Common use of Direct Requests Clause in Contracts

Direct Requests. Data Subject contact Respondus with regard to access, correction or deletion of its personal data (or any other rights under Applicable Data Protection Law), Respondus shall promptly inform the Licensee, and in any case no later than two (2) business days after receipt of any Data Subject requests which identify the Licensee to be contacted, by sending a written notice and attaching a copy of the request sent by the Data Subject; the Licensee authorizes Respondus to inform the Data Subject that Subject’s request was forwarded to the Licensee. If the Data Subject request does not identify the sender’s Data Controller, Respondus will send Data Subject a generic reply with instructions to contact their Data Controller with their request. To the extent permissible by law, Respondus shall promptly inform the Licensee, and in any case no later than (2) business days after receipt of any communication from (a) a Supervisory Authority in connection with Personal Data processed under this Agreement, or (b) any third party for disclosure of Personal Data where compliance with such request is required or purported to be required by Law. Upon Licensee’s written request and to the extent that Licensee does not otherwise have access to the relevant information and the information is available to Respondus, Respondus shall provide Licensee with reasonable assistance (at Licensee’s cost) needed to fulfill the Licensee’s obligations under the Applicable Data Protection Law to carry out a data protection impact assessment related to Licensee’s use of the Service. Such assistance may include: A systematic description of the envisaged processing operations and the purpose of the processing; An assessment of the necessity and proportionality of the processing operations in relation to the Services; and The measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data. To the extent necessary, Respondus shall provide reasonable assistance to the Licensee in the consultation with its relevant Supervisory Authority.

Direct Requests. Should a Data Subject of Licensee contact Respondus with regard to access, correction or deletion of its personal data Personal Data (or any other rights under Applicable Data Protection Law), Respondus shall promptly inform the Licensee, and in any case no later than two (2) business days after receipt of any Data Subject requests requests, which identify the Licensee to be contacted, by sending a written notice and attaching a copy of the request sent by the Data Subject; the Licensee authorizes Respondus to inform the Data Subject that Subject’s request was forwarded to the Licensee and that Licensee’s privacy, security, and related policies govern such requests. If the Data Subject request does not identify the sender’s Data Controller, Respondus will send Data Subject a generic reply with instructions to contact their Data Controller with their request. If Respondus receives a valid Binding order from a governmental body for disclosure of Licensee Data, Respondus will use reasonable efforts to redirect the requesting party to request Licensee Data directly from Licensee. To the extent permissible by law, Respondus shall promptly inform the Licensee, and in any case no later than two (2) business days after receipt of any communication from (a) a Supervisory Authority in connection with Personal Data processed under this Agreement, or (b) any third party for disclosure of Personal Data where compliance with such request is required or purported to be required by Law. For the avoidance of doubt, Licensee is the Controller and is responsible for all their requirements under Applicable Data Protection Laws, including but not limited to its obligations to conduct a Data Protection Impact Assessment (DPIA), TIAs, and to respond to data subject requests. Upon Licensee’s written request and to the extent that Licensee does not otherwise have access to the relevant information and the information is available to Respondus, Respondus shall provide Licensee with reasonable assistance (at Licensee’s cost) needed to fulfill the Licensee’s obligations as Controller under the Applicable Data Protection Law to carry out a data protection impact assessment DPIA and prior consultation related to Licensee’s use of the Service. Such As Processor, Respondus’ assistance may include: A systematic description of the envisaged processing operations and the purpose of the processing; An assessment of the necessity and proportionality of the processing operations in relation to the Services; and The measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data. To the extent necessary, Respondus as a Processor shall provide reasonable assistance to the Licensee in the consultation with its relevant Supervisory Authority.