Common use of Additional Supplier Obligations Clause in Contracts

Additional Supplier Obligations. Supplier shall: a. only Process Personal Data, including Processing of Personal Data on its systems or facilities, to the extent necessary to Perform its obligations under the Agreement and in accordance with Cisco’s documented instructions, Annex 1 to the Standard Contractual Clauses (where applicable), and this SDPA. Supplier shall immediately notify Cisco if Supplier reasonably believes that Cisco’s instructions are inconsistent with any Applicable Law; b. ensure its applicable Representatives who may Process Personal Data have written contractual obligations in place with Supplier to keep the Personal Data confidential that are no less protective of Personal Data than the terms of this SDPA, and that these Representatives are aware of these obligations; c. appoint data protection lead(s) and provide Cisco with the contact details of the appointed person(s) upon request; d. if required by Applicable Laws, court order, warrant, subpoena, or other legal or judicial process to Process Personal Data other than in accordance with Cisco’s instructions, notify Cisco without undue delay of any such requirement before Processing the Personal Data (unless mandatory applicable law prohibits such notification, in particular on important grounds of public interest); e. maintain reasonably accurate records of the Processing of any Personal Data received from Cisco under the Agreement, including all records of Processing as may be required by Applicable Law; f. make reasonable efforts to ensure that Personal Data are accurate and up to date at all times while in its custody or under its control, to the extent Supplier has the ability to do so; g. not lease, sell, distribute, make available, or otherwise encumber Personal Data unless mutually agreed to by the Parties in a separate written agreement; h. provide such information and assistance as Cisco may reasonably require (taking into account the nature of the Processing and the information available to Supplier) to enable compliance by Cisco with its obligations under Applicable Laws with respect to: i. security of Processing; ii. data protection impact assessments (as such term is defined by Applicable Laws); iii. prior consultation with a supervisory authority regarding high-risk Processing; iv. responding to requests from supervisory authorities, Data Subjects, customers, or others to provide information related to Supplier’s Processing of Personal Data); v. notifications by the applicable supervisory authority and/or communications to Data Subjects by Cisco in response to any Information Security Incident; and vi. Cisco’s ability to meet any applicable filing, approval or similar requirements in relation to Applicable Laws.

Additional Supplier Obligations. Supplier shall: a. only Process Personal Data, including Processing of Personal Data on its systems or facilities, to the extent necessary to Perform its obligations under the Agreement and in accordance with Cisco’s documented instructions, Annex 1 the Annexes to the Standard Contractual Clauses (where applicable), and this SDPA. Supplier shall immediately notify Cisco if Supplier reasonably believes that Cisco▇▇▇▇▇’s instructions are inconsistent with any Applicable Law; b. ensure its applicable Representatives who may Process Personal Data have written contractual obligations in place with Supplier to keep the Personal Data confidential that are no less protective of Personal Data than the terms of this SDPA, and that these Representatives are aware of these obligations; c. appoint data protection lead(s) and provide Cisco with the contact details of the appointed person(s) upon request; d. if required by Applicable Laws, court order, warrant, subpoena, or other legal or judicial process to Process Personal Data other than in accordance with Cisco’s instructions, notify Cisco without undue delay immediately upon receipt of any such requirement before Processing the Personal Data (unless mandatory applicable law prohibits such notification, in particular on important grounds of public interest); e. maintain reasonably accurate records of the Processing of any Personal Data received from Cisco under the Agreement, including all records of Processing as may be required by Applicable Law; f. make reasonable efforts to ensure that Personal Data are accurate and up to date at all times while in its custody or under its control, to the extent Supplier has the ability to do so; g. not lease, sell, distribute, make available, or otherwise encumber Personal Data unless mutually agreed to by the Parties in a separate written agreement; h. provide such information and assistance as Cisco may reasonably require (taking into account the nature of the Processing and the information available to Supplier) to enable compliance by Cisco with its obligations under Applicable Laws with respect to: i. security of Processing; ii. data protection impact assessments (as such term is defined by Applicable Laws); iii. prior consultation with a supervisory authority regarding high-risk Processing; iv. responding to requests from supervisory authorities, Data Subjects, customers, or others to provide information related to Supplier’s Processing of Personal Data); v. notifications by the applicable supervisory authority and/or communications to Data Subjects by Cisco in response to any Information Security Incident; and vi. Cisco’s ability to meet any applicable filing, approval or similar requirements in relation to Applicable Laws.