Actions and Access Requests. 8.1. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, where necessary for Controller to comply with its obligations under the Data Protection Laws, conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor. 8.2. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor. 8.3. Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum. 8.4. Processor shall make available for Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request no more than once per calendar year, reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause to believe that Processor is in material breach of its obligations hereunder, Processor shall allow Controller or its authorised representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the report. 8.5. In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control). 8.6. In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay. 8.7. The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 3 contracts
Sources: Order Terms and Conditions, Order Terms and Conditions, Order Terms and Conditions
Actions and Access Requests. 8.1. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Processor, have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Upon Controller’s request and at Controller’s choice, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause , or (ii) if the provision of such certifications or reports under (i) is not reasonably sufficient under the Data Protection Laws to believe that Processor is in material breach of its obligations hereunderdemonstrate Processor’s compliance, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the report.
8.5. In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 2 contracts
Sources: Eu Data Processing Addendum, Eu Data Processing Addendum
Actions and Access Requests. 8.1. Processor 8.1 Cyberint shall, taking into account the nature of the Processing and the information available to ProcessorCyberint, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by ProcessorCyberint.
8.2. Processor 8.2 Cyberint shall, taking into account the nature of the Processing and the information available to ProcessorCyberint, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by ProcessorCyberint.
8.3. Processor 8.3 Cyberint shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Cyberint, have the right to review, audit and copy such records at Cyberint’s offices during regular business hours; provided that the parties shall agree in advance the timing, scope and methodology.
8.4. Processor shall 8.4 Upon Controller’s request, Cyberint shall, no more than once per calendar year make available for Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request no more than once per calendar year, certifications or reports demonstrating ProcessorCyberint’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause to believe that Processor is in material breach of its obligations hereunder, Processor shall allow Controller or its authorised representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, ; provided that Controller shall provide reasonable prior notice of any all such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller information shall be responsible for the costs of any such audits or inspections. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees subject to accept those findings in lieu of requesting an audit of the controls covered by the reportconfidentiality obligations.
8.5. 8.5 In the event of a Personal Data Breach, Processor Cyberint shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor Cyberint in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within ProcessorCyberint’s reasonable control).
8.6. 8.6 In the event of a Personal Data Breach, Processor Cyberint shall, taking into account the nature of the Processing and the information available to ProcessorCyberint, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 8.7 The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. ProcessorCyberint’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor Cyberint of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Data Processing Addendum
Actions and Access Requests. 8.1. Processor 8.1 Recurly shall, taking into account the nature of the Processing and the information available to ProcessorRecurly, provide Controller Customer with reasonable cooperation and assistance, assistance where necessary for Controller Customer to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller Customer does not otherwise have access to the relevant information. Controller Customer shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by ProcessorRecurly.
8.2. Processor 8.2 Recurly shall, taking into account the nature of the Processing and the information available to ProcessorRecurly, provide Controller Customer with reasonable cooperation and assistance with respect to ControllerCustomer’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller Customer shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by ProcessorRecurly.
8.3. Processor 8.3 Recurly shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum.
8.4. Processor shall make available for ControllerCustomer shall, with reasonable notice to Recurly, have the right to review, audit and copy such records at Recurly’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processoroffices during regular business hours. Upon Customer’s certifications; and/or (ii) upon Controller’s request request, Recurly shall, no more than once per calendar year, either (i) make available for Customer’s review copies of certifications or reports demonstrating ProcessorRecurly’s compliance with prevailing data security standards applicable to the Processing of ControllerCustomer’s Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller Customer or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of ProcessorRecurly’s data security infrastructure and procedures that is sufficient to demonstrate ProcessorRecurly’s compliance with its obligations under this Addendum, provided that Controller Customer shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to ProcessorRecurly’s business. Controller Customer shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Recurly for any time expended for on- site audits. HoweverIf Customer and Recurly have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), if the requested audit scope is addressed parties agree that the audits described in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12Clause 5(f) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit Clause 12(2) of the controls covered by the reportStandard Contractual Clauses shall be carried out in accordance with this Section 8.3.
8.5. 8.4 Recurly shall immediately notify Customer if an instruction, in Recurly’s opinion, infringes the Data Protection Laws.
