Common use of Audit Rights Clause in Contracts

Audit Rights. 10.1 Subject to this Section 10, Compa shall make available to the Customer on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 4 contracts

Sources: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 Subject to this Section 10, Compa Supplier shall make available to the Customer on request, no more frequently than annually unless request such information as Supplier (acting reasonably) considers appropriate in response to a request by a regulatory authority: (i) reasonable information necessary the circumstances to demonstrate its compliance with this DPAData Processing Addendum. 10.2 Subject to Paragraphs 10.3 and 10.4, and in the event that Customer (iiacting reasonably) is able to provide documentary evidence that the information made available by Supplier pursuant to Paragraph 10.1 is not sufficient in the circumstances to demonstrate Supplier’s compliance with this Data Processing Addendum, Supplier shall allow for and contribute to audits, including on-premise inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawSupplier. 10.3 Customer shall give Compa Supplier reasonable advance notice of any audit or inspection to be conducted under Section Paragraph 10.1 (which shall in no event be less than fourteen (14) days’ notice unless required by a Supervisory Authority pursuant to Paragraph 10.4(f)(i)) and shall make use its best efforts (and ensure that each of its mandated auditors makesuses its best efforts) reasonable endeavors to avoid causing (orcausing, if it cannot avoidand hereby indemnifies Supplier in respect of, to minimize) any damage, injury, injury or disruption to CompaSupplier’s premises, equipment, personnelPersonnel, data, and business (including any interference with the confidentiality or security of the data of Supplier’s other customers or the availability of Supplier’s services to such other customers) while its personnel Personnel and/or its auditor’s Personnel (if applicable) are on those premises in the course of such an audit or any on-premise inspection. Compa . 10.4 Supplier need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of their identity and authority; (b) to any auditor whom Supplier has not given its prior written approval (not to be unreasonably withheld); (c) unless the auditor enters into a non-disclosure agreement with Supplier on terms acceptable to Supplier; (d) where, and to the extent that, Supplier considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of Supplier’s other customers or the availability of Supplier’s services to such other customers; (e) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;; or (cf) for the purposes of on more than one audit or inspection, in respect of Compa, occasion in any calendar yearyear during the term of the Agreement, except for any additional audits or inspections which Customer is required to carry out under the GDPR or by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territoryAuthority, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa Supplier of the audit or inspection; or. (d) to a 10.5 Customer shall bear any third party who is performing the costs in connection with such inspection or audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall and reimburse Compa Supplier for any all costs incurred by Supplier and time expended for any such on-site audit, if applicable, spent by Supplier (at CompaSupplier’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated rates) in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialsuch inspection or audit. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 3 contracts

Sources: Software as a Service Agreement, Software as a Service Agreement, Software as a Service Agreement

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.3, Compa Processor and each Processor Affiliate shall make available to the Customer each Controller Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information reasonably necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, at the sole cost of the Controller, including inspections, by the Customer any Controller Group Member or an auditor mandated by the Customer any Controller Group Member in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaProcessor and/or each Processor Affiliate. 10.2 Information 11.2 Except if section 11.3.2 applies and/or in case of an emergency (at which time Controller shall give reasonable notice considering the circumstances and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting urgency), Controller or the relevant requirements of Data Protection Law. 10.3 Customer Controller Affiliate undertaking an audit, at the Controller’s sole cost, shall give Compa reasonable advance Processor or the relevant Processor Affiliate no less than 30 business days prior notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it canwill not avoid, to minimize) cause any material damage, injury, or and/or disruption to Compathe Processor’s and/or each Processor Affiliate’s premises, equipment, personnel, personnel and business while its auditing personnel are on those premises in the course of such an audit or inspection. Compa A Processor and/or each Processor Affiliate need not give access to its premises for the purposes of such an audit or inspection: (a) 11.2.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.2.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Controller or the relevant Controller Affiliate undertaking an audit has given notice to Compa Processor and/or the relevant Processor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.2.3 for the purposes of more than one audit or inspection, in respect of Compathe Processor and/or any Processor Affiliate, in any calendar year12-month rolling basis, except for any additional audits or inspections which Customer which: 11.2.3.1 Controller or the relevant Controller Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Processor's and/or the relevant Processor Affiliate’s compliance with this Addendum; or 11.2.3.2 A Controller Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Controller or the Customer relevant Controller Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Processor and/or the relevant Processor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 3 contracts

Sources: Data Protection Addendum, Data Protection Addendum, Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.4, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum. If Vendor and/or Vendor Affiliates have their compliance included in standard third-party audits to international standards such as ISO (International Organization for Standardization) or SOC (Service Organization Control) they shall make such reports available on a confidential basis to any Company Group Member upon request and Company Group Member shall use such audit reports in lieu of an individual audit. If such audit reports are not available, Vendor and/or Vendor Affiliates and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for The cost of aud6its performed by any Company Group Member shall be borne solely by the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaCompany Group Member. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 3 contracts

Sources: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 12.1 Subject to this Section 10sections 12.2 and 12.3, Compa upon Customer’s written request, at reasonable intervals, Hevo and/or the relevant Hevo Affiliate shall make available to the Customer on requestwhich is not a competitor of Hevo, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer Customer, at the Customer’s cost, in relation to the Processing of the Customer Personal Data by Hevo and/or the Contracted Processorsrelevant Hevo Affiliate and their Subprocessors, provided that such audit right is available to the Customer once yearly. A Customer may only mandate an auditor for Hevo and/ or the purposes relevant Hevo Affiliate shall assist in these audits in the form of this Section 10.1 if provision of required information and facilitating interviews of relevant Hevo and/or the auditor is reasonably agreed relevant Hevo Affiliate employees. However, Hevo and/or the relevant Hevo Affiliate will not be able to provide access to the SaaS platform operated by CompaHevo and/or the relevant Hevo Affiliate or otherwise let the auditors interact with the platform. 10.2 12.2 Information and audit rights of the Customer only arise under Section 10.1 section 12.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 12.3 Customer shall give Compa Hevo and/or the relevant Hevo Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 12.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s Hevo, the relevant Hevo Affiliate, and their Subprocessors’ premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa Hevo, the relevant Hevo Affiliate and their Subprocessors need not give access to its premises for the purposes of such an audit or inspection: (a) 12.3.1 to any individual unless he or she produces reasonable evidence of identity and authority;; or (b) 12.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa Hevo that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 3 contracts

Sources: Data Processing Addendum, Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 9.1 Subject to this Section 10sections 9.2 to 9.3, Compa we shall make available to the Customer you on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated appointed by the Customer you in relation to the Processing of the Customer your Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer 9.2 You shall give Compa us reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and section 9.1. We may object in writing to an auditor appointed by you to conduct any audit under section 9.1 if the auditor is, in our reasonable opinion, not suitably qualified or independent, a competitor of ours, or otherwise manifestly unsuitable. Any such objection by us will require you to appoint another auditor. 9.3 You shall make (and ensure that each of its mandated auditors appointed auditor makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 9.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 9.3.2 outside normal business hours at those premises, unless the audit or inspection needs is required to be conducted carried out on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;by a Supervisory Authority; or (c) 9.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer is you are required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Protection Addendum, Data Protection Addendum

Audit Rights. 10.1 Subject to this Section 10Sections 10.2 to 10.4, Compa and always at Customer’s sole expense, 10KFT shall (a) make available to the Customer on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPA, and (iib) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by 10KFT. 10.2 Information and audit rights of Customer only arise under Section 10.1 to the Contracted Processors. A extent the Agreement does not otherwise give Customer information and audit rights meeting the relevant requirements of Article 28(3)(h) of the GDPR. 10.3 Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed approved by 10KFT in writing, such approval not to by Compabe unreasonably withheld. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 10.4 Customer shall give Compa 10KFT reasonable advance notice of any audit or inspection to be conducted under Section Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa10KFT’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa 10KFT need not give access to its premises for the purposes of such an audit or inspection: (a) 10.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 10.4.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa 10KFT that this is the case before attendance outside those hours begins;; or (c) 10.4.3 for the purposes of more than one audit or inspection, in respect of Compa, inspection in any calendar year, except for any additional audits or inspections which which: (i) Customer reasonably considers necessary because of genuine concerns as to 10KFT's compliance with this DPA or after a Personal Data Breach; or (ii) Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for under the enforcement of Data Protection Laws in any country or territoryGDPR, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa 10KFT of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.3, Compa JourneyApps and each JourneyApps Affiliate shall make available to the each Customer Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the any Customer Group Member or an auditor mandated by the any Customer Group Member in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 11.3 Customer or the relevant Customer Affiliate undertaking an audit shall give Compa JourneyApps or the relevant JourneyApps Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors’ premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer or the relevant Customer Affiilate undertaking an audit has given notice to Compa JourneyApps or the relevant JourneyApps Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which which: 11.3.3.1 Customer or the relevant Customer Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to JourneyApps’ or the relevant JourneyApps Affiliate’s compliance with this DPA; or 11.3.3.2 A Customer Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Customer or the relevant Customer Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa JourneyApps or the relevant JourneyApps Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 Subject to this Section 10, Compa 5.1 Pryon shall make available to the Customer on request, no more frequently than annually unless such information as ▇▇▇▇▇ (acting reasonably) considers appropriate in response to a request by a regulatory authority: (i) reasonable information necessary the circumstances to demonstrate its compliance with this DPA. 5.2 Subject to Paragraphs 5.3 to 5.8, in the event that Customer (acting reasonably) is able to provide documentary evidence that the information made available by Pryon pursuant to Paragraph 5.1 is not sufficient in the circumstances to demonstrate ▇▇▇▇▇’s compliance with this DPA, and (ii) Pryon shall allow for and contribute to audits, including on-premise inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa▇▇▇▇▇. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 5.3 Customer shall give Compa Pryon reasonable advance notice of any audit or inspection to be conducted under Section 10.1 Paragraph 5.2 (which shall in no event be less than fourteen (14) days’ notice) and shall make use its best efforts (and ensure that each of its mandated auditors makesuses its best efforts) reasonable endeavors to avoid causing (orany destruction, if it cannot avoid, to minimize) any damage, injury, injury or disruption to CompaPryon’s premises, equipment, personnelPersonnel, data, and business while its personnel are (including any interference with the confidentiality or security of the data of Pryon’s other customers or the availability of Pryon’s services to such other customers). 5.4 Prior to conducting any audit, Customer must submit a detailed proposed audit plan providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Pryon will review the proposed audit plan and provide Customer with any concerns or questions (for example, any request for information that could compromise Pryon security, privacy, employment or other relevant policies). Pryon will work cooperatively with Customer to agree on those premises a final audit plan. 5.5 If the controls or measures to be assessed in the course requested audit are addressed in a SOC 2 Type 2, ISO, NIST or similar audit report performed by a qualified third-party auditor within twelve (12) months of Customer’s audit request (“Audit Report”) and ▇▇▇▇▇ has confirmed in writing that there are no known material changes in the controls audited and covered by such Audit Report(s), Customer agrees to accept provision of such Audit Report(s) in lieu of requesting an audit of such controls or inspection. Compa measures. 5.6 Pryon need not give access to its premises for the purposes of such an audit or inspection: (a) where an Audit Report is accepted in lieu of such controls or measures in accordance with Paragraph 5.5; (b) to any individual unless he or she produces they produce reasonable evidence of identity and authoritytheir identity; (bc) to any auditor whom ▇▇▇▇▇ has not approved in advance (acting reasonably); (d) to any individual who has not entered into a non-disclosure agreement with ▇▇▇▇▇ on terms acceptable to Pryon; (e) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;; or (cf) for the purposes of on more than one audit or inspection, in respect of Compa, occasion in any calendar yearyear during the term of the Agreement, except for any additional audits or inspections which Customer is required to carry out under the GDPR or by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the auditAuthority. 10.4 Customer 5.7 Nothing in this DPA shall reimburse Compa for any time expended for any such onrequire Pryon to furnish more information about its Sub-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated Processors in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialsuch audits than such Sub-Processors make generally available to their customers. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Terms of Service, Terms of Service

Audit Rights. 10.1 Subject to this Section 10, Compa shall make available to the Customer on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) FUSA, by its duly authorized agents and/or representatives, shall have the right, at its expense, upon ten (10) days advance written notice to any individual Company, during Company's normal business hours only, to audit such books, documents and other material reasonably necessary to confirm Company's performance of its obligations under this Agreement. All such audits shall be performed at Company's offices unless he otherwise agreed to in writing by Company. FUSA shall be entitled to make copies of such books, documents and other material, subject to the confidentiality provisions of Paragraph 11 herein, such security procedures as Company may reasonably impose, and subject to such limitations as may be required under applicable rules, regulations or she produces reasonable evidence statutes governing the conduct of identity and authority;Company's business. (b) outside Company, by its duly authorized agents and/or representatives, shall have the right to annually, at its expense, upon ten (10) days advance written notice to FUSA, during FUSA's normal business hours only, audit such books, documents and other material reasonably necessary to confirm FUSA's performance of its obligations under this Agreement, including but not limited to the books and records of FUSA necessary to confirm the amounts of any Fees due to Company under this Agreement. All such audits shall be performed at those premisesFUSA's offices unless otherwise agreed to in writing by FUSA. Company shall be entitled to make copies of such books, unless documents and other material, subject to the confidentiality provisions of Paragraph 11 herein, such security procedures as FUSA may reasonably impose, and subject to such limitations as may by required under applicable rules, regulations or statutes governing the conduct of FUSA's business. In the event any such audit or inspection needs reveals a shortfall in any payment owing to be conducted on an emergency basis and Customer undertaking an audit has given notice Company, then FUSA shall promptly pay such shortfall amount to Compa that this is Company. Further, should any such shortfall exceed ten percent (10%) of the case before attendance outside those hours begins; (c) proper amount due for the purposes of more than one audit or inspectionperiod audited, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit then in addition to paying the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonableamount of the shortfall, taking into account the resources expended by Compa. Customer FUSA shall promptly notify Compa with information regarding any non-compliance during reimburse Company for all reasonable costs paid by the course Company of an the audit. 10.5 The Customer must provide Compa with any audit reports generated . Provide however, in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only event shall FUSA be obligated to reimburse Company in excess of one thousand ($1,000) dollars annually for the purposes of meeting its reasonable audit requirements under fees incurred by the Data Protection laws and/or confirming compliance with Company in the requirements of this DPA. The audit reports shall be confidentialabove described situation. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Bankcard Marketing Agreement (Coolsavings Com Inc), Bankcard Marketing Agreement (Coolsavings Com Inc)

Audit Rights. 10.1 10.1. Subject to this Section 10Sections 10.2 and 10.3, Compa Processor shall make available to the Customer on a reputable auditor mandated by Controller in coordination with Processor, upon prior written request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable such information necessary to reasonably demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an such reputable auditor mandated by the Customer Controller in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an Processor, provided that such third-party auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed shall be subject to by Compaconfidentiality obligations. 10.2 Information 10.2. Provisions of information and audit rights of the Customer audits are and shall be at Controller’s sole expense, and may only arise under Section 10.1 to the extent that the DPA Agreement does not otherwise give them Controller information and audit rights meeting the relevant requirements of the applicable Data Protection LawLaws. In any event, all audits or inspections shall be subject to the terms of the Agreement, and to Processor's obligations to third parties, including with respect to confidentiality. 10.3 Customer 10.3. Controller shall give Compa Processor reasonable advance prior written notice of any audit or inspection to be conducted under Section 10.1 and shall make use (and ensure that each of its mandated auditors makesuses) reasonable endeavors its best efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 10.3.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 10.3.2. if Processor was not given a written notice of such audit or inspection at least 2 weeks in advance; 10.3.3. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit Controller has given notice to Compa Processor that this is the case before attendance outside those hours begins; 10.3.4. for premises outside the Processor's control (c) for the purposes such as data storage farms of Processor's cloud hosting providers); 10.3.5. if more than one (1) audit or inspection, in respect of Compaeach Processor, already took place in any the same calendar year, except for any additional audits or inspections which Customer which: 10.3.5.1. Controller reasonably considers necessary because of genuine concerns as to Processor’s compliance with this DPA; or 10.3.5.2. Controller is required to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer Controller has identified its concerns or the relevant requirement or request in its prior written notice to Compa Processor of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Agreement, Data Processing Agreement

Audit Rights. 10.1 Subject Upon prior written request, Power Grids will certify to Customer that it is in compliance with this DPA by providing adequate evidence in form of either the results of a self-audit, internal company rules of conduct including external evidence of compliance, certificates on data protection and/or information security (e. g. ISO 27001), or other reasonable certificates or other means. 10.2 Evidence of the implementation of measures which are not specific to this Section 10DPA may be given in the form of up-to-date attestations, Compa shall make available reports or extracts thereof from independent bodies (e.g. external auditors, internal audit, the data protection officer, the IT security department or quality auditors) or suitable certification by way of an IT security or data protection audit. 10.3 Customer has the right to the Customer on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information necessary to demonstrate audit Power Grids’ compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the if Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent its reasonable discretion believes that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it can10.2 are not avoid, to minimize) any damage, injurysufficient in an individual case, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such a competent data protection authority requests an audit. The audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside will be carried out during normal business hours at those premiseswithout disruption of Power Grids’ business operations, taking into account a reasonable lead time, which shall in no case be less than thirty (30) days unless there is an urgent need for an earlier audit. Power Grids may make the audit or inspection needs conditional upon the signing of a confidentiality agreement with regard to be conducted on an emergency basis the data of other customers and the technical and organizational measures set up. Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to may not appoint a third party who auditor that is performing the audit on behalf of the Customer, unless such third party auditor executes in a confidentiality agreement acceptable to Compa before the auditcompetitive relationship with Power Grids. 10.4 Customer shall reimburse Compa for will not exercise its audit rights more than once in any time expended for any such on-site audittwelve (12) month period, except (i) if applicable, at Compa’s then-current professional services rate, which shall be made available and when required by instruction of a competent data protection authority or other regulator with jurisdiction over Customer; or (ii) Customer believes a further audit is necessary due to Customer upon request. Before commencement a breach or suspected breach of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended security suffered by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an auditPower Grids. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer Power Grids may use audit reports only claim remuneration for its efforts when enabling Customer’s audits according to the purposes then current rates of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialPower Grids on a time and material basis. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Agreement, Data Processing Agreement

