Common use of Authorized Subprocessors Clause in Contracts

Authorized Subprocessors. 5.1 Customer acknowledges and agrees that Zoom may (i) engage its affiliates and the entities listed at ▇▇▇▇.▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇ (such URL may be updated by Zoom from time to time) (the “List”) to access and Process Personal Data for the purposes of providing the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5. 5.2 A list of Zoom’s current Authorized Subprocessors is available on the List. At least ten (10) days before enabling any third party other than Authorized Subprocessors to access or participate in the Processing of Personal Data, Zoom will add such third party to the List and notify Customer of that update by way of the functionality described in Section 5.1 above. Customer may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by Customer. 5.2.1 If Customer reasonably objects to an engagement in accordance with Section 5.2, Zoom shall provide Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provided, Customer may terminate this Addendum. Termination shall not relieve Customer of any fees owed to Zoom under the Agreement. 5.2.2 If Customer does not object to the engagement of a third party in accordance with Section 5.2 within ten (10) days of notice by Zoom, that third party will be deemed an Authorized Subprocessor for the purposes of this Addendum. 5.3 Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom. 5.4 Zoom shall, by way of contract or other legal act under applicable law ensure that every Authorized Subprocessor is subject to obligations regarding the Processing of Personal Data that are no less protective than those to which the Zoom is subject under this Addendum. Zoom shall, exercising reasonable care, evaluate an organization’s data protection practices before allowing the organization to act as an Authorized Subprocessor. 5.5 Zoom shall be liable to Customer for the acts and omissions of Authorized Subprocessors to the same extent that Zoom would itself be liable under this Addendum had it conducted such acts or omissions. 5.6 If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Zoom of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that such copies will be provided by the Zoom only upon request by Customer.

Authorized Subprocessors. 5.1 Customer acknowledges and agrees To the extent that Zoom may (i) is a Processor: 5.1 The Customer hereby generally authorizes Zoom to engage its affiliates and subprocessors in accordance with this Section 5. 5.2 Customer approves the entities Authorized Subprocessors listed at ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇▇.▇▇/docs/en- us/subprocessors.html: 5.3 Zoom may remove, replace, or appoint suitable and reliable further subprocessors in accordance with this Section 5.3: (a) Zoom shall at least thirty (30) business days before the new subprocessor starts processing any Customer Personal Data notify Customer of the intended engagement (including the name and location of the relevant subprocessor, and the activities it will perform and a description of the Personal Data it will process). To enable such notifications, Customer shall visit ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇▇.▇▇ (such URL may be updated by Zoom from time ▇/docs/en- us/subprocessors.html and enter the email address to time) (the “List”) to access and Process Personal Data for the purposes of providing the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. which Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contrary, Customer must subscribe to send such notifications in order to ensure it is properly notified into the submission field at the bottom of any changes to Subprocessors under this Section 5the page. 5.2 A list of Zoom’s current Authorized Subprocessors is available on the List. At least ten (10b) days before enabling any third party other than Authorized Subprocessors to access In an emergency concerning Service availability or participate in the Processing of Personal Datasecurity, Zoom will add such third party is not required to provide prior notification to Customer but shall provide notification within seven (7) business days following the List and notify Customer of that update by way of change in subprocessor. In either case, the functionality described in Section 5.1 above. Customer may object to such an engagement in writing within ten fifteen (1015) business days of receipt of the aforementioned notice by CustomerZoom. 5.2.1 5.4 If the Customer reasonably objects to an the engagement in accordance with Section 5.2of a new subprocessor, Zoom shall have the right to cure the objection through one of the following options (to be selected at Zoom's sole discretion): (a) Zoom cancels its plans to use the subprocessor with regard to Customer Personal Data. (b) Zoom will take the corrective steps requested by Customer in its objection (which remove Customer's objection) and proceed to use the subprocessor with regard to Customer Personal Data. (c) Zoom may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve the use of such a subprocessor with regard to Customer Personal Data. Zoom provides Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provided, Zoom and Customer may terminate this Addendumthe Agreement including the Addendum with prior written notice. Termination shall not relieve Customer of any fees or charges owed to Zoom for Services provided up to the effective date of the termination under the Agreement. 5.2.2 . If Customer does not object to the a new subprocessor's engagement of a third party in accordance with Section 5.2 within ten (10) 15 business days of notice by issuance from Zoom, that third party will new subprocessor shall be deemed an Authorized Subprocessor for the purposes of this Addendumaccepted. 5.3 5.5 Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, unauthorized Processing of Customer Personal Data and Customer Content both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom. 5.4 5.6 Zoom shall, by way of contract or other legal act under applicable law ensure that every act, impose on the Authorized Subprocessor is subject the equivalent data protection obligations as set out in this Addendum and detailed in the GDPR. The Parties acknowledge and agree that notice periods shall be deemed equivalent regardless of disparate notification periods. If personal data are transferred to obligations regarding an Authorized Subprocessor in a third country, Zoom will ensure the Processing of Personal Data that transferred data are no less protective than those to which processed with the Zoom is subject under this Addendumsame GDPR transfer guarantees as agreed with Customer (such as Standard Contractual Clauses and BCRs). Zoom shall, exercising reasonable care, evaluate an organization’s will also perform a case by case assessment if supplementary measures are required in cases of onward transfers to third countries in order to bring the level of protection of the transferred data protection practices before allowing up to the organization to act as an Authorized Subprocessor▇▇▇ standard of essential equivalence. 5.5 5.7 Zoom shall be fully liable to Customer where that Authorized Subprocessor fails to fulfil its data protection obligations for the acts and omissions performance of that Authorized Subprocessors Subprocessor's obligations to the same extent that Zoom would itself be liable under this Addendum had it conducted such acts or omissions. 5.6 If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Zoom of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that such copies will be provided by the Zoom only upon request by Customer.