8.5 In the event of a Personal Data Breach, Processor Recurly shall, without undue delay, inform Controller Customer of the Personal Data Breach (including, to the extent available to Recurly, the information required by Article 33(3) of GDPR) and take such steps as Processor Recurly in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within ProcessorRecurly’s reasonable control).
8.6. 8.6 In the event of a Personal Data Breach, Processor Recurly shall, taking into account the nature of the Processing and the information available to ProcessorRecurly, provide Controller Customer with reasonable cooperation and assistance necessary for Controller Customer to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 8.7 The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of ControllerCustomer. ProcessorRecurly’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor Recurly of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Data Processing Addendum
Actions and Access Requests. 8.1. Processor 8.1 We shall, taking into account the nature of the Processing and the information available to Processorus, provide Controller you with reasonable cooperation and assistance, assistance where necessary for Controller you to comply with its our obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does you do not otherwise have access to the relevant information. Controller You shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processorus.
8.2. Processor 8.2 We shall, taking into account the nature of the Processing and the information available to Processorus, provide Controller you with reasonable cooperation and assistance with respect to Controller’s your cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller You shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processorus.
8.3. Processor 8.3 We shall maintain records sufficient to demonstrate its our compliance with its our obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. You shall, with reasonable notice to us, have the right to review, audit and copy such records at our offices during regular business hours.
8.4. Processor shall make available for Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request 8.4 Upon your request, we shall, no more than once per calendar year, either (i) make available for your review copies of certifications or reports demonstrating Processor’s our compliance with prevailing data security standards applicable to the Processing of Controller’s your Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller you or its authorised your authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s our data security infrastructure and procedures that is sufficient to demonstrate Processor’s our compliance with its our obligations under this Addendum, provided that Controller you shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s our business. Controller You shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to us for any time expended for on-site audits. HoweverIf you and SignalWire have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), if the requested audit scope is addressed parties agree that the audits described in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12Clause 5(f) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit Clause 12(2) of the controls covered by the reportStandard Contractual Clauses shall be carried out in accordance with this Section 8.4.
8.5. 8.5 We shall immediately notify you if an instruction, in our opinion, infringes the Data Protection Laws or Supervisory Authority.
8.6 In the event of a Personal Data Breach, Processor we shall, without undue delay, inform Controller you of the Personal Data Breach and take such steps as Processor we in its our sole discretion deems deem necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s our reasonable control).
8.6. 8.7 In the event of a Personal Data Breach, Processor we shall, taking into account the nature of the Processing and the information available to Processorus, provide Controller you with reasonable cooperation and assistance necessary for Controller you to comply with its your obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 8.8 The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the your actions or omissions of Controlleromissions. Processor’s Our obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor us of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Eu Data Processing Addendum
Actions and Access Requests. 8.1. 8.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. 8.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. 8.3 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum., and retain such records for a period of three
8.4. Processor shall make available for Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon 8.4 Upon Controller’s request and at Controller’s choice, Processor shall, no more than once per calendar year, reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause to believe that Processor is in material breach of its obligations hereunder, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the report.
8.5. 8.5 In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. 8.6 In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 8.7 The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Data Processing Addendum
Actions and Access Requests. 8.1. 8.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. 8.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. 8.3 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Processor, have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for 8.4 Upon Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request request, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause Data , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure and procedures that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Processor for any time expended for on- site audits. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request If Controller and Processor confirms there are no known material changes have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the controls audited, Controller agrees to accept those findings parties agree that the audits described in lieu of requesting an audit Clause 5(f) and Clause 12(2) of the controls covered by the reportStandard Contractual Clauses shall be carried out in accordance with this Section 8.4.
8.5. 8.5 In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. 8.6 In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 8.7 The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Eu Data Processing Addendum
Actions and Access Requests. 8.1. 8.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, where necessary for Controller to comply with its obligations under the Data Protection LawsGDPR, conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. 8.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. 8.3 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Processor, have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for 8.4 Upon Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request request, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause to believe that Processor is in material breach of its obligations hereunder, Processor shall or (ii) allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the report.