Audit Rights. 10.1 13.1 Subject to this Section 10sections 13.2 to 13.3, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 13.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 13.1 to the extent that the DPA Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 13.3 A Company Group Member may only mandate an auditor for the purposes of section 13.1 if the auditor is identified and agreed with the Vendor at the time of execution of this agreement or agreed in writing in advance of the audit. Vendor shall not unreasonably withhold or delay agreement to the addition of a new auditor. 13.4 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 13.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 13.4.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 13.4.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 13.4.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this DPA; or 13.4.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Agreement, Data Processing Agreement

Audit Rights. 10.1 9.1 Subject to this Section 10section 9.2 and 9.3, Compa Surecomp shall make available to the Customer on requestClient upon a reasonable request and at Client’s cost, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information which is reasonably necessary to demonstrate compliance with this DPAArticle 28(3) of the GDPR. 9.2 Where applicable, and (ii) shall if Client is not otherwise satisfied by its audit rights pursuant to the Agreement, Surecomp shall, at the Client's costs, allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer Client (subject to section 9.3 where auditor shall be subject to written confidentiality obligations in relation to such information) in relation to the Processing of the Customer Client's Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa.Processor, provided that:‌ 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer 9.2.1 Client shall give Compa Surecomp a reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make schedule such audit with Surecomp; and 9.2.2 Client shall take reasonable steps to ensure (and ensure shall procure that each of its mandated auditors makesauditors) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or minimize disruption to Compathe Processor’s premisesbusiness, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional while such audits or inspections which Customer is required shall be conducted during normal working hours. 9.2.3 The auditor shall have no access to carry out by a Supervisory Authority non-Client information. 9.2.4 no audit shall include access to Surecomp’s network and/ or networks that contain Surecomp’s other clients’ data; 9.2.5 Client will receive only the auditor's report, without any similar regulatory authority responsible Surecomp 'raw data' materials, will keep the audit results in strict confidentiality and will use them solely for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa specific purposes of the audit or inspection; orunder this section; (d) to 9.2.6 At Surecomp’a request, Client will provide it with a third party who is performing the audit on behalf copy of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before auditor's report; 9.2.7 As soon as the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration purpose of the audit in addition to is completed, Client will permanently dispose of the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an auditaudit report. 10.5 The Customer must provide Compa with any audit reports generated 9.3 Surecomp may object to an auditor mandated by Client if the auditor is, in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes Surecomp’s opinion, not suitably qualified or independent, a competitor of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employeesSurecomp, or Subprocessorsotherwise manifestly unsuitable. In the event of such an objection, Client shall appoint another auditor or conduct the audit itself.‌ 9.4 Such audit or inspection may be conducted up to grant access to any multi-tenant systemsone time per each 12 months’ term.

Appears in 2 contracts

Sources: Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 Subject to this Section 10, Compa 10.1. Supplier shall make available to the Customer on request, no more frequently than annually unless request such information as Supplier (acting reasonably) considers appropriate in response to a request by a regulatory authority: (i) reasonable information necessary the circumstances to demonstrate its compliance with this DPAData Processing Addendum. 10.2. Subject to Paragraphs 10.3 and 10.4, and in the event that Customer (iiacting reasonably) is able to provide documentary evidence that the information made available by Supplier pursuant to Paragraph 10.1 is not sufficient in the circumstances to demonstrate Supplier’s compliance with this Data Processing Addendum, Supplier shall allow for and contribute to audits, including on-premise inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaSupplier. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 10.3. Customer shall give Compa Supplier reasonable advance notice of any audit or inspection to be conducted under Section Paragraph 10.1 (which shall in no event be less than fourteen (14) days’ notice unless required by a Supervisory Authority pursuant to Paragraph 10.4(f)(i)) and shall make use its best efforts (and ensure that each of its mandated auditors makesuses its best efforts) reasonable endeavors to avoid causing (orcausing, if it cannot avoidand hereby indemnifies Supplier in respect of, to minimize) any damage, injury, injury or disruption to CompaSupplier’s premises, equipment, personnelPersonnel, data, and business (including any interference with the confidentiality or security of the data of Supplier’s other customers or the availability of Supplier’s services to such other customers) while its personnel Personnel and/or its auditor’s Personnel (if applicable) are on those premises in the course of such an audit or any on-premise inspection. 10.4. Compa Supplier need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of their identity and authority; (b) to any auditor whom Supplier has not given its prior written approval (not to be unreasonably withheld); (c) unless the auditor enters into a non-disclosure agreement with Supplier on terms acceptable to Supplier; (d) where, and to the extent that, Supplier considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of Supplier’s other customers or the availability of Supplier’s services to such other customers; (e) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;; or (cf) for the purposes of on more than one audit or inspection, in respect of Compa, occasion in any calendar yearyear during the term of the Agreement, except for any additional audits or inspections which Customer is required to carry out under the GDPR or by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territoryAuthority, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa Supplier of the audit or inspection; or. (d) to a 10.5. Customer shall bear any third party who is performing the costs in connection with such inspection or audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall and reimburse Compa Supplier for any all costs incurred by Supplier and time expended for any such on-site audit, if applicable, spent by Supplier (at CompaSupplier’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated rates) in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialsuch inspection or audit. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Addendum, Software as a Service Agreement

Audit Rights. 10.1 Subject to this Section 10Sections 10.2 to 10.3, Compa Discovery Education shall make available to the Customer Subscriber on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer Subscriber or an auditor mandated by the Customer Subscriber in relation to the Processing of the Customer Personal Subscriber Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaDiscovery Education. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer Subscriber shall give Compa Discovery Education reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 9.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to CompaDiscovery Education’s and/or any Sub-processor’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa Discovery Education and any Sub- processor(s) need not give access to its premises for the purposes of such an audit or inspection: (a) 10.2.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 10.2.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit Subscriber has given notice to Compa Discovery Education that this is the case before attendance outside those hours begins;; or (c) 10.2.3 for the purposes of more than one audit or inspection, in respect inspection of Compa, Discovery Education or any Sub-processor in any calendar year, except for any additional audits or inspections which Customer which: 10.2.3.1 Subscriber reasonably considers necessary because of genuine concerns as to Discovery Education’s compliance with this Addendum; or 10.2.3.2 Subscriber is required or requested to carry out by the Applicable Laws, a Supervisory Authority Authority, or any similar regulatory authority responsible for the enforcement of Data Protection the Applicable Laws in any country or territory, where the Customer Subscriber has identified its concerns or the relevant requirement or request in its notice to Compa Discovery Education of the audit or inspection; or. (d) 10.3 Each party shall bear its own costs with respect to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the any audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 Subject Customer agrees that PROS’ most recently completed SOC1 and SOC2 audit reports, or comparable industry- standard successor report, prepared by PROS’ independent third-party auditor will, to this Section 10the extent applicable, Compa shall be used to satisfy any audit or inspection requests by or on behalf of Customer, and PROS will make such reports available to Customer upon request (or Customer’s independent third-party auditor that is not a competitor of PROS) subject to the confidentiality obligations set forth in the Agreement. 10.2 Customer on request, no more frequently than annually unless in response may request an on-site audit of procedures relevant to a request the Processing of Personal Data by a regulatory authority: PROS (i“On- Site Audit”) reasonable if: 10.2.1 the information necessary available pursuant to PROS SOC 1 and SOC 2 audit reports is not sufficient to demonstrate compliance with the obligations set out in this DPA, and (ii) shall allow for and contribute to audits, including inspections, Addendum; or 10.2.2 Customer has received notice of a Data Breach from PROS; or 10.2.3 the On-Site Audit is formally requested by the Customer Customer's Supervisory Authority or an auditor mandated required by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of applicable Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to An On-Site Audit may be conducted under Section 10.1 and by Customer or through its independent third-party auditor (that is not a competitor of PROS) subject to the following limitations: 10.3.1 Customer gives PROS reasonable written notice, which shall make not be less than 30 days (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injuryunless a Supervisory Authority requires shorter notice, or disruption to Compa’s premisesa Data Breach has occurred); 10.3.2 it is conducted during PROS’ regular business hours, equipment, personnelat reasonable intervals, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of no more than one audit once per calendar year (unless required or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out requested by a Supervisory Authority or any similar regulatory authority responsible for Authority); 10.3.3 the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa scope of the audit or inspectionOn-Site Audit is mutually agreed in advance by PROS and Customer acting reasonably and in good faith; 10.3.4 where an independent auditor is involved, they have entered into a non-disclosure agreement containing confidentiality provisions no less protective than those set forth in the Agreement to protect PROS Confidential Information; orand (d) to a third party who is performing 10.3.5 Customer bears the audit on behalf reasonable costs of the Customer, On-Site Audit unless such third party auditor executes audit reveals a confidentiality agreement acceptable material breach by PROS of this Addendum, then PROS shall bear its own expenses of an audit. Any costs will be agreed by PROS and Customer in advance. Any On-Site Audits will be limited to Compa before Customer Data Processing and storage facilities operated by PROS or PROS Affiliates. Customer acknowledges that the auditSubscription Service is hosted by PROS hosting Sub-processors who maintain independently validated security programs (including SOC 1, SOC 2 and ISO 27001). 10.4 Customer shall reimburse Compa for any time expended for any such onReports following from the On-site audit, if applicable, at Compa’s then-current professional services rate, which shall Site Audit will be made available treated as PROS' Confidential Information and subject to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration confidentiality obligations of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by CompaAgreement. Customer shall promptly notify Compa provide PROS with information regarding about any actual or suspected non-compliance discovered during the course of an auditOn-Site Audit, which PROS will promptly remedy at its own cost. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 Subject to this Section 10sections 10.2 to 10.3, Compa Vendor shall make available to the Customer on request, no more frequently than annually unless in response to a Company upon reasonable request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer Company or an auditor mandated by the Customer or in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaVendor. 10.2 Information and audit rights of the Customer Company only arise under Section section 10.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer Company undertaking an audit shall give Compa Vendor reasonable advance notice (in no event less than fourteen (14) days) of any audit or inspection to be conducted under Section section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compathe Vendor’s premises, equipment, personnel, data and business while its personnel are on those premises in the course of such an audit or inspection. Compa Vendor need not give access to its premises for the purposes of such an audit or inspection: (a) 10.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 10.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit Company has given notice to Compa Vendor that this is the case before attendance outside those hours begins;; or (c) 10.3.3 for the purposes of more than one audit or inspection, in respect of Compa, inspection in any calendar year, except for any additional audits or inspections which Customer which: 10.3.3.1 Company undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's compliance with this Addendum; or 10.3.3.2 Company is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.,

Appears in 2 contracts

Sources: Data Privacy & Security, Data Privacy & Security

Audit Rights. 10.1 11.1 Subject to this Section 10section 11.3, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiliate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) for 11.3.3 For the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Agreement, Data Protection Addendum

Audit Rights. 10.1 11.1. Subject to this Section 10sections 11.2 to 11.4, Compa BulkSMS and each BulkSMS Affiliate shall make available to the Customer each Client Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Client Group Member or an auditor mandated by the Customer any Client Group Member in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2. Information and audit rights of the Customer Client Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA StandardTerms and Conditions does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3. A Client Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annexure 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. BulkSMS shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list. 11.4. Client or the relevant Client Affiliate undertaking an audit shall give Compa BulkSMS or the relevant BulkSMS Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors’ premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Client or the relevant Client Affiilate undertaking an audit has given notice to Compa BulkSMS or the relevant BulkSMS Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3. for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.4.3.1. Client or the relevant Client Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to BulkSMS’s or the relevant BulkSMS Affiliate’s compliance with this Addendum; or 11.4.3.2. A Client Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Client or the Customer relevant Client Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa BulkSMS or the relevant BulkSMS Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Protection Addendum, Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.4, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum. If Vendor and/or Vendor Affiliates have their compliance included in standard third party audits to international standards such as ISO ( International Organization for Standardization) or SOC (Service Organization Control) they shall make such reports available on a confidential basis to any Company Group Member upon request and Company Group Member shall use such audit reports in lieu of an individual audit. If such audit reports are not available, Vendor and/or Vendor Affiliates and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for The cost of audits performed by any Company Group Member shall be borne solely by the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaCompany Group Member. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 2 contracts

Sources: Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 A Company Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. Vendor shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list. 11.4 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.4.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.4.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.]

Appears in 2 contracts

Sources: Data Processing Addendum, Data Processing Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.4, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 A Company Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. Vendor shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list. 11.4 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors reasonab le endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contrac ▇▇▇ Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.4.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.4.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.]

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 Subject 12.1 GBG is required by its third party data suppliers and regulatory bodies to include a right of audit in all of its Client Agreements. The following provisions of this Section 10, Compa shall make available clause 12 are to give effect to that requirement. 12.2 Upon reasonable prior written notice to the Customer on requestClient and upon reasonable grounds, no more frequently than annually unless in response GBG shall be entitled to conduct an on-site audit or to appoint a request by a regulatory authority: (i) reasonable information necessary third party auditor to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or conduct an auditor mandated by the Customer in relation to the Processing on-site audit of the Customer Personal Data by Client's premises used in connection with the Contracted Processors. A Customer may only mandate an auditor Service for the purposes of investigating the Client’s compliance with its obligations under this Section 10.1 if the auditor is reasonably agreed to by CompaAgreement. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does 12.3 Audits shall not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are carried out on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit occasion per year of this Agreement unless GBG reasonably believes that the Client is in material breach of the Agreement or inspection, unless GBG is required to do so by any regulatory body with competent jurisdiction or one of GBG's third party suppliers engaged in connection with the Service. GBG or its auditor may be accompanied by representatives of any such regulatory body or third party supplier in respect of Compaany such audit imposed on GBG. 12.4 All audits will be conducted in a manner that does not materially disrupt, in any calendar yeardelay or interfere with the Client's performance of its business and shall be carried out at the expense of GBG or its third party suppliers. Should the audit reveal a breach of the Agreement by the Client, except for any additional audits the Client shall reimburse GBG or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible its third party suppliers for the enforcement full cost of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer 12.5 The Client shall reimburse Compa provide GBG (or any regulatory body or third party supplier as relevant) with full access to its premises, employees, computers, IT systems and records as required for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement the purpose of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any 12.6 Prior to undertaking an audit reports generated in connection with any audit at no charge unless prohibited by applicable lawunder this clause 12 GBG shall be entitled (but not obligated) to submit to the Client questions regarding the Client’s performance of its obligations under this Agreement. The Customer may use audit reports only for the purposes Client shall respond to these questions within 14 days of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPAreceiving such request. The submission of questions under this clause 12.6 will not prejudice GBG’s audit reports shall be confidentialrights under this clause. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Web Services Agreement

