Common use of Actions and Access Requests Clause in Contracts

Actions and Access Requests. 9.1 Zoom shall, taking into account the nature of the Processing and the information available to Zoom, provide Customer with reasonable cooperation and assistance where necessary for Customer to comply with its obligations under Applicable Data Protection Law to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Customer does not otherwise have access to the relevant information. 9.2 Zoom shall, taking into account the nature of the Processing and the information available to Zoom, provide Customer with reasonable cooperation and assistance with respect to Customer’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by Applicable Data Protection Law. 9.3 Zoom shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum. Customer shall, with reasonable notice to Zoom, have the annual right to review such records at Zoom’s offices during regular business hours. 9.4 Upon Customer’s request, Zoom shall, no more than once per calendar year make available for Customer’s review copies of certifications or reports demonstrating Zoom’s compliance with prevailing data security standards applicable to the Processing of Customer’s Personal Data. (If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), the parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with this Section 9.4.) 9.5 In the event of a Personal Data Breach, Zoom shall, without undue delay but no later than seventy-two (72) hours after confirming that a breach of personal data has occurred, inform Customer of the Personal Data Breach and take such steps as Zoom in its sole discretion deems necessary and reasonable to remediate such violation. 9.6 In the event of a Personal Data Breach, Zoom shall, taking into account the nature of the Processing and the information available to Zoom, provide Customer with reasonable cooperation and assistance necessary for Customer to comply with its obligations under Applicable Data Protection Law with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay. 9.7 The obligations described in Sections 9.5 and 9.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Customer. Zoom’s obligation to report or respond to a Personal Data Breach under Sections 9.5 and 9.6 will not be construed as an acknowledgement by Zoom of any fault or liability with respect to the Personal Data Breach.

Actions and Access Requests. 9.1 Zoom 8.1 Recurly shall, taking into account the nature of the Processing and the information available to ZoomRecurly, provide Customer Merchant with reasonable cooperation and assistance where necessary for Customer Merchant to comply with its obligations under Applicable the GDPR (or equivalent provision of other applicable Data Protection Law Laws) to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Customer Merchant does not otherwise have access to the relevant information. Merchant shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance by Recurly. 9.2 Zoom 8.2 Recurly shall, taking into account the nature of the Processing and the information available to ZoomRecurly, provide Customer Merchant with reasonable cooperation and assistance with respect to CustomerMerchant’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by Applicable the Data Protection LawLaws. Merchant shall be responsible to the extent legally permitted for any costs and expenses arising from any such assistance byRecurly. 9.3 Zoom 8.3 Recurly shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum. Customer shall, with reasonable notice to Zoom, have the annual right to review such records at Zoom’s offices during regular business hours. 9.4 Upon CustomerMerchant’s request, Zoom Recurly shall, no more than once per calendar year and provided the parties have an applicable non-disclosure agreement in place, make available for CustomerMerchant’s review copies of certifications or reports demonstrating ZoomRecurly’s compliance with prevailing data security standards applicable to the Processing of CustomerMerchant’s Personal Data. (If Customer Merchant and Zoom Recurly have entered into Standard Contractual Clauses as described in Section 7 6 (Transfers of Personal Data), the parties agree that the audits described in Clause 5(f) 8.9 and Clause 12(213(b) of the Standard Contractual Clauses shall be carried out in accordance with this Section 9.48.3.) 9.5 8.4 Recurly shall immediately notify Merchant if an Instruction, in Recurly’s opinion, infringes the Data Protection Laws. 8.5 In the event of a Personal Data Breach, Zoom shall, without undue delay but no later than seventy-two (72) hours after confirming that a breach of personal data has occurred, Recurly will inform Customer Merchant of the Personal Data Breach and will provide information relating to the Personal Data Breach as it becomes known or as is reasonably requested by Merchant. Recurly will also take such steps as Zoom Recurly in its sole discretion deems necessary and reasonable to remediate such violationincident (to the extent that remediation is within Recurly’s reasonable control). 9.6 8.6 In the event of a Personal Data Breach, Zoom Recurly shall, taking into account the nature of the Processing and the information available to ZoomRecurly, provide Customer Merchant with reasonable cooperation and assistance necessary for Customer Merchant to comply with its obligations under Applicable the Data Protection Law Laws with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay. 9.7 8.7 The obligations described in Sections 9.5 8.5 and 9.6 8.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of CustomerMerchant. ZoomRecurly’s obligation to report or respond to a Personal Data Breach under Sections 9.5 8.5 and 9.6 8.6 will not be construed as an acknowledgement by Zoom Recurly of any fault or liability with respect to the Personal Data Breach. 8.8 If a law enforcement agency or supervisory authority sends Recurly a demand for Personal Data (for example, through a subpoena or court order), Recurly will attempt, as permitted by applicable law, to redirect the law enforcement agency or supervisory authority to request that data directly from Merchant . As part of this effort, Recurly may provide ▇▇▇▇▇▇▇▇’s basic contact information to the law enforcement agency or supervisory authority. Recurly shall make commercially reasonable challenges to requests for Personal Data from law enforcement agencies by (i) demanding that all such requestors provide proof of a request’s legal authorization and validity, and (ii) responding only to requests that are legally binding. If compelled to disclose Personal Data to a law enforcement agency or supervisory authority, then Recurly will use commercially reasonable efforts to give Merchant reasonable notice of the demand to allow Merchant to seek a protective order or other appropriate remedy unless Recurly is legally prohibited from doing so. Recurly’s legal department may make a record of all such supervisory authority and law enforcement requests.

