Transfer Clauses. A. Where the Transfer Clauses apply under this Addendum: 1. Client and Supplier agree to observe the terms of the Transfer Clauses without modification and the Transfer Clauses shall be considered to be duly executed by the Parties immediately upon the date on which this Addendum enters into force; 2. the rights and obligations afforded by the Transfer Clauses will be ex- ercised in accordance with the terms of this Addendum; in case of any conflict between the terms of the Transfer Clauses and any other part of this Adden- dum or the Agreement, the Transfer Clauses shall prevail; 3. the Parties elect to add the optional Clause 7 (Docking Clause) of the Transfer Clauses and do not elect to add the additional optional language un- der Clause 11(a) (Redress) of the Transfer Clauses; 4. for purposes of Clause 17 (Governing Law) of the Transfer Clauses, the Parties elect Option 1, and the Parties agree that this shall be the law of Ireland; 5. for purposes of Clause 18 (Choice of Forum and Jurisdiction) of the Transfer Clauses, the Parties agree that any dispute arising from these Clauses shall be resolved by the courts of an EU Member State. The Parties agree that those shall be the courts of Ireland. 6. the Parties' signature to this Addendum or an Agreement that explicitly incorporates this Addendum shall be considered as signature to the Transfer Clauses; 7. if so required by the laws or regulatory procedures of any jurisdiction, the Parties shall execute or re-execute the Transfer Clauses as separate doc- uments setting out the proposed transfers of Personal Data in such manner as may be required; and 8. in the event that the Transfer Clauses are amended, replaced or oth- erwise invalidated by the European Commission or under the Data Protection Laws, the Parties shall work together in good faith to enter into any updated version of such Transfer Clauses or negotiate in good faith a solution to enable a transfer of the Personal Data to meet the requirements of Chapter V of the GDPR. B. In addition, with respect to Module 2 and/or Module 3 of the Transfer Clauses, the following additional provisions shall apply: 1. the Parties agree that the certification of deletion of Personal Data that is described in Clause 8.5 of the Transfer Clauses shall be provided by the Data Importer to the Data Exporter only upon Data Exporter’s written re- quest; 2. the Parties agree that the audits described in Clause 8.9 of the Transfer Clauses shall be carried out in accordance with Section 1.B(9) and (10) of this Addendum; and 3. for purposes of Clause 9(a) of the Transfer Clauses, the Parties elect Option 2 (General Written Authorisation), it being understood that Client pro- vides the general authorisation and instruction for the engagement of the Sub- processors from the agreed list of Subprocessors available on the Subproces- sor Site, and the Parties agree to observe the provisions set out in clause 1.B(12) of this Addendum in relation to any additions or replacements of Sub- processors on such list; for purposes of Clause 9(a) of Module 3 of the Trans- fer Clauses, where Client acts as Processor, the Client (1) warrants that it has the authority to provide such general authorisation and instruction on behalf of the Controller, and (2) agrees to inform the Controller of any addition or replacement of Subprocessors on the agreed list for and on behalf of Vendor (thereby enabling the Vendor to comply with its obligation under Clause 9(a) of the Transfer Clauses); 4. for purposes of Clause 8.6(c) and (d) (Security of Processing) of Mod- ule 3 of the Transfer Clauses, where Client acts as Processor, the Parties acknowledge and agree that it will not be appropriate and feasible for Vendor to directly notify the Controller of a Personal Data Breach concerning Personal Data Processed by Vendor under the Transfer Clauses, and Client agrees to forward to the Controller any such notification of a Personal Data Breach with- out undue delay; 5. for purposes of Clause 8.9 (Documentation and Compliance) of Mod- ule 3 of the Transfer Clauses, where Client acts as Processor, Client agrees that all inquiries from the Controller shall be provided to Vendor by the Client (for and on behalf of the Controller) and, except as determined necessary by Vendor to ensure that inquiries are promptly and adequately be dealt with, all relevant communication shall be handled solely via the Client. In case Vendor receives an inquiry directly from the Controller, it shall promptly forward the inquiry to the Client; 6. for purposes of Clause 10 of Module 3 (Data Subject Rights) of the Transfer Clauses, where Client acts as Processor, the Parties acknowledge and agree that it will not be appropriate for Vendor to directly notify the Con- troller of any request it has received from a Data Subject, and Client agrees to promptly forward to the Controller any such notification and to be primarily responsible to assist the Controller in fulfilling the relevant obligations to re- spond to any such request, it being understood that Vendor will provide assis- tance and cooperation to Client in accordance with this Addendum; 7. for the avoidance of doubt, Vendor’s relationships with Subprocessors may still be governed by previous iterations of the Transfer Clauses as of the date of this Addendum, and this shall not be treated as a breach of this Ad- dendum or the Agreement until such time as such previous iterations are no longer recognized as having legal impact under GDPR; 8. for purposes of Clause 13 of the Transfer Clauses, the competent su- pervisory authority shall be the supervisory authority identified by Client on the signature page of this Addendum or, if Client does not so identify a competent supervisory authority on the signature page of this Addendum, the competent supervisory authority shall be the supervisory authority of the Member State in which the data exporter is established or has appointed a representative pursuant to Article 27(1) of the GDPR, and such competent supervisory au- thority shall be incorporated into