Audit Rights. 10.1 11.1 Subject to this the provisions of Section 1011.3 below, Compa shall make available to the Customer on at Client’s written request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable Provider will provide Client all information necessary to demonstrate compliance with this DPAAddendum. The information provided will constitute Provider Confidential Information under the confidentiality provisions of the Agreement or a non-disclosure agreement, as applicable. 11.2 Provider uses external auditors to verify adequacy of its security measures, including the security of the physical data centers from which Provider provides the Services. This audit: (a) will be performed at least annually; (b) will be performed by independent third party security professionals at Provider’s selection and expense; (iic) will result in generation of an audit report (“Report”), which will be Provider’s Confidential Information. If Client’s agreement does not include a provision protecting Provider’s Confidential Information, then Report will be made available to Client subject to a mutually agreed upon non- disclosure agreement (“NDA”) covering the Report. 11.3 At Client’s written request, Provider will provide Client with a confidential Report so that Client can reasonably verify Provider’s compliance with the security obligations under this Addendum. The Report will constitute Provider’s Confidential Information under the confidentiality provisions of the Agreement or the NDA, as applicable. 11.4 If the results of such review are not sufficient for Client and the Report does not cover issues requested by Client, Client may carry out its own audit. In such case, Provider shall allow for and contribute to audits, including inspections, by the Customer any Client or an auditor mandated by the Customer Client in relation to the Processing of the Customer Client Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of Provider or Subprocessors in accordance with Section 11 to this Section 10.1 if the auditor is reasonably agreed to by CompaAddendum. 10.2 Information and 11.5 The parties agree that the audits shall be carried out in accordance with the following specifications: (a) Client should contact Provider to request an audit rights of the Customer only arise under Section 10.1 procedures relevant to the extent that protection of Personal Data. Before the DPA does not otherwise give them information and commencement of any such audit rights meeting Client should review the relevant requirements of Data Protection LawReports. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and (b) Client shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, damage or disruption to Compa’s the Provider or Subprocessor premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa . (c) Before the commencement of any such audit, Client and Provider shall mutually agree upon the scope, timing and duration of the audit. (d) Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (ai) to any individual unless he or she produces reasonable evidence of identity and authority; (bii) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;; or (ciii) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar yearProvider or each Subprocessor, except for any additional audits or inspections which Customer is required which: (A) Client reasonably considers necessary because of genuine concerns as to carry out by a Supervisory Authority Provider’s or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspectionapplicable Subprocessor’s compliance with this Addendum; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.3, Compa myneTEC and each myneTEC Affiliate shall make available to the each Customer Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the any Customer Group Member or an auditor mandated by the any Customer Group Member in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 11.3 Customer or the relevant Customer Affiliate undertaking an audit shall give Compa myneTEC or the relevant myneTEC Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors’ premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer or the relevant Customer Affiilate undertaking an audit has given notice to Compa myneTEC or the relevant myneTEC Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which which: 11.3.3.1 Customer or the relevant Customer Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to myneTEC‘s‘ or the relevant myneTEC Affiliate’s compliance with this DPA; or 11.3.3.2 A Customer Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Customer or the relevant Customer Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa myneTEC or the relevant myneTEC Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 Subject to this Section 1011.2., Compa each applicable Contracted Vendor shall reasonably make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAgreement, and (ii) shall allow for and contribute to cooperate with audits, including inspections, by the Customer any Company Group Member or an auditor mandated appointed by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted ProcessorsVendor. A Customer may only mandate The applicable Company Group Member undertaking an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 shall give at least fifteen (15) days’ written notice to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of applicable Contracted Vendor with regard to any audit or inspection to be conducted under Section 10.1 11.1., and shall make reasonably avoid (and ensure that each of its mandated appointed auditors makesreasonably avoids) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Vendor's premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa : A Contracted Vendor need not give access to its premises for the purposes of such an audit or inspection: (a) inspection under Section 11.1.: to any individual unless he or she produces reasonable evidence of identity and authority; (b) ; without the person or entity conducting the audit binding itself in writing to terms of confidentiality acceptable to Vendor; outside normal business hours at those premiseshours; or more than once per year. In the event that an audit reveals the Contracted Vendor is not in compliance with the terms and conditions of this Agreement or Applicable Laws, unless the Company Group Member will promptly notify the Contracted Vendor of such non-compliance. The Vendor and/or Contracted Vendor agree(s) that such non-compliance shall be materially remedied within thirty (30) days of its receipt of notice of non-compliance, and if it does not, Vendor and/or Contracted Vendor further agrees that Company and/or applicable Company Group Member may immediately upon notice to Vendor, terminate this Agreement. Any audit or inspection needs to conducted under this Section 11 shall be conducted on an emergency basis at Company’s sole cost and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes expense and Company shall indemnify, defend and hold harmless Contracted Vendor from any act or omission of more than one any employee, agent or representative of Company or a mandated third-party auditor during such audit or inspection, in . Restricted Transfers. With respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for Restricted Transfers taking place between the enforcement of Data Protection Laws in any country or territory, where Company Group Member and the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site auditVendor, if applicable, at Compa’s then-current professional services ratethe Company Group Member shall encrypt the Company Personal Data prior to transferring it to the Vendor, and the Appropriate Safeguard shall be as provided in Annex 2 for Personal Data subject to the EU GDPR, and in the case of Personal Data subject to the UK GDPR the Appropriate Safeguard shall comprise Annex 2 and Annex 3 together, as applicable to this Agreement. After careful consideration by the parties of the circumstances of such Restricted Transfer to the United States, the applicable Appropriate Safeguard described above, and the additional safeguards provided in this Agreement, provide the Data Subjects who are located in the EEA and whose Personal Data is Processed hereunder enjoy an essentially equivalent level of protection and rights as they do under the EU GDPR in the EEA with respect to their Personal Data (“Essential Equivalence”). Before it commences any Restricted Transfer to a Subprocessor, a Contracted Vendor shall ensure that an Appropriate Safeguard exists between itself and the Subprocessor, or if necessary, between the Company Group Member (the “Data Exporter”) and the Subprocessor (the “Data Importer”) that provides Essential Equivalence for applicable Data Subjects, and if that is not the case, the Contracted Vendor shall institute such additional safeguards as are necessary to provide Essential Equivalence in the country that the Company Personal Data will be imported into. Notwithstanding anything to the contrary herein, for sole purpose of engaging in Restricted Transfers, which shall be made available are strictly necessary to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on perform the scope, timingServices under this Agreement, and duration of only where the audit in addition Standard Contractual Clauses are the Appropriate Safeguard selected, Company Group Member grants to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking Contracted Vendor limited agency rights to enter into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting Standard Contractual Clauses on its audit requirements under the Data Protection laws and/or confirming compliance behalf with the requirements of this DPA. The audit reports shall be confidentialapplicable Vendor Affiliate or Subprocessor. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 11.1 Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 [A Company Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. Vendor shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list.] 11.4 [Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3 for the purposes of more than one [one] audit or inspection, in respect of Compaeach Contracted Processor, in any [calendar year], except for any additional audits or inspections which Customer which: 11.4.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.4.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.]

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1. Subject to this Section 10sections 11.2 and 11.3, Compa AppsFlyer shall make available to the Customer on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable such information necessary to demonstrate compliance with this DPADPA and shall allow for, and (ii) shall allow for and contribute to auditsto, including inspections, audits by the Customer or an a reputable auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by AppsFlyer. 11.2. To the Contracted Processorsextent AppsFlyer has undergone a third party independent audit based on SOC 2, Type II or similar standards, then any audit right arising pursuant to section 11.1 shall be first satisfied by providing Customer with a summary of the report of such audit. A If Customer, for reasonable reasons, is not satisfied by the summary of the independent audit report then Customer may only mandate request that a reputable auditor perform an auditor for audit pursuant to section 11.1 and subject to Section 11.3. If AppsFlyer does not agree to such additional audit or inspection, then Customer shall have the purposes of this Section 10.1 if right to terminate the auditor is reasonably agreed to by CompaAgreement with immediate effect. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 11.3. Customer shall give Compa AppsFlyer reasonable advance prior written notice of any audit or inspection to be conducted under Section 10.1 11.1 and shall make use (and ensure that each of its mandated auditors makesuses) reasonable endeavors its best efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to CompaAppsFlyer’s premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa All such audits shall be subject to the confidentiality obligations set forth in the Agreement. Customer and AppsFlyer shall mutually agree upon the scope, timing and duration of the audit or inspection in addition to any reimbursement of expenses for which Customer shall be responsible. Any such audits shall not occur more than once a year (except where required by law or due to a Personal Data Breach). Additionally, AppsFlyer need not give access to its premises for the purposes of such an audit or inspection: : (a) to any individual unless he or she produces reasonable evidence of identity and authority; ; (b) outside normal business hours at those premises, unless the audit to any competitor of AppsFlyer; or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compaoutside AppsFlyer’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Companormal business hours. Customer shall promptly notify Compa share the full audit report with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa AppsFlyer and shall not share it with any third-party except its accountants and legal advisors who are bound to confidentiality. Customer shall not use such audit reports generated in connection with report for any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming other purpose than to assess AppsFlyer’s compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 Subject 6.1. Radio Provider shall have the right, at its own expense, to this Section 10direct an independent certified public accounting firm to inspect and audit the relevant accounting and sales books and records of Card Provider limited to those books and records needed to calculate commissions payable by Card Provider hereunder pursuant to Schedule "4" provided, Compa that (a) any such inspection and audit shall make available be conducted during regular business hours in such a manner as not to the Customer on request, interfere with normal business activities; (b) in no event shall audits be made hereunder more frequently than annually unless in response once each calendar year; (c) if any audit should disclose an underpayment, Card Provider shall immediately pay such amount to a request by a regulatory authority: (i) reasonable information necessary to demonstrate compliance with this DPA, Radio Provider; and (iid) shall allow for the reasonable fees and contribute expenses relating to audits, including inspections, by the Customer or any audit which reveals an auditor mandated by the Customer underpayment in relation to the Processing excess of ten percent (10%) of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor amount owing for the purposes of this Section 10.1 if the auditor is reasonably agreed to reporting period in question shall be borne entirely by CompaCard Provider. 10.2 Information 6.2. Card Provider shall have the right, at its own expense, to direct an independent certified public accounting firm to inspect and audit rights of all the accounting and sales books and records of Radio Provider that are relevant to radio marketing of the Customer only arise under Section 10.1 to the extent SVC by Radio Provider hereunder; provided that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) any such inspection and audit shall be conducted during regular business hours in such a manner as not to any individual unless he or she produces reasonable evidence of identity and authority; interfere with normal business activities; (b) outside normal business hours at those premises, unless the audit or inspection needs to in no event shall audits be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; made hereunder more frequently than once each calendar year; (c) for the purposes of more than one if any audit or inspectionshould disclose insufficient media, in respect of Compa, in any calendar year, except for any Radio Provider shall immediately commit additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspectionmedia; or and (d) the reasonable fees and expenses relating to any audit which reveals a third party who is performing shortfall of media in excess of ten percent (10%) from Schedule "2" subject to the audit provisions of Section 6.2, above. Meaning, so long as Radio Provider makes good on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which media shortfall no additional media hereunder shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an auditrequired. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Radio Marketing Agreement (Direct Response Financial Services Inc)

Audit Rights. 10.1 11.1. Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2. Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3. A Company Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. Vendor shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list. 11.4. Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3. for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.4.3.1. Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.4.3.2. A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.]

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa.Processors.‌ 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.Law (including, where applicable, article 28(3)(h) of the GDPR).‌ 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one [one] audit or inspection, in respect of Compaeach Contracted Processor, in any [calendar year], except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 11.1 Subject to this Section 10Sections 11.2 to 11.4, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Tata Communications Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Tata Communications Group Member or an auditor mandated by the Customer any Tata Communications Group Member in relation to the Processing of the Customer Tata Communications Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa.Processors.‌ 10.2 11.2 Information and audit rights of the Customer Tata Communications Group Members only arise under Section 10.1 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.Law (including, where applicable, Article 28(3)(h) of the GDPR).‌ 10.3 Customer 11.3 Tata Communications or the relevant Tata Communications Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Tata Communications or the relevant Tata Communications Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Tata Communications or the relevant Tata Communications Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Tata Communications Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Tata Communications or the Customer relevant Tata Communications Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.3, Compa JourneyApps and each JourneyApps Affiliate shall make available to the each Customer Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the any Customer Group Member or an auditor mandated by the any Customer Group Member in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 11.3 Customer or the relevant Customer Affiliate undertaking an audit shall give Compa JourneyApps or the relevant JourneyApps Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors’ premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer or the relevant Customer Affiliate undertaking an audit has given notice to Compa JourneyApps or the relevant JourneyApps Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which which: 11.3.3.1 Customer or the relevant Customer Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to JourneyApps’ or the relevant JourneyApps Affiliate’s compliance with this DPA; or 11.3.3.2 A Customer Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Customer or the relevant Customer Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa JourneyApps or the relevant JourneyApps Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 Subject (a) Company shall have the right, upon twenty four (24) hour prior written notice to this Section 10Manufacturer, Compa shall make available to conduct, at its expense and during normal business hours, a quality assurance audit and inspection of Manufacturer’s records and production facilities relating to the Customer on requestmanufacturing, no assembly and/or packaging of the Products. Except as provided in Section 7.3(b), such audits shall, assuming the full cooperation of Manufacturer, not be conducted more frequently than annually three (3) times per calendar year unless there is a reasonable basis for additional audits. Any auditors that are not employees of Company shall be required to enter into confidentiality agreements with Manufacturer and Company containing terms of confidentiality that require them to keep confidential Manufacturer’s Confidential Information. (b) Company shall have the right to conduct additional audits in response to incidents/deviations associated with the manufacture/testing of the Products, given that a request reasonable advanced notice is provided to Manufacturer. Visits by a regulatory authority: (i) reasonable information necessary Company to demonstrate compliance with this DPAManufacturer production facilities may involve the transfer of Confidential Information, and (ii) any such Confidential Information shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation be subject to the Processing terms of the Customer Personal Data by the Contracted ProcessorsArticle 11 hereof. A Customer may only mandate an auditor for the purposes The results of this Section 10.1 if the auditor is reasonably agreed such audits and inspections shall be considered Confidential Information under Article 11 and shall not be disclosed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 Third Parties, except to the extent required by law or otherwise in connection with regulatory or governmental compliance and only then upon prior written notice to Manufacturer, to the extent practicable. In the event that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection reveals that Manufacturer failed to meet cGMPs or the Product Specifications, Manufacturer shall be conducted under Section 10.1 responsible, at Manufacturer’s expense, for: (a) conducting an investigation to define the probable causes for the failure; (b) providing an acceptable cGMP investigation report and remediation plan to Company for review and, with respect to the remediation plan, approval; and (c) achieving compliance with cGMPs and the Product Specifications. (c) Company shall make have the right, upon ten (10) days’ prior written notice to Manufacturer, to conduct, at its expense and during normal business hours, a quality assurance audit and inspection of all suppliers and vendors of Materials. Manufacturer shall ensure that each of its mandated auditors makesagreements with vendors and suppliers of Materials provides for both Manufacturer’s and Company’s right to audit their facilities and processes. Manufacturer shall provide Company written notice of its intent to audit a subcontractor or vendor of Materials no less than thirty (30) reasonable endeavors days prior to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnela scheduled audit, and business while its personnel are on those premises shall offer Company an opportunity to attend and participate in such audit. Subcontractor and vendor audits shall, assuming the course full cooperation of such an audit Manufacturer and the subcontractor or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: vendor at issue, (a) be limited to any individual unless he not more than two (2) auditors for a duration of two (2) days or, at the option of Company, one (1) auditor for three (3) days appointed by or she produces reasonable evidence of identity representing Company and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to may be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of not more than one audit or inspection, in respect of Compa, in any (1) time per calendar year, except without a reasonable basis for any additional audits. To the extent practicable Company shall coordinate its audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the auditwith Manufacturer so they can be completed simultaneously. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Commercial Supply Agreement (Lifevantage Corp)

