Common use of Technical and Organization Measures Clause in Contracts

Technical and Organization Measures. The data importer has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect personal data, against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction as follows: The technical and organizational measures, internal controls, and information security routines set forth in Attachment C are hereby incorporated into this Appendix 2 by this reference and are binding on the data importer as if they were set forth in this Appendix 2 in their entirety. Signing the Standard Contractual Clauses, Appendix 1 and Appendix 2 on behalf of the data importer: Data Exporter: See page 1 of the DPA Signature: Reference is made to the front page of the DPA Name: See page 1 of the DPA Designation: See page 1 of the DPA Address: See page 1 of the DPA Data Importer: NTT Cloud Communications UK Ltd. Signature: Reference is made to the front page of the DPA Name: ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇ Designation: Deputy Managing Director Address: 3rd Floor, ▇▇-▇▇ ▇▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇▇▇▇▇, ▇▇ ▇▇▇ To the extent that the DPA does not address all of the issues in this Attachment E or provides lesser data protection commitments to Client in the DPA where NTT processes Personal Data within the scope of the UK GDPR on behalf of Client, NTT makes the commitments in this Attachment to the Client (‘UK GDPR Terms’, for short). These UK GDPR Terms do not limit or reduce any data protection commitments NTT makes to Client in the Client Agreement. For purposes of these UK GDPR Terms, Client and NTT agree that Client is the controller and NTT is the processor of Personal Data, except when Client acts as a processor, in which case NTT is a sub -processor. These UK GDPR Terms do not apply where NTT is a controller of Personal Data.

Technical and Organization Measures. The data importer has implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines intended to protect personal data, against accidental loss, destruction, or alteration; unauthorized disclosure or access; or unlawful destruction as follows: The technical and organizational measures, internal controls, and information security routines set forth in Attachment C are hereby incorporated into this Appendix 2 by this reference and are binding on the data importer as if they were set forth in this Appendix 2 in their entirety. Signing the Standard Contractual Clauses, Appendix 1 and Appendix 2 on behalf of the data importer: Data Exporter: See page 1 of the DPA Signature: Reference is made Please refer to the Client details on front page of the DPA Signature:‌ Name: See page 1 of the DPA Designation: See page 1 of the DPA Address: See page 1 of the DPA Data Importer: Please refer to NTT Cloud Communications UK Ltd. Signature: Reference is made to the details on front page of the DPA Signature:‌ Name: ▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇ Designation: Deputy Managing Director Address: 3rd Floor, ▇▇-▇▇ ▇▇▇▇▇▇▇▇▇▇▇ ▇▇▇▇▇, ▇▇▇▇▇▇, ▇▇▇▇▇▇▇, ▇▇ ▇▇▇ Attachment E UK GDPR Terms‌ To the extent that the DPA does not address all of the issues in this Attachment E or provides lesser data protection commitments to Client in the DPA where NTT processes Personal Data personal data within the scope of the UK GDPR on behalf of Client, NTT makes the commitments in this Attachment to the Client (‘UK GDPR Terms’, for short). These UK GDPR Terms do not limit or reduce any data protection commitments NTT makes to Client in the Client Agreement. For purposes of these UK GDPR Terms, Client and NTT agree that Client is the controller and NTT is the processor of Personal Datapersonal data, except when Client acts as a processor, in which case NTT is a sub -processorsub-processor. These UK GDPR Terms do not apply where NTT is a controller of Personal Datapersonal data.