Common use of Sub-processors Clause in Contracts

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Processor, the Data Controller shall give notice thereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service by providing written notice to the Data Processor in accordance with the Service Agreement. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“"Sub-Processors”") without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s 's objection, the Data Controller may terminate the Service some Membership Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ ' compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Sub- Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Sub- Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation authorization to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes wish to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten seven (107) business calendar days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service by providing written notice to the Data Processor in accordance with the Service Agreement. 6.3 The Data Processor shall complete conclude a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 6.3 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 6.4 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Sub- Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Sub- Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor Thesaurus Software Ltd. is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation from the Data Controller, provided that the Data Processor Thesaurus Software Ltd. notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Thesaurus Software Ltd. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor Thesaurus Software Ltd. cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service Agreement.Thesaurus Software Ltd. 6.3 The Data Processor Thesaurus Software Ltd. shall complete a written sub-processor agreement with any Sub-Sub- Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data ProcessorThesaurus Software Ltd., including the obligations under this Data Processor Agreement. The Data Processor Thesaurus Software Ltd. shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor Thesaurus Software Ltd. is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor Thesaurus Software Ltd. is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor Thesaurus Software Ltd. initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.

Sub-processors. 6.1 The Data Processor is given general authorisation authorization to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes wish to object to the relevant Sub-ProcessorSubProcessor, the Data Controller shall give notice thereof hereof in writing within ten seven (107) business calendar days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service by providing written notice to the Data Processor in accordance with the Service Agreement. 6.3 The Data Processor shall complete conclude a written sub-processor agreement with any Sub-Sub- Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-ProcessorsSubProcessors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 6.3 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 6.4 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors SubProcessors listed in sub-appendix B. If the Data Processor initiates sub-sub- processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The 2.4.1. Data Processor is given general authorisation may engage Sub-Processors to engage third parties to process the Process Personal Data (“on Data Controller’s behalf, including to assist with hosting and infrastructure, to support product features and integrations, and for service and support. Data Processor’s current Sub-Processors”) without obtaining any further written, specific authorisation from Processors are listed at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/dpa-subprocessor. Data Controller authorizes the appointment of the Sub-Processors identified as of the effective date of this Addendum. 2.4.2. Data ControllerProcessor may add or replace a Sub-Processor, provided that the Data Processor notifies the provides Data Controller in writing about with at least 30 days’ advance notice of the identity intended addition or replacement of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Datagiving Data Controller an opportunity to object to such changes, unless circumstances require a shorter notice period, in which case notice will be provided as soon as practicable. If the Data Controller wishes sends Data Processor a written notice within 10 days of such notification setting forth a reasonable basis for objection related to object data protection, the Parties will make a good-faith effort to the relevant Sub-resolve Data Controller’s objection. If Data Processor, in its discretion, requires use of the Data Controller shall give notice thereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new or replacement Sub-Processor and the Data Processor cannot accommodate the is unable to satisfy Data Controller’s objection, the Data Controller either party may terminate the Service by providing written notice Agreement without liability to the other party (but without prejudice to any fees incurred by Data Controller prior to suspension or termination). If Data Controller does not provide a timely objection to any new or replacement Sub-Processor in accordance with the Service Agreementthis clause, Data Controller will be deemed to have consented to such Sub-Processor and waived its right to object. 6.3 The 2.4.3. Data Processor shall complete a written subwill impose data protection terms on Sub-processor agreement with any Processors that provide at least the same level of protection for Personal Data as those in this Addendum, to the extent applicable to the nature of the services provided by such Sub-Processors. Such an agreement shall at minimum provide Data Processor will remain responsible for each Sub-Processor’s compliance with the same data protection obligations as the ones applicable of this Addendum and for any acts or omissions of such Sub-Processor that cause Data Processor to the breach any of Data Processor, including the ’s obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writingAddendum. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.