Audit Rights. 10.1 11.1 Subject always to this Section 10sections 11.2 and 11.3 below, Compa the Supplier shall make available (i) provide to the Customer on request, no more frequently than annually unless in response to a request such information and assistance as may be reasonably required by a regulatory authority: (i) reasonable information necessary the Customer to demonstrate the Supplier’s compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, audits by the Customer Customer, or an auditor mandated appointed by the Customer Customer, in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaSupplier. 10.2 Information 11.2 The information and audit rights of the Customer described in clause 11.1 shall arise only arise under Section 10.1 to the extent that the DPA Agreement does not otherwise give them provide the Customer with information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 11.3 The Customer shall give Compa the Supplier reasonable advance prior notice of any not less than 30 days of its wish to carry out an audit or inspection in accordance with this clause 11 and the parties will discuss and agree the timing, scope, duration and other aspects in advance of the audit or inspection, subject always to be conducted under Section 10.1 the following conditions:- 11.3.1 all personnel appointed by the Customer to carry out an audit or inspection (“Personnel”) must provide suitable written undertakings to the Customer, including undertakings regarding confidentiality and shall make (compliance with the Customer’s codes of practice and ensure that each regulations, including any relating to security or health and safety; 11.3.2 all Personnel must produce evidence of its mandated auditors makes) reasonable endeavors to their identity and authority; 11.3.3 the Customer will avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compathe Supplier’s premises, equipment, personnel, personnel and business while its personnel Personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside 11.3.4 all audits and inspections shall be carried out only during the Customer’s normal business hours at those premiseshours, unless the audit or inspection needs to be conducted justified on an emergency basis and provided that the Customer undertaking an audit has given notice to Compa that this is an acceptable explanation of the case before attendance grounds for the need for access outside those hours beginsnormal business hours; (c) for the purposes of 11.3.5 no more than one audit or inspection, in respect of Compa, inspection may be carried out in any calendar year, except for any additional audits or inspections which Customer is ; and/or 11.3.6 that the extent of access permitted to Personnel will be only that strictly required to carry out by a Supervisory Authority establish the Customer’s compliance with this Addendum and under no circumstances will the Personnel be entitled to access any data, systems, equipment or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where premises which may cause the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed obligations to any third party, including breach of its clients, employees, any contractual or Subprocessors, or to grant access to any multi-tenant systemsconfidentiality obligations.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 12.1 Subject to this Section 10sections 12.2 and 12.3, Compa upon Customer’s written request, at reasonable intervals, Hevo and/or the relevant Hevo Affiliate shall make available to the Customer on requestwhich is not a competitor of Hevo, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer Customer, at the Customer’s cost, in relation to the Processing of the Customer Personal Data by Hevo and/or the Contracted Processorsrelevant Hevo Affiliate and their Subprocessors, provided that such audit right is available to the Customer once yearly.Hevo and or the relevant Hevo Affiliate shall assist in these audits in the form of provision of required information and facilitating interviews of relevant Hevo and/or the relevant Hevo Affiliate employees. A Customer may only mandate an auditor for However, Hevo and/or the purposes of this Section 10.1 if relevant Hevo Affiliate will not be able to provide access to the auditor is reasonably agreed to SaaS platform operated by CompaHevo and/or the relevant Hevo Affiliate or otherwise let the auditors interact with the platform. 10.2 12.2 Information and audit rights of the Customer only arise under Section 10.1 section 12.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 12.3 Customer shall give Compa Hevo and/or the relevant Hevo Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 12.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s Hevo, the relevant Hevo Affiliate, and their Subprocessors’ premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa Hevo, the relevant Hevo Affiliate and their Subprocessors need not give access to its premises for the purposes of such an audit or inspection: (a) 12.3.1 to any individual unless he or she produces reasonable evidence of identity and authority;; or (b) 12.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa Hevo that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 11.1 Subject to the provisions of this Section 10Section, Compa WJ/EW shall make available to the Customer Customer/Controller on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information reasonably necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer Customer/Controller or an auditor mandated appointed by the Customer Customer/Controller in relation to the Processing of the Customer Customer/Controller Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Customer/Controller only arise under Section 10.1 section 11.1 to the extent that the DPA ▇▇▇▇ does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 A Customer/Controller may only mandate an auditor for the purposes of ▇▇▇▇▇▇▇▇▇.1 if the auditor is identified at least sixty (60) days in advance in writing and approved by WJ/EW. WJ/EW shall give Compa not unreasonably withhold or delay approval of an auditor. Reasonable grounds for refusing Customer/Controller’s choice of auditor shall be provided in writing, after which a new auditor shall be identified. 11.4 Audits shall be conducted only by agreement on reasonable advance notice of any audit or inspection to be conducted under Section 10.1 hereunder and shall make use best efforts (and ensure that each of its mandated auditors makesmakes such efforts) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, delay, or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit Customer/Controller has given notice to Compa WJ/EW that this is the case before attendance outside those hours begins;; or (c) 11.4.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar yearyear period, except for any additional audits or inspections which Customer which: 11.4.3.1 Customer/Controller undertaking an audit reasonably considers necessary because of genuine concerns as to WJ/EW’s compliance with this Addendum; or 11.4.3.2 Customer/Controller is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer Customer/Controller undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa WJ/EW of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 11.1. Subject to this Section 10Sections 10.2 and 10.3, Compa Processor shall make available to the a reputable auditor mandated by Customer on in coordination with Processor, upon prior written request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable such information necessary to reasonably demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an such reputable auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an Processor, provided that such third-party auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed shall be subject to by Compaconfidentiality obligations. 10.2 Information 11.2. Provisions of information and audit rights of the Customer audits are and shall be at Customer’s sole expense, and may only arise under Section 10.1 11.1 to the extent that the DPA Agreement does not otherwise give them Customer information and audit rights meeting the relevant requirements of the applicable Data Protection LawLaws. In any event, all audits or inspections shall be subject to the terms of the Agreement, and to Processor's obligations to third parties, including with respect to confidentiality. 10.3 11.3. Customer shall give Compa Processor reasonable advance prior written notice of any audit or inspection to be conducted under Section 10.1 11.1 and shall make use (and ensure that each of its mandated auditors makesuses) reasonable endeavors its best efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compathe Processor’s premisesbusiness. Customer and Processor shall mutually agree upon the scope, equipment, personnel, timing and business while its personnel are on those premises in duration of the course of such an audit or inspectioninspection in addition to the reimbursement rate for which Customer shall be responsible. Compa Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2. if Processor was not given a written notice of such audit or inspection at least 2 weeks in advance; 11.3.3. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa Processor that this is the case before attendance outside those hours begins;; or 11.3.4. for premises outside the Processor's control (c) such as data storage farms of AWS) 11.3.5. for the purposes of more than one (1) audit or inspection, in respect of Compaeach Processor, in any calendar year, except for any additional audits or inspections which which: 11.3.5.1. Customer reasonably considers necessary because of genuine concerns as to Processor’s compliance with this DPA; or 11.3.5.2. Customer is required to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its prior written notice to Compa Processor of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 11.1. Subject to this Section 1011.2, Compa each applicable Contracted Vendor shall reasonably make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAgreement, and (ii) shall allow for and contribute to cooperate with audits, including inspections, by the Customer any Company Group Member or an auditor mandated appointed by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted ProcessorsVendor.‌ 11.2. A Customer may only mandate The applicable Company Group Member undertaking an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 shall give at least fifteen (15) days’ written notice to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of applicable Contracted Vendor with regard to any audit or inspection to be conducted under Section 10.1 11.1, and shall make reasonably avoid (and ensure that each of its mandated appointed auditors makesreasonably avoids) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Vendor's premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspectioninspection:‌ 11.3. Compa A Contracted Vendor need not give access to its premises for the purposes of such an audit or inspectioninspection under Section 11.1: (a) 11.3.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2. without the person or entity conducting the audit binding itself in writing to terms of confidentiality acceptable to Vendor; 11.3.3. outside normal business hours at those premiseshours; or 11.3.4. more than once per year. 11.4. In the event that an audit reveals the Contracted Vendor is not in compliance with the terms and conditions of this Agreement or Applicable Laws, unless the Company Group Member will promptly notify the Contracted Vendor of such non-compliance. The Vendor and/or Contracted Vendor agree(s) that such non-compliance shall be materially remedied within thirty (30) days of its receipt of notice of non-compliance, and if it does not, Vendor and/or Contracted Vendor further agrees that Company and/or applicable Company Group Member may immediately upon notice to Vendor, terminate this Agreement. 11.5. Any audit or inspection needs to conducted under this Section 11 shall be conducted on an emergency basis at Company’s sole cost and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes expense and Company shall indemnify, defend and hold harmless Contracted Vendor from any act or omission of more than one any employee, agent or representative of Company or a mandated third party auditor during such audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.4, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 A Company Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. Vendor shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list. 11.4 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiliate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.4.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.4.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 9.1 Subject to this Section 10sections 9.2 to 9.3, Compa we shall make available to the Customer you on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information reasonably necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated appointed by the Customer you in relation to the Processing of the Customer your Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer 9.2 You shall give Compa us reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and section 9.1. We may object in writing to an auditor appointed by you to conduct any audit under section 9.1 if the auditor is, in our reasonable opinion, not suitably qualified or independent, a competitor of ours, or otherwise manifestly unsuitable. Any such objection by us will require you to appoint another auditor. 9.3 You shall make (and ensure that each of its mandated auditors appointed auditor makes) reasonable endeavors all necessary efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 9.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 9.3.2 outside normal business hours at those premises, unless the audit or inspection needs is required to be conducted carried out on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;by a Supervisory Authority; or (c) 9.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer is you are required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 Subject to this Section 10paragraphs 10.2 and 10.3, Compa Oleeo shall make available to the Customer Client on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPASchedule, and (ii) shall allow for and contribute to audits, including inspections, by the Customer Client or an independent auditor mandated by the Customer Client (at the Client’s cost) in relation to the Processing of the Customer Client Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer Client only arise under Section paragraph 10.1 to the extent that the DPA agreement does not otherwise give them it information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer The Client shall give Compa Oleeo reasonable advance notice of any audit or inspection to be conducted under Section paragraph 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its the Client or auditor’s personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 10.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 10.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit the Client has given notice to Compa that this is the case Oleeo before attendance outside those hours begins;; or Oleeo Standdard Terms v27x GC Page 29 of 32 (c) 10.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: (a) the Client reasonably considers necessary because of genuine concerns as to Oleeo's compliance with this Schedule; or (b) the Client is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer Client has identified its concerns or the relevant requirement or request in its notice to Compa Oleeo of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Recruitment Application Service Agreement

Audit Rights. 10.1 11.1 Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 A Company Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. Vendor shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list. 11.4 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s premises, equipment, personnel, and business the Contracted Processors' personnel while its personnel are on those premises in the course of such an audit or inspectionaudit. Compa A Contracted Processor need not give access to its premises personnel for the purposes of such an audit or inspectionaudit: (a) 11.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2 outside normal business hours at those premisesof Vendor, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any two calendar yearyears, except for any additional audits or inspections which Customer which: 11.4.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.4.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1. Subject to this Section 10Sections 10.2 and 10.3, Compa Processor shall make available to the Customer on a reputable auditor mandated by Controller in coordination with Processor, upon prior written request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable such information necessary to reasonably demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an such reputable auditor mandated by the Customer Controller in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an Processor, provided that such third-party auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed shall be subject to by Compaconfidentiality obligations. 10.2 Information 11.2. Provisions of information and audit rights of the Customer audits are and shall be at Controller’s sole expense, and may only arise under Section 10.1 to the extent that the DPA Agreement does not otherwise give them Controller information and audit rights meeting the relevant requirements of the applicable Data Protection LawLaws. In any event, all audits or inspections shall be subject to the terms of the Agreement, and to Processor's obligations to third parties, including with respect to confidentiality. 10.3 Customer 11.3. Controller shall give Compa Processor reasonable advance prior written notice of any audit or inspection to be conducted under Section 10.1 and shall make use (and ensure that each of its mandated auditors makesuses) reasonable endeavors its best efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2. if Processor was not given a written notice of such audit or inspection at least 2 weeks in advance; 11.3.3. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit Controller has given notice to Compa Processor that this is the case before attendance outside those hours begins; 11.3.4. for premises outside the Processor's control (c) for the purposes such as data storage farms of Processor's cloud hosting providers); 11.3.5. if more than one (1) audit or inspection, in respect of Compaeach Processor, already took place in any the same calendar year, except for any additional audits or inspections which Customer which: 11.3.5.1. Controller reasonably considers necessary because of genuine concerns as to Processor’s compliance with this DPA; or 11.3.5.2. Controller is required to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer Controller has identified identified its concerns or the relevant requirement or request in its prior written notice to Compa Processor of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 11.1. Subject to this Section 10Sections 10.2 and 10.3, Compa Processor shall make available to the Customer on a reputable auditor mandated by Controller in coordination with Processor, upon prior written request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable such information necessary to reasonably demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an such reputable auditor mandated by the Customer Controller in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an Processor, provided that such third-party auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed shall be subject to by Compaconfidentiality obligations. 10.2 Information 11.2. Provisions of information and audit rights of the Customer audits are and shall be at Controller’s sole expense, and may only arise under Section 10.1 to the extent that the DPA Agreement does not otherwise give them Controller information and audit rights meeting the relevant requirements of the applicable Data Protection LawLaws. In any event, all audits or inspections shall be subject to the terms of the Agreement, and to Processor's obligations to third parties, including with respect to confidentiality. 10.3 Customer 11.3. Controller shall give Compa Processor reasonable advance prior written notice of any audit or inspection to be conducted under Section 10.1 and shall make use (and ensure that each of its mandated auditors makesuses) reasonable endeavors its best efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2. if Processor was not given a written notice of such audit or inspection at least 2 weeks in advance; 11.3.3. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit Controller has given notice to Compa Processor that this is the case before attendance outside those hours begins; 11.3.4. for premises outside the Processor's control (c) for the purposes such as data storage farms of Processor's cloud hosting providers); 11.3.5. if more than one (1) audit or inspection, in respect of Compaeach Processor, already took place in any the same calendar year, except for any additional audits or inspections which Customer which: 11.3.5.1. Controller reasonably considers necessary because of genuine concerns as to Processor’s compliance with this DPA; or 11.3.5.2. Controller is required to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer Controller has identified its concerns or the relevant requirement or request in its prior written notice to Compa Processor of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 6.1 Client acknowledges and accepts that, due to the nature of the Services provided, Service Provider requires an audit right to be able to verify and monitor the Client’s and Client End User’s compliance with its material obligations under the Agreement. 6.2 Upon receipt of Service Provider’s reasonable written request, Client shall provide Service Provider with any documentation or records which are reasonably required to enable Service Provider to verify and monitor Client’s compliance with its obligations under this Agreement. Such information and records maybe redacted to remove confidential commercial information not relevant to the request and shall not include any materials which are subject to legal professional privilege. 6.3 All information and records shall be provided without undue delay and where possible within 14 days of receipt of such request. The Service Provider shall also notify Client of the name of the person within its organisation who will act as the point of contact for provision of the information required. 6.4 Subject to this Section 10clauses 6.5 to 6.7, Compa shall make available to where, in the Customer on requestreasonable opinion of Service Provider, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information necessary such documentation is not sufficient to demonstrate compliance with this DPAor to meet Service Providers obligations to a regulatory body or to a Data Supplier, then Service Provider will be entitled, upon reasonable prior written notice and (ii) shall allow for and contribute upon reasonable grounds, to audits, including inspections, by the Customer conduct an on-site audit of Client’s premises or to appoint a third party auditor to conduct an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor on-site audit for the purposes of this Section 10.1 if investigating Client’s compliance with its obligations under the auditor is reasonably agreed to by CompaAgreement. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does 6.5 Audits shall not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are carried out on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit occasion per year of the Agreement unless Service Provider reasonably believes that Client is in material breach of the Agreement, or inspection, unless Service Provider is required to do so by any regulatory body with competent jurisdiction or one of Service Provider’s third party suppliers engaged in connection with the Service. Service Provider or its auditor may be accompanied by representatives of any such regulatory body or third party Data Supplier in respect of Compaany such audit imposed on Client. 6.6 All audits will be conducted in a manner that does not materially disrupt, in any calendar yeardelay or interfere with Client’s performance of its business and shall be carried out at the expense of Service Provider. Should the audit reveal a material breach of the Agreement by Client, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible Client shall reimburse Service Provider for the enforcement full cost of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer 6.7 Client shall reimburse Compa provide Service Provider (or any third party auditor as relevant) with reasonable, supervised access to its premises, employees, computers, IT systems and records as required for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement the purpose of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must 6.8 Client shall keep accurate records of all agreements entered into with Client End Users and all associated usage in respect of the Services by Client End Users. On an annual basis, upon Service Provider’s request, Client shall provide Compa Service Provider with any a statement of such information. 6.9 Where Service Provider is acting in good faith and reasonably, Client shall give Service Provider or its nominee the right to audit reports generated in connection with any audit at no charge unless prohibited by to its relevant and applicable law. The Customer may use audit reports only for records showing clearly all enquiries, quotations, transactions and proceedings relating to the purposes of meeting Services (including but not limited to its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports customers' usage), on reasonable prior written notice, provided such audits shall be confidentialreasonable in scope and duration, and shall be limited to no more than once per year, except where Service Provider can provide reasonable grounds for requiring additional audits. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Terms and Conditions

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.3, Compa Processor and each Processor Affiliate shall make available to the Customer each Controller Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information reasonably necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, at the sole cost of the Controller, including inspections, by the Customer any Controller Group Member or an auditor mandated by the Customer any Controller Group Member in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaProcessor and/or each Processor Affiliate. 10.2 Information 11.2 Except if section 11.3.2 applies and/or in case of an emergency (at which time Controller shall give reasonable notice considering the circumstances and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting urgency), Controller or the relevant requirements of Data Protection Law. 10.3 Customer Controller Affiliate undertaking an audit, at the Controller’s sole cost, shall give Compa reasonable advance Processor or the relevant Processor Affiliate no less than 30 business days prior notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it canwill not avoid, to minimize) cause any material damage, injury, or and/or disruption to Compathe Processor’s and/or each Processor Affiliate’s premises, equipment, personnel, personnel and business while its auditing personnel are on those premises in the course of such an audit or inspection. Compa A Processor and/or each Processor Affiliate need not give access to its premises for the purposes of such an audit or inspection: (a) 11.2.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.2.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Controller or the relevant Controller Affiliate undertaking an audit has given notice to Compa Processor and/or the relevant Processor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.2.3 for the purposes of more than one audit or inspection, in respect of Compathe Processor and/or any Processor Affiliate, in any calendar year12-month rolling basis, except for any additional audits or inspections which Customer which: 11.2.3.1 Controller or the relevant Controller Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Processor's and/or the relevant Processor Affiliate’s compliance with this Addendum; or 11.2.3.2 A Controller Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Controller or the Customer relevant Controller Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Processor and/or the relevant Processor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10Sections 11.2 to 11.4 below, Compa Liferay and each Liferay Affiliate shall make available to the each Customer Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the any Customer Group Member or an auditor mandated by the any Customer Group Member in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, Article 28(3)(h) of the GDPR). 10.3 11.3 Customer or the relevant Customer Affiliate undertaking an audit shall give Compa Liferay or the relevant Liferay Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (ai) to any individual unless he or she produces reasonable evidence of identity and authority; (bii) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer or the relevant Customer Affiilate undertaking an audit has given notice to Compa Liferay or the relevant Liferay Affiliate that this is the case before attendance outside those hours begins;; or (ciii) for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year12-month period, except for any additional audits or inspections which (a) Customer or the relevant Customer Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Liferay's or the relevant Liferay Affiliate’s compliance with this Addendum; or (b) A Customer Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, in both cases (a) and (b) where Customer or the relevant Customer Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Liferay or the relevant Liferay Affiliate of the audit or inspection; or. (d) to 11.4 If the requested audit scope is addressed in a third party who is performing the audit on behalf of the Customer, unless such SOC 2 Type I or similar certification or report performed by a qualified third party auditor executes a confidentiality agreement acceptable to Compa before within the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site auditprior twelve months and Liferay or Liferay Affiliate, if as applicable, at Compa’s then-current professional services rateconfirms that there are no known material changes in the controls audited, which shall be made available Customer or Customer Affiliates agrees to Customer upon request. Before commencement accept those findings in lieu of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration requesting an audit of the audit in addition controls covered by the report to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an auditextent it can reasonably do so under Applicable Law. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 Subject to this Section 10, Compa shall make available Upon reasonable notice to the Customer other Party and on requestreasonable grounds, no a Party shall be entitled to conduct an audit (which may require on-site presence, documentation, system and staff access) or to appoint a third party to conduct an on-site audit of the other Party’s compliance with the obligations of this Agreement. 10.2 Audits shall not be carried out more frequently than annually once a year during the Term unless the auditing Party reasonably believes that the other Party is in response material breach of this Agreement or unless the auditing Party is required to a request do so by a regulatory authority: (i) reasonable information necessary to demonstrate compliance body with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation competent jurisdiction with respect to the Processing Service. The auditing Party or its auditor may be accompanied by a representative of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Lawany such regulatory body or a third party data supplier. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to All audits will be conducted under Section 10.1 in a manner intended not to materially disrupt, delay or interfere with the audited Party’s performance of its business and shall make (and ensure that each be carried out at the auditing Party’s expense. Should the audit reveal a breach of its mandated auditors makes) reasonable endeavors to avoid causing (orthis Agreement by the audited Party, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises audited Party shall reimburse the auditing Party for the purposes full cost of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer The audited Party shall reimburse Compa for provide the auditing Party (or any time expended for any such on-site auditregulatory body) with reasonable andsupervised access to its premises, if applicableemployees, at Compa’s then-current professional services ratecomputers, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer IT systems and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only records as required for the purposes of meeting a successful audit, save that in respect of the Reseller the Reseller shall be entitled to redact information from records which contain data from other customers of the Reseller and limit access to IT systems to the extent reasonably required by its security standards . 10.5 Prior to an audit requirements under this clause 10, the Data Protection laws and/or confirming compliance with auditing Party shall be entitled (but not obligated) to submit a questionnaire to the requirements audited Party regarding the performance of the audited Party’s obligations under this DPAAgreement. The audit reports audited Party shall be confidential. 10.6 Nothing in this Section 10 shall require Compa respond to breach any confidentiality owed to any such a questionnaire within 14 days of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systemsreceipt. The submission of a questionnaire under this clause will not prejudice auditing Party’s audit rights under this clause.

