Common use of Privacy Shield and Standard Contractual Clauses Clause in Contracts

Privacy Shield and Standard Contractual Clauses. During the term of the Agreement, Tripwire shall either: (a) remain certified under the EU-US and Swiss-US Privacy Shield self-certification programs operated by the U.S. Department of Commerce (“Privacy Shield”); or (b) if for any reason Tripwire ceases to be certified under the Privacy Shield, the provisions of the Standard Contractual Clauses in Exhibit 2 shall immediately become effective. In such case: (a) The terms “data importer” means Tripwire, “data exporter” means Customer and its Affiliates. (b) For the purposes of Clause 5(a) of Exhibit 2, the following are deemed to be Customer’s instructions to process Personal Data: (i) Processing accordance with the Agreement; (ii) Processing initiated by Users in their use of the Services; (iii) Processing to comply with other reasonable instructions provided by Customer (e.g. via email or support tickets) where such instructions are consistent with the terms of the Agreement. (c) Pursuant to Clauses 5(h) and 11 of Exhibit 2, Customer acknowledges and expressly agrees that (i) Tripwire may engage Sub-Processors in connection with the provision of the Services under the terms in Sections 4 and 8.2 of this DPA; (ii) Tripwire will provide the current list of Sub-Processors as described in Section 4.1 of this DPA; and (iii) Tripwire may engage new Sub-Processors as described in Sections 4.2 and 4.3 of this DPA. (d) Copies of Sub-Processor agreements that must be provided by Tripwire to Customer pursuant to Clause 5(j) of Exhibit 2 may have all commercial information and clauses unrelated to the requirements of Exhibit 2 removed or redacted, and that such copies will be provided only on Customer’s request. (e) The audits described in Clauses 5(f) and 12(2) of Exhibit 2 shall be carried out in accordance with Section 7 of this DPA.

Privacy Shield and Standard Contractual Clauses. During the term of the Agreement, Tripwire shall either: (a) remain certified under the EU-US and Swiss-US Privacy Shield self-certification programs operated by the U.S. Department of Commerce (“Privacy Shield”); or (b) if for any reason Tripwire ceases to be certified under the Privacy ShieldShield or Privacy Shield is invalidated, the provisions of the Standard Contractual Clauses in Exhibit 2 shall immediately become effective. In such case: (a) The terms “data importer” means Tripwire, “data exporter” means Customer and its Affiliates. (b) For the purposes of Clause 5(a) of Exhibit 2, the following are deemed to be Customer’s instructions to process Personal Data: (i) Processing accordance with the Agreement; (ii) Processing initiated by Users in their use of the Services; (iii) Processing to comply with other reasonable instructions provided by Customer (e.g. via email or support tickets) where such instructions are consistent with the terms of the Agreement. (c) Pursuant to Clauses 5(h) and 11 of Exhibit 2, Customer acknowledges and expressly agrees that (i) Tripwire may engage Sub-Processors in connection with the provision of the Services under the terms in Sections 4 and 8.2 of this DPA; (ii) Tripwire will provide the current list of Sub-Processors as described in Section 4.1 of this DPA; and (iii) Tripwire may engage new Sub-Processors as described in Sections 4.2 and 4.3 of this DPA. (d) Copies of Sub-Processor agreements that must be provided by Tripwire to Customer pursuant to Clause 5(j) of Exhibit 2 may have all commercial information and clauses unrelated to the requirements of Exhibit 2 removed or redacted, and that such copies will be provided only on Customer’s request. (e) The audits described in Clauses 5(f) and 12(2) of Exhibit 2 shall be carried out in accordance with Section 7 of this DPA.