Common use of DATA PROCESSING OBLIGATIONS Clause in Contracts

DATA PROCESSING OBLIGATIONS. (a) Customer as Controller appoints Virtuozzo as Processor. Virtuozzo shall only Process the Personal Data for the purposes set forth in the Agreement and in accordance with Customer’s written instructions. The Agreement (including this DPA) constitutes such written initial instructions by Customer. (b) Customer hereby warrants and represents, on a continuous basis throughout the Term as defined below, that all Personal Data provided or made available by Customer to Virtuozzo for Processing in connection with the Agreement has been lawfully collected by Customer and transferred to Virtuozzo in compliance with Data Protection Laws. During the Term of this DPA, Customer is solely responsible for obtaining and maintaining all necessary approvals, consents, authorizations and licenses from each and every Data Subject that may be required under Data Protection Laws to enable Virtuozzo to Process the Personal Data pursuant to the Agreement and to exercise its rights and fulfil its obligations under this DPA. (c) Unless restricted by applicable law, Virtuozzo shall inform Customer if, in Virtuozzo’ reasonable opinion, any Processing under the Agreement or an instruction by Customer conflicts with Virtuozzo’ legal obligations or Data Protection Laws, or with any of the exceptions listed in Section 3(a). Upon informing the Customer, Virtuozzo shall have no liability for any claim arising from or related to Processing of Personal Data under this DPA by Virtuozzo in compliance with Customer’s instructions. (d) Virtuozzo shall treat all Personal Data as confidential and shall ensure that all employees, agents and sub-processors authorized by Virtuozzo to Process Personal Data are subject to contractual, statutory or common law obligations of confidentiality. (e) Virtuozzo shall provide Customer with reasonable assistance with data protection impact assessments or prior consultations with data protection authorities that Customer is required to carry out under Data Protection Laws. Any such assistance shall be as agreed between the Parties and subject to a mutually accepted fee. (f) Virtuozzo shall implement appropriate technical and organizational measures in relation to the Processing of Personal Data intended to ensure a level of security appropriate to the Personal Data Processing, including, as applicable, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing of Personal Data. Both Parties hereby acknowledge and agree that the security measures available at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/data-processing-terms/ are providing sufficient safeguards for the Processing of Personal Data and are appropriate . (g) Without undue delay, after Virtuozzo has a reasonable degree of certainty of the occurrence of accidental or unlawful destruction, loss or alteration of, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed by Virtuozzo under this DPA (“Personal Data Breach”), Virtuozzo shall notify Customer of the Personal Data Breach at the email address set forth in the signature block, provide such information as Customer may reasonably require to meet its obligations under applicable law with respect to the Personal Data Breach, and take reasonable steps to remediate the Personal Data Breach. Virtuozzo may provide such information in phases as it becomes available. For the avoidance of doubt, a notification of the Personal Data Breach by Virtuozzo shall not be construed or interpreted as admission of fault or liability by Virtuozzo. (h) Virtuozzo shall promptly notify Customer upon receiving any complaint, notice or communication relating to the Processing of Personal Data under this DPA. At Customer’s request and expense, Virtuozzo shall provide Customer with reasonable co-operation and assistance required by Customer in order to fulfil its obligations under Data Protection Law in relation to any requests from Data Subjects or competent data protection authorities.. (i) If Customer is subject to an audit or investigation from a competent data protection regulator, Virtuozzo shall, when required, respond to any information requests, and/or agree to submit its premises and operations to audits, including inspections by Customer and/or the competent data protection regulator, in each case for the purpose of evidencing its compliance with this DPA, provided that: (i) Customer shall ensure that all information obtained or generated in connection with any information request, audit or inspection is kept strictly confidential (unless disclosed to a competent data protection regulator or as otherwise required by applicable law); (ii) Customer shall ensure that any information request, audit or inspection is undertaken within normal business hours (unless such other time is mandated by a competent data protection regulator) with minimal disruption to Virtuozzo’s business, and acknowledging that such information request, audit or inspection: (a) shall not oblige Virtuozzo to provide or permit access to information concerning Virtuozzo’ internal pricing information or relating to other recipients of services from Virtuozzo; and (b) shall be subject to any reasonable policies, procedures or instructions of Virtuozzo for the purposes of preserving security and confidentiality; (iii) Customer shall give Virtuozzo at least 30 days’ prior written notice of an information request