Appears in 1 contract

Sources: Term of Use

Audit Rights. 10.1 11.1. Subject to this Section 10sections [11.2 to 11.4], Compa Company and each Company Affiliate shall make available to the Customer each User Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any User Group Member or an auditor mandated by the Customer any User Group Member in relation to the Processing of the Customer User Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2. Information and audit rights of the Customer User Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3. [A User Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. Company shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list.] 11.4. [User or the relevant User Affiliate undertaking an audit shall give Compa Company or the relevant Company Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer User or the relevant User Affiilate undertaking an audit has given notice to Compa Company or the relevant Company Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3. for the purposes of more than one [one] audit or inspection, in respect of Compaeach Contracted Processor, in any [calendar year], except for any additional audits or inspections which Customer which: 11.4.3.1. User or the relevant User Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Company's or the relevant Company Affiliate’s compliance with this Addendum; or 11.4.3.2. A User Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where User or the Customer relevant User Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Company or the relevant Company Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.]

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.3 to 11.4, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make only conduct said audits or inspections at mutually agreed upon times. Company and Company Affiliate shall ensure (and ensure that each of its mandated auditors makesalso ensures) reasonable endeavors to avoid causing (or, if that it candoes not avoid, to minimize) cause any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa Company understands and agrees that Vendor or the relevant Vendor Affiliate operate a multi-tenant environment, and that Vendor or Vendor Affiliates shall not be required to conduct, or permit Company or its auditors to conduct, any activities that could impair the security or confidentiality of the information of any of Vendor’s other customers. A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiliate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of because of the disclosure of a Company Personal Data Breach, or 11.3.3.2 A Company Group Member is required to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 Subject The Customer may conduct an audit to verify Dragos’s compliance with its obligations under this Section 10, Compa shall make available to DPA if the Customer on requestin its reasonable discretion believes that the right under section 6(b) of this DPA is not sufficient in an individual case, no more frequently than annually unless in response to a request competent data protection authority requests it, or the circumstances of a Security Breach require an earlier audit. Such audit may be conducted either by ▇▇▇▇▇▇ or by a regulatory authoritythird party auditor selected by ▇▇▇▇▇▇, at ▇▇▇▇▇▇’▇ option. Dragos shall reasonably cooperate and provide such documentation and access as reasonably required to conduct the audit. For the avoidance of doubt, ▇▇▇▇▇▇ shall in no event be obliged to provide any information related to other customers. ▇▇▇▇▇▇ may claim remuneration for its efforts when enabling Customer audits, on a time and material basis and general rates in line with the market standard within this area. 10.2 Reasonable advance written notice of at least thirty (30) days is required for any such audit with Dragos, unless: (i) data protection law or a competent data protection authority require an earlier audit, in which case Dragos will be given as much advance notice as possible; or (ii) the circumstances of a Security Breach require an earlier audit, in which case Dragos will be given reasonable information necessary advance notice. 10.3 If an audit determines that Dragos has breached its obligations under this DPA, ▇▇▇▇▇▇ will promptly remedy the breach at its own cost. 10.4 The audits referred to demonstrate in Clause 8.9(c)-(e) and Clause 13(b) of the EU Standard Contractual Clauses is bound by the terms for an audit as described in this section 10 of the DPA. 10.5 Upon reasonable request, ▇▇▇▇▇▇ will certify to the Customer that it is in compliance with this DPADPA by providing adequate evidence in the form of (i) the results of a self-audit, and (ii) shall allow for and contribute to auditsinternal company rules of conduct including external evidence of compliance, including inspections(iii) certificates on data protection and/or information security (e. g. ISO 27001), by the Customer or an auditor mandated by the Customer in relation to the Processing (iv) approved codes of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injuryconduct, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (av) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialother appropriate certificates. 10.6 Nothing Evidence of the implementation of measures which are not specific to this DPA may be given in this Section 10 shall require Compa to breach any confidentiality owed to any the form of its clientsup-to-date attestations, employeesreports or extracts thereof from independent bodies (e.g. external auditors, internal audit, the data protection officer, the IT security department or Subprocessors, quality auditors) or to grant access to any multi-tenant systemssuitable certification by way of an IT security or data protection audit.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.3, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate All expenses and costs of the Vendor and each Vendor Affiliate related to such an auditor for audit are compensated by the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaCompany. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one 1 audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.,

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 Subject to this Section 10, Compa 11.1 Vendor shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group‌ Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section section 10.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 Subject a. Upon Customer’s fourteen (14) days prior written request at reasonable intervals (no more than once every twelve (12) months), and subject to this Section 10strict confidentiality undertakings by Customer, Compa Pathfix shall make available to the Customer on requestthat is not a competitor of Pathfix (or Customer’s independent, no more frequently than annually unless reputable, third-party auditor that is not a competitor of Pathfix and not in response conflict with Pathfix, subject to a request by a regulatory authority: (itheir confidentiality and non-compete undertakings) reasonable all information necessary to demonstrate compliance with this DPA, Addendum and (ii) shall allow for and contribute to audits, including inspections, conducted by them (provided, however, that such information, audits, inspections and the Customer or an auditor mandated by results therefrom, including the Customer in relation to documents reflecting the Processing outcome of the audit and/or the inspections, shall only be used by Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor to assess compliance with this Addendum, and shall not be used for the purposes of this Section 10.1 if the auditor is reasonably agreed any other purpose or disclosed to by Compaany third party without Pathfix’s prior written approval. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice b. The scope of any audit shall not require us to disclose to you or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injuryyour authorized representatives, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit allow you or inspection. Compa need not give access your authorized representatives to its premises for the purposes of such an audit or inspectionaccess: (a) to i. any individual unless he data or she produces reasonable evidence information of identity and authorityany other Pathfix customer; (b) outside normal business hours at those premises, unless the audit ii. any Pathfix internal accounting or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours beginsfinancial information; (c) for the purposes of more than one audit or inspectioniii. any Pathfix trade secret; iv. any information that, in respect our reasonable opinion could: 1) compromise the security of Compa, in any calendar year, except for any additional audits our systems or inspections which Customer is required premises; or 2) cause us to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of breach our obligations under Data Protection Laws in or our security, confidentiality and or privacy obligations to any country other Pathfix customer or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspectionany third party; or (d) v. any information that you or your authorized representatives seek to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa access for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement reason other than the good faith fulfillment of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements your obligations under the Data Protection laws and/or confirming Laws and our compliance with the requirements terms of this DPAAddendum. c. In addition, audits shall be limited to once per year, unless (i) we have experienced a Personal Data Breach within the prior twelve (12) months which has impacted your Customer Personal Data; or (ii) an audit reveals a material noncompliance. If we decline or are unable to follow your instructions regarding audits permitted under this Section (or the Standard Contractual Clauses, where applicable), you are entitled to terminate this Addendum and the Principal Agreement for convenience. d. Upon Pathfix's first request, Customer shall return all records or documentation in Customer's possession or control provided by Pathfix in the context of the audit and/or the inspection). The audit reports Customer shall be confidentialfully responsible for bearing all the costs and expenses arising from or related to this Section. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 Subject to 25.1 The Customer may, on no more than one occasion in any Year, audit Redcentric’s performance of this Section 10, Compa shall make available MSA as it relates to the Customer on request, following Service Types (but shall have no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer such right in relation to the Processing of the Customer Personal any other Services): Data by the Contracted ProcessorsServices, Hosting Services and IaaS/SaaS Services (“Audit Services”). A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed The following provisions will apply to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspectionaudits: (a) to any individual unless he or she produces reasonable evidence the Customer will give not less than 25 Business Days’ notice of identity and authorityeach audit; (b) outside normal business hours at those premises, unless the audit or inspection needs to audits will be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is during the case before attendance outside those hours beginsBusiness Day; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified may conduct audits itself or appoint third parties to do so on its concerns or behalf (subject as a condition precedent to the relevant requirement or request Customer accepting the actions and omissions of any third party as its own and placing the third party under equivalent confidentiality provisions to those contained in its notice this MSA which also grant Redcentric third party rights to Compa of enforce those provisions direct against the audit or inspection; orthird parties); (d) Redcentric will give the Customer and its representatives such access during the Business Day, to a third party who Redcentric’s people, premises, records and processes as is performing required to: • establish that Redcentric’s obligations to provide the audit on behalf Audit Services have been, and are then being, fulfilled in accordance with the MSA; and/or • allow the Customer to comply with all Laws in relation to the Audit Services; and (e) Redcentric will provide the Customer and its representatives with such copies of the Customer, unless such third party auditor executes a confidentiality agreement acceptable ’s documents and records related to Compa before the auditAudit Services as they may request from time to time. 10.4 25.2 If any regulator with authority over the Customer from time to time wishes to interview Redcentric and/or its staff or audit Redcentric’s facilities in relation to the Audit Services, Redcentric will attend (or ensure that the relevant people attend) that interview and permit the required audit and cooperate with the relevant regulator. 25.3 All rights set out in this clause 25 are subject to the terms of the General Terms, including clauses 3.6 and 9. 25.4 Redcentric shall reimburse Compa be entitled to charge the Customer for all time that it spends and all copies it makes in connection with the Customer’s exercise of its rights under this clause 25 at the Professional Services Rates. 25.5 If the Customer buys Services which comprise more than one of Data Services, Hosting Services and IaaS/SaaS Services it will still only be allowed one audit per year in total, but that audit may cover all such Audit Services. 25.6 Redcentric may from time to time agree to permit audits over and above those set out in clause 25. Redcentric shall be entitled to charge the Customer at the Professional Services Rates for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated spent in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialsuch audits. 10.6 Nothing in this Section 10 25.7 Redcentric’s then current rules for audits shall require Compa apply to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systemsall audits.

Appears in 1 contract

Sources: Master Services Agreement

Audit Rights. 10.1 Subject to this Section 10, Compa 11.1. Bottomline shall make available to the Customer on requestrequest the most recent copies of any relevant third-party certifications and audits obtained or procured by Bottomline, no more frequently than annually unless together with any other relevant information as Bottomline considers necessary in response to a request by a regulatory authority: (i) reasonable information necessary the circumstances, in each case to demonstrate its ongoing compliance with applicable provisions of this Data Processing Addendum (including Section 5). 11.2. Subject to Sections 11.3 and 11.4, in the event that Customer (acting reasonably) considers that the information made available by Bottomline pursuant to Section 11.1 is not sufficient in the circumstances to demonstrate Bottomline’s compliance with this DPAData Processing Addendum, and (ii) Bottomline shall allow for and contribute to audits, including on-premise inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaBottomline. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 11.3. Customer shall give Compa Bottomline reasonable advance notice of any audit or inspection to be conducted under Section 10.1 11.2 (which shall in no event be less than thirty (30) days’ notice unless required by a Supervisory Authority pursuant to Section 11.4(f)(ii)) and shall make use its best efforts (and ensure that each of its mandated auditors makesuses its best efforts) reasonable endeavors to avoid causing (orcausing, if it cannot avoidand hereby indemnifies Bottomline in respect of, to minimize) any damage, injury, injury or disruption to CompaBottomline’s premises, equipment, personnelPersonnel, data, and business (including any interference with the confidentiality or security of the data of Bottomline’s other customers or the availability of Bottomline’s services to such other customers) while its personnel Personnel and/or its auditor’s Personnel (if applicable) are on those premises in the course of such an audit or any on-premise inspection. 11.4. Compa Bottomline need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of their identity and authority; (b) to any auditor whom Bottomline has not given its prior written approval (not to be unreasonably withheld); (c) unless the auditor enters into a non-disclosure agreement with Bottomline on terms acceptable to Bottomline (acting reasonably); (d) where, and to the extent that, Bottomline considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of Bottomline’s other customers or the availability of Bottomline’s services to such other customers; (e) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;; or (cf) for the purposes of on more than one audit or inspection, in respect of Compa, occasion in any calendar yearyear during the term of the Agreement, except for any additional audits or inspections which which: (i) Customer reasonably considers necessary because of a Personal Data Breach; or (ii) Customer is required to carry out by Data Protection Law or a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territoryAuthority, where the Customer has identified its concerns the Personal Data Breach or the relevant requirement or request in its notice to Compa Bottomline of the audit or inspection; or. 11.5. Save in respect of any audit or inspection conducted as a result of, and notified to Bottomline within the sixty (d60) to a days immediately following, the parties’ joint determination of Bottomline’s material breach of this Data Processing Addendum, Customer shall bear any third party who is performing the costs in connection with such inspection or audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall and reimburse Compa Bottomline for any all costs incurred by Bottomline and time expended for any such on-site audit, if applicable, spent by Bottomline (at CompaBottomline’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated rates) in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialsuch inspection or audit. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 9.1 Subject to this Section 10sections 9.2 and 9.3, Compa 5thPort shall make available to the Customer on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by 5thPort and any Subprocessor(s), subject to the Contracted Processors. A following conditions: 9.1.1 Customer and any mandated auditor(s) shall conduct no more than one audit or inspection of 5thPort or any Subprocessor in any calendar year except that Customer may conduct additional audits or inspections when: 9.1.1.1 Customer reasonably considers necessary because of genuine concerns as to 5thPort’s compliance with this Addendum; or 9.1.1.2 Customer is required or requested to carry out by Data Protection Law, a Supervisory Authority, or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory; and 9.1.2 the cost of any audits conducted by Customer and/or its mandated auditor(s) shall be borne solely by Customer. 9.2 Customer may only mandate an auditor for the purposes of this Section 10.1 section 9.1 if the auditor is reasonably agreed identified in the list set out in Exhibit 1 to this Addendum, as that list is amended by Compaagreement between the parties in writing from time to time. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 9.3 Customer shall give Compa 5thPort reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 9.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa5thPort’s and/or any Subprocessor’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa 5thPort and any Subprocessor(s) need not give access to its premises for the purposes of such an audit or inspection: (a) 9.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 9.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa 5thPort that this is the case before attendance outside those hours begins;; or (c) 9.3.3 for the purposes of more than one audit or inspection, in respect inspection of Compa, 5thPort or any Subprocessor in any calendar year, except for any additional audits or inspections which which: 9.3.3.1 Customer reasonably considers necessary because of genuine concerns as to 5thPort’s compliance with this Addendum; or 9.3.3.2 Customer is required or requested to carry out by Data Protection Law, a Supervisory Authority Authority, or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa 5thPort of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Service Agreement

