Processor shall impose the obligations set out in the Processing Processor Agreement on the Sub-processors engaged by the Processor by means of a Written Agreement. The Processor guarantees that the persons authorized to process the Personal Data and other Recipients of Personal Data have undertaken to observe confidentiality or are bound by an appropriate legal obligation of confidentiality. 4.8 4.6 At the request of the Controller, the Processor shall provide evidence that the Processor, Sub-processors engaged by the Processor, the persons authorised authorized to process the Personal Data and other Recipients of Personal Data comply with Article 4.74.5. 4.9 4.7 With regard to the Controller, the Processor shall remain fully responsible and fully liable for the fulfilment of the obligations by the (legal or natural) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors and/or Recipients, arising from the GDPR and/or other applicable laws and regulations concerning the Processing of Personal Data and the obligations arising from the Agreement and the Processing Processor Agreement.

Access to Personal Data. 4.1 ‌ 5.1 The Processor limits shall limit access to Personal Data for by Employees, Sub-processors, Third Parties and other Recipients of Personal Data to a necessary minimum. 4.2 5.2 The Processor shall only exclusively provide access to those Employees for whom such who must have this access to Personal Data is necessary for in the performance of the Agreement. The categories of Employees have been are specified in Annex A .A. 4.3 5.3 The Processor shall not provide Sub-processors with access to Personal Data without the prior previous general or specific Written consent of In Writing from the Controller. General permission consent In Writting for engaging Sub-processors has only been granted if this has explicitly been included in Annex A . Specific permission Writing for the use engagement of Sub-processors has is only been granted given if this is expressly included in Annex A. Specific consent In Writing for the engagement of Sub-processors is only given to Sub-processors who are specified in Annex A . 4.4 The Sub-processors engaged by the Processor in the performance of the Agreement have been listed in Annex A. 4.5 5.4 The Processor shall inform notify the Controller in the event of general consent In Writing for engaging Sub- the engagement of Sub-processors no later than three (3) months prior to before the intended changes regarding in respect of the addition, replacement or change in Sub-processor(s), In Writing, offering the Controller the possibility of objecting to these changes. The Parties will subsequently enter into negotiations. 5.5 The Controller’s general or specific consent for the engagement of Sub-processors and does not prejudice the amendment to Annex A required as a result of this, In Writing, whereby the Controller shall be given the opportunity to object to these changes In Writing within one (1) month after the Controller has been informed by Processor’s obligations ensuing from the Processor of the intended change. The parties will enter into negotiations on this matter. 4.6 The general or specific consent of the Controller for engaging Sub-processors shall not affect the obligations of the Processor arising from the Processing Agreement, including but not limited to Article 8Clause 9. The Controller may revoke withdraw its general or specific Written consent In Writing for engaging the engagement of Sub-processors if the Processor fails to comply does not satisfy or no longer complies with satisfies the obligations under the Processing Processor Agreement, the GDPR and/or other applicable laws Applicable Legislation and regulations regarding Regulations concerning the Processing of Personal Data. 4.7 5.6 At the Controller’s first request, the Processor shall provide to the Controller a list of the Sub- processors engaged by the Processor. 5.7 The Processor shall impose the obligations set out included in the Processing Processor Agreement on the Sub-processors engaged by the Processor by means of a Written Agreement. 4.8 At the request of the Controller, the Processor shall provide evidence that the Processor, Sub-processors (legal) persons engaged by the Processor, the persons authorised including but not limited to process the Personal Data and other Recipients of Personal Data comply with Article 4.7. 4.9 With regard to the Controller, the Employees and/or Sub- processors. The Processor shall remain fully responsible and fully liable for the fulfilment of the obligations by ensure that the (legal or naturallegal) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors processors, comply with the obligations included in the Processor Agreement by means of an agreement In Writing. 5.8 The Processor shall immediately notify the Controller if the Processor and/or Recipients(legal) persons engaged by the Processor, arising including but not limited to Employees and/or Sub-processors, act in breach of the Processor Agreement and/or of the agreement In Writing concluded with the Processor as referred to in Clause 5.7. 5.9 At the Controller’s request, the Processor shall provide the Controller with a copy of the agreement In Writing between the Processor and the (legal) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors. 5.10 In respect of the Controller, the Processor remains completely responsible and completely liable for compliance by the (legal) persons engaged by the Processor, including but not limited to Employees and/or Sub-processors, with the obligations ensuing from the GDPR and/or other applicable laws Applicable Legislation and regulations Regulations concerning the Processing of Personal Data and the obligations arising ensuing from the Agreement and the Processing Processor Agreement.