Subprocessing Clause Samples

Subprocessing. 5.1 Each Company Group Member authorizes Vendor to appoint (and permit each Subprocessor appointed in accordance with section 6 of this DPA to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement. 5.2 Vendor may continue to use those Subprocessors already engaged by Vendor as at the date of this DPA, subject to Vendor in each case as soon as practicable meeting the obligations set out in section 5.4. 5.3 Vendor shall give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within 14 Calendar days of receipt of that notice, Company notifies Vendor in writing of any objections (on reasonable grounds) to the proposed appointment: Vendor shall not appoint (or disclose any Company Personal Data to) the proposed Subprocessor until reasonable steps have been taken to address the objections raised by any Company Group Member and Company has been provided with a reasonable written explanation of the steps taken. 5.4 With respect to each Subprocessor, Vendor shall: 5.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 5.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Agreement; 5.4.2 ensure that the arrangement between on the one hand (a) Vendor or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR; 5.4.3 upon request provide to Company for review such copies of the Contracted Processors agreements with Subprocessors (which may be redacted to remove confidential commercial information not relevant to the requirements of this DPA) as Company may request from time to time. 5.5 Vendor shall ensure that each Subprocessor performs the obligations under this DPA as they apply to Processing of Company Personal Data carried out by that Subprocessor, as if it were party to this DPA in place of Vendor.

Subprocessing. 5.1 You authorise us to engage the Subprocessors specified in the SCC Annexes for the specified purposes described in the SCC Annexes and authorise us, to appoint further Subprocessors in accordance with this section 5 and subject to the requirements of the SCCs. 5.2 We shall give you at least fourteen (14) days’ prior written notice of the appointment of any new Subprocessor or changes to any Subprocessor’s Processing arrangements, including necessary details of the Processing to be undertaken by the Subprocessor. 5.3 If, within fourteen (14) calendar days of our notice, you notify us in writing of any objections (on reasonable grounds) to the proposed appointment, we shall at our option: 5.3.1 not appoint (or disclose any of your Personal Data to) that proposed Subprocessor until it has taken reasonable steps to address the objections raised by you; or 5.3.2 notify you that you may terminate the Service without incurring any early termination costs, notwithstanding any term of the Services Agreement or any Service Order Form to the contrary. 5.3.3 For the avoidance of doubt, your right to terminate an affected Service under section 5.3.2 shall not extend to non-impacted services and is otherwise without prejudice to the Parties’ rights and obligations in relation to any terminated Service up to, and including the date of termination. 5.4 With respect to each Subprocessor, we shall ensure that the Subprocessor’s Processing is governed by a written contract including terms which offer at least the same level of protection for your Personal Data as those set out in this DPA.

Subprocessing. (a) Processors may subcontract its obligations under this DPA in compliance with the requirements as set forth herein to Processors’ affiliated companies and/or third parties (“Subprocessors”). A list of the Subprocessors engaged with Processors as of the Effective Date of the Agreement is set forth in the respective Services Description and Customer herewith agrees to the engagement of such Subprocessors. (b) During the Term, Processors will provide at least four (4) weeks prior notice (“Subprocessor Change Notification”) to the Customer before authorizing any new Subprocessor (“Subprocessor Change Effective Date”). If Customer disapproves of the engagement of such new Subprocessor, Customer may terminate the Agreement with two (2) weeks written notice, including an explanation of the reasonable grounds for disapproval of the Subprocessor, to the Subprocessor Change Effective Date. If the Customer does not object to the Subprocessor Change Notification in accordance with the foregoing, this shall be deemed as the Customer’s acceptance of the new Subprocessor. Processors remain responsible for any Subprocessors’ compliance with the obligations of this DPA. (c) In case a Subprocessor is located outside the EU/EEA in a country that is not recognized as providing an adequate level of data protection, the Processor will (i) enter into a data processing agreement based on EU Model Clauses (Processor to Processor), or (ii) provide the Controller with information on the Subprocessor's certification under the Privacy Shield program and re-confirms that the Subprocessor's certification under the Privacy Shield Program is still valid upon Controller`s request, or (iii) provide the Controller, upon Controller`s request, with other information and relevant documentation on the mechanism for international data transfer pursuant to Art. 46 GDPR that is used to lawfully disclose the Controller's personal data to the Subprocessor.

Subprocessing. 5.1 Processor shall not appoint (or disclose any Company Personal Data to) any Subprocessor unless required or authorized by the Company.