8.5. 8.5 In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. 8.6 In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 8.7 The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Eu Data Processing Addendum
Actions and Access Requests. 8.1▇. Processor ▇▇▇▇▇ shall, provided that Customer does not otherwise have access to the relevant information, and taking into account the nature of the processing and the availability of the information, provide Customer with reasonable cooperation and assistance where necessary and where required by the GDPR for Customer to comply with its obligations to conduct a data protection impact assessment or to demonstrate such compliance.
▇. ▇▇▇▇▇ shall, taking into account the nature of the Processing processing and the information available to ProcessorPendo, provide Controller Customer with reasonable cooperation and assistanceassistance with respect to Customer’s cooperation and/or prior consultation with any Supervisory Authority, where necessary for Controller to comply with its obligations under and where required by the Data Protection Laws, conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant informationGDPR. Controller Customer shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor▇▇▇▇▇.
8.2▇. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. Processor ▇▇▇▇▇ shall maintain records sufficient to demonstrate its compliance with its obligations under this AddendumDPA. Customer shall, with reasonable notice to Pendo, have the right to review, audit and copy such records at Pendo’s offices during regular business hours.
8.4. Processor shall d. Upon Customer’s written request at reasonable intervals, and subject to reasonable confidentiality controls, Pendo shall, either (i) make available for ControllerCustomer’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request no more than once per calendar year, certifications or reports demonstrating ProcessorPendo’s compliance with prevailing data security standards applicable to the Processing processing of ControllerCustomer’s Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Privacy Laws, Processor shall allow Controller or its authorised representative, upon reasonable notice and at a mutually agreeable date and time, Customer’s independent third party representative to conduct an audit or inspection of ProcessorPendo’s data security infrastructure and procedures that is sufficient to demonstrate ProcessorPendo’s compliance with its obligations under this AddendumData Privacy Laws, provided that Controller shall provide (a) Customer provides reasonable prior written notice (which shall in no event be less than fourteen (14) days’ notice) of any such request for an audit and such inspection shall not be unreasonably disruptive to ProcessorPendo’s business; (b) such audit shall only be performed during business hours and occur no more than once per calendar year; and (c) such audit shall be restricted to data relevant to Customer. Controller Customer shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Pendo for any time expended for on-site audits. HoweverIf Customer and Pendo have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), if the requested audit scope is addressed parties agree that the audits described in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit Clause 8.9 of the controls covered by the reportEU SCCs shall be carried out in accordance with this Section 8(d).
8.5▇. ▇▇▇▇▇ shall immediately notify Customer if an Instruction, in ▇▇▇▇▇’▇ opinion, infringes the Data Privacy Laws or Supervisory Authority.
f. In the event of a Personal Data Breach, Processor Pendo shall, without undue delay, inform Controller Customer of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within ProcessorPendo’s reasonable control).
8.6. g. In the event of a Personal Data Breach, Processor Pendo shall, taking into account the nature of the Processing processing and the information available to Processoravailability of the information, provide Controller Customer with reasonable cooperation and assistance where necessary and where required by the GDPR for Controller Customer to comply with its obligations under the GDPR with respect to notifying notify (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.and
Appears in 1 contract
Sources: Data Processing Addendum
Actions and Access Requests. 8.1. Processor shall, taking into account the nature 8.1 Where Controller is obligated by Data Protection Laws to carry out a data protection impact assessment (“DPIA”) relating to Controller’s use of the Processing and the information available to ProcessorSubscription Services, Processor shall provide Controller with reasonable cooperation and assistance, where necessary assistance to Controller for the DPIA to allow Controller to comply with its obligations under the Data Protection Laws, conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor and Processor shall be entitled to involve Controller at Processor’s then-current rates for any time expended in assisting with the DPIA.
8.2. 8.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, shall provide Controller with reasonable assistance to Controller in cooperation and assistance with respect to Controller’s cooperation and/or or prior consultation with any Supervisory Authority, where necessary and where Authority as may be required by the GDPRData Protection Laws. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor and Processor shall be entitled to involve Controller at Processor’s then-current rates for any time expended in providing such assistance.