and/or audit or inspection (unless the competent data protection regulator provides Customer with less than 30 days’ notice, in which case Customer shall provide Virtuozzo with as much notice as possible); (iv) If any information request, audit or inspection relates to systems provided by or on the premises of Virtuozzo’ sub-processors, the scope of such information request, audit and/or inspection shall be as permitted under the relevant agreement in place between Virtuozzo and the sub-processor. (v) A maximum of one information request, audit and/or inspection may be requested by Customer in any twelve (12) month period unless an additional information request, audit and/or inspection is mandated by a competent data protection regulator in writing. (vi) Customer shall pay Virtuozzo’ reasonable costs for any assistance, contribution, co-operation, provision of information or facilitation of any audit or inspection or other work undertaken pursuant to Virtuozzo’ obligations under this DPA, unless such costs are incurred due to Virtuozzo’ breach of its obligations under this DPA. (j) Upon expiration or any earlier termination of the Agreement, or upon Customer’s written request, Virtuozzo shall delete all Personal Data in Virtuozzo’ possession; provided, however, that Virtuozzo may retain Personal Data as permitted or required to meet its document retention obligations under applicable law. Virtuozzo also shall notify all relevant sub-processors of the obligation to delete all Personal Data in their possession and take reasonable steps to ensure their compliance. (k) Subject to this DPA and the requirements of Data Protection Law, Virtuozzo shall exercise its own discretion in the selection and use of means necessary to perform its Processing obligations under the Agreement.

DATA PROCESSING OBLIGATIONS. (a) Customer as Controller and/or Processor appoints Virtuozzo as ProcessorProcessor and/or Subprocessor. Virtuozzo shall only Process the Personal Data for the purposes set forth in the Agreement and in accordance with Customer’s 's written instructions. The Agreement (including this DPA) constitutes such written initial instructions by Customer. (b) Customer hereby warrants and represents, on a continuous basis throughout the Term as defined below, that all Personal Data provided or made available by Customer to Virtuozzo for Processing in connection with the Agreement has been lawfully collected by Customer and transferred to Virtuozzo in compliance with Data Protection Laws. During the Term of this DPA, Customer is solely responsible for obtaining and maintaining all necessary approvals, consents, authorizations and licenses from each and every Data Subject that may be required under Data Protection Laws to enable Virtuozzo to Process the Personal Data pursuant to the Agreement and to exercise its rights and fulfil its obligations under this DPA. (c) Unless restricted by applicable law, Virtuozzo shall inform Customer ifif , in Virtuozzo’ reasonable opinion, any Processing under the Agreement or an instruction by Customer conflicts with Virtuozzo’ legal obligations or Data Protection Laws, or with any of the exceptions listed in Section 3(a). Upon informing the Customer, Virtuozzo shall have no liability for any claim arising from f rom or related to Processing of Personal Data under this DPA by Virtuozzo in compliance with Customer’s instructions. (d) Virtuozzo shall treat all Personal Data as confidential and shall ensure that all employees, agents and sub-processors authorized by Virtuozzo to Process Personal Data are subject to contractual, statutory or common law obligations of confidentiality. (e) Virtuozzo shall provide Customer with reasonable assistance with data protection impact assessments or prior consultations with data protection authorities that Customer is required to carry out under Data Protection Laws. Any such assistance shall be as agreed between the Parties and subject to a mutually accepted fee. (f) Virtuozzo shall implement appropriate technical and organizational measures in relation to the Processing of Personal Data intended to ensure a level of security appropriate to the Personal Data Processing, including, as applicable, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing of Personal Data. Both Parties hereby acknowledge and agree that the security measures available at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/data-processing-terms/ are providing sufficient safeguards for the Processing of Personal Data and are appropriate . (g) Without undue delay, after Virtuozzo has a reasonable degree of certainty of the occurrence of accidental or unlawful destruction, loss or alteration of, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed by Virtuozzo under this DPA (“Personal Data Breach”), Virtuozzo shall notify Customer of the Personal Data Breach at the email address set forth in the signature block, provide such information as Customer may reasonably require to meet its obligations under applicable law with respect to the Personal Data Breach, and take reasonable steps to remediate the Personal Data Breach. Virtuozzo may provide such information in phases as it becomes available. For the avoidance of doubt, a notification of the Personal Data Breach by Virtuozzo shall not be construed or interpreted as admission of fault or liability by Virtuozzo. (h) Virtuozzo shall promptly notify Customer upon receiving any