Common use of Return of Personal Data Clause in Contracts

Return of Personal Data. Controller may export Personal Data from the Services at any time during the Term using then-existing features and functionality of the Services. Customer is solely responsible for its data retention obligations with respect to Personal Data. On Customer’s written request on expiration or termination of the Agreement, if and to the extent Controller cannot delete and/or overwrite Personal Data stored on Processor’s systems using the then-existing features and functionality of the Services, Processor shall delete or return all Personal Data to Controller, in accordance with Data Protection Laws, within sixty (60) days after the expiration or termination of the Agreement, unless Processor is obligated by law to retain some or all of the Personal Data; provided, however, Controller shall be responsible for existing copies of Personal Data contained in files Controller and its users upload to Processor’s cloud-based application as permitted by the Agreement. The obligation to return or delete any Personal Data in Processor’s custody or control shall not apply to (i) Personal Data which Processor has archived on its back-up systems (including, without limitation, database backups) or (ii) Personal Data embedded in audit logs; backup and archival copies of Personal Data and Personal Data embedded in audit logs will remain subject to this DPA until they are destroyed in accordance with Processor’s internal data retention policies. Controller will bear and pay for all costs incurred by Processor in connection with any return or deletion of Personal Data that Controller requires Processor to perform that is outside the scope of Processor’s customary data retention policies.

Return of Personal Data. Controller may export Personal Data from the Services at any time during the Term using then-existing features and functionality of the Services. Customer is solely responsible for its data retention obligations with respect to Personal Data. On Customer’s written request on expiration or termination of the Agreement, if and to the extent Controller cannot delete and/or overwrite Personal Data stored on Processor’s systems using the then-existing features and functionality of the Services, Processor shall delete or return all Personal Data to Controller, in accordance with Data Protection Laws, within sixty ninety (6090) days after the such expiration or termination of the Agreementtermination, unless Processor is obligated by law to retain some or all of the Personal Data; provided, however, Controller shall be responsible for existing copies of Personal Data contained in files Controller and its users upload to Processor’s cloud-based application as permitted by the Agreement. The obligation to return or delete any Personal Data in Processor’s custody or control within the period noted above shall not apply to (ia) Personal Data which Processor has archived on its back-up systems (including, without limitation, database backups) or (iib) Personal Data embedded in audit logs; backup and archival copies of Personal Data and Personal Data embedded in audit logs will remain subject to this DPA until they are destroyed in accordance with Processor’s internal data retention policies, which for backup and archival copies is no more than one (1) year after the expiration or termination of the Agreement, and for audit logs is one (1) year and one (1) day after the date of their creation. Controller will bear and pay for all costs incurred by Processor in connection with any return or deletion of Personal Data that Controller requires Processor to perform that is outside the scope of Processor’s customary data retention policies.