Common use of Cross-Border Data Transfers Clause in Contracts

Cross-Border Data Transfers. 6.1 Notwithstanding anything to the contrary in Oracle’s privacy policies, and subject to the Service Description and Hosting and Delivery Policies for EUSC, Oracle may store and Process Personal Information only within the selected EUSC data center region(s). 6.2 To the extent Your use of the services pursuant to the Service Description and Hosting and Delivery Policies for EUSC involves a transfer of Personal Information subject to cross-border transfer restrictions under Applicable European Data Protection Law to countries outside Europe not covered by an adequacy decision, such transfers are subject to (i) Oracle’s Binding Corporate Rules for Processors or BCR-p (also referred to as the Oracle Processor Code) and (ii) the terms of Module 2 (Controller to Processor) of the EU Standard Contractual Clauses 2021/914 of 4 June 2021. The most current version of Oracle’s Binding Corporate Rules for Processors (Oracle Processor Code) is available on ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇/corporate/contracts/cloud-services/contracts.html#data-processing, and is incorporated by reference into the Services Agreement and this Data Processing Agreement. Oracle has obtained EEA authorization for its Binding Corporate Rules for Processors (Processor Code) and will maintain such authorization for the duration of the Services Agreement. Transfers to Third Party Subprocessors shall be subject to security and data privacy requirements consistent with Oracle’s Binding Corporate Rules for Processors (Oracle Processor Code), the terms of Module 2 (Controller to Processor) of the EU Standard Contractual Clauses 2021/914 of 4 June 2021, this Data Processing Agreement and the Services Agreement. 6.3 To the extent Your use of the services pursuant to the Service Description and Hosting and Delivery Policies for EUSC involves a transfer of Personal Information subject to cross-border transfer restrictions under Applicable UK Data Protection Law, to countries outside the United Kingdom not covered by an Adequacy Decision by the UK ICO, such transfers are subject to (i) the terms of Module 2 (Controller to Processor) of the EU Standard Contractual Clauses 2021/914 of 4 June 2021 as supplemented by the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses version B1.0 (the “IDTA”), which are incorporated herein by reference; and (ii) when approved by the UK ICO, the approved UK Binding Corporate Rules for Processors, in the form that will be approved by the UK ICO for use in the UK and will be published on Oracle’s public websites. The IDTA will be read in conjunction with the Services Agreement and the Data Processing Agreement. 6.4 Where applicable as set out in this Section 6, the parties will review any supplemental measures, which may be required based on applicable Data Protection Law for the transfer of Personal Information to countries that do not offer an adequate level of protection. The parties will work together in good faith to find a mutually acceptable resolution to address such supplementary measures, including but not limited to reviewing technical documentation for the Services, and discussing additional available technical safeguards and security services. 6.5 To the extent Your use of the services pursuant to the Service Description and Hosting and Delivery Policies for EUSC involves a transfer of Personal Information subject to cross-border transfer restrictions under other Applicable Data Protection Laws globally, such transfers shall be subject to (i) for transfers to Oracle Affiliates, the terms of the Oracle Intra-Company Data Transfer and Mandate Agreement, which requires all transfers of Personal Information to be made in compliance with Applicable Data Protection Law and all applicable Oracle security and data privacy policies and standards globally; and (ii) for transfers to Third Party Subprocessors, security and data privacy requirements consistent with the relevant requirements of this Data Processing Agreement and Applicable Data Protection Law.

Cross-Border Data Transfers. 6.1 Notwithstanding anything to the contrary in Oracle’s privacy policies, and subject to the applicable Service Description and Descriptionand Hosting and Delivery Policies for EUSC, Oracle may store and Process Personal Information only within the selected EUSC data center region(s). 6.2 To the extent Your use of the services pursuant to the applicable Service Description and Hosting and Delivery Policies for EUSC involves a transfer of Personal Information subject to cross-border transfer restrictions under Applicable European Data Protection Law to countries outside Europe not covered by an adequacy decision, such transfers are subject to (i) Oracle’s Binding Corporate Rules for Processors or BCR-p (also referred to as the Oracle Processor Code) and (ii) the terms of Module 2 (Controller to Processor) of the EU Standard Contractual Clauses 2021/914 of 4 June 2021. The most current version of Oracle’s Binding Corporate Rules for Processors (Oracle Processor Code) is available on ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇/corporate/contracts/cloud-services/contracts.html#data-processing, and is incorporated by reference into the Services Agreement and this Data Processing Agreement. Oracle has obtained EEA authorization for its Binding Corporate Rules for Processors (Processor Code) and will maintain such authorization for the duration of the Services Agreement. Transfers to Third Party Subprocessors shall be subject to security and data privacy requirements consistent with Oracle’s Binding Corporate Rules for Processors (Oracle Processor Code), the terms of Module 2 (Controller to Processor) of the EU Standard Contractual Clauses 2021/914 of 4 June 2021, this Data Processing Agreement and the Services Agreement. 6.3 To the extent Your use of the services pursuant to the applicable Service Description and Hosting and Delivery Policies for EUSC involves a transfer of Personal Information subject to cross-border transfer restrictions under Applicable UK Data Protection Law, to countries outside the United Kingdom not covered by an Adequacy Decision by the UK ICO, such transfers are subject to (i) the terms of Module 2 (Controller to Processor) of the EU Standard Contractual Clauses 2021/914 of 4 June 2021 as supplemented by the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses version B1.0 (the “IDTA”), which are incorporated herein by reference; and (ii) when approved by the UK ICO, the approved UK Binding Corporate Rules for Processors, in the form that will be approved by the UK ICO for use in the UK and will be published on Oracle’s public websites. The IDTA will be read in conjunction with the Services Agreement and the Data Processing Agreement. 6.4 Where applicable as set out in this Section 6, the parties will review any supplemental measures, which may be required based on applicable Data Protection Law for the transfer of Personal Information to countries that do not offer an adequate level of protection. The parties will work together in good faith to find a mutually acceptable resolution to address such supplementary measures, including but not limited to reviewing technical documentation for the Services, and discussing additional available technical safeguards and security services. 6.5 To the extent Your use of the services pursuant to the applicable Service Description and Hosting and Delivery Policies for EUSC involves a transfer of Personal Information subject to cross-border transfer restrictions under other Applicable Data Protection Laws globally, such transfers shall be subject to (i) for transfers to Oracle Affiliates, the terms of the Oracle Intra-Company Data Transfer and Mandate Agreement, which requires all transfers of Personal Information to be made in compliance with Applicable Data Protection Law and all applicable Oracle security and data privacy policies and standards globally; and (ii) for transfers to Third Party Subprocessors, security and data privacy requirements consistent with the relevant requirements of this Data Processing Agreement and Applicable Data Protection Law.and