Authorized Subprocessors. 5.1 5.1. Zoom shall not engage a subprocessor without general written authorization of the Customer. 5.2. Customer acknowledges and agrees that Zoom may (i) engage its affiliates and approves the entities third-party subprocessors currently listed at ▇▇▇▇.▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇ (such URL / subprocessors. 5.3. Zoom may be updated by Zoom from time to time) (the “List”) to access remove, replace or appoint suitable and Process Personal Data for the purposes of providing the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Datareliable further subprocessors at its own discretion in accordance with this Section 5.3: 5.3.1. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5. 5.2 A list of Zoom’s current Authorized Subprocessors is available on the List. At at least ten fifteen (1015) days before enabling any third party other than Authorized Subprocessors new subprocessors to access or participate in the Processing of Personal Data, Zoom will add such third party to the List and Data notify Customer of that update by way of the functionality described in Section 5.1 aboveupdate. The Customer may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by the Customer. To enable such notifications, Customer shall visit ▇▇▇▇.▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇ and enter the email address to which Zoom shall send such notifications into the submission field at the bottom of the page. 5.2.1 5.3.2. If the Customer reasonably objects to an engagement in accordance with Section 5.2engagement, Zoom shall have the right to cure the objection through one of the following options (to be selected at Zoom's sole discretion): a) Zoom cancels its plans to use the subprocessor with regard to Customer's Personal Data. b) Zoom will take the corrective steps requested by Customer in its objection (which remove Controller's objection) and proceed to use the subprocessor with regard to Customer's Personal Data. c) Zoom may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve the use of such subprocessor with regard to Controller's personal data. d) Zoom provides Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provided, Zoom and Customer may terminate this AddendumAddendum with prior written notice. Termination shall not relieve Customer of any fees owed to Zoom under the Agreement. 5.2.2 5.3.3. If Customer does not object to the a new subprocessor's engagement of a third party in accordance with Section 5.2 within ten (10) days of notice by Zoom, that third party will new subprocessor shall be deemed an Authorized Subprocessor for the purposes of this Addendumaccepted. 5.3 5.4. Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, unauthorized Processing of Customer Personal Data both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom. 5.4 5.5. Zoom shall, e.g., by way of contract or other legal act under applicable law ensure that every impose on the Authorized Subprocessor is subject to the equivalent data protection obligations regarding the Processing of Personal Data that are no less protective than those to which the Zoom is subject under as set out in this Addendum. Zoom shall, exercising shall exercise reasonable care, care and evaluate an organization’s 's data protection practices before allowing the organization to act as an Authorized Subprocessor. 5.5 5.6. Zoom shall be fully liable to Customer where that Authorized Subprocessor fails to fulfil its data protection obligations for the acts and omissions performance of Authorized Subprocessors that subprocessor’s obligations to the same extent that Zoom would itself be liable under this Addendum had it conducted such acts or omissions. 5.6 5.7. If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (International Transfers of Personal Data), (i) the above authorizations will constitute Customer’s 's prior written consent to the subcontracting by Zoom of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that Zoom will provide such copies will be provided by the Zoom only upon request by Customer.

