Common use of Certifications and Audits Clause in Contracts

Certifications and Audits. 6.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust Datacard, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust Datacard shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust Datacard shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third-party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust Datacard and Customer prior to initiation. Customer shall promptly notify Entrust Datacard with information regarding non-compliance discovered during the course of an audit, and Entrust Datacard shall use commercially reasonable efforts to address any confirmed non- compliance. Schedule 1: Details of the Processing Schedule 2: EU Standard Contractual Clauses The parties' authorized signatories have duly executed this DPA: Name (written out in full): Position: Address: Signature: Name (written out in full): ▇▇▇▇ ▇. ▇▇▇▇▇▇▇ Position: General Counsel Address: ▇▇▇▇ ▇▇▇▇ ▇▇▇▇▇, ▇▇▇▇▇▇▇▇, ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇-▇▇▇▇ ▇▇▇ Signature: Entrust Datacard will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Services-related documentation, and as further instructed by Customer in its use of the Services.

Certifications and Audits. 6.1. On no more than an annual basis and upon thirty (30) days’ notice in writing by Customer, Entrust Datacard, to the extent that it is acting as a Data Processor to Customer, shall make available to Customer information necessary to demonstrate compliance with the obligations set forth under Data Protection Laws, provided that Entrust Datacard shall have no obligation to provide confidential and/or proprietary information. On no more than an annual basis and upon thirty (30) days’ notice in writing, Entrust Datacard shall, to the extent that it is acting as a Data Processor to Customer, following a request by Customer and at Customer’s expense, further allow for and contribute to off-site audits and inspections by Customer or its authorized third-party auditor. The scope, timing, cost and duration of any such audits, including conditions of confidentiality, shall be mutually agreed upon by Entrust Datacard and Customer prior to initiation. Customer shall promptly notify Entrust Datacard with information regarding non-compliance discovered during the course of an audit, and Entrust Datacard shall use commercially reasonable efforts to address any confirmed non- compliance. Schedule 1: Details of the Processing Schedule 2: EU Standard Contractual Clauses The parties' authorized signatories have duly executed this DPA: Name (written out in full): Position: Address: Signature: Name (written out in full): ▇▇▇▇ ▇. ▇▇▇▇▇▇▇ Position: General Counsel Address: ▇▇▇▇ ▇▇▇▇ ▇▇▇▇▇, ▇▇▇▇▇▇▇▇, ▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇-▇▇▇▇ ▇▇▇ Signature: Entrust Datacard will Process Personal Data as necessary to perform the Services pursuant to the Agreement, as further specified in the Services-related documentation, and as further instructed by Customer in its use of the Services.