8.3. Processor shall maintain records sufficient 8.3 Where required by Data Protection Laws, Processors will assist Controller in demonstrating compliance with this Addendum by making available at the request of Controller, following reasonable notice to Processor, information reasonably necessary to demonstrate its compliance with its obligations under this Addendumsuch compliance. Controller shall have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for 8.4 Upon Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request request, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure and procedures that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable a minimum of thirty (30) days’ prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Processor for any time expended for on-site audits. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request If Controller and Processor confirms there are no known material changes have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with this Section 8.4.
8.5 Processor shall immediately notify Controller if an instruction, in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the report.
8.5. In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control)opinion, infringes the Data Protection Laws or Supervisory Authority.
8.6. In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Eu Data Processing Addendum
Actions and Access Requests. 8.1. Processor shall, taking into account the nature 8.1 Where Controller is obligated by Data Protection Laws to carry out a data protection impact assessment (“DPIA”) relating to Controller’s use of the Processing and the information available to ProcessorSolutions, Processor shall provide Controller with reasonable cooperation and assistance, where necessary assistance to Controller for the DPIA to allow Controller to comply with its obligations under the Data Protection Laws, conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor and Processor shall be entitled to involve Controller at Processor’s then-current rates for any time expended in assisting with the DPIA.
8.2. 8.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, shall provide Controller with reasonable assistance to Controller in cooperation and assistance with respect to Controller’s cooperation and/or or prior consultation with any Supervisory Authority, where necessary and where Authority as may be required by the GDPRData Protection Laws. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor and Processor shall be entitled to involve Controller at Processor’s then-current rates for any time expended in providing such assistance.
8.3. Processor shall maintain records sufficient 8.3 Where required by Data Protection Laws, Processors will assist Controller in demonstrating compliance with this Addendum by making available at the request of Controller, following reasonable notice to Processor, information reasonably necessary to demonstrate its compliance with its obligations under this Addendumsuch compliance. Controller shall have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for 8.4 Upon Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request request, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure and procedures that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable a minimum of thirty (30) days’ prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Processor for any time expended for on-site audits. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request If Controller and Processor confirms there are no known material changes have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with this Section 8.4.
8.5 Processor shall within forty-eight (48) hours notify Controller if an instruction, in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the report.
8.5. In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control)opinion, infringes the Data Protection Laws or Supervisory Authority.
8.6. In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Data Processing Addendum
Actions and Access Requests. 8.1. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement.
8.4. Processor shall make available for Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Upon Controller’s request and at Controller’s choice, Processor shall, no more than once per calendar year, either:
a) Make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause to believe that The Processor is in material breach may make reasonable charge for the collation and distribution of its obligations hereunder, Processor shall allow Controller or its authorised representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s businessdata. The Controller shall be responsible for the costs of any such audits or inspections. However, if .
b) Any data supplied under this Addendum is strictly confidential and between the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request requesting Controller and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the reportProcessor.
8.5. In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (inotifying.
a) the The relevant Supervisory Authority and (iiAuthority
b) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Data Processing Addendum
Actions and Access Requests. 8.1. 8.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Applicable Data Protection Laws, Law to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. 8.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by ProcessorApplicable Data Protection Law.
8.3. 8.3 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum. Controller shall, with reasonable notice to Processor, have the annual right to review such records at Processor’s offices during regular business hours.
8.4. 8.4 Upon Controller’s request, Processor shall shall, no more than once per calendar year make available for Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request no more than once per calendar year, certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should (If Controller and Processor have serious cause to believe entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that Processor is the audits described in material breach Clause 5(f) and Clause 12(2) of its obligations hereunder, Processor shall allow Controller or its authorised representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller the Standard Contractual Clauses shall be responsible for the costs of any such audits or inspections. However, if the requested audit scope is addressed carried out in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the reportaccordance with this Section 8.4.)
8.5. 8.5 In the event of a Personal Data Breach, Processor shall, without undue delaydelay but no later than forty-eight (48) hours after confirming that a breach of personal data has occurred, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control)violation.