Audit Rights. 10.1 Subject to this Section 10, Compa 11.1 Vendor shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section section 10.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.3, Compa Processor and each Processor Affiliate shall make available to the Customer each Controller Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Controller Group Member or an auditor mandated by the Customer any Controller Group Member in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Controller Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Controller or the relevant Controller Affiliate undertaking an audit shall give Compa Processor or the relevant Processor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Controller or the relevant Controller Affiliate undertaking an audit has given notice to Compa Processor or the relevant Processor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Controller or the relevant Controller Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Processor's or the relevant Processor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Controller Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Controller or the Customer relevant Controller Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Processor or the relevant Processor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 10.1. Subject to this Section 10Sections 10.2 and 10.3, Compa Processor shall make available to the Customer on a reputable auditor mandated by Controller in coordination with Processor, upon prior written request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable such information necessary to reasonably demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an such reputable auditor mandated by the Customer Controller in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an Processor, provided that such third-party auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed shall be subject to by Compaconfidentiality obligations. 10.2 Information 10.2. Provisions of information and audit rights of the Customer audits are and shall be at Controller’s sole expense and may only arise under Section 10.1 to the extent that the DPA Partner Agreement does not otherwise give them Controller information and audit rights meeting the relevant requirements of the applicable Data Protection LawLaws. In any event, all audits or inspections shall be subject to the terms of the Partner Agreement, and to Processor's obligations to third parties, including with respect to confidentiality. 10.3 Customer 10.3. Controller shall give Compa Processor reasonable advance prior written notice of any audit or inspection to be conducted under Section 10.1 and shall make use (and ensure that each of its mandated auditors makesuses) reasonable endeavors its best efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 10.3.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 10.3.2. if Processor was not given a written notice of such audit or inspection at least 2 weeks in advance; 10.3.3. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit Controller has given notice to Compa Processor that this is the case before attendance outside those hours begins; 10.3.4. for premises outside the Processor's control (c) for the purposes such as data storage farms of Processor's cloud hosting providers); 10.3.5. if more than one (1) audit or inspection, in respect of Compaeach Processor, already took place in any the same calendar year, except for any additional audits or inspections which Customer which: 10.3.5.1. Controller reasonably considers necessary because of genuine concerns as to Processor’s compliance with this DPA; or 10.3.5.2. Controller is required to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer Controller has identified its concerns or the relevant requirement or request in its prior written notice to Compa Processor of the audit or inspection; or. (d) to 10.4. If a third party who is performing the Supervisory Authority requires an audit on behalf of the Customerdata processing facilities from which the Processor processes Personal Data in order to ascertain or monitor compliance with Data Protection Laws, the Processor will cooperate with such audit. The Controller will reimburse the Processor for its reasonable expenses incurred to cooperate with the audit, unless such third party auditor executes a confidentiality agreement acceptable to Compa before audit reveals the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at CompaProcessor’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa noncompliance with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 Subject to this Section 10, Compa 10.1. Crunchy Data shall make available to the Customer on request, no more frequently than annually unless request such information as Crunchy Data (acting reasonably) considers appropriate in response to a request by a regulatory authority: (i) reasonable information necessary the circumstances to demonstrate its compliance with this DPAData Processing Addendum. 10.2. Subject to Paragraphs 10.3 and 10.4, and in the event that Customer (iiacting reasonably) is able to provide documentary evidence that the information made available by Crunchy Data pursuant to Paragraph 10.1 is not sufficient in the circumstances to demonstrate Crunchy Data’s compliance with this Data Processing Addendum, Crunchy Data shall allow for and contribute to audits, including on-premise inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaCrunchy Data. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 10.3. Customer shall give Compa Crunchy Data reasonable advance notice of any audit or inspection to be conducted under Section Paragraph 10.1 (which shall in no event be less than fourteen (14) days’ notice unless required by a Supervisory Authority pursuant to Paragraph 10.4(f)) and shall make use its best efforts (and ensure that each of its mandated auditors makesuses its best efforts) reasonable endeavors to avoid causing (orcausing, if it cannot avoid, to minimize) any damage, injury, injury or disruption to CompaCrunchy Data’s premises, equipment, personnelPersonnel, data, and business (including any interference with the confidentiality or security of the data of Crunchy Data’s other customers or the availability of Crunchy Data’s services to such other customers) while its personnel Personnel and/or its auditor’s Personnel (if applicable) are on those premises in the course of such an audit or any on-premise inspection. 10.4. Compa Crunchy Data need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of their identity and authority; (b) to any auditor whom Crunchy Data has not given its prior written approval (not to be unreasonably withheld); (c) unless the auditor enters into a non-disclosure agreement with Crunchy Data on terms acceptable to Crunchy Data; (d) where, and to the extent that, Crunchy Data considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of Crunchy Data’s other customers or the availability of Crunchy Data’s services to such other customers; (e) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;; or (cf) for the purposes of on more than one audit or inspection, in respect of Compa, occasion in any calendar yearyear during the term of the Agreement, except for any additional audits or inspections which Customer is required to carry out under the GDPR or by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territoryAuthority, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa Crunchy Data of the audit or inspection; or. (d) 10.5. The Parties shall discuss and agree the costs of any inspection or audit to a third party who is performing the audit be carried out by or on behalf of the CustomerCustomer pursuant to this Paragraph 10.4 in advance of such inspection or audit and, unless such otherwise agreed in writing between the Parties, Customer shall bear any third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall costs in connection with such inspection or audit and reimburse Compa Crunchy Data for any all costs incurred by Crunchy Data and time expended for any such on-site audit, if applicable, spent by Crunchy Data (at CompaCrunchy Data’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated rates) in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialsuch inspection or audit. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 Subject to this Section 10, Compa 10.1. Receipt Bank shall make available to the Customer on request, no more frequently than annually unless request such information as Receipt Bank (acting reasonably) considers appropriate in response to a request by a regulatory authority: (i) reasonable information necessary the circumstances to demonstrate its compliance with this DPAData Processing Addendum. 10.2. Subject to Paragraphs 10.3 and 10.4, and in the event that Customer (iiacting reasonably) is able to provide documentary evidence that the information made available by Receipt Bank pursuant to Paragraph 10.1 is not sufficient in the circumstances to demonstrate Receipt Bank’s compliance with this Data Processing Addendum, Receipt Bank shall allow for and contribute to audits, including onpremise inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaReceipt Bank. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 10.3. Customer shall give Compa Receipt Bank reasonable advance notice of any audit or inspection to be conducted under Section Paragraph 10.1 (which shall in no event be less than one (1) month’s notice unless required by a Supervisory Authority pursuant to Paragraph 10.4(f)) and shall make use its best efforts (and ensure that each of its mandated auditors makesuses its best efforts) reasonable endeavors to avoid causing (orcausing, if it cannot avoidand hereby indemnifies Receipt Bank in respect of, to minimize) any damage, injury, injury or disruption to CompaReceipt Bank’s premises, equipment, personnelPersonnel, data, and business (including any interference with the confidentiality or security of the data of Receipt Bank’s other customers or the availability of Receipt Bank’s services to such other customers) while its personnel Personnel and/or its auditor’s Personnel (if applicable) are on those premises in the course of such an audit or any onpremise inspection. 10.4. Compa Receipt Bank need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of their identity and authority; (b) to any auditor whom Receipt Bank has not given its prior written approval (not to be unreasonably withheld); (c) unless the auditor enters into a non-disclosure agreement with Receipt Bank on terms acceptable to Receipt Bank; (d) where, and to the extent that, Receipt Bank considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of Receipt Bank’s other customers or the availability of Receipt Bank’s services to such other customers; (e) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;; or (cf) for the purposes of on more than one audit or inspection, in respect of Compa, occasion in any calendar yearyear during the term of the Agreement, except for any additional audits or inspections which Customer is strictly and specifically required to carry out by Data Protection Law or a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territoryAuthority, where the provided that Customer has identified its concerns or the relevant requirement or request in its notice to Compa Receipt Bank of the audit or inspection; or. (d) to a 10.5. Customer shall bear any third party who is performing the costs in connection with such inspection or audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall and reimburse Compa Receipt Bank for any all costs incurred by Receipt Bank and time expended for any such on-site audit, if applicable, spent by Receipt Bank (at CompaReceipt Bank’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated rates) in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialsuch inspection or audit. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 Subject 8.1 System will allow an independent auditor appointed by Customer to conduct audits (including inspections) to verify System’s compliance with its obligations under this Section 10Addendum in accordance with clause 8. Provided, Compa shall make available however, System may object in writing to an auditor appointed by Customer to conduct any audit if the auditor is, in System’s reasonable opinion, not suitably qualified or independent, a competitor of System, or otherwise manifestly unsuitable. Any such objection by System will require Customer to appoint another auditor. 8.2 If the controls or measures to be assessed in the requested audit are addressed in an SOC 2 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Customer’s audit request and System has certified in writing that there are no known material changes in the controls to be audited, Customer agrees to accept such report in lieu of requesting an audit of such controls or measures. 8.3 Prior to the commencement of any audit or inspection, System and Customer on request, no more frequently than annually unless will discuss and agree in response to a request by a regulatory authorityadvance on: (i) reasonable information necessary the security and confidentiality controls applicable to demonstrate compliance with this DPA, any inspection or audit; and (ii) shall allow for the reasonable start date, scope and contribute duration of and security and confidentiality controls applicable to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compaany audit. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 8.4 Customer shall give Compa System reasonable advance notice of any audit or inspection to be conducted under Section 10.1 clause 8.1 (which shall in no event be less than thirty (30) days’ notice unless required by a Supervisory Authority pursuant to clause 8.4(f)(ii)) and shall make use its best efforts (and ensure that each of its mandated auditors makesuses its best efforts) reasonable endeavors to avoid causing (orcausing, if it cannot avoidand hereby indemnifies System in respect of, to minimize) any damage, injury, injury or disruption to CompaSystem’s premises, equipment, personnel, data, and business (including any interference with the confidentiality or security of the data of System’s other customers or the availability of the Service to such other customers) while its personnel are on those premises in the course of such an audit or inspection. Compa Provided, however, that System need not give access to its premises premises, equipment, personnel, data, business, Security Documentation or systems for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) to any auditor whom System has not given its prior written approval; (c) unless the auditor enters into a non-disclosure agreement with System on terms acceptable to System; (d) where, and to the extent that, System considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of System’s other customers or the availability of the Service to such other customers; (e) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (df) to a third party who is performing on more than one (1) occasion in each period of twelve (12) months during the audit on behalf term of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before Agreement (or where the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration term of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.Agreement is less than twelve

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 11.1 Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa.Processors.‌ 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.Law (including, where applicable, article 28(3)(h) of the GDPR).‌ 10.3 Customer 11.3 A Company Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. Vendor shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list.‌ 11.4 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.4.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.4.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.]

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 Subject MemCachier will allow an independent auditor appointed by Customer to conduct audits (including inspections) to verify MemCachier’s compliance with its obligations under this Section Addendum in accordance with clause 10. Provided, Compa shall make available however, MemCachier may object in writing to an auditor appointed by Customer to conduct any audit if the auditor is, in MemCachier’s reasonable opinion, not suitably qualified or independent, a competitor of MemCachier, or otherwise manifestly unsuitable. Any such objection by MemCachier will require Customer to appoint another auditor. 10.2 Prior to the commencement of any audit or inspection, MemCachier and Customer on request, no more frequently than annually unless will discuss and agree in response to a request by a regulatory authorityadvance on: (i) reasonable information necessary the security and confidentiality controls applicable to demonstrate compliance with this DPA, any inspection or audit; and (ii) shall allow for the reasonable start date, scope and contribute duration of and security and confidentiality controls applicable to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Lawany audit. 10.3 Customer shall give Compa MemCachier reasonable advance notice of any audit or inspection to be conducted under Section clause 10.1 (which shall in no event be less than thirty (30) days’ notice unless required by a Supervisory Authority pursuant to clause 10.3(f)(ii)) and shall make use its best efforts (and ensure that each of its mandated auditors makesuses its best efforts) reasonable endeavors to avoid causing (orcausing, if it cannot avoidand hereby indemnifies MemCachier in respect of, to minimize) any damage, injury, injury or disruption to CompaMemCachier’s premises, equipment, personnel, data, and business (including any interference with the confidentiality or security of the data of MemCachier’s other customers or the availability of the MemCachier Services to such other customers) while its personnel are on those premises in the course of such an audit or inspection. Compa Provided, however, that MemCachier need not give access to its premises premises, equipment, personnel, data, business, Security Documentation or systems for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) to any auditor whom MemCachier has not given its prior written approval; (c) unless the auditor enters into a non-disclosure agreement with MemCachier on terms acceptable to MemCachier; (d) where, and to the extent that, MemCachier considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of MemCachier’s other customers or the availability of the MemCachier Services to such other customers; (e) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;; or (cf) for the purposes of on more than one audit (1) occasion in each period of twelve (12) months during the term of the Services Agreement (or inspectionwhere the term of the Services Agreement is less than (12) months, in respect of Compa, in any calendar yearon more than one (1) occasion during such shorter term), except for any additional audits or inspections which which: (i) Customer reasonably considers necessary because of a Personal Data Breach; or (ii) Customer is required to carry out by Data Protection Law or a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territoryAuthority, where the Customer has identified its concerns the Personal Data Breach or the legal relevant requirement or request in its notice to Compa MemCachier of the audit or inspection; or. (d) 10.4 The Parties shall discuss and agree the costs of any inspection or audit to a third party who is performing the audit be carried out by or on behalf of the CustomerCustomer pursuant to this clause 10 in advance of such inspection or audit and, unless such otherwise agreed in writing between the Parties, Customer shall bear any third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall costs in connection with such inspection or audit and reimburse Compa MemCachier for any all costs incurred by MemCachier and time expended for any such on-site audit, if applicable, spent by MemCachier (at CompaMemCachier’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of rates) in connection with any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an inspection or audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section clause 10 shall require Compa to breach varies or modifies any confidentiality owed to rights or obligations of Customer or MemCachier under any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systemsStandard Contract Clauses entered into by the parties.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10Sections 11.2 to 11.4, Compa Liferay and each Liferay Affiliate shall make available to the a Customer on Group Member, upon written request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, including Contracted Processorʼs records of Processing of Customer Personal Data conducted on behalf of the Customer, and (ii) shall allow for and contribute to audits, including inspections, by the any Customer Group Member or an auditor mandated by the any Customer Group Member in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, Article 28(3)(h) of the GDPR). 10.3 11.3 Customer or the relevant Customer Affiliate undertaking an audit shall give Compa Liferay and the relevant Liferay Affiliate(s) reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (ai) to any individual unless he or she produces reasonable evidence of identity and authority; (bii) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer or the relevant Customer Affiliate undertaking an audit has given notice to Compa Liferay or the relevant Liferay Affiliate that this is the case before attendance outside those hours begins;; or (ciii) for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year12-month period, except for any additional audits or inspections which (a) Customer or the relevant Customer Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Liferay's or the relevant Liferay Affiliateʼs compliance with this Addendum; or (b) A Customer Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, in both cases (a) and (b) where Customer or the relevant Customer Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Liferay or the relevant Liferay Affiliate of the audit or inspection; or. (d) to 11.4 If the requested audit scope is addressed in a third party who is performing the audit on behalf of the Customer, unless such SOC 2 Type I or similar certification or report performed by a qualified third party auditor executes a confidentiality agreement acceptable to Compa before within the audit. 10.4 Customer shall reimburse Compa for any time expended for any prior twelve months of such on-site auditcertification and Liferay or Liferay Affiliate, if as applicable, at Compa’s then-current professional services rateconfirms that there are no known material changes in the controls audited, which shall be made available Customer or Customer Affiliates agrees to Customer upon request. Before commencement accept those findings in lieu of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration requesting an audit of the audit in addition controls covered by the report to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an auditextent it can reasonably do so under Applicable Law. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 11.1. Subject to this Section 10sections 11.2 to 11.4, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2. Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Service Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3. Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiliate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3. for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1. Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2. A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 10.1. Subject to this Section 10Sections 10.2 and 10.3, Compa Processor shall make available to the Customer on a reputable auditor mandated by Controller in coordination with Processor, upon prior written request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable such information necessary to reasonably demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an such reputable auditor mandated by the Customer Controller in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an Processor, provided that such third-party auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed shall be subject to by Compaconfidentiality obligations. 10.2 Information 10.2. Provisions of information and audit rights of the Customer audits are and shall be at Controller’s sole expense, and may only arise under Section 10.1 to the extent that the DPA Agreement does not otherwise give them Controller information and audit rights meeting the relevant requirements of the applicable Data Protection LawLaws. In any event, all audits or inspections shall be subject to the terms of the Agreement, and to Processor's obligations to third parties, including with respect to confidentiality. 10.3 Customer 10.3. Controller shall give Compa Processor reasonable advance prior written notice of any audit or inspection to be conducted under Section 10.1 and shall make use (and ensure that each of its mandated auditors makesuses) reasonable endeavors its best efforts to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa Controller and Processor shall mutually agree upon the scope, timing and duration of the audit or inspection in addition to the reimbursement rate for which Controller shall be responsible. Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 10.3.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 10.3.2. if Processor was not given a written notice of such audit or inspection at least 2 weeks in advance; 10.3.3. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit Controller has given notice to Compa Processor that this is the case before attendance outside those hours begins;; or 10.3.4. for premises outside the Processor's control (c) such as data storage farms of AWS) 10.3.5. for the purposes of more than one (1) audit or inspection, in respect of Compaeach Processor, in any calendar year, except for any additional audits or inspections which Customer which: 10.3.5.1. Controller reasonably considers necessary because of genuine concerns as to Processor’s compliance with this DPA; or 10.3.5.2. Controller is required to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer Controller has identified its concerns or the relevant requirement or request in its prior written notice to Compa Processor of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 Subject to this Section 10, Compa 10.1. AngelList shall make available to the Customer on request, no more frequently than annually unless request such information as AngelList (acting reasonably) considers appropriate in response to a request by a regulatory authority: (i) reasonable information necessary the circumstances to demonstrate its compliance with this DPA. 10.2. Subject to Paragraphs 10.3 and 10.4, in the event that Customer (acting reasonably) is able to provide documentary evidence that the information made available by AngelList pursuant to Paragraph 10.1 is not sufficient in the circumstances to demonstrate AngelList’s compliance with this DPA, and (ii) AngelList shall allow for and contribute to audits, including on-premise inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaAngelList. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 10.3. Customer shall give Compa AngelList reasonable advance notice of any audit or inspection to be conducted under Section Paragraph 10.1 (which shall in no event be less than fifteen business days’ notice unless required by a Supervisory Authority pursuant to Paragraph 10.4(f)) and shall make use its best efforts (and ensure that each of its mandated auditors makesuses its best efforts) reasonable endeavors to avoid causing (orcausing, if it cannot avoidand hereby indemnifies AngelList in respect of, to minimize) any damage, injury, injury or disruption to CompaAngelList’s premises, equipment, personnelPersonnel, data, and business (including any interference with the confidentiality or security of the data of AngelList’s other customers or the availability of AngelList’s services to such other customers) while its personnel Personnel and/or its auditor’s Personnel (if applicable) are on those premises in the course of such an audit or any on-premise inspection. 10.4. Compa AngelList need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of their identity and authority; (b) to any auditor whom AngelList has not given its prior written approval (not to be unreasonably withheld); (c) unless the auditor enters into a non-disclosure agreement with AngelList on terms acceptable to AngelList; (d) where, and to the extent that, ▇▇▇▇▇▇▇▇▇ considers, acting reasonably, that to do so would result in interference with the confidentiality or security of the data of AngelList’s other customers or the availability of AngelList’s services to such other customers; (e) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;; or (cf) for the purposes of on more than one audit or inspection, in respect of Compa, occasion in any calendar yearyear during the term of the Agreement, except for any additional audits or inspections which Customer is required to carry out by Data Protection Law or a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territoryAuthority, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa AngelList of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer 10.5. The parties shall reimburse Compa for any time expended for any such on-site auditdiscuss and agree upon the costs, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of any inspection or audit to be carried out by or on behalf of Customer pursuant to Paragraph 10.2 in advance of such inspection or audit and, unless otherwise agreed in writing between the audit in addition to the reimbursement rate for which parties, Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended bear any third party costs in connection with such inspection or audit and reimburse AngelList for all costs incurred by Compa. Customer shall promptly notify Compa with information regarding any nonAngelList and time spent by AngelList (at AngelList’s then-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated current professional services rates) in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidentialsuch inspection or audit. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 Subject to this Section 10(a) Upon Account Holder’s request no more often than once a year, Compa shall make Workato will, taking into account the nature of the Processing and the information available to the Customer on requestWorkato, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable make available information necessary to demonstrate its compliance with this DPA, including its SOC 2 Type 2 audit or similar audit report(s); and (ii) shall allow provide Account Holder with reasonable cooperation and assistance where necessary for and contribute Account Holder to auditscomply with its obligations under the applicable Data Protection Laws, including inspectionssuch as to conduct a data protection impact assessment, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent cooperation and/or prior consultation with any Supervisory Authority, provided that the DPA Account Holder does not otherwise give them information and audit rights meeting have access to the relevant requirements of Data Protection Lawinformation. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal If required by Data Protection Laws and the required information is not contained in Workato’s audit report, Account Holder may conduct an audit (no more often than once a year) at its own expense. To request an audit, Account Holder must submit a proposed audit plan at least thirty (30) days in advance of the proposed audit date. Workato will cooperate with Account Holder to agree on a final audit plan, which includes the scope, duration, and start date of the audit. The audit must be conducted during Workato’s regular business hours at those premisesand subject to applicable Workato policies, unless for example, the audit may not unreasonably interfere with Workato’s business operations or inspection needs other users’ use of the Services, and may not be granted access to any data and information of other users. If a third-party is to conduct the audit, the third-party must be conducted on an emergency basis mutually agreed to by Account ▇▇▇▇▇▇ and Customer undertaking an Workato and such third-party must execute a confidentiality agreement with Workato before the audit has given notice to Compa that this is the case before attendance outside those hours begins;conducted. (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer Account Holder may use the audit reports only for the purposes of meeting its audit regulatory requirements under the Data Protection laws and/or or confirming compliance with the requirements of this DPA. The audit report(s) and any information obtained by Account Holder under this section are Workato’s Confidential Information, and the audit reports generated in connection with audit under this section will be provided to Workato unless prohibited by law. If the parties have entered into Standard Contractual Clauses, the parties agree that the audits described in Clause 8.9 of the EU SCCs (or similar provisions under other applicable Standard Contractual Clauses) shall be confidentialconducted in accordance with this section. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 9.1 Subject to this Section 10sections 9.2 to 9.3, Compa we shall make available to the Customer you on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall shall‌ allow for and contribute to audits, including inspections, by the Customer or an auditor mandated appointed by the Customer you in relation to the Processing of the Customer your Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer 9.2 You shall give Compa us reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and section 9.1. We may object in writing to an auditor appointed by you to conduct any audit under section 9.1 if the auditor is, in our reasonable opinion, not suitably qualified or independent, a competitor of ours, or otherwise manifestly unsuitable. Any such objection by us will require you to appoint another auditor.‌ 9.3 You shall make (and ensure that each of its mandated auditors appointed auditor makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection:inspection:‌ (a) 9.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 9.3.2 outside normal business hours at those premises, unless the audit or inspection needs is required to be conducted carried out on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins;by a Supervisory Authority; or (c) 9.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer is you are required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 Subject to this Section 10sections 10.2 and 10.3, Compa We shall make available to the Customer You on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable such information necessary as is reasonably required to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to cooperate with such audits, including inspections, by the Customer You or an auditor mandated appointed by the Customer You in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa.Us and Our Subprocessors.‌ 10.2 Information and audit rights of the Customer only You arise under Section section 10.1 to the extent that the DPA Agreement does not otherwise give them You information and audit rights meeting the relevant requirements of Data Protection Law.Law (including, where applicable, article 28(3)(h) of the GDPR).‌ 10.3 Customer You or Your relevant Affiliate undertaking an audit shall give Compa Us, and any Subprocessor that it wishes to audit or inspect, reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and section 10.1. Any audit or inspection shall make be undertaken on a mutually agreed date. You shall use (and ensure that each of its Your mandated auditors makesuses) all reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to CompaOur and/or the relevant Subprocessor’s premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa We and/or a Subprocessor need not give access to its Our premises for the purposes of such an audit or inspection: (a) 10.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 10.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has You have given notice to Compa Us that this is the case before attendance outside those hours begins;; or (c) 10.3.3 for the purposes of more than one audit or inspection, in respect of CompaUs and each Subprocessor, in any calendar year, except for any additional audits or inspections which Customer which: 10.3.3.1 You reasonably consider necessary because of genuine concerns as to Our compliance with this Addendum; or 10.3.3.2 Your Affiliate is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer You undertake an audit has identified its concerns or the relevant requirement or request in its Your notice to Compa Us of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Master Subscription and Services Agreement