complaint, notice or communication relating to the Processing of Personal Data under this DPA. At Customer’s request and expense, Virtuozzo shall provide Customer with reasonable co-operation and assistance required by Customer in order to fulfil its obligations under Data Protection Law in relation to any requests from Data Subjects or competent data protection authorities.. (i) If Customer is subject to an audit or investigation from a competent data protection regulator, Virtuozzo shall, when required, respond to any information requests, and/or agree to submit its premises and operations to audits, including inspections by Customer and/or the competent data protection regulator, in each case for the purpose of evidencing its compliance with this DPA, provided that: (i) Customer shall ensure that all information obtained or generated in connection with any information request, audit or inspection is kept strictly confidential (unless disclosed to a competent data protection regulator or as otherwise required by applicable law); (ii) Customer shall ensure that any information request, audit or inspection is undertaken within normal business hours (unless such other time is mandated by a competent data protection regulator) with minimal disruption to Virtuozzo’s business, and acknowledging that such information request, audit or inspection: (a) shall not oblige Virtuozzo to provide or permit access to information concerning Virtuozzo’ internal pricing information or relating to other recipients of services from Virtuozzo; and (b) shall be subject to any reasonable policies, procedures or instructions of Virtuozzo for the purposes of preserving security and confidentiality; (iii) Customer shall give Virtuozzo at least 30 days’ prior written notice of an information request and/or audit or inspection (unless the competent data protection regulator provides Customer with less than 30 days’ notice, in which case Customer shall provide Virtuozzo with as much notice as possible); (iv) If any information request, audit or inspection relates to systems provided by or on the premises of Virtuozzo’ sub-processors, the scope of such information request, audit and/or inspection shall be as permitted under the relevant agreement in place between Virtuozzo and the sub-processor. (v) A maximum of one information request, audit and/or inspection may be requested by Customer in any twelve (12) month period unless an additional information request, audit and/or inspection is mandated by a competent data protection regulator in writing. (vi) Customer shall pay Virtuozzo’ reasonable costs for any assistance, contribution, co-operation, provision of information or facilitation of any audit or inspection or other work undertaken pursuant to Virtuozzo’ obligations under this DPA, unless such costs are incurred due to Virtuozzo’ breach of its obligations under this DPA. (j) Upon expiration or any earlier termination of the Agreement, or upon Customer’s written request, Virtuozzo shall delete all Personal Data in Virtuozzo’ possession; provided, however, that Virtuozzo may retain Personal Data as permitted or required to meet its document retention obligations under applicable law. Virtuozzo also shall notify all relevant sub-processors of the obligation to delete all Personal Data in their possession and take reasonable steps to ensure their compliance. (k) Subject to this DPA and the requirements of Data Protection Law, Virtuozzo shall exercise its own discretion in the selection and use of means necessary to perform its Processing obligations under the Agreement.

DATA PROCESSING OBLIGATIONS. (a) Customer as Controller appoints Virtuozzo as Processor. Virtuozzo shall only Process the Personal Data for the purposes set forth in the Agreement and in accordance with Customer’s written instructions. The Agreement (including this DPA) constitutes such written initial instructions by Customer. (b) Customer hereby warrants and represents, on a continuous basis throughout the Term as defined below, that all Personal Data provided or made available by Customer to Virtuozzo for Processing in connection with the Agreement has been lawfully collected by Customer and transferred to Virtuozzo in compliance with Data Protection Laws. During the Term of this DPA, Customer is solely responsible for obtaining and maintaining all necessary approvals, consents, authorizations and licenses from each and every Data Subject that may be required under Data Protection Laws to enable Virtuozzo to Process the Personal Data pursuant to the Agreement and to exercise its rights and fulfil its obligations under this DPA. (c) Unless restricted by applicable law, Virtuozzo shall inform Customer if, in Virtuozzo’ reasonable opinion, any Processing under the Agreement or an instruction by Customer conflicts with Virtuozzo’ legal obligations or Data Protection Laws, or with any of the exceptions listed in Section 3(a). Upon informing the Customer, Virtuozzo shall have no liability for any claim arising from or related to Processing of Personal Data under this DPA by Virtuozzo in compliance with Customer’s instructions. (d) Virtuozzo shall treat all Personal Data as confidential and shall ensure that all employees, agents and sub-processors authorized by Virtuozzo to Process Personal Data are subject to contractual, statutory or common law obligations of confidentiality.confidentiality.