Common use of Audit Obligations Clause in Contracts

Audit Obligations. (1) Company shall be entitled, prior to the commencement of the processing of data and at regular intervals thereafter, to audit the technical and organizational measures implemented by Supplier and shall document the result of such audit. In the course of such audit, Company may, in particular, conduct the following measures, but shall not be limited to the same: ▪ Company may obtain information from Supplier. ▪ Company may request Supplier to submit to Company an existing attestation or certificate by an independent professional expert. ▪ Company may, upon reasonable and timely advance agreement, during regular business hours and without interrupting Supplier’s business operations, conduct an on-site inspection of Supplier’s business operations or have the same conducted by a qualified third party which shall not be a competitor of Supplier. (2) Supplier shall, make available to Company all information necessary to demonstrate compliance with the obligations laid down in Art. 28 GDPR and this Data Processing Agreement and allow for and contribute to audits, including inspections, conducted by Company or another auditor mandated by Company. (3) The Supplier shall immediately inform Company if, in its opinion, an instruction by Company infringes applicable data privacy law.

Audit Obligations. (1) Company shall be entitledshall, prior to the commencement of the processing of data and at regular intervals thereafterthereafter once a year at the maximum, to audit the technical and organizational organisational measures implemented by Supplier and shall document the result of such audit. In the course of such audit, Company may, in particular, conduct the following measures, but shall not be limited to the same: ▪  Company may obtain information from Supplier. ▪  Company may request Supplier to submit to Company an existing attestation or certificate by an independent professional expert. ▪  Company may, upon reasonable and timely advance agreement, during regular business hours and without interrupting Supplier’s business operations, conduct an on-site inspection of Supplier’s business operations or have the same conducted by a qualified third party which shall not be a competitor of Supplier. (2) Supplier shall, make available at Company’s written request and within a reasonable period of time, submit to Company any and all information information, documentation and other means of factual proof necessary to demonstrate compliance with for the obligations laid down in Art. 28 GDPR and this Data Processing Agreement and allow for and contribute to audits, including inspections, conducted by Company or another auditor mandated by Companyconduction of an audit. (3) The Supplier shall immediately inform Company if, in its opinion, an instruction by Company infringes applicable data privacy law.