Audit Rights. 10.1 11.1 Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiliate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.3, Compa PeopleFluent shall make available to the Customer on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAExhibit, and (ii) shall shall, at Customer’s cost, allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaData. 10.2 11.2 Information and audit rights of the Customer only arise under Section 10.1 section 11.1 to the extent that the DPA Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaws (including, where applicable, article 28(3)(h) of the GDPR). 10.3 11.3 Customer undertaking an audit shall give Compa PeopleFluent reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compathe PeopleFluent’s premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa PeopleFluent need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa PeopleFluent that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compa, inspection in any calendar year, except for any additional audits or inspections which which: 11.3.3.1 Customer undertaking an audit reasonably considers necessary because of genuine concerns as to PeopleFluent's compliance with this Exhibit; or 11.3.3.2 Customer is required or requested to carry out by Data Protection Laws, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa PeopleFluent of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa 11.4 Save for any time expended disclosures required for compliance with Data Protection Laws, Customer undertakes to keep, and ensure its auditors keep, all results or findings from any such on-site audit, if applicable, at Compa’s then-current professional services rate, which audit confidential and shall be made available to Customer upon request. Before commencement indemnify PeopleFluent against any and all losses incurred by PeopleFluent as a result of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements breach of this DPA. The audit reports shall be confidentialsection 11.4. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Service Agreement

Audit Rights. 10.1 Subject to this Section 10sections [10.2 to 10.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer Company Group Members only arise under Section section 10.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). It is hereby clarified that the Company conducting any such audits shall provide at least sixty days’ notice unless mandatory Data Protection Law or a competent data protection authority requires shorter notice. The cost of such audits shall be borne by the Company unless any breach is detected. 10.3 Customer [Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 10.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 10.3.2 to any independent third party auditor who is not reasonably acceptable to the Vendor and such auditor shall not include any entity who are either a competitor of the Vendor or not suitably qualified or independent. 10.3.3 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 10.3.4 for the purposes of more than one [one] audit or inspection, in respect of Compaeach Contracted Processor, in any [calendar year], except for any additional audits or inspections which Customer which: 10.3.4.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 10.3.4.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.,

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 Subject The Royalty Holder shall have the right to this Section 10arrange an independent audit of the Owner’s books and records with respect to the ORRI (including any records in its possession or control, Compa or that it has the ability to access as a joint venture participant under the JOA and is not prevented from disclosing) (Owner’s Records), limited to once per year and with no less than 10 days’ notice at the Royalty Holder’s sole cost and expense provided that, in respect of any Owner’s Records not in the Owner’s possession or control and that the Owner needs to request from the operator of the JOA (if it is not the operator of the JOA), the Owner shall use reasonable endeavours to obtain those Owner’s Records as soon as reasonably practicable (notwithstanding any time frames for the operator to provide information to participants in the JOA). However, the Owner shall not be in breach of the 10 day time frame set out above if it uses reasonable endeavours but cannot obtain the requested information within that time frame. The Owner will, subject to entry into appropriate confidentiality arrangements, permit a reputable and independent auditor designated by the Royalty Holder, to visit, and (a) inspect and review such Owner’s Records, (b) to make copies and photocopies from such Owner’s Records and to write down and record such information as such auditor may request, (c) to have access to the Owner’s accounting and working papers subject to such independent auditor’s policies and respecting the availability to working papers, and (d) to reasonably investigate and verify the accuracy of information furnished hereunder in connection with the ORRI, all at the Royalty Holder’s expense. The Owner must make available to the Customer on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an independent auditor mandated by the Customer in relation to the Processing such of the Customer Personal Data by the Contracted Processors. A Customer Owner’s Records which may only mandate an auditor reasonably be required for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, 10.2 If an audit shows that the ORRI payable in the relevant month(s) (in respect of which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to is carried out) has been underpaid by 5% or more, the reimbursement rate Owner must pay for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa 10.3 If the Royalty Holder notifies the Owner of any underpayment or overpayment of the ORRI which the Royalty Holder’s representative considers exists, or the audit determines that any ORRI paid has been calculated in error, and that determination or notification is not disputed by the Owner or is determined in favour of the Royalty Holder in such a dispute, the Owner must, on being provided with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only a copy of the report of the Royalty ▇▇▇▇▇▇’s representative, make an adjustment of the ORRI due for the purposes next month. 10.4 On request in writing from the Royalty Holder, the Owner shall provide all reasonable assistance to enable the Royalty Holder to inspect records of meeting its audit requirements the Minister or any department or authority responsible for monitoring and receiving royalty payments due to the Minister under the Data Protection laws and/or confirming compliance with Petroleum Act, relating to the requirements calculation of this DPAthe gross value at the wellhead of Petroleum produced from the Lands. The audit reports Any such inspection shall be confidentialat the Royalty Holder’s cost and may be undertaken no more than once each calendar year. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Royalty Deed (Tamboran Resources Corp)

Audit Rights. 10.1 Subject to 8.1. Akeyless shall maintain accurate written records of any and all the Processing activities of any Customer Data carried out under this Section 10DPA its compliance with its obligations under this DPA, Compa and shall make such records available to the Customer on upon Customer’s thirty (30) days prior written request, however no more frequently than annually unless in response once per twelve (12) months of engagement (“Audit Reports”). A summary of the ISO27001/ISO27701 certification, SOCII report or recent penetration tests, as well as information provided through Customer’s questionnaire shall be defined as a sufficient Audit Report. The Audit Report provided shall be considered Akeyless’ Confidential Information and shall be subject to the corresponding confidentiality obligations under the Agreement or require signed a non-disclosure agreement. 8.2. In the event the Audit Report is reasonably determined as not sufficient for the purpose of demonstrating compliance, Akeyless shall make available, solely upon prior reasonable written notice and no more than once per calendar year, to a request reputable auditor nominated by a regulatory authority: (i) reasonable the Customer, information necessary to reasonably demonstrate compliance with this DPADPA or where required by Applicable Data Protection Law or an applicable authority, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an such reputable auditor mandated by the Customer solely in relation to the Processing of the Customer Personal Data (“Audit”) in accordance with the terms and conditions hereunder. The auditor shall be subject to standard confidentiality obligations (including towards third parties). ▇▇▇▇▇▇▇▇ may object to an auditor appointed by the Contracted Processors. A Customer may only mandate an auditor for in the purposes of this Section 10.1 if event Akeyless reasonably believes the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights not suitably qualified or is a competitor of the Akeyless. Customer only arise under Section 10.1 shall bear all expenses related to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to be conducted under Section 10.1 Audit and shall make (and ensure that each of its mandated auditors makesshall) reasonable endeavors to over the course of such Audit, ensure that the Audit is conducted during regular business hours, and avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s Akeyless’ premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such Audit. ▇▇▇▇▇▇▇▇ shall agree to an audit Audit solely under the following terms: (i) a thirty (30) day prior written notice was provided; and (ii) restrict its findings to only to information relevant to Customer Data or inspectionan applicable Security Incident. 8.3. Compa need not give access Nothing in this DPA will require Akeyless to either disclose to Customer or its premises for third-party auditor, or to allow Customer or its third-party auditor to access: (i) any data of any other Akeyless’ customer or Akeyless’s internal data including without limitation data processed in Akeyless’s role as a Controller; (ii) Akeyless’ internal accounting or financial information; (iii) any trade secret of a Akeyless or its Affiliates; (iv) any information that, in Akeyless’ reasonable opinion, could compromise the purposes security of such an audit any Akeyless’ systems or inspection: (a) cause any breach of its obligations under applicable law or its security, privacy or confidentiality obligations to any individual unless he third party; or she produces reasonable evidence of identity and authority; (bv) outside normal business hours at those premises, unless the audit any information that Customer or inspection needs its third-party auditor seeks to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except access for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for reason other than the enforcement good faith fulfillment of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements obligations under the Data Protection laws and/or confirming compliance with the requirements of this DPALaws. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant No access to any multi-tenant systems.part of Akeyless’s IT

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 11.1 Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.3, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiliate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 A Company Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Addendum, as that list is amended by agreement between the parties in writing from time to time. Vendor shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list. 11.4 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s premises, equipment, personnel, and business the Contracted Processors' personnel while its personnel are on those premises in the course of such an audit or inspectionaudit. Compa A Contracted Processor need not give access to its premises personnel for the purposes of such an audit or inspectionaudit: (a) 11.4.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2 outside normal business hours at those premisesof Vendor, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any two calendar yearyears, except for any additional audits or inspections which Customer which: 11.4.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.4.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 12.1. As part of the review and evaluation of the security measures, most Velsera companies will, once every year, have a security audit performed by an independent third-party expert, according to generally accepted audit standards which will be documented in a written security report. The Controller may request a copy of this security report in lieu of undertaking an independent security audit as it relates to the security measures observed under this DPA. 12.2. Subject to this Section 10sections 12.1, Compa 12.2 and 12.4, Velsera and each Velsera Affiliate shall make available to the Customer each Controller on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to reasonable audits, including inspections, by the Customer any Controller or an auditor mandated by the Customer any Controller in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 12.3. Information and audit rights of the Customer Controllers only arise under Section 10.1 section 12.2 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 12.4. Client or the relevant Client Affiliate undertaking an audit shall give Compa Velsera or the relevant Velsera Affiliate reasonable advance notice of no less than thirty (30) days, of any audit or inspection to be conducted under Section 10.1 this section and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 12.4.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 12.4.2. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Controlleror the relevant Client Affiilate undertaking an audit has given notice to Compa Velsera or the relevant Velsera Affiliate that this is the case before attendance outside those hours begins;; or (c) 12.4.3. for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 12.4.3.1. Client or the relevant Client Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Velsera's or the relevant Velsera Affiliate’s compliance with this DPA; or 12.4.3.2. A Controller is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Controller or the Customer relevant Controller Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Velsera or the relevant Velsera Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to the remainder of this Section 1011, Compa Vendor shall, and shall ensure that each relevant Vendor Affiliate does (a) make available to the each Customer on Group Member, upon such Customer Group Member’s written request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all available information reasonably necessary to demonstrate compliance with this DPA, and (iib) shall allow for and contribute to audits, including inspections, by the permit any Customer Group Member or an auditor mandated by any Customer Group Member to audit and inspect the Customer in relation security controls relevant to the Processing of the Customer Personal Data by the Contracted Processors. All information provided, disclosed, or made available pursuant to this Section 11 shall be deemed Vendor’s Confidential Information. 11.2 Information and audit rights of the Customer Group Members arise under section 11.1 only to the extent required to meet the relevant requirements of applicable Data Protection Laws (including, where applicable, article 28(3)(h) of the GDPR) where the Agreement does not otherwise give the required information and audit rights. 11.3 A Customer Group Member may only mandate an auditor for the purposes of this Section 10.1 section 11.1 only if the auditor is reasonably agreed identified in the list set out in Annex 2 to this DPA, as that list may amended from time to time by Compamutual written agreement between the parties. Vendor shall not unreasonably withhold, condition, or delay its agreement to accept a new auditor or to have such auditor added to the list in Annex 2. 10.2 Information and 11.4 The relevant Customer Group Member undertaking an audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise shall give them information and audit rights meeting Vendor or the relevant requirements of Data Protection Law. 10.3 Customer shall give Compa Vendor Affiliate reasonable advance advanced written notice (but not less than ten (10) Business Days) of any audit or inspection to be conducted under Section 10.1 11.1 of this DPA. The relevant Customer Group Member shall not (and shall make (and ensure that each of its mandated auditors makesdo not) reasonable endeavors cause any damage or injury to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s the Contracted Processors’ premises, equipment, personnel, or Personnel and business while its personnel are on those premises in the course of shall further ensure that such an audit or inspectioninspection (whether conducted by the Customer Group Member or its mandated auditors) does not unreasonably interfere with the Contracted Processors’ business. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authorityauthority and agrees to be bound by such Contracted Processors’ reasonable confidentiality and security requirements; (b) outside normal business hours at those premises, unless the audit or inspection needs is required to be conducted on an emergency basis (i.e. as a result of an imminent threat to Customer Personal Data or a known material non-compliance with applicable Data Protection Laws) and the relevant Customer Group Member undertaking an such audit has given as much advanced notice (including via telephone and email) as is practicable to Compa that this is Vendor, the case before attendance outside those hours beginsrelevant Vendor Affiliates, and the relevant Contracted Processor, if any, of the need for such emergency audit or inspection; (c) for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which which: (i) are conducted for the sole purpose of confirming whether a compliance breach revealed by a prior audit has been cured; or (ii) A Customer Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory other governmental authority responsible for the enforcement of competent jurisdiction under applicable Data Protection Laws in any country or territory, where Laws; provided that the relevant Customer Group Member undertaking such audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 11.5 If Vendor’s or its Affiliates’ Personnel are required to assist Customer shall reimburse Compa for Group Members in any time expended for audit(s) or inspection(s), such assistance will be provided free of charge up to 20 hours total in any such on-site audit, if applicable, calendar year. Any additional hours of required assistance will be charged at CompaVendor’s at Vendor’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate standard rates for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an auditProfessional Services. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Master Service Subscription Terms

