Model Clauses. The parties agree that the Restricted Transfer shall be subject to the appropriate Model Clauses, which are automatically incorporated by reference and form an integral part of this DPA, as follows: a. In relation to Company Personal Information that is protected by the GDPR, the EU SCCs will apply as follows: I. Module Two and Three as appropriate will apply; II. in Clause 7, the optional docking clause shall apply; III. in Clause 9, Option 2 will apply, and the time period for prior notice of Sub-Processor changes shall be fifteen (15) calendar days; IV. in Clause 11, the optional language will not apply; V. in Clause 17, Option 1 will apply, and the EU SCCs will be governed by the laws of The Netherlands; VI. in Clause 18(b), disputes shall be resolved before the courts of The Netherlands; VII. Annex I of the EU SCCs shall be deemed completed with the information set out in Annex A to this DPA; and VIII. ▇▇▇▇▇ ▇▇ of the EU SCCs shall be deemed completed with the information set out in Annex B to this DPA. b. In relation to data that is protected by the UK GDPR, the EU SCCs as implemented in accordance with paragraph (1) above will apply provided that: I. any references in the EU SCCs to "Directive 95/46/EC" or “Regulation (EU) 2016/679” shall be interpreted as references to the UK GDPR; references to specific Articles of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK GDPR; references to “EU”, “Union” and “Member State law” are all replaced with “UK”; Clause 13(a) and Part C of Annex II of the EU SCCs are not used; references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the Information Commissioner and the courts of England and Wales; Clause 17 of the EU SCCs is replaced to state that “The Clauses are governed by the laws of England and Wales” and Clause 18 of the EU SCCs is replaced to state “Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts;”
Appears in 1 contract
Sources: Data Privacy Agreement
Model Clauses. The parties agree that the Restricted Transfer shall be subject to the appropriate Model Clauses, which are automatically incorporated by reference and form an integral part of this DPA, as follows:
a. (1) In relation to Company Personal Information that is protected by the GDPR, the EU SCCs will apply as follows:
I. (a) Module Two and Three as appropriate will apply;
II. (b) in Clause 7, the optional docking clause shall apply;
III. (c) in Clause 9, Option 2 will apply, and the time period for prior notice of Sub-Processor changes shall be fifteen (15) calendar days;
IV. (d) in Clause 11, the optional language will not apply;
V. (e) in Clause 17, Option 1 will apply, and the EU SCCs will be governed by the laws of The NetherlandsEnglish law;
VI. (f) in Clause 18(b), disputes shall be resolved before the courts of The NetherlandsEngland, UK;
VII. (g) Annex I of the EU SCCs shall be deemed completed with the information set out in Annex A to this DPA; and
VIII. ▇▇▇▇▇ ▇▇ (h) Annex II of the EU SCCs shall be deemed completed with the information set out in Annex B to this DPA.
b. (2) In relation to data that is protected by the UK GDPR, the EU SCCs as implemented in accordance with paragraph (1) above will apply provided that:
I. (a) any references in the EU SCCs to "Directive 95/46/EC" or “Regulation (EU) 2016/679” shall be interpreted as references to the UK GDPR; references to specific Articles of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK GDPR; references to “EU”, “Union” and “Member State law” are all replaced with “UK”; Clause 13(a) and Part C of Annex II of the EU SCCs are not used; references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the Information Commissioner and the courts of England and Wales; Clause 17 of the EU SCCs is replaced to state that “The Clauses are governed by the laws of England and Wales” and Clause 18 of the EU SCCs is replaced to state “Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts”;
(b) to the extent and for so long as the EU SCCs as implemented in accordance with paragraph 2(A) above cannot be used to lawfully transfer Company Personal Information protected by the UK DPA to Supplier, the UK SCCs shall be incorporated into and form an integral part of this DPA and shall apply to such transfers; and
(c) for the purposes of the UK SCCs (where applicable) the relevant Annexes/ Appendices of the UK SCCs shall be deemed completed using the information contained in Annex A and Annex B of this DPA.
