Additional Safeguards. 1. In the event of an EEA Transfer or a UK Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate: a. Company shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from Partner to Company and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data. b. Company will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, including under section 702 of the United States Foreign Intelligence Surveillance Act (“FISA”); c. If Company becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise: I. Company shall inform the relevant government authority that Company is a processor of the Personal Data and that Partner, the Controller, has not authorized Company to disclose the Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Personal Data should therefore be notified to or served upon Partner in writing; II. Partner will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under Company’s control. Notwithstanding the above, Partner acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Personal Data, Company has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(II) shall not apply. In such event, Company shall notify Partner, as soon as possible, following the access by the government authority, and provide Partner with relevant details of the same, unless and to the extent legally prohibited to do so. 2. Once in every 12-month period, Company will inform Partner, at Partner’s written request of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA. A. Identification of Parties
Appears in 1 contract
Sources: Data Processing Addendum
Additional Safeguards. 1. In the event of an EEA Transfer or a UK Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate:
a. Company The Processor shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from Partner the Controller to Company the Processor and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data.
b. Company The Processor will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, including under section 702 of the United States Foreign Intelligence Surveillance Act Court (“"FISA”");
c. If Company the Processor becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise:
I. Company The Processor shall inform the relevant government authority that Company the Processor is a processor of the Personal Data and that Partner, the Controller, Controller has not authorized Company the Processor to disclose the Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Personal Data should therefore be notified to or served upon Partner the Controller in writing;
II. Partner The Processor will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under Companythe Processor’s control. Notwithstanding the above, Partner (a) the Controller acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Personal Data, Company the Processor has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(II) shall not apply. In such event, Company the Processor shall notify Partnerthe Controller, as soon as possible, following the access by the government authority, and provide Partner the Controller with relevant details of the same, unless and to the extent legally prohibited to do so.
2. Once in every 12-month period, Company the Processor will inform Partnerthe Controller, at Partnerthe Controller’s written request request, of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA.
A. Identification of Parties
Appears in 1 contract
Sources: Data Processing Addendum
Additional Safeguards. 1. In the event of an EEA Transfer or a UK Transfer, the Parties agree to supplement these with the following safeguards and representations, where appropriate:
a. Company The Processor shall have in place and maintain in accordance with good industry practice measures to protect the Personal Data from interception (including in transit from Partner the Controller to Company the Processor and between different systems and services). This includes having in place and maintaining network protection intended to deny attackers the ability to intercept data and encryption of Personal Data whilst in transit and at rest intended to deny attackers the ability to read data.
b. Company The Processor will make commercially reasonable efforts to resist, subject to applicable laws, any request for bulk surveillance relating to the Personal Data protected under GDPR or the UK GDPR, including under section 702 of the United States Foreign Intelligence Surveillance Act Court (“FISA”);
c. If Company the Processor becomes aware that any government authority (including law enforcement) wishes to obtain access to or a copy of some or all of the Personal Data, whether on a voluntary or a mandatory basis, then unless legally prohibited or under a mandatory legal compulsion that requires otherwise:
I. Company The Processor shall inform the relevant government authority that Company the Processor is a processor of the Personal Data and that Partner, the Controller, Controller has not authorized Company the Processor to disclose the Personal Data to the government authority, and inform the relevant government authority that any and all requests or demands for access to the Personal Data should therefore be notified to or served upon Partner the Controller in writing;
II. Partner The Processor will use commercially reasonable legal mechanisms to challenge any such demand for access to Personal Data which is under Companythe Processor’s control. Notwithstanding the above, Partner (a) the Controller acknowledges that such challenge may not always be reasonable or possible in light of the nature, scope, context and purposes of the intended government authority access, and (b) if, taking into account the nature, scope, context and purposes of the intended government authority access to Personal Data, Company the Processor has a reasonable and good-faith belief that urgent access is necessary to prevent an imminent risk of serious harm to any individual or entity, this subsection (e)(II) shall not apply. In such event, Company the Processor shall notify Partnerthe Controller, as soon as possible, following the access by the government authority, and provide Partner the Controller with relevant details of the same, unless and to the extent legally prohibited to do so.
2. Once in every 12-month period, Company the Processor will inform Partnerthe Controller, at Partnerthe Controller’s written request request, of the types of binding legal demands for Personal Data it has received and solely to the extent such demands have been received, including national security orders and directives, which shall encompass any process issued under section 702 of FISA.
A. Identification of Parties
Appears in 1 contract
Sources: Data Processing Addendum