Authorized Subprocessors. 5.1 5.1. The Customer acknowledges and agrees that hereby generally authorizes Zoom may (i) to engage its affiliates and subprocessors in accordance with this Section 5. 5.2. Customer approves the entities third-party subprocessors currently listed at ▇▇▇▇.▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇ (such URL ▇. 5.3. Zoom may be updated by Zoom from time to time) (the “List”) to access remove, replace or appoint suitable and Process Personal Data for the purposes of providing the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Datareliable further subprocessors in accordance with this Section 5.3: 5.3.1. Zoom shall automatically notify Customer of updates to the Subprocessor List noted above by way of a functionality on the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5. 5.2 A list of Zoom’s current Authorized Subprocessors is available on the List. At at least ten fifteen (1015) days before enabling engaging any third party other than Authorized Subprocessors new subprocessors to access or participate in the Processing of Customer’s Personal Data, Zoom will add such third party to the List and Data notify Customer of that update by way of the functionality described in Section 5.1 aboveupdate. The Customer may object to such an engagement in writing within ten (10) days of receipt of the aforementioned notice by the Customer. To enable such notifications, Customer shall visit ▇▇▇▇.▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇ and enter the email address to which Zoom shall send such notifications into the submission field at the bottom of the page. 5.2.1 5.3.2. If the Customer reasonably objects to an the engagement in accordance with Section 5.2of a new subprocessor, Zoom shall have the right to cure the objection through one of the following options (to be selected at Zoom's sole discretion): a) Zoom cancels its plans to use the subprocessor with regard to Customer's Personal Data. b) Zoom will take the corrective steps requested by Customer in its objection (which remove Customer's objection) and proceed to use the subprocessor with regard to Customer's Personal Data. c) Zoom may cease to provide or Customer may agree not to use (temporarily or permanently) the particular aspect of the Service that would involve the use of such subprocessor with regard to Controller's personal data. d) Zoom provides Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) if provided, Zoom and Customer may terminate this AddendumAddendum with prior written notice. Termination shall not relieve Customer of any fees or charges owed to Zoom for Services provided up to the effective date of the termination under the Agreement. 5.2.2 5.3.3. If Customer does not object to the a new subprocessor's engagement of a third party in accordance with Section 5.2 within ten (10) days of notice by Zoom, that third party will new subprocessor shall be deemed an Authorized Subprocessor for the purposes of this Addendumaccepted. 5.3 5.4. Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, unauthorized Processing of Customer’s Personal Data both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom. 5.4 5.5. Zoom shall, e.g., by way of contract or other legal act under applicable law ensure that every impose on the Authorized Subprocessor is subject to the equivalent data protection obligations regarding the Processing of Personal Data that are no less protective than those to which the Zoom is subject under as set out in this Addendum. Zoom shall, exercising shall exercise reasonable care, care and evaluate an organizationa potential subprocessor’s data protection practices before allowing the organization subprocessor to act as an Authorized Subprocessor. 5.5 5.6. Zoom shall be fully liable to Customer where that Authorized Subprocessor fails to fulfil its data protection obligations for the acts and omissions performance of that Authorized Subprocessors Subprocessor’s obligations to the same extent that Zoom would itself be liable under this Addendum had it conducted such acts or omissions. 5.6 5.7. If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (International Transfers of Personal Data), (i) the above authorizations will constitute Customer’s 's prior written consent to the subcontracting by Zoom of the processing Processing of Customer’s Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that Zoom will provide such copies will be provided by the Zoom only upon request by Customer.

