Common use of INTERNATIONAL DATA EXPORTS Clause in Contracts

INTERNATIONAL DATA EXPORTS. 7.1 Data Controller acknowledges that Data Processor and its Sub-processors may maintain data processing operations in countries that are outside of the EEA and Switzerland. As such, both Data Processor and its Sub-processors may Process Personal Data in non-EEA and non-Swiss countries. This will apply even where Data Controller has agreed with Data Processor to host Personal Data in the EEA if such non-EEA Processing is necessary to provide support-related or other services requested by Data Controller. 7.2 Where Data Controller is self-certified to the Privacy Shield Framework and transfers Personal Data from the EEA or Switzerland to Data Processor, Data Controller is obliged under the terms of the Privacy Shield Framework to flow down the following requirements and Data Processor hereby agrees: (i) to provide at least the same level of protection to such Personal Data as is required by the Privacy Shield Principles; (ii) to notify Data Controller if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles; and (iii) upon notice, including under Section 7.2(ii) above, to work with Data Controller to take reasonable and appropriate steps to stop and remediate any unauthorized processing of the Personal Data. 7.3 Where Data Controller is not self-certified to the Privacy Shield Framework, this section shall apply in place of Section 7.2 above. Where Data Processor Processes or permits any Sub-processor to Process Personal Data outside the EEA or Switzerland, Data Processor shall comply with the EU Commission's "Controller-to• Processor Model Clauses" (annexed to EU Commission Decision 2010/87/EU). The Parties have agreed to practical interpretations of certain provisions contained within the Controller-to-Processor Model Clauses, as permitted by the Article 29 Working Party. These interpretations clarify how Data Processor should implement the Model Clauses in practice, and are set out in Appendix 3 to this Agreement. 7.4 The Parties agree that each Party may disclose any relevant privacy provisions in this Agreement to the US Department of Commerce, the Federal Trade Commission or a relevant European Data Protection Supervisory Authority.

INTERNATIONAL DATA EXPORTS. 7.1 Data Controller acknowledges that Data Processor and its Sub-processors may maintain data processing operations in countries that are outside of the EEA and Switzerland. As such, both Data Processor and its Sub-processors may Process Personal Data in non-EEA and non-Swiss countries. This will apply even where Data Controller has agreed with Data Processor to host Personal Data in the EEA if such non-EEA Processing is necessary to provide support-related or other services requested by Data Controller. 7.2 Where Data Controller is self-certified to the Privacy Shield Framework and transfers Personal Data from the EEA or Switzerland to Data Processor, Data Controller is obliged under the terms of the Privacy Shield Framework to flow down the following requirements and Data Processor hereby agrees: (i) to provide at least the same level of protection to such Personal Data as is required by the Privacy Shield Principles; (ii) to notify Data Controller if it makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Privacy Shield Principles; and (iii) upon notice, including under Section 7.2(ii) above, to work with Data Controller to take reasonable and appropriate steps to stop and remediate any unauthorized processing of the Personal Data. 7.3 Where Data Controller is not self-certified to the Privacy Shield Framework, this section shall apply in place of Section 7.2 above. Where Data Processor Processes or permits any Sub-processor to Process Personal Data outside the EEA or Switzerland, Data Processor shall comply with the EU Commission's "Controller-to• to- Processor Model Clauses" (annexed to EU Commission Decision 2010/87/EU). The Parties have agreed to practical interpretations of certain provisions contained within the Controller-to-Processor Model Clauses, as permitted by the Article 29 Working Party. These interpretations clarify how Data Processor should implement the Model Clauses in practice, and are set out in Appendix 3 to this Agreement. 7.4 The Parties agree that each Party may disclose any relevant privacy provisions in this Agreement to the US Department of Commerce, the Federal Trade Commission or a relevant European Data Protection Supervisory Authority.