Common use of Microsoft Azure Clause in Contracts

Microsoft Azure. The security measures in place on the Microsoft Azure platform are specified in the DPA with Microsoft Ireland Operations, Ltd (“Microsoft”) which may be downloaded via the following link ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/licensing/docs/view/Microsoft-Products-and-Services-Data- Protection-Addendum-DPA. More information on Microsoft Azure security measures can be found via the following link ▇▇▇▇▇://▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en- us/azure/security/fundamentals/overview. At the time of entering this Agreement, the Supplier makes use of the following sub- processors: The Supplier may replace or make use of new sub-processors subject to a prior written notice to the Customer giving the Customer a reasonable time to object. Updated list of sub- processors will always be available at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/en/terms- conditions/sub-processors-list and Supplier will be considered to have provided a notification on adding a new sub-processor to Customer by publishing the sub-processor’s name on the said link. Customer may also opt to receive notifications of new sub-processors on the said link. The Customer acknowledges that personal data is being transferred to third countries as part of the processing of the Customer’s data by the sub-processors. As regards transfer of personal information to any sub-processors located outside of the EU/EEA, this will be based on the Commission’s Standard Contractual Clauses which the Customer therefore instructs the Supplier to enter into with any such sub-processors on the Customer’s behalf. Supplier uses additional processors when processing personal data as an independent controller. For more information about such processing, which is outside the scope of the Agreement, see the Supplier’s Privacy Policy here: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇/en/terms- conditions/privacy-policy. (a) The purpose of these standard contractual clauses is to ensure compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) for the transfer of personal data to a third country.