Authorized Subprocessors. To the extent that Zoom is a Processor: 5.1 Customer acknowledges and agrees that hereby generally authorizes Zoom may (i) to engage its affiliates and subprocessors in accordance with this Section 5. 5.2 Customer approves the entities Authorized Subprocessors listed at ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇▇.▇▇/docs/en- us/subprocessors.html: 5.3 Zoom may remove, replace, or appoint suitable and reliable further subprocessors in accordance with this Section 5.3: (a) Zoom shall at least thirty (30) business days before the new subprocessor starts processing any Customer Personal Data notify Customer of the intended engagement (including the name and location of the relevant subprocessor, and the activities it will perform and a description of the Personal Data it will process). To enable such notifications, Customer shall visit ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇▇.▇▇ (such URL may be updated by Zoom from time to time) (▇/docs/en- us/subprocessors.html and enter its desired and valid email address into the “List”) to access submission field at the bottom of the webpage, and Process Personal Data for the purposes of providing the Services and (ii) from time to time engage additional third parties for the purpose of providing the Services, including without limitation the Processing of Personal Data. Zoom shall automatically notify Customer of updates send such notifications to the Subprocessor List noted above by way of a functionality on email address entered into the Subprocessor site. Notwithstanding the notification provisions contained in this Addendum or the Agreement to the contrary, Customer must subscribe to such notifications in order to ensure it is properly notified of any changes to Subprocessors under this Section 5submission field. 5.2 A list of Zoom’s current Authorized Subprocessors is available on the List. At least ten (10b) days before enabling any third party other than Authorized Subprocessors to access In an emergency concerning Service availability or participate in the Processing of Personal Datasecurity, Zoom will add such third party is not required to provide prior notification to Customer but shall provide notification within seven (7) business days following the List and notify Customer of that update by way of the functionality described change in Section 5.1 abovesubprocessor. In either case, Customer may object to such an engagement in writing within ten fifteen (1015) business days of receipt of the aforementioned notice by CustomerZoom. 5.2.1 5.4 If Customer reasonably objects to an the engagement in accordance with Section 5.2of a new subprocessor, Zoom shall provide have the right to cure the objection through one of the following options (to be selected at Zoom's sole discretion): (a) Zoom cancels its plans to use the subprocessor with regard to Customer Personal Data. (b) Zoom will take the corrective steps requested by Customer in its objection (which remove Customer's objection) and proceed to use the subprocessor with regard to Customer Personal Data. (c) Zoom may cease to provide, or Customer may agree not to use (temporarily or permanently), the particular aspect of the Service that would involve the use of such a subprocessor with regard to Customer Personal Data. (d) Zoom provides Customer with a written description of commercially reasonable alternative(s), if any, to such engagement, including without limitation modification to the Services. If Zoom, in its sole discretion, cannot provide any such alternative(s), or if Customer does not agree to any such alternative(s) ), if provided, Customer Zoom and Customer, within thirty days (30) days of being provided an alternative, may terminate this Addendumthe affected portion(s) of the Agreement with prior written notice. Termination shall not relieve Customer of any fees or charges owed to Zoom for Services provided up to the effective date of the termination under the Agreement. 5.2.2 . If Customer does not object to the a new subprocessor's engagement of a third party in accordance with Section 5.2 within ten fifteen (1015) business days of notice by issuance from Zoom, that third party will new subprocessor shall be deemed an Authorized Subprocessor for the purposes of this Addendumaccepted. 5.3 5.5 Zoom shall ensure that all Authorized Subprocessors have executed confidentiality agreements that prevent them from disclosing or otherwise Processing, unauthorized Processing of Customer Personal Data and Customer Content both during and after their engagement by Zoom, any Personal Data both during and after their engagement with Zoom. 5.4 5.6 Zoom shall, by way of contract or other legal act under applicable law ensure that every act, impose on the Authorized Subprocessor is subject to data protection obligations regarding consistent with the Processing obligations set out in this Addendum and in accordance with GDPR requirements. The parties acknowledge and agree that notice periods shall be deemed equivalent regardless of disparate notification periods. If Personal Data are transferred to an Authorized Subprocessor in a third country that does not ensure an adequate level of protection according to the European Commission, the FDIPC, or UK Information Commissioner's Office, Zoom will ensure the transferred data are no less protective than those to which processed with the Zoom is subject under this Addendumsame GDPR transfer guarantees as agreed with Customer (such as Standard Contractual Clauses and BCRs). Zoom shall, exercising reasonable care, evaluate an organization’s will also perform a case-by-case assessment if supplementary measures are required in cases of onward transfers to third countries to bring the level of protection of the transferred data protection practices before allowing up to the organization to act as an Authorized SubprocessorEU standard of essential equivalence. 5.5 5.7 Zoom shall be fully liable to Customer where that Authorized Subprocessor fails to fulfil its data protection obligations for the acts and omissions performance of that Authorized Subprocessors Subprocessor's obligations to the same extent that Zoom would itself be liable under this Addendum had it conducted such acts or omissions. 5.6 If Customer and Zoom have entered into Standard Contractual Clauses as described in Section 7 (Transfers of Personal Data), (i) the above authorizations will constitute Customer’s prior written consent to the subcontracting by Zoom of the processing of Personal Data if such consent is required under the Standard Contractual Clauses, and (ii) the parties agree that the copies of the agreements with Authorized Subprocessors that must be provided by Zoom to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have commercial information, or information unrelated to the Standard Contractual Clauses or their equivalent, removed by the Zoom beforehand, and that such copies will be provided by the Zoom only upon request by Customer.