(3) In relation to Company Personal Information that is protected by the Swiss DPA, the EU SCCs as implemented in accordance with paragraph (1) above will apply provided that:
(a) references in the EU SCCs to “Regulation (EU) 2016/679” or the “GDPR” shall be interpreted as references to the Swiss Federal Act on Data Protection (FADP);
(b) references to “EU”, “Union” and “Member State law” shall be interpreted as references to Switzerland and to Swiss law, as the case may be;
(c) the term ’member state’ shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland);
(d) the EU SCC clauses should be interpreted as protecting the data of legal entities until the entry into force of the revised FADP; and
(e) references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the Swiss Federal Data Protection and Information Commissioner (FDPIC) and competent courts in Switzerland.
(4) In the event that any provision of this Agreement or this DPA contradicts, directly or indirectly, the Model Clauses, the Model Clauses shall prevail.
Appears in 1 contract
Sources: Data Privacy Agreement
Model Clauses. The parties agree that when the transfer of Customer Data from Customer (as data exporter) to Medallia (as data importer) is a Restricted Transfer such transfers shall be subject to the appropriate Model Clauses, which are automatically incorporated by reference and form an integral part of this DPA, Clauses as follows:
a. In (a) in relation to Company Personal Information transfers of Customer Data that is are protected by the GDPR, the EU SCCs will apply completed as follows:
I. (i) Module Two and Three as appropriate will apply;
II. (ii) in Clause 7, the optional docking clause shall will apply;
III. (iii) in Clause 9, Option option 2 (general authorisation to appoint subprocessors) will apply, and the time period for prior notice of Sub-Processor changes shall be fifteen (15as set out in Clause 3.3(a) calendar daysof this DPA;
IV. (iv) in Clause 1111 (alternative dispute resolution mechanism), the optional language will not apply;
V. (v) in Clause 17, Option 1 will apply, and the EU SCCs will be governed by the laws of The NetherlandsIrish law;
VI. (vi) in Clause 18(b), disputes shall be resolved before the courts of The NetherlandsIreland;
VII. (vii) Annex I of the EU SCCs shall be deemed completed with the information set out in Annex A to this DPA; and;
VIII. ▇▇▇▇▇ ▇▇ (viii) Subject to Section 4.2 of this DPA, Annex II of the EU SCCs shall be deemed completed with the information set out in Annex B to this DPA.;
b. In (b) in relation to data transfers of Customer Data that is are protected by the UK GDPR, the EU SCCs as implemented will also apply in accordance with paragraph (1a) above will apply provided thatabove, with the following modifications:
I. (i) any references in the EU SCCs to "Directive 95/46/EC" or “"Regulation (EU) 2016/679” " shall be interpreted as references to the UK GDPR; references to specific Articles of “"Regulation (EU) 2016/679” " are replaced with the equivalent Article or Section of UK GDPR; ;
(ii) references to “"EU”", “"Union” " and “"Member State law” " are all replaced with “"UK”"; Clause 13(a) and Part C of Annex II of the EU SCCs are not used; references to the “"competent supervisory authority” " and “"competent courts” " shall be interpreted as references to the Information Commissioner and the courts of England and Wales; ;
(iii) Clause 17 of the EU SCCs is replaced to state that “"The Clauses are governed by the laws of England and Wales” " and Clause 18 of the EU SCCs is replaced to state “"Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may bring legal proceedings proceeding against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts", unless the EU SCCs, implemented as described above, cannot be used to lawfully transfer such Customer Data in compliance with the UK GDPR in which case the UK SCCs shall instead be incorporated by reference and form an integral part of this DPA and shall apply to such transfers. Where this is the case, the relevant Annexes or Appendices of the UK SCCs shall be populated using the information contained in Annexes I and II of this DPA (as applicable) and the interpreative provisions set out in this section 6.2(b) shall apply (as applicable and as required for the purposes of complying with UK Data Protection Law);”
(c) In relation to transfers of Customer Data that are protected by the Swiss DPA, the EU SCCs will also apply in accordance with paragraph (a) above, with the following modifications:
(i) any references in the EU SCCs to "Regulation (EU) 2016/679" shall be interpreted as references to the Swiss DPA;
(ii) any references to "EU", "Union" and "Member State law" shall be interpreted as references to Swiss law;
(iii) and any references to the "competent supervisory authority" and "competent courts" shall be interpreted as references to the relevant data protection authority and courts in Switzerland, unless the EU SCCs, implemented as described above, cannot be used to lawfully transfer such Customer Data in compliance with the Swiss DPA, in which case the Swiss SCCs shall instead be incorporated by reference and form an integral part of this DPA and shall apply to such transfers. For the purposes of the Swiss SCCs, the relevant Annexes of the Swiss SCCs shall be populated using the information contained in the Annexes I and II to this DPA (as appropriate) and the interpreative provisions set out in this section 6.2(c) shall apply (as applicable and as required for the purposes of complying with the Swiss DPA).