Subprocessing. 5.1 Customer authorises Supplier to appoint Subprocessors in accordance with this Paragraph 5. 5.2 Supplier may continue to use those Subprocessors already engaged by Supplier as at the date of this Data Processing Addendum as listed in the Annex 3 to this Data Processing Addendum, subject to Supplier meeting within a reasonable timeframe (or having already met) the obligations set out in Paragraph 5.3. 5.3 Supplier shall give Customer prior written notice of the appointment of any proposed Subprocessor, including reasonable details of the Processing to be undertaken by the Subprocessor. If, within fourteen (14) days of receipt of that notice, Customer notifies Supplier in writing of any objections (on reasonable grounds) to the proposed appointment, Supplier shall use reasonable efforts to make available a commercially reasonable change in the provision of the Services, which avoids the use of that proposed Subprocessor. If such a change cannot be made within fourteen (14) days from Supplier receipt of Customer’s notice, no commercially reasonable change is available, and/or Customer declines to bear the cost of the proposed change, either party may by written notice to the other party with immediate effect terminate the Agreement either in whole or to the extent that it relates to the Services which require the use of the proposed Subprocessor. 5.4 With respect to each Subprocessor, Supplier shall ensure that the arrangement between Supplier and the Subprocessor is governed by a written contract including terms which offer at least an equivalent level of protection for Customer Personal Data as those set out in this Data Processing Addendum.

Subprocessing. ‌ 4.1 Company authorizes Securonix to appoint (and permit each Subprocessor appointed in accordance with this section 4 to appoint) Subprocessors in accordance with this section 4 and any restrictions in the Principal Agreement. 4.2 Securonix may continue to use those Subprocessors already engaged by Securonix as at the date of this DPA, subject to Securonix in each case as soon as practicable meeting the obligations set out in section 4.4.‌ 4.3 Securonix will give Company prior written notice of the appointment of any new Subprocessor, including full details of the Processing to be undertaken by the Subprocessor. If, within ten (10) of receipt of that notice, Company notifies Securonix in writing of any objections (on reasonable grounds) to the proposed appointment, the parties will seek to resolve the matter in good faith. If Securonix can provide the Services to Company without using the Subprocessor and decides in its discretion to do so, then Company will have no further rights to object the Subprocessor under this Section 4.3. 4.4 With respect to each Subprocessor, Securonix or the relevant Securonix Affiliate shall:‌ 4.4.1 before the Subprocessor first Processes Company Personal Data (or, where relevant, in accordance with section 4.2), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Company Personal Data required by the Principal Agreement; 4.4.2 ensure that the arrangement between on the one hand (a) Securonix, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Company Personal Data as those set out in this DPA and meet the requirements of article 28(3) of the GDPR; 4.4.3 if that arrangement involves a data transfer in accordance with Section 11 below, ensure that the appropriate standard contractual clauses are at all relevant times incorporated into the agreement between on the one hand (a) Securonix, (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Company Personal Data procure that it enters into an agreement incorporating the appropriate standard contractual with the Company; and 4.4.4 provide to Company for review such copies of the Contracted Processors' agreements with Subprocessors (which may be redacted to remove confidential commercial information not relev...

Subprocessing. The Controller authorizes the Processor to make use of other processors in accordance with the following subsections in Sect. 9 of this Agreement. This authorization shall constitute a general written authorization within the meaning of Art. 28 (2)

Subprocessing. 11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement. 11.2 The prior written contract between the data importer and the subprocessor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the subprocessor shall be limited to its own processing operations under the Clauses. 11.3 The provisions relating to data protection aspects for subprocessing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established. 11.4 The data exporter shall keep a list of subprocessing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5 (j), which shall be updated at least once a year. The list shall be available to the data exporter's data protection supervisory authority.

Subprocessing. 5.1 Customer authorises SentinelOne to appoint (and permit each Subprocessor appointed in accordance with this section 5 to appoint) Subprocessors in accordance with this section 5 and any restrictions in the Agreement. SentinelOne shall make available to Customer the current list of Subprocessors that are processing Customer Personal Data, attached as Annex 3. SentinelOne shall provide Customer prior written notice of the appointment of any new Subprocessor, including details of the Processing to be undertaken by the Subprocessor. If, within thirty (30) days of receipt of that notice, Customer notifies SentinelOne in writing of any objections to the proposed appointment, and further provides commercially reasonable justifications to such objections based on valid concerns regarding such proposed Subprocessor’s business practices relating to data protection, then (i) SentinelOne shall work with Customer in good faith to address Customer’s objections regarding the new Subprocessor; and (ii) where Customer’s concerns cannot be resolved within thirty (30) days from SentinelOne's receipt of Customer's notice, notwithstanding anything in the Agreement, Customer may, by providing SentinelOne with a written notice to with immediate effect, terminate the Agreement and SentinelOne shall refund to Customer all prepaid Fees for the Solutions attributable to the Subscription Term (as outlined in the applicable Purchase Order) following the termination of the Agreement. 5.2 With respect to each Subprocessor, SentinelOne shall: 5.2.1 before the Subprocessor first Processes Customer Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by the Agreement; 5.2.2 ensure that the arrangement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand, the Subprocessor, is governed by a written contract including terms which offer at least the same level of protection for Customer Personal Data as those set out in this Addendum and meet the requirements of Article 28(3) of the GDPR; 5.2.3 if that arrangement involves a Restricted Transfer, ensure that the Standard Contractual Clauses are at all relevant times incorporated into the agreement between on the one hand (a) SentinelOne, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, or before the Subprocessor first Processes Customer Pe...