Sub-processors. 6.1 The Data Processor is given general authorisation authorization to engage third third-parties to process the Personal Data (“Sub-Sub- Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Sub- Processor processes any of the Personal Data. If the Data Controller wishes wish to object to the relevant Sub-ProcessorSubProcessor, the Data Controller shall give notice thereof hereof in writing within ten seven (107) business calendar days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor.. Data Processor Agreement – FromOzz, January 2019 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service by providing written notice to the Data Processor in accordance with the Service Agreement. 6.3 The Data Processor shall complete conclude a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-ProcessorsSubProcessors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 6.3 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 6.4 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors SubProcessors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Sub- Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The following shall apply for the Data Processor is given general authorisation to engage Processor’s engagement of third parties to process the Personal Data (“Sub-Processors”) ): The Data Processor has general authorisation to engage Sub- Processors without obtaining any further written, specific authorisation written consent from the Data Controller, Controller provided that the Data Processor notifies informs the Data Controller in writing about of the identity of a the potential Sub-Processor (and its processors, if anyof any data processor of the SubProcessor) before any agreements are made at least 7 calendar days prior to entering into an agreement with the relevant concerned Sub-Processors and before Processor, thereby giving the relevant Sub-Processor processes any of Data Controller the Personal Dataopportunity to object to such changes. If the Data Controller wishes to object has not objected to the relevant Sub-Processornamed Sub- Processor within 7 calendar days of the Data Processors notification, the Data Controller shall give notice thereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller non-objection shall be deemed consent to the relevant Sub-Processora tacit consent. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service by providing written notice to the Data Processor in accordance with the Service Agreement. 6.3 The Data Processor shall complete conclude a written sub-processor agreement with any Sub-ProcessorsSubProcessor. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under Processor in accordance with this Data Processor Agreement and the Main Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with such data protection obligations, and the Applicable Law. Documentation of such monitoring and control documentation hereof shall be provided to the Data Controller if so requested in writing. 6.4 6.3 The Data Processor is accountable to the Data Controller for any Sub-Processor Processor’s processing of the Personal Data in the same way as for its own actions and omissions. 6.5 6.4 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. Appendix C. If the Data Processor initiates sub-sub processing with a new Sub-Sub- Processor, such new Sub-Processor shall be added to the list in sub-appendix B.Appendix C under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Sub- Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Sub- Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-sub- appendix B.B under paragraph 2.

Sub-processors. 6.1 7.1 The Data Controller acknowledges and agrees that: 7.1.1 Affiliates of the Data Processor is given general authorisation may be used as Sub-processors; and 7.1.2 the Data Processor and its Affiliates respectively may engage Sub-processors in connection with the provision of the Services. 7.2 All Sub-processors who process Personal Data in the provision of the Services to engage third parties the Data Controller shall comply with the obligations of the Data Processor set out in this DPA. 7.3 The Data Controller authorises the Data Processor to use the Sub-Processors included in the list of Sub-processors to process the Personal Data (“Sub-Processors”) without obtaining any further writtenData. During the term of this DPA, specific authorisation from the Data Controller, provided that the Data Processor notifies shall provide the Data Controller in writing about with 30 days prior notification, via email, of any changes to the identity list of a potential Sub-Processor (and its processors, if any) processors before authorising any agreements are made new or replacement Sub- processor to process Personal Data in connection with the relevant Sub-Processors and before the relevant Sub-Processor processes any provision of the Personal Data. If the Services. 7.4 The Data Controller wishes to may object to the relevant use of a new or replacement Sub-Processorprocessor, by notifying the Data Controller shall give notice thereof Processor promptly in writing within ten (10) business 14 days from receiving the notification from after receipt of the Data Processor’s notice. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 6.2 In the event If the Data Controller objects to a new or replacement Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objectionprocessor, the Data Controller may terminate the Service Agreement with respect to those Services which cannot be provided by providing written notice to the Data Processor in accordance without the use of the new or replacement Sub-processor. 7.5 All Sub-processors who process Personal Data shall comply with the Service Agreement. 6.3 The obligations of the Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under set out in this Data Processor AgreementDPA. The Data Processor shall on an ongoing basis monitor prior to the relevant Sub-processor carrying out any processing activities in respect of the Personal Data: 7.5.1 Appoint each Sub-processor under a written contract containing materially the same obligations to those of the processor in this DPA enforceable by the Data Processor; 7.5.2 Ensure each such Sub-processor complies with all such obligations. 7.6 The Data Controller agrees that the Processor and control its Sub-Processors’ compliance with Processors may make Restricted Transfers of Personal Data for the Applicable Law. Documentation purpose of such monitoring and control shall be provided providing the Services to the Data Controller if so requested in writing. 6.4 accordance with the Agreement.. The Data Processor is accountable confirms that suchSub-Processors: 7.6.1 Are located in a third country or territory recognised by the EU Commission to have an adequate level of protection; or 7.6.2 Have entered into the applicable SCCs with the Data Controller for any Sub-Processor Processor; or 7.6.3 Have other legally recognised appropriate safeguards in the same way as for its own actions and omissionsplace. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.

