Common use of Supervision and Compliance Clause in Contracts

Supervision and Compliance. Global Data Protec- tion Officer 8.1 Oracle Corporation has appointed a Global Data Protection Officer who is responsible for: (i) developing, reviewing and updating Oracle’s privacy policies, proce- dures, system information and training an awareness programs (as required by Article 9); (ii) supervising and ensuring compliance with this Processor Code; (iii) providing the annual report (as required by Article 10.5) and periodic reports, as appropriate, to Oracle’s General Counsel on data protec- tion risks and compliance issues; overseeing the collection, investiga- tion and resolution of privacy inquiries, concerns and complaints; (iv) coordinating official investigations or inquiries into the Processing of Personal Information by a public authority; (v) determining and updating appropriate sanctions for violations of this Processor Code (e.g., disciplinary standards) in co-operation with other relevant internal functions, such as HR and Legal; and (vi) Maintaining a fully updated list of the Group Companies and keep track and records of updates to this Processor Code. 8.2 The Global Data Protection Officer has established and heads Oracle’s Pri- vacy Office, consisting of a global network of Privacy Professionals suffi- cient to direct compliance with this Processor Code within their respective regions or countries. The Privacy Office performs at least the following tasks: (i) regularly advising es the global Oracle organization and other relevant internal functions (e.g., Marketing, HR, Development, Sales) on pri- vacy risks and compliance issues; (ii) ensuring that the Responsible Line of Business Executives maintain an inventory of the system information for all systems and processes that Process Personal Information (as required by article 9.2); (iii) Implementing the privacy compliance framework (as developed by the Privacy Office in accordance with Article 9); (iv) making itself available for requests for privacy approvals or advice; (v) handling privacy requests and complaints; (vi) owning and authorizing all appropriate privacy sub-policies in their re- gions or countries; and (vii) cooperating with the relevant internal functions, including legal, infor- mation security, operations and development. 8.3 The Responsible Line of Business Executive shall perform at least the fol- lowing tasks: (i) ensuring that the policies and procedures are implemented and the system information is maintained (as required by Article 9); (ii) maintaining (or ensuring access to) an inventory of the system infor- mation for all systems and processes that Process Personal Infor- mation and providing such system information to the Privacy Office as required for the Privacy Office to comply with task listed in Article 8.3 sub (ii); (iii) ensuring that Personal Information is returned or securely deleted upon termination of the Services Contract (as required by Article 2.2); (iv) consulting with the Privacy Office whenever there is a conflict between the Processor Code and applicable law (as required by Article 13.1); (v) informing the Privacy Office of any new legal requirement that the Re- sponsible Line of Business Executive believes to interfere with Ora- cle’s ability to comply with this Processor Code (as required by Article 13.2). 8.4 Where a Privacy Professional holds his/her position pursuant to law, he/she shall carry out his/her job responsibilities to the extent they do not conflict with his/her statutory position.

Supervision and Compliance. Global Data Protec- tion Officer 8.1 Oracle Corporation has appointed a Global Data Protection Officer who is responsible for: : (i) developing, reviewing and updating Oracle’s privacy policies, proce- dures, system information and training an awareness programs (as required by Article 9); ; (ii) supervising and ensuring compliance with this Processor Code; ; (iii) providing the annual report (as required by Article 10.5) and periodic reports, as appropriate, to Oracle’s General Counsel on data protec- tion risks and compliance issues; overseeing the collection, investiga- tion and resolution of privacy inquiries, concerns and complaints; ; (iv) coordinating official investigations or inquiries into the Processing of Personal Information by a public authority; ; (v) determining and updating appropriate sanctions for violations of this Processor Code (e.g., disciplinary standards) in co-operation with other relevant internal functions, such as HR and Legal; and and (vi) Maintaining a fully updated list of the Group Companies and keep track and records of updates to this Processor Code.. Privacy Office 8.2 The Global Data Protection Officer has established and heads Oracle’s Pri- vacy Office, consisting of a global network of Privacy Professionals suffi- cient to direct compliance with this Processor Code within their respective regions or countries. The Privacy Office performs at least the following tasks: : (i) regularly advising es the global Oracle organization and other relevant internal functions (e.g., Marketing, HR, Development, Sales) on pri- vacy risks and compliance issues; ; (ii) ensuring that the Responsible Line of Business Executives maintain an inventory of the system information for all systems and processes that Process Personal Information (as required by article 9.2); ; (iii) Implementing the privacy compliance framework (as developed by the Privacy Office in accordance with Article 9); ; (iv) making itself available for requests for privacy approvals or advice; ; (v) handling privacy requests and complaints; ; (vi) owning and authorizing all appropriate privacy sub-policies in their re- gions or countries; and and (vii) cooperating with the relevant internal functions, including legal, infor- mation security, operations and development. . Responsible Line of Business Executive 8.3 The Responsible Line of Business Executive shall perform at least the fol- lowing tasks: : (i) ensuring that the policies and procedures are implemented and the system information is maintained (as required by Article 9); ; (ii) maintaining (or ensuring access to) an inventory of the system infor- mation for all systems and processes that Process Personal Infor- mation and providing such system information to the Privacy Office as required for the Privacy Office to comply with task listed in Article 8.3 sub (ii); ; (iii) ensuring that Personal Information is returned or securely deleted upon termination of the Services Contract (as required by Article 2.2); ; (iv) consulting with the Privacy Office whenever there is a conflict between the Processor Code and applicable law (as required by Article 13.1); ; (v) informing the Privacy Office of any new legal requirement that the Re- sponsible Line of Business Executive believes to interfere with Ora- cle’s ability to comply with this Processor Code (as required by Article 13.2). . Privacy Profession- als with statutory position 8.4 Where a Privacy Professional holds his/her position pursuant to law, he/she shall carry out his/her job responsibilities to the extent they do not conflict with his/her statutory position.