(d) It is not the intention of either party to contradict or restrict any of the provisions set forth in the Model Clauses and, accordingly, if and to the extent the Model Clauses conflict with any provision of the Underlying Agreements or this DPA the Model Clauses shall prevail to the extent of such conflict;
Appears in 1 contract
Sources: Data Processing Agreement
Model Clauses. The parties agree that when the transfer of Customer Data from Customer (as data exporter) to Medallia (as data importer) is a Restricted Transfer such transfers shall be subject to the appropriate Model Clauses, which are automatically incorporated by reference and form an integral part of this DPA, Clauses as follows:
a. In (a) in relation to Company Personal Information transfers of Customer Data that is are protected by the GDPR, the EU SCCs will apply completed as follows:
I. (i) Module Two and Three as appropriate will apply;
II. (ii) in Clause 7, the optional docking clause shall will apply;
III. (iii) in Clause 9, Option option 2 (general authorisation to appoint subprocessors) will apply, and the time period for prior notice of Sub-Processor changes shall be fifteen (15as set out in Clause 3.3(a) calendar daysof this DPA;
IV. (iv) in Clause 1111 (alternative dispute resolution mechanism), the optional language will not apply;
V. (v) in Clause 17, Option 1 will apply, and the EU SCCs will be governed by the laws of The NetherlandsIrish law;
VI. (vi) in Clause 18(b), disputes shall be resolved before the courts of The NetherlandsIreland;
VII. (vii) Annex I of the EU SCCs shall be deemed completed with the information set out in Annex A to this DPA; and;
VIII. (viii) Subject to Section 4.2 of this DPA, ▇▇▇▇▇ ▇▇ of the EU SCCs shall be deemed completed with the information set out in Annex B to this DPA.;
b. In (b) in relation to data transfers of Customer Data that is are protected by the UK GDPR, the UK Addendum will apply completed as follows:
(i) The EU SCCs, completed above in paragraph (a) of this DPA shall also apply to the transfers of such Customer Data, subject to sub-clause (ii) below;
(ii) Tables 1 to 3 of the UK Addendum shall be deemed completed with relevant information from the EU SCCs, completed as set out above, and the option "importer" shall be deemed checked in Table 4. The start date of the UK Addendum (as set out in Table 1) shall be the date of this DPA;
(c) In relation to transfers of Customer Data that are protected by the Swiss DPA, the EU SCCs as implemented will also apply in accordance with paragraph (1a) above will apply provided thatabove, with the following modifications:
I. (i) any references in the EU SCCs to "Directive 95/46/EC" or “Regulation (EU) 2016/679” " shall be interpreted as references to the UK GDPR; Swiss DPA;
(ii) any references to specific Articles of “Regulation ("EU) 2016/679” are replaced with the equivalent Article or Section of UK GDPR; references to “EU”", “"Union” " and “"Member State law” are all replaced with “UK”; Clause 13(a" shall be interpreted as references to Swiss law;
(iii) and Part C of Annex II of the EU SCCs are not used; any references to the “"competent supervisory authority” " and “"competent courts” " shall be interpreted as references to the Information Commissioner relevant data protection authority and courts in Switzerland, unless the EU SCCs, implemented as described above, cannot be used to lawfully transfer such Customer Data in compliance with the Swiss DPA, in which case the Swiss SCCs shall instead be incorporated by reference and form an integral part of this DPA and shall apply to such transfers. For the purposes of the Swiss SCCs, the relevant Annexes of the Swiss SCCs shall be populated using the information contained in the Annexes I and II to this DPA (as appropriate) and the courts interpretive provisions set out in this section 6.2(c) shall apply (as applicable and as required for the purposes of England and Wales; Clause 17 complying with the Swiss DPA).