Sub-processors. 6.1 The Data Processor is given general authorisation authorization to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is not accountable to the Data Controller for any direct dealings with the Pension Regulator or any Pension providers as it is the Data Controller responsibility to ensure all documents are dealt with and were applicable The Data Processor may be able to assist. 6.5 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 6.6 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Sub- Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorisa- tion from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Sub- Processor processes any of the Personal Data. If the Data Controller wishes wish to object to the relevant Sub-ProcessorSubProcessor, the Data Controller shall give notice thereof hereof in writing within ten seven (107) business calendar days from receiving the notification from the Data Processor. Absence of any objections ob- jections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service by providing written notice to the Data Processor in accordance with the Service Agreement. 6.3 The Data Processor shall complete conclude a written sub-processor agreement with any Sub-ProcessorsPro- cessors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Pro- cessor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-ProcessorsSubProcessors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 6.3 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 6.4 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors SubProcessors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Sub- Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-sub- appendix B.B under paragraph 2.

Sub-processors. 6.1 5.1 The Data Controller hereby grants general written authorisation to engage other processors ("Sub-processors") to process Customer Personal Data under this DPA. 5.2 The Data Processor is given general authorisation undertakes to engage third parties to process inform the Personal Data (“Controller of any change regarding the involvement or replacement of further Sub-Processors”) without obtaining any further written, specific authorisation from the Data Controller, provided processors. Provided that the Data Processor notifies Controller does not object within fourteen (14) days in writing, specifying reasonable grounds relating data to protection, the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Datainvolvement or replacement will be deemed approved. If the Data Controller wishes provides a timely and valid objection, Data Processor shall use commercially reasonable efforts to object provide the affected Services to the relevant Sub-Processor, the Data Controller shall give notice thereof in writing within ten (10) business days from receiving without using the notification from objected-to Sub-processor for the Data Processorprocessing of the Customer Personal Data. Absence If such efforts are not commercially reasonably feasible, and acceptance of any objections from the Sub-processor change is not reasonably acceptable to the Data Controller shall be deemed consent to based on the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objectionspecified grounds, the Data Controller may terminate the Service Agreement by providing fourteen (14) days' prior written notice to the Data Processor Processor. The objection and termination rights under this Clause 5.2 shall not apply if the relevant Sub-processor is engaged solely in accordance connection with optional features or functionalities of the Service AgreementServices that the Data Controller can elect not to use. 6.3 The 5.3 Where the Data Processor engages a Sub-processor, it shall complete a a) ensure, by written subagreement, that the Sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same bound by data protection obligations substantially the same as the ones applicable to those imposed on the Data Processor, including the obligations Processor under this Data Processor AgreementDPA. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided b) remain liability to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors listed in a sub-appendix B. If processor fails to comply with his data protection obligations under the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to written agreement within the list in sub-appendix B.meaning of section a).

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties ("Sub-Processors") to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Sub- Processor (and its processorsSub-Processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data). If the Data Controller wishes to object to the relevant Sub-Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s 's objection, the Data Controller may terminate the Service Main Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written subSub-processor Processing agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Processing Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ ' compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Sub- Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Processing Agreement using the Sub-Processors listed in subSub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Sub- Processor shall be added to the list in subSub-appendix B.B under paragraph 2 as posted on the website of the Data Processor.