8.6. 8.6 In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR Applicable Data Protection Law with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 8.7 The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.. Signature: Signature: Customer Legal Name: Print Name: ▇▇▇▇ ▇▇▇▇ Print Name: Title: DPO Title: Date: Date:
Appears in 1 contract
Sources: Data Processing Addendum
Actions and Access Requests. 8.1. 7.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. 7.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPRapplicable Data Protection Laws. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. 7.3 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Processor, have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for 7.4 Upon Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request request, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure and procedures that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Processor for any time expended for on-site audits. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request If Controller and Processor confirms there are no known material changes have entered into Standard Contractual Clauses as described in Section 11 (Transfers of Personal Data), the parties agree that the audits described in Clause 13 of each of the Standard Contractual Clauses shall be carried out in accordance with this Section 7.4.
7.5 Processor shall, without delay, notify Controller if an instruction, in the controls auditedProcessor’s opinion, Controller agrees to accept those findings in lieu of requesting an audit of infringes the controls covered by the reportData Protection Laws or Supervisory Authority.
8.5. 7.6 In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. 7.7 In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR applicable Data Protection Laws with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 7.8 The obligations described in Sections 8.5 7.6 and 8.6 7.7 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 7.5 and 8.6 7.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Data Processing Agreement
Actions and Access Requests. 8.1. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Processor, have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for Upon Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request request, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure and procedures that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Processor for any time expended for on-site audits. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request If Controller and Processor confirms there are no known material changes have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the controls audited, Controller agrees to accept those findings parties agree that the audits described in lieu of requesting an audit Clause 5(f) and Clause 12(2) of the controls covered by the reportStandard Contractual Clauses shall be carried out in accordance with this Section 8.4.
8.5. Processor shall immediately notify Controller if an instruction, in the Processor’s opinion, infringes the Data Protection Laws or Supervisory Authority.
8.6. In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.68.7. In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.78.8. The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: End User License Agreement
Actions and Access Requests. 8.1. 9.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. 9.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. 9.3 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Processor, have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for 9.4 Upon Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request request, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure and procedures that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Processor for any time expended for on- site audits. HoweverPursuant to the Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), the parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with this Section 9.4.
9.5 Processor shall immediately notify Controller if the requested audit scope is addressed in an ISOinstruction, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls auditedProcessor’s opinion, Controller agrees to accept those findings in lieu of requesting an audit of infringes the controls covered by the reportData Protection Laws or Supervisory Authority.
8.5. 9.6 In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. 9.7 In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 9.8 The obligations described in Sections 8.5 9.5 and 8.6 9.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 9.5 and 8.6 9.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Eu Data Processing Addendum
Actions and Access Requests. 8.1. 8.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. 8.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. 8.3 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Processor, have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for 8.4 Upon Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request request, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the report.
8.5. 8.5 In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. 8.6 In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 8.7 The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Eu Data Processing Addendum
Actions and Access Requests. 8.1. 8.1 Upon Controller’s request, Processor shall, taking into account the nature of the Processing and the shall make available to Controller all information available to Processor, provide Processor and to Authorized Subprocessors that Controller with reasonable cooperation and assistance, where reasonably deems necessary for to demonstrate compliance by Controller to comply with its obligations under Applicable Laws (including in particular the GDPR or CCPA) relating to the Personal Data and the Processing conducted by Processor and Authorized Subprocessors.
8.2 Upon Controller’s request, Processor shall provide all necessary assistance to Controller in connection with any Data Protection Impact Assessment that Controller determines (in its discretion) it must conduct or cause to be conducted in order to comply with Applicable Laws, conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any that such assistance by ProcessorDPIA(s) relate to the Processing.
8.2. Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to 8.2.1 Upon Controller’s cooperation and/or prior request, Controller shall provide all necessary assistance to Controller in connection with any consultation with a Supervisory Authority that Controller determines (in its discretion) it must undertake as a result of a DPIA, to the extent that such DPIA relates to the Processing.
8.3 Upon Controller’s request, Processor shall provide all necessary assistance to Controller in the event of any investigation, action, or request made by a Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any that such assistance by Processorinvestigation, action, or request relates to the Personal Data or the Processing.
8.3. 8.4 Upon Controller’s request, Processor shall maintain records sufficient to demonstrate its compliance provide Controller, and any Supervisory Authority with its obligations under this Addendum.