‌ (e) Virtuozzo shall provide Customer with reasonable assistance with data protection impact assessments or prior consultations with data protection authorities that Customer is required to carry out under Data Protection Laws. Any such assistance shall be as agreed between the Parties and subject to a mutually accepted fee. (f) Virtuozzo shall implement appropriate technical and organizational measures in relation to the Processing of Personal Data intended to ensure a level of security appropriate to the Personal Data Processing, including, as applicable, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and a procedure for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the Processing of Personal Data. Both Parties hereby acknowledge and agree that the security measures available at: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/data-processing-terms/ are providing sufficient safeguards for the Processing of Personal Data and are appropriate . (g) Without undue delay, after Virtuozzo has a reasonable degree of certainty of the occurrence of accidental or unlawful destruction, loss or alteration of, unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise Processed by Virtuozzo under this DPA (“Personal Data Breach”), Virtuozzo shall notify Customer of the Personal Data Breach at the email address set forth in the signature block, provide such information as Customer may reasonably require to meet its obligations under applicable law with respect to the Personal Data Breach, and take reasonable steps to remediate the Personal Data Breach. Virtuozzo may provide such information in phases as it becomes available. For the avoidance of doubt, a notification of the Personal Data Breach by Virtuozzo shall not be construed or interpreted as admission of fault or liability by Virtuozzo. (h) Virtuozzo shall promptly notify Customer upon receiving any complaint, notice or communication relating to the Processing of Personal Data under this DPA. At Customer’s request and expense, Virtuozzo shall provide Customer with reasonable co-operation and assistance required by Customer in order to fulfil its obligations under Data Protection Law in relation to any requests from Data Subjects or competent data protection authorities.. (i) If Customer is subject to an audit or investigation from a competent data protection regulator, Virtuozzo shall, when required, respond to any information requests, and/or agree to submit its premises and operations to audits, including inspections by Customer and/or the competent data protection regulator, in each case for the purpose of evidencing its compliance with this DPA, provided that: (i) Customer shall ensure that all information obtained or generated in connection with any information request, audit or inspection is kept strictly confidential (unless disclosed to a competent data protection regulator or as otherwise required by applicable law); (ii) Customer shall ensure that any information request, audit or inspection is undertaken within normal business hours (unless such other time is mandated by a competent data protection regulator) with minimal disruption to Virtuozzo’s business, and acknowledging that such information request, audit or inspection: (a) shall not oblige Virtuozzo to provide or permit access to information concerning Virtuozzo’ internal pricing information or relating to other recipients of services from Virtuozzo; and (b) shall be subject to any reasonable policies, procedures or instructions of Virtuozzo for the purposes of preserving security and confidentiality; (iii) Customer shall give Virtuozzo at least 30 days’ prior written notice of an information request and/or audit or inspection (unless the competent data protection regulator provides Customer with less than 30 days’ notice, in which case Customer shall provide Virtuozzo with as much notice as possible);possible);‌ (iv) If any information request, audit or inspection relates to systems provided by or on the premises of Virtuozzo’ sub-processors, the scope of such information request, audit and/or inspection shall be as permitted under the relevant agreement in place between Virtuozzo and the sub-processor. (v) A maximum of one information request, audit and/or inspection may be requested by Customer in any twelve (12) month period unless an additional information request, audit and/or inspection is mandated by a competent data protection regulator in writing. (vi) Customer shall pay Virtuozzo’ reasonable costs for any assistance, contribution, co-operation, provision of information or facilitation of any audit or inspection or other work undertaken pursuant to Virtuozzo’ obligations under this DPA, unless such costs are incurred due to Virtuozzo’ breach of its obligations under this DPA. (j) Upon expiration or any earlier termination of the Agreement, or upon Customer’s written request, Virtuozzo shall delete all Personal Data in Virtuozzo’ possession; provided, however, that Virtuozzo may retain Personal Data as permitted or required to meet its document retention obligations under applicable law. Virtuozzo also shall notify all relevant sub-processors of the obligation to delete all Personal Data in their possession and take reasonable steps to ensure their compliance. (k) Subject to this DPA and the requirements of Data Protection Law, Virtuozzo shall exercise its own discretion in the selection and use of means necessary to perform its Processing obligations under the Agreement.