Sub-processors. 6.1 The Data Controller provides Data Processor with consent to the use by Data Processor of the following Sub-processors to carry out Processing of the Client Personal Data, in each case based in the jurisdictions set out at Section 4.8.1, for the purposes of providing solutions to Data Processor: ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇/legal/subprocessors. 6.2 If Data Processor appoints a new Sub-processor to Process Client Personal Data, Data Processor shall update the link above and provide Data Controller with twenty business days’ prior written notice, during which time Data Controller can object in writing to the appointment. If Data Controller does not object, Data Processor may proceed with the appointment. If Data Controller provides Data Processor with a timely objection and such objection is given general authorisation based on reasonable grounds relating to data protection, then the Parties shall engage third parties in a good-faith discussion of such objection. If it can be reasonably demonstrated by the Data Controller that the new Sub-processor is unable to process the Process Client Personal Data (“in compliance with the terms of this Addendum and Data Processor cannot provide an alternative Sub-Processors”processor, or the Parties are not otherwise able to achieve resolution, Data Processor shall, in its sole discretion, either: (i) without obtaining any further written, specific authorisation from comply with such objection and not proceed with the appointment in respect of Data Controller; or (ii) proceed with the appointment and, provided as Data Processor’s sole liability and Data Controller’s sole and exclusive remedy, terminate the Agreement, or part thereof, which is affected by such change on written notice to Data Controller. Data Processor ensures that it has a written agreement in place with all Sub-processors which contains obligations on the Sub-processor which are no less onerous on the relevant Sub-processor than the obligations on Data Processor under this Addendum, save that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes is excepted from agreeing provisions equivalent to object to the relevant Sub-Processor, the Data Controller shall give notice thereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-ProcessorSection 4.7. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service by providing written notice to the Data Processor in accordance with the Service Agreement. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Sub- Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Sub- Processor, such new Sub-Processor shall be added to the list in sub-appendix B.B under paragraph 2.

Sub-processors. 6.1 The Data Processor is given general authorisation authorization to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed consent to the relevant Sub-Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor AgreementRequirements. The Data Processor shall on an ongoing basis monitor and control its Sub-Sub- Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so so, requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement Requirements using the Sub-Sub- Processors listed in sub-appendix B. A. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.A.

Sub-processors. 6.1 6.1. The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Sub- Processors and before the relevant Sub-Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Processor. 6.2 6.2. In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 6.3. The Data Processor shall complete a written sub-processor agreement with any Sub-Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Processing Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Data Protection Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 6.4. The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 6.5. The Data Processor is at the time of entering into this Data Processor Processing Agreement using the Sub-Processors listed in sub-appendix B. the SPA. If the Data Processor initiates sub-sub- processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-appendix B.the SPA.

Sub-processors. 6.1 The Data Processor is given general authorisation to engage third third-parties to process the Personal Data (“Sub-Processors”) without obtaining any further written, specific authorisation authorization from the Data Controller, provided that the Data Processor notifies the Data Controller in writing about the identity of a potential Sub-Processor (and its processors, if any) before any agreements are made with the relevant Sub-Processors and before the relevant Sub-Sub- Processor processes any of the Personal Data. If the Data Controller wishes to object to the relevant Sub-Sub- Processor, the Data Controller shall give notice thereof hereof in writing within ten (10) business days from receiving the notification from the Data Processor. Absence of any objections from the Data Controller shall be deemed a consent to the relevant Sub-Sub- Processor. 6.2 In the event the Data Controller objects to a new Sub-Processor and the Data Processor cannot accommodate the Data Controller’s objection, the Data Controller may terminate the Service Services by providing written notice to the Data Processor in accordance with the Service AgreementProcessor. 6.3 The Data Processor shall complete a written sub-processor agreement with any Sub-Sub- Processors. Such an agreement shall at minimum provide the same data protection obligations as the ones applicable to the Data Processor, including the obligations under this Data Processor Agreement. The Data Processor shall on an ongoing basis monitor and control its Sub-Processors’ compliance with the Applicable Law. Documentation of such monitoring and control shall be provided to the Data Controller if so requested in writing. 6.4 The Data Processor is accountable to the Data Controller for any Sub-Processor in the same way as for its own actions and omissions. 6.5 The Data Processor is at the time of entering into this Data Processor Agreement using the Sub-Processors listed in sub-appendix B. If the Data Processor initiates sub-processing with a new Sub-Processor, such new Sub-Processor shall be added to the list in sub-sub- appendix B.B under paragraph 2.