Audit Rights. 10.1 Subject to this Section 10sections 10.2 to 10.4, Compa Supplier and each Supplier Affiliate shall make available to the Customer each Controller Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAData Processor Agreement, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Controller Group Member or an auditor mandated by the Customer any Controller Group Member in relation to the Processing of the Customer Controller Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa.Data Processors.‌ 10.2 Information and audit rights of the Customer Controller Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Main Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection Law.Law (including, where applicable, article 28(3)(h) of the GDPR).‌ 10.3 Customer A Controller Group Member may only mandate an auditor for the purposes of section 11.1 if the auditor is identified in the list set out in Annex 3 to this Data Processor Agreement, as that list is amended by agreement between the parties in writing from time to time. Supplier shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list.‌ 10.4 Controller or the relevant Controller Affiliate undertaking an audit shall give Compa Supplier or the relevant Supplier Affiliate reasonable advance notice of any audit or inspection to be conducted under Section section 10.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Data Processors’ premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Data Processor need not give access to its premises for the purposes of such an audit or inspection: (a) to 10.4.1 To any individual unless he or she produces reasonable evidence of identity and authority; (b) outside 10.4.2 Outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Controller or the relevant Controller Affiliate undertaking an audit has given notice to Compa Supplier or the relevant Supplier Affiliate that this is the case before attendance outside those hours begins;; or (c) for 10.4.3 For the purposes of more than one (1) audit or inspection, in respect of Compaeach Data Processor, in any calendar year, except for any additional audits or inspections which Customer which: 10.4.3.1 Controller or the relevant Controller Affiliate undertaking an audit reasonably considers necessary because of demonstrable genuine concerns as to Supplier’s or the relevant Supplier Affiliate’s compliance with this Data Processor Agreement; or 10.4.3.2 A Controller Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Controller or the Customer relevant Controller Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Supplier or the relevant Supplier Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processor Agreement

Audit Rights. 10.1 Subject EDS shall provide such auditors and inspectors as Customer may from time to this Section time designate (upon ten (10, Compa shall make available ) days' Notice except for internal audits or inspections or those conduced by federal or state regulators) with reasonable access to the Customer on requestEDS Data Center and any and all other EDS facilities in any manner involved in the performance of Services, no more frequently than annually unless in response to a request by a regulatory authorityincluding data storage facilities, for the limited purpose of performing, at Customer’s expense, audits or inspections of any or all of the following: (i) reasonable information necessary Customer's Resources, (ii) the handling of Customer Data, including a SAS 70, Type II or similar audit, (iii) the development or modification of systems used or to demonstrate be used in performing Services, (iv) networks used in performing Services, through the use of network penetration tests and similar mechanisms, (v) EDS's compliance with this DPACustomer's electronic records retention program and other compliance control activities related to S▇▇▇▇▇▇▇-▇▇▇▇▇ and the overall Customer control environment as set forth in Exhibit 2, and (iivi) the performance of Services under this Agreement. If requested by EDS, audits shall allow be conditioned upon the auditor's signing an agreement reasonably satisfactory to EDS agreeing to maintain the confidentiality of EDS's Confidential Information, as provided in Article 7.1, and indemnifying EDS for and contribute to audits, including inspections, personal injury or property damage caused by the auditor. EDS will provide to such auditors and inspectors any assistance that they reasonably require. Customer or an auditor mandated shall pay EDS for EDS's costs for any resources required by the Customer auditor inspection in relation addition to the Processing resources that EDS would otherwise use in the performance of Services, at the rates set forth in Exhibit 4; provided, however, that Customer Personal Data shall not incur any additional costs in connection with its performance of one annual audit of EDS’s controls by Customer’s Internal Audit Department and one annual audit by Customer’s independent auditor, to ascertain whether there are deficiencies in the Contracted Processors. A Customer may only mandate an auditor for the purposes effectiveness, design or operation of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 EDS’s controls as they pertain to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements performance of Data Protection Law. 10.3 Services. EDS shall provide Customer shall give Compa reasonable advance notice with a written estimate of any audit or inspection anticipated additional costs prior to be conducted under Section 10.1 and shall make (and ensure that each the commencement of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, or disruption to Compa’s premises, equipment, personnel, and business while its personnel are on those premises in the course of such an affected audit or inspection. Compa need not give access If any deficiencies in EDS’s controls are identified through audits under subparagraphs (ii), (iv), or (v) hereunder, EDS shall remediate such deficiencies within a commercially reasonable time at EDS’s cost and shall allow Customer to its premises for retest the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless controls after the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of more than one audit or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out by a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicableremediation, at Compa’s then-current professional services rate, which shall be made available no charge to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by CompaCustomer. Customer shall promptly notify Compa cooperate with information regarding any non-compliance EDS in the reallocation of Resources during the course period of an auditremediation. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Services Agreement (Dollar Thrifty Automotive Group Inc)

Audit Rights. 10.1 11.1. Subject to this Section 10sections [11.2 to 11.4], Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum, and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 11.2. Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3. A Company Group Member may only mandate an auditor with agreement of Vendor who shall not unreasonably withhold or delay agreement to the addition of a new auditor to that list. 11.4. Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.4.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.4.2. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.4.3. for the purposes of more than one [one] audit or inspection, in respect of Compaeach Contracted Processor, in any [calendar year], except for any additional audits or inspections which Customer which: 11.4.3.1. Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.4.3.2. A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Protection Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.4, Compa CloudShare and each CloudShare Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPADPE. If CloudShare and/or CloudShare Affiliates have their compliance included in standard third party audits to international standards such as ISO ( International Organization for Standardization) or SOC (Service Organization Control) they shall make such reports available on a confidential basis to any Company Group Member upon request and Company Group Member shall use such audit reports in lieu of an individual audit. If such audit reports are not available, CloudShare and/or CloudShare Affiliates and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for The cost of audits performed by any Company Group Member shall be borne solely by the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaCompany Group Member. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa CloudShare or the relevant CloudShare Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiilate undertaking an audit has given notice to Compa CloudShare or the relevant CloudShare Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to CloudShare's or the relevant CloudShare Affiliate’s compliance with this DPE; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where Company or the Customer relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa CloudShare or the relevant CloudShare Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Agreement

Audit Rights. 10.1 Subject Customer agrees that PROS’ most recently completed SOC1 and SOC2 audit reports, or comparable industry-standard successor report, prepared by PROS’ independent third-party auditor will, to this Section 10the extent applicable, Compa shall be used to satisfy any audit or inspection requests by or on behalf of Customer, and PROS will make such reports available to Customer upon request (or Customer’s independent third-party auditor that is not a competitor of PROS) subject to the confidentiality obligations set forth in the Agreement. 10.2 Customer on request, no more frequently than annually unless in response may request an on-site audit of procedures relevant to a request the Processing of Personal Data by a regulatory authority: PROS (i“On-Site Audit”) reasonable if: 10.2.1 the information necessary available pursuant to PROS SOC 1 and SOC 2 audit reports is not sufficient to demonstrate compliance with the obligations set out in this DPA, and (ii) shall allow for and contribute to audits, including inspections, Addendum; or 10.2.2 Customer has received notice of a Data Breach from PROS; or 10.2.3 the On-Site Audit is formally requested by the Customer Customer's Supervisory Authority or an auditor mandated required by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer only arise under Section 10.1 to the extent that the DPA does not otherwise give them information and audit rights meeting the relevant requirements of applicable Data Protection Law. 10.3 Customer shall give Compa reasonable advance notice of any audit or inspection to An On-Site Audit may be conducted under Section 10.1 and by Customer or through its independent third-party auditor (that is not a competitor of PROS) subject to the following limitations: 10.3.1 Customer gives PROS reasonable written notice, which shall make not be less than 30 days (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injuryunless a Supervisory Authority requires shorter notice, or disruption to Compa’s premisesa Data Breach has occurred); 10.3.2 it is conducted during PROS’ regular business hours, equipment, personnelat reasonable intervals, and business while its personnel are on those premises in the course of such an audit or inspection. Compa need not give access to its premises for the purposes of such an audit or inspection: (a) to any individual unless he or she produces reasonable evidence of identity and authority; (b) outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer undertaking an audit has given notice to Compa that this is the case before attendance outside those hours begins; (c) for the purposes of no more than one audit once per calendar year (unless required or inspection, in respect of Compa, in any calendar year, except for any additional audits or inspections which Customer is required to carry out requested by a Supervisory Authority or any similar regulatory authority responsible for Authority); 10.3.3 the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa scope of the audit or inspectionOn-Site Audit is mutually agreed in advance by PROS and Customer acting reasonably and in good faith; 10.3.4 where an independent auditor is involved, they have entered into a non-disclosure agreement containing confidentiality provisions no less protective than those set forth in the Agreement to protect PROS Confidential Information; orand (d) to a third party who is performing 10.3.5 Customer bears the audit on behalf reasonable costs of the Customer, On-Site Audit unless such third party auditor executes audit reveals a confidentiality agreement acceptable material breach by PROS of this Addendum, then PROS shall bear its own expenses of an audit. Any costs will be agreed by PROS and Customer in advance. Any On-Site Audits will be limited to Compa before Customer Data Processing and storage facilities operated by PROS or PROS Affiliates. Customer acknowledges that the auditSubscription Service is hosted by PROS hosting Sub-processors who maintain independently validated security programs (including SOC 1, SOC 2 and ISO 27001). 10.4 Customer shall reimburse Compa for any time expended for any such onReports following from the On-site audit, if applicable, at Compa’s then-current professional services rate, which shall Site Audit will be made available treated as PROS' Confidential Information and subject to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration confidentiality obligations of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by CompaAgreement. Customer shall promptly notify Compa provide PROS with information regarding about any actual or suspected non-compliance discovered during the course of an auditOn-Site Audit, which PROS will promptly remedy at its own cost. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 11.1 Subject to this Section 10sections 11.2 to 11.4, Compa Vendor and each Vendor Affiliate shall make available to the Customer each Company Group Member on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable all information necessary to demonstrate compliance with this DPAAddendum. If Vendor and/or Vendor Affiliates have their compliance included in standard third- party audits to international standards such as ISO (International Organization for Standardization) or SOC (Service Organization Control) they shall make such reports available on a confidential basis to any Company Group Member upon request and Company Group Member shall use such audit reports in lieu of an individual audit. If such audit reports are not available, Vendor and/or Vendor Affiliates and (ii) shall allow for and contribute to audits, including inspections, by the Customer any Company Group Member or an auditor mandated by the Customer any Company Group Member in relation to the Processing of the Customer Company Personal Data by the Contracted Processors. A Customer may only mandate an auditor for The cost of audits performed by any Company Group Member shall be borne solely by the purposes of this Section 10.1 if the auditor is reasonably agreed to by CompaCompany Group Member. 10.2 11.2 Information and audit rights of the Customer Company Group Members only arise under Section 10.1 section 11.1 to the extent that the DPA Principal Agreement does not otherwise give them information and audit rights meeting the relevant requirements of Data Protection LawLaw (including, where applicable, article 28(3)(h) of the GDPR). 10.3 Customer 11.3 Company or the relevant Company Affiliate undertaking an audit shall give Compa Vendor or the relevant Vendor Affiliate reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 11.1 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors to avoid causing (or, if it cannot avoid, to minimize) any damage, injury, injury or disruption to Compa’s the Contracted Processors' premises, equipment, personnel, personnel and business while its personnel are on those premises in the course of such an audit or inspection. Compa A Contracted Processor need not give access to its premises for the purposes of such an audit or inspection: (a) 11.3.1 to any individual unless he or she produces reasonable evidence of identity and authority; (b) 11.3.2 outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer Company or the relevant Company Affiliate undertaking an audit has given notice to Compa Vendor or the relevant Vendor Affiliate that this is the case before attendance outside those hours begins;; or (c) 11.3.3 for the purposes of more than one audit or inspection, in respect of Compaeach Contracted Processor, in any calendar year, except for any additional audits or inspections which Customer which: 11.3.3.1 Company or the relevant Company Affiliate undertaking an audit reasonably considers necessary because of genuine concerns as to Vendor's or the relevant Vendor Affiliate’s compliance with this Addendum; or 11.3.3.2 A Company Group Member is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer Company or the relevant Company Affiliate undertaking an audit has identified its concerns or the relevant requirement or request in its notice to Compa Vendor or the relevant Vendor Affiliate of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum

Audit Rights. 10.1 Subject to this Section 10, Compa shall make available to the Customer on request, no more frequently than annually unless in response to a request by a regulatory authority: (i) reasonable information necessary to demonstrate compliance with this DPA, and (ii) shall allow for and contribute to audits, including inspections, by the Customer or an auditor mandated by the Customer in relation to the Processing of the Customer Personal Data by the Contracted Processors12.1. A Customer may only mandate an auditor for the purposes of this Section 10.1 if the auditor is reasonably agreed to by Compa. 10.2 Information and audit rights of the Customer Responsible Party only arise under Section 10.1 this section 12 to the extent that the DPA does terms of the Principal Agreement do not otherwise give them the Responsible Party information and audit rights meeting the relevant requirements of the relevant Data Protection LawLaws. 10.3 Customer 12.2. Subject to the provisions of paragraph 12.1, BulkSMS shall make available to the Responsible Party on request all information necessary to demonstrate compliance with this Data Processing Addendum and shall allow for and contribute to audits in relation to the Processing of the Responsible Party Personal Data by BulkSMS or a Sub-Processor, including inspections, by an auditor mandated by the Responsible Party and approved of by BulkSMS. 12.3. The Responsible Party proposing to undertake an audit shall give Compa BulkSMS reasonable advance notice of any audit or inspection to be conducted under Section 10.1 section 12.2 and shall make (and ensure that each of its mandated auditors makes) reasonable endeavors endeavours to avoid causing (or, if it cannot avoid, to minimizeminimise) any damage, injury, or disruption to Compa’s premises, equipment, personnel, the personnel and business while its personnel are on those premises of BulkSMS or a Sub- Processor in the course of such an audit or inspection. 12.4. Compa need not Neither BulkSMS nor a Sub-Processor shall be required to give information or access to its their premises for the purposes of such an audit or inspection: (a) 12.4.1. to any individual unless he or she produces reasonable evidence of identity and authority; (b) 12.4.2. outside normal business hours at those premises, unless the audit or inspection needs to be conducted on an emergency basis and Customer the Responsible Party undertaking an audit has given notice to Compa BulkSMS or the relevant Sub-Processor that this is the case before attendance outside those hours begins;; or (c) 12.4.3. for the purposes of more than one audit or inspection, in respect of Compa, inspection in any calendar year, except for any additional audits or inspections which Customer a Responsible Party is required or requested to carry out by Data Protection Law, a Supervisory Authority or any similar regulatory authority responsible for the enforcement of Data Protection Laws in any country or territory, where the Customer has identified its concerns or the relevant requirement or request in its notice to Compa of the audit or inspection; or (d) to a third party who is performing the audit on behalf of the Customer, unless such third party auditor executes a confidentiality agreement acceptable to Compa before the audit. 10.4 Customer shall reimburse Compa for any time expended for any such on-site audit, if applicable, at Compa’s then-current professional services rate, which shall be made available to Customer upon request. Before commencement of any such on-site audit; Customer and Compa shall mutually agree on the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Compa. Customer shall promptly notify Compa with information regarding any non-compliance during the course of an audit. 10.5 The Customer must provide Compa with any audit reports generated in connection with any audit at no charge unless prohibited by applicable law. The Customer may use audit reports only for the purposes of meeting its audit requirements under the Data Protection laws and/or confirming compliance with the requirements of this DPA. The audit reports shall be confidential. 10.6 Nothing in this Section 10 shall require Compa to breach any confidentiality owed to any of its clients, employees, or Subprocessors, or to grant access to any multi-tenant systems.

Appears in 1 contract

Sources: Data Processing Addendum