(d) It is not the intention of either party to contradict or restrict any of the EU SCCs is replaced provisions set forth in the Model Clauses and, accordingly, if and to state that “The the extent the Model Clauses are governed by the laws of England and Wales” and Clause 18 conflict with any provision of the EU SCCs is replaced to state “Any dispute arising from these Underlying Agreements or this DPA the Model Clauses shall be resolved by the courts of England and Wales. A data subject may bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves prevail to the jurisdiction extent of such courtsconflict;”
Appears in 1 contract
Sources: Data Processing Agreement
Model Clauses. The parties agree that Upflex agrees to abide by and Process the Restricted Transfer shall be subject to Client Personal Data in compliance with the appropriate Model Clauses, which are automatically immediately incorporated by reference and form an integral part of this DPAExhibit. For the purposes of the Model Clauses, as followsthe parties agree that:
a. In relation (a) With regards to Company transfers of Client Personal Information that is Data protected by the GDPREU GDPR or Swiss FADP, the EU SCCs will shall apply as follows:
I. (i) Module Two and Three will apply (as appropriate will applyapplicable);
II. (ii) in Clause 7, the optional docking clause shall will not apply;
III. (iii) in Clause 9, Option 2 will apply, apply and the time period for prior notice of Subsub-Processor processor changes shall will be fifteen (15as set forth in Section 2(d) calendar daysof this Exhibit;
IV. (iv) in Clause 11, the optional language will not apply;
V. (v) in Clause 17, Option 1 will apply, and the EU SCCs will be governed by the laws of The Netherlandsthe Republic of Ireland;
VI. (vi) in Clause 18(b), disputes shall be resolved before the courts of The Netherlandsthe Republic of Ireland;
VII. (vii) in Annex I I, Part A of the EU SCCs shall be deemed completed with SCCs, Upflex is a “data importer” and “processor.” Client (or, if relevant, a subsidiary of Client) is the information set out “data exporter” and “controller.”
(viii) in Annex A I, Part B of the EU SCCs, the relevant information is specified in Section 2(c) and 2(f) of this Exhibit (Details of Processing and Return or Deletion of Client Personal Data);
(ix) For transfers to subprocessors, the subject matter, nature, and duration of the processing is set forth at Section 2(d) of this DPAExhibit (Subprocessing);
(x) in Annex I, Part C of the EU SCCs: The Irish Data Protection Commission will be the competent supervisory authority; and
VIII. (xi) Section 3 (Security) of this Exhibit serves as ▇▇▇▇▇ ▇▇ of the EU SCCs shall be deemed completed with the information set out in Annex B to this DPASCCs.