Actions and Access Requests. 9.1 Zoom shall, taking into account the nature of the Processing and the information available to Zoom, provide Customer with reasonable cooperation and assistance where necessary for Customer to comply with its obligations under Applicable Data Protection Law to conduct a data protection impact assessment and/or to demonstrate such compliance, provided that Customer does not otherwise have access to the relevant information. 9.2 Zoom shall, taking into account the nature of the Processing and the information available to Zoom, provide Customer with reasonable cooperation and assistance with respect to Customer’s cooperation and/or prior consultation with any Supervisory Authority, where necessary and where required by Applicable Data Protection Law. 9.3 Zoom shall maintain records sufficient to demonstrate its compliance with its obligations under this Addendum. Customer shall, with reasonable notice to Zoom, have the annual right to review such records at Zoom’s offices during regular business hours. 9.4 Upon Customer’s request, Zoom shall, no more than once per calendar year make available for Customer’s review copies of certifications or reports demonstrating Zoom’s compliance with prevailing data security standards applicable to the Processing of Customer’s Personal Data. (If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), the parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with this Section 9.4.) 9.5 In the event of a Personal Data Breach, Zoom shall, without undue delay but no later than seventy-two (72) hours after confirming that a breach of personal data has occurred, inform Customer of the Personal Data Breach and take such steps as Zoom in its sole discretion deems necessary and reasonable to remediate such violation. 9.6 In the event of a Personal Data Breach, Zoom shall, taking into account the nature of the Processing and the information available to Zoom, provide Customer with reasonable cooperation and assistance necessary for Customer to comply with its obligations under Applicable Data Protection Law with respect to notifying (i) the relevant Supervisory Authority and (ii) Data Subjects affected by such Personal Data Breach without undue delay. 9.7 The obligations described in Sections 9.5 and 9.6 shall not apply in the event that a Personal Data Breach results from the actions or omissions of Customer. Zoom’s obligation to report or respond to a Personal Data Breach under Sections 9.5 and 9.6 will not be construed as an acknowledgement by Zoom of any fault or liability with respect to the Personal Data Breach.. Signature: Signature: Customer Legal Name: Print Name: ▇▇▇▇ ▇▇▇▇ Print Name: Title: DPO Title: Date: Dec 19, 2019 Date: