Processing of Data. 2.1 The rights and obligations of the Controller with respect to this Processing are described herein. Controller shall, in its use of the Services, at all times Process Personal Data, and provide instructions for the Processing of Personal Data, in compliance with EU Directive 95/46/EC (the “Directive”), and, when effective, the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR” and together, “Data Protection Laws”)). Controller shall ensure that its instructions comply with all laws, rules and regulations applicable in relation to the Personal Data, and that the Processing of Personal Data in accordance with Controller’s instructions will not cause Processor to be in breach of the Data Protection Laws. Controller is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to Processor by or on behalf of Controller, (ii) the means by which Controller acquired any such Personal Data, and (iii) the instructions it provides to Processor regarding the Processing of such Personal Data. Controller shall not provide or make available to Processor any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify Processor from all claims and losses in connection therewith. 2.2 Processor shall Process Personal Data only (i) for the purposes set forth in the Agreement and/or Exhibit A, (ii) in accordance with the terms and conditions set forth in this Addendum and any other documented instructions provided by Controller, and (iii) in compliance with the Directive, and, when effective, the GDPR. Controller hereby instructs Processor to Process Personal Data in accordance with the foregoing and as part of any Processing initiated by Controller in its use of the Services. 2.3 The subject matter, nature, purpose, and duration of this Processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this Addendum. 2.4 Following completion of the Services, at Controller’s choice, Processor shall return or delete the Personal Data, except as required to be retained by the laws of the European Union or European Union member states. If Controller and Processor have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the Standard Contractual Clauses shall be provided by Processor to Controller only upon Controller’s request.
Appears in 1 contract
Sources: Eu Data Processing Addendum
Processing of Data. 2.1 The rights and obligations of the Controller with respect to this Processing are described herein. Controller shall, in its use of the Services, at all times Process Personal Data, and provide instructions instruction for the Processing of Personal Data, in compliance with EU Directive 95/46/EC (the “Directive”), and, when effective, the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR” ”) and the United Kingdom Data Protection ▇▇▇ ▇▇▇▇ (together, “Data Protection Laws”)). Controller shall ensure that its instructions comply with all laws, rules and regulations applicable in relation to the Personal Data, and that the Processing of Personal Data in accordance with Controller’s instructions will not cause Processor to be in breach of the Data Protection Laws. Controller is solely responsible for the accuracy, quality, and legality of (i) the Personal Data provided to Processor by or on behalf of Controller, (ii) the means by which Controller acquired any such Personal Data, and (iii) the instructions it provides to Processor regarding the Processing of such Personal Data. Controller shall not provide or make available to Processor any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify Processor from all claims and losses in connection therewith. This Addendum does not apply to Personal Data for which Processor is a controller.
2.2 Processor shall not Process Personal Data only (i) for the purposes other than those set forth in the Agreement and/or Exhibit A, (ii) in accordance a manner inconsistent with the terms and conditions set forth in this Addendum and or any other documented instructions provided by Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Supervisory Authority to which the Processor is subject; in such a case, the Processor shall inform the Controller of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest and (iii) in compliance with the Directive, and, when effective, violation of the GDPR. Controller hereby instructs Processor to Process Personal Data in accordance with the foregoing and as part of any Processing initiated by Controller in its use of the Services.
2.3 1.2 The subject matter, nature, purpose, and duration of this Processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this Addendum.
2.4 2.3 Following completion of the Services, at Controller’s choice, Processor shall return or delete the Personal Data, unless further storage of Personal Data is required or authorized by applicable law. If return or destruction is impracticable or prohibited by law, rule or regulation, Processor shall take measures to block such Personal Data from any further Processing (except as to the extent necessary for its continued hosting or Processing required by law, rule or regulation) and shall continue to be retained by appropriately protect the laws of the European Union Personal Data remaining in its possession, custody, or European Union member statescontrol. If Controller and Processor have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the Standard Contractual Clauses shall be provided by Processor to Controller only upon Controller’s request.
2.4 Processor, a “Service Provider” as defined under the California Consumer Privacy Act of 2018 (as amended and supplemented) (the “CCPA”) is receiving Personal Data from Controller pursuant to the Agreement for a business purpose. Processor shall not sell any such Personal Data. Processor shall not retain, use or disclose any Personal Data provided by Controller pursuant to the Agreement except as necessary for the specific purpose of performing the Services for Controller pursuant to the Agreement, or otherwise as set forth in the Agreement or as permitted by the CCPA. Processor certifies that it understands the restrictions of this Section 2.5.
Appears in 1 contract
Sources: Data Processing Addendum
Processing of Data. 2.1 2.1. The rights and obligations of the Controller with respect to this Processing are described herein. : Controller shall, in its use of the Services, at all times Process Personal Data, and provide instructions for the Processing of Personal Data, in compliance with EU Directive 95/46/EC (the “Directive”), and, when effective, the General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR” and together, “Data Protection Laws”)). Controller shall ensure that its instructions comply with all laws, rules and regulations applicable in relation to the Personal Data, and that the Processing of Personal Data in accordance with Controller’s instructions will not cause Processor to be in breach of the Data Protection Laws. Controller is solely responsible for the accuracy, quality, and legality of (iof:
a) the The Personal Data provided to Processor by or on behalf of Controller, (ii
b) the The means by which Controller acquired any such Personal Data, and (iii
c) the The instructions it provides to Processor regarding the Processing of such Personal Data. Controller shall not provide or make available to Processor any Personal Data in violation of the Agreement or otherwise inappropriate for the nature of the Services, and shall indemnify Processor from all claims and losses in connection therewith.
2.2 2.2. Processor shall Process Personal Data only (ionly:
a) for For the purposes set forth in the Agreement and/or Exhibit A, (iiAgreement
b) in In accordance with the terms and conditions set forth in this Addendum and any other documented instructions provided by Controller, and (iii
c) in In compliance with the Directive, and, when effective, the GDPR. Controller hereby instructs Processor to Process Personal Data in accordance with for the foregoing and following purposes as part of any Processing initiated by Controller in its use of the Services.
2.3 2.3. The subject matter, nature, purpose, and duration of this Processing, as well as the types of Personal Data collected and categories of Data Subjects, are described in Exhibit A to this Addendum.herein:
2.4 Following completion a) Nature and Purpose of Processing: In connection with and for the purpose of the Services, at Controller’s choice, Processor shall return or delete the Personal Data, except as required to be retained by the laws provision of the European Union or European Union member states. If Controller and Processor have entered into Standard Contractual Clauses as described in Section 6 (Transfers of Personal Data), the parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the Standard Contractual Clauses shall be provided by Processor Services to Controller only upon Controller’s request.under the Agreement
Appears in 1 contract
Sources: Data Processing Addendum