b. In relation (b) With regards to data that is transfers of Client Personal Data protected by the UK GDPR, the UK SCCs shall apply as follows:
(i) The EU SCCs as implemented in accordance with paragraph (1) above SCC Module Two will apply provided that:(as applicable);
I. (ii) Sections 2g(i)(a)(ii)-(iv) of this Exhibit shall apply;
(iii) any references in the EU SCCs to "“Directive 95/46/EC" ” or “Regulation (EU) 2016/679” " shall be interpreted as references to the UK GDPR; references to specific Articles of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK GDPR; ;
(iv) references to “EU”, “Union” and “Member State law” are all replaced with “UK”; Clause 13(a) and Part C of Annex II of the EU SCCs are not used; references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the Information Commissioner and the courts of England and Wales; Clause 17 of the EU SCCs is replaced to state that “The Clauses are governed by the laws of England and Wales” and Clause 18 of the EU SCCs is replaced to state “Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts;”
Appears in 1 contract
Sources: Data Privacy, Data Protection and Security Requirements
Model Clauses. The parties agree that the Restricted Transfer shall be subject to the appropriate Model Clauses, which are automatically incorporated by reference and form an integral part of this DPA, as follows:
a. (1) In relation to Company Personal Information that is protected by the GDPR, the EU SCCs will apply as follows:
I. (a) Module Two and Three as appropriate will apply;
II. (b) in Clause 7, the optional docking clause shall apply;
III. (c) in Clause 9, Option 2 will apply, and the time period for prior notice of Sub-Processor changes shall be fifteen (15) calendar days;
IV. (d) in Clause 11, the optional language will not apply;
V. (e) in Clause 17, Option 1 will apply, and the EU SCCs will be governed by the laws of The Netherlands;
VI. (f) in Clause 18(b), disputes shall be resolved before the courts of The Netherlands;
VII. (g) Annex I of the EU SCCs shall be deemed completed with the information set out in Annex A to this DPA; and
VIII. ▇▇▇▇▇ ▇▇ (h) Annex II of the EU SCCs shall be deemed completed with the information set out in Annex B to this DPA.
b. (2) In relation to data that is protected by the UK GDPR, the EU SCCs as implemented in accordance with paragraph (1) above will apply provided that:
I. (a) any references in the EU SCCs to "Directive 95/46/EC" or “Regulation (EU) 2016/679” shall be interpreted as references to the UK GDPR; references to specific Articles of “Regulation (EU) 2016/679” are replaced with the equivalent Article or Section of UK GDPR; references to “EU”, “Union” and “Member State law” are all replaced with “UK”; Clause 13(a) and Part C of Annex II ▇▇▇▇▇ ▇▇ of the EU SCCs are not used; references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the Information Commissioner and the courts of England and Wales; Clause 17 of the EU SCCs is replaced to state that “The Clauses are governed by the laws of England and Wales” and Clause 18 of the EU SCCs is replaced to state “Any dispute arising from these Clauses shall be resolved by the courts of England and Wales. A data subject may bring legal proceedings against the data exporter and/or data importer before the courts of any country in the UK. The Parties agree to submit themselves to the jurisdiction of such courts”;
(b) to the extent and for so long as the EU SCCs as implemented in accordance with paragraph 2(A) above cannot be used to lawfully transfer Company Personal Information protected by the UK DPA to Supplier, the UK SCCs shall be incorporated into and form an integral part of this DPA and shall apply to such transfers; and
(c) for the purposes of the UK SCCs (where applicable) the relevant Annexes/ Appendices of the UK SCCs shall be deemed completed using the information contained in Annex A and Annex B of this DPA.
(3) In relation to Company Personal Information that is protected by the Swiss DPA, the EU SCCs as implemented in accordance with paragraph (1) above will apply provided that:
(a) references in the EU SCCs to “Regulation (EU) 2016/679” or the “GDPR” shall be interpreted as references to the Swiss Federal Act on Data Protection (FADP);
(b) references to “EU”, “Union” and “Member State law” shall be interpreted as references to Switzerland and to Swiss law, as the case may be;
(c) the term ’member state’ shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland);
(d) the EU SCC clauses should be interpreted as protecting the data of legal entities until the entry into force of the revised FADP; and
(e) references to the “competent supervisory authority” and “competent courts” shall be interpreted as references to the Swiss Federal Data Protection and Information Commissioner (FDPIC) and competent courts in Switzerland.
(4) In the event that any provision of this Agreement or this DPA contradicts, directly or indirectly, the Model Clauses, the Model Clauses shall prevail.
Appears in 1 contract
Sources: Data Privacy Agreement