Cross-Border Data Transfers. 6.1 Notwithstanding anything For Cloud Services, Personal Information will be stored in the data center region specified in Your order for such Services or, if applicable, the geographic region that You have selected when activating the production instance of such Services. 6.2 Without prejudice to the contrary in Oracle’s privacy policies, and subject to the Service Description and Hosting and Delivery Policies for EUSCSection 6.1 above, Oracle may store and Process Personal Information only within globally as necessary to perform the selected EUSC Services, such as for support, incident management or data center region(s)recovery purposes. 6.2 6.3 To the extent Your use of the services pursuant to the Service Description and Hosting and Delivery Policies for EUSC such global access involves a transfer of Personal Information subject to cross-border transfer restrictions under Applicable European Data Protection Law to countries outside Europe not covered by an adequacy decision, such transfers are subject to (i) Oracle’s Binding Corporate Rules for Processors or BCR-p (also referred to as the Oracle Processor Code) and (ii) the terms of Module 2 (Controller to Processor) of the EU Standard Contractual Clauses 2021/914 of 4 June 2021. The most current version of Oracle’s Binding Corporate Rules for Processors (Oracle Processor Code) is available on ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇/corporate/contracts/cloud-services/contracts.html#data-processing, and is incorporated by reference into the Services Agreement and this Data Processing Agreement. Oracle has obtained EEA authorization for its Binding Corporate Rules for Processors (Processor Code) and will maintain such authorization for the duration of the Services Agreement. Transfers to Third Party Subprocessors shall be subject to security and data privacy requirements consistent with Oracle’s Binding Corporate Rules for Processors (Oracle Processor Code), the terms of Module 2 (Controller to Processor) of the EU Standard Contractual Clauses 2021/914 of 4 June 2021, this Data Processing Agreement and the Services Agreement. 6.3 6.4 To the extent Your use of the services pursuant to the Service Description and Hosting and Delivery Policies for EUSC such global access involves a transfer of Personal Information subject to cross-border transfer restrictions under Applicable UK Data Protection Law, to countries outside the United Kingdom not covered by an Adequacy Decision by the UK ICO, such transfers are subject to (i) the terms of Module 2 (Controller to Processor) of the EU Standard Contractual Clauses 2021/914 of 4 June 2021 as supplemented by the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses version B1.0 (the “IDTA”), which are incorporated herein by reference; and (ii) when approved by the UK ICO, the approved UK Binding Corporate Rules for Processors, in the form that will be approved by the UK ICO for use in the UK and will be published on Oracle’s public websites. The IDTA will be read in conjunction with the Services Agreement and the Data Processing Agreement. 6.4 Where applicable as set out in this Section 6, the 6.5 The parties will review any supplemental measures, which may be required based on applicable Data Protection Law for the transfer of Personal Information to countries that do not offer an adequate level of protection. The parties will work together in good faith to find a mutually acceptable resolution to address such supplementary measures, including but not limited to reviewing technical documentation for the Services, and discussing additional available technical safeguards and security services. 6.5 6.6 To the extent Your use of the services pursuant to the Service Description and Hosting and Delivery Policies for EUSC such global access involves a transfer of Personal Information subject to cross-border transfer restrictions under other Applicable Data Protection Laws globally, such transfers shall be subject to to (i) for transfers to Oracle Affiliates, the terms of the Oracle Intra-Company Data Transfer and Mandate Agreement, which requires all transfers of Personal Information to be made in compliance with Applicable Data Protection Law and all applicable Oracle security and data privacy policies and standards globally; and and (ii) for transfers to Third Party Subprocessors, security and data privacy requirements consistent with the relevant requirements of this Data Processing Agreement and Applicable Data Protection Law.