8.4. Processor shall make available whom Controller is consulting or cooperating, with a designated contact for Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request no more than once per calendar year, reports demonstrating Processor’s compliance with prevailing data security standards applicable all queries and requests relating to the Processing of Controller’s Personal Data. Should Controller have serious cause to believe .
8.5 In the event Processor determines that Processor is in material breach any Processing violates Applicable Laws (including the valid exercise of its obligations hereunder, Processor shall allow Controller a Data Subject Right) or its authorised representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that it shall immediately inform Controller shall provide reasonable prior notice of any and follow Instructions for stopping such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for Processing and/or remediating the costs of any such audits or inspections. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request and Processor confirms there are no known material changes in the controls audited, Controller agrees to accept those findings in lieu of requesting an audit of the controls covered by the reportviolation.
8.5. In 8.6 Without limiting the foregoing, in the event of a Personal Data Breachchange in Applicable Laws affecting this Addendum, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor agrees to work in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller good faith with reasonable cooperation and assistance necessary for Controller to comply make any amendments to this Addendum pursuant to Section 13.2, and further agrees to make any changes to its Technical and Organizational Security Measures as are reasonably necessary to ensure continued compliance with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delayApplicable Laws.
8.7. The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Data Processing Addendum
Actions and Access Requests. 8.1. 4.1 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance, assistance where necessary for Controller to comply with its obligations under the Data Protection Laws, GDPR to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Controller does not otherwise have access to the relevant information. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.2. 4.2 Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance with respect to Controller’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by the GDPR. Controller shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Processor.
8.3. 5.1 Processor shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum, and retain such records for a period of three (3) years after the termination of the Agreement. Controller shall, with reasonable notice to Processor, have the right to review, audit and copy such records at Processor’s offices during regular business hours.
8.4. Processor shall make available for 5.2 Upon Controller’s review at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/security (i) copies of Processor’s certifications; and/or (ii) upon Controller’s request request, Processor shall, no more than once per calendar year, either (i) make available for Controller’s review copies of certifications or reports demonstrating Processor’s compliance with prevailing data security standards applicable to the Processing of Controller’s Personal Data. Should Controller have serious cause , or (ii) if the provision of reports or certifications pursuant to believe that Processor (i) is in material breach of its obligations hereundernot reasonably sufficient under Data Protection Laws, Processor shall allow Controller or its authorised authorized representative, upon reasonable notice and at a mutually agreeable date and time, to conduct an audit or inspection of Processor’s data security infrastructure and procedures that is sufficient to demonstrate Processor’s compliance with its obligations under this Addendum, provided that Controller shall provide reasonable prior notice of any such request for an audit and such inspection shall not be unreasonably disruptive to Processor’s business. Controller shall be responsible for the costs of any such audits or inspections, including without limitation a reimbursement to Processor for any time expended for on-site audits. However, if the requested audit scope is addressed in an ISO, SOC, or similar audit report performed by a qualified third-party auditor within twelve (12) months of Controller’s request If Controller and Processor confirms there are no known material changes have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with this Section 8.4.
5.3 Processor shall immediately notify Controller if an instruction, in the controls auditedProcessor’s opinion, Controller agrees to accept those findings in lieu of requesting an audit of infringes the controls covered by the reportData Protection Laws or Supervisory Authority.
8.5. 5.4 In the event of a Personal Data Breach, Processor shall, without undue delay, inform Controller of the Personal Data Breach and take such steps as Processor in its sole discretion deems necessary and reasonable to remediate such violation (to the extent that remediation is within Processor’s reasonable control).
8.6. 5.5 In the event of a Personal Data Breach, Processor shall, taking into account the nature of the Processing and the information available to Processor, provide Controller with reasonable cooperation and assistance necessary for Controller to comply with its obligations under the GDPR with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay.
8.7. 5.6 The obligations described in Sections 8.5 and 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Controller. Processor’s obligation to report or respond to a Personal Data Breach under Sections 8.5 and 8.6 will not be construed as an acknowledgement by Processor of any fault or liability with respect to the Personal Data Breach.
Appears in 1 contract
Sources: Data Processing Addendum