Annex I.C of the Transfer Clauses; and 9. Schedules 1 and 2 of this Addendum shall serve as ▇▇▇▇▇▇▇ ▇ and II respectively of the Transfer Clauses. C. In addition, with respect to Module 1 of the Transfer Clauses, the following additional provisions shall apply: 1. Schedule 3 of this Addendum shall serve as Annex I of the Transfer Clauses. D. In addition, with respect to Module 4 of the Transfer Clauses, the following additional provisions shall apply: 1. Schedule 4 of this Addendum shall serve as Annex I of the Transfer Clauses. E. In addition, with respect to Modules 1, 2, 3, and 4 of the Transfer Clauses, where transfers of Personal Data are subject to United Kingdom law, the Transfer Clauses shall be amended and subject to the following additional provisions: 1. Part 2: Mandatory Clauses of the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Pro- tection Act 2018 on 28 January 2022, as it is revised under Section 18 of those Mandatory Clauses ("Approved Addendum"); 2. The information required by Part 1 of the Approved Addendum is set out at Schedule 1-4 of this Addendum (as applicable); 3. With respect to Section 19 of the Approved Addendum, in the event the Approved Addendum changes, neither party may end the Addendum except as provided for in the Approved Addendum or the Agreement; and 4. Any references to the “Clauses” in the Transfer Clauses shall include the amendments set out in this Section 4.E(5). F. In addition, with respect to Modules 1, 2, 3, and 4 of the Transfer Clauses, where transfers of Personal Data are subject to Swiss law, the Transfer Clauses shall be amended and subject to the following additional provisions: 1. the term “EU Member State” must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility for suing their rights in their place of habitual residence (Switzerland) in accordance with the Transfer Clauses; 2. the Transfer Clauses also protect the data of legal entities until the en- try into force of the revised version of the FADP of 25 September 2020, which is scheduled to come into force on 1 January 2023 (“Revised FADP”); and 3. the FDPIC shall act as the “competent supervisory authority” insofar as the relevant data transfer is governed by the FADP.
Appears in 1 contract
Sources: Call Off Contract
Transfer Clauses. A. Where the Transfer Clauses apply under this Addendum:
(1. ) Client and Supplier agree to observe the terms of the Transfer Clauses without modification and the Transfer Clauses shall be considered to be duly executed by the Parties immediately upon the date on which this Addendum ▇▇▇▇▇▇▇▇ enters into force;
(2. ) the rights and obligations afforded by the Transfer Clauses will be ex- ercised exercised in accordance with the terms of this Addendum; in case of any conflict between the terms of the Transfer Clauses and any other part of this Adden- dum Addendum or the Agreement, the Transfer Clauses shall prevail;
(3. ) the Parties elect to add the optional Clause 7 (Docking Clause) of the Transfer Clauses and do not elect to add the additional optional language un- der under Clause 11(a) (Redress) of the Transfer Clauses;
(4. ) for purposes of Clause 17 (Governing Law) of the Transfer Clauses, the Parties Par- ties elect Option 1, and the Parties agree that this shall be the law of Ireland;
(5. ) for purposes of Clause 18 (Choice of Forum and Jurisdiction) of the Transfer Clauses, the Parties agree that any dispute arising from these Clauses shall be resolved by the courts of an EU Member State. The Parties agree that those shall be the courts of Ireland.
(6. ) the Parties' signature to this Addendum or an Agreement that explicitly incorporates incor- porates this Addendum shall be considered as signature to the Transfer Clauses;
(7. ) if so required by the laws or regulatory procedures of any jurisdiction, the Parties Par- ties shall execute or re-execute the Transfer Clauses as separate doc- uments documents setting out the proposed transfers of Personal Data in such manner as may be required; and
8. (8) in the event that the Transfer Clauses are amended, replaced or oth- erwise otherwise invalidated by the European Commission or under the Data Protection Laws, the Parties shall work together in good faith to enter into any updated version of such Transfer Clauses or negotiate in good faith a solution to enable a transfer trans- fer of the Personal Data to meet the requirements of Chapter V of the GDPR.
B. In addition, with respect to Module 2 and/or Module 3 of the Transfer Clauses, the following additional provisions shall apply:
(1. ) the Parties agree that the certification of deletion of Personal Data that is described de- scribed in Clause 8.5 of the Transfer Clauses shall be provided by the Data Importer to the Data Exporter only upon Data Exporter’s written re- questrequest;
(2. ) the Parties agree that the audits described in Clause 8.9 of the Transfer Clauses shall be carried out in accordance with Section 1.B(9) and (10) of this AddendumAdden- dum; and
(3. ) for purposes of Clause 9(a) of the Transfer Clauses, the Parties elect Option 2 (General Written Authorisation), it being understood that Client pro- vides provides the general authorisation and instruction for the engagement of the Sub- processors Subprocessors from the agreed list of Subprocessors available on the Subproces- sor Subprocessor Site, and the Parties agree to observe the provisions set out in clause 1.B(12) of this Addendum Ad- dendum in relation to any additions or replacements of Sub- processors Subprocessors on such list; for purposes of Clause 9(a) of Module 3 of the Trans- fer Transfer Clauses, where Client acts as Processor, the Client (1) warrants that it has the authority to provide pro- vide such general authorisation and instruction on behalf of the Controller, and (2) agrees to inform the Controller of any addition or replacement of Subprocessors on the agreed list for and on behalf of Vendor (thereby enabling the Vendor to comply with its obligation under Clause 9(a) of the Transfer Clauses);
4. for purposes of Clause 8.6(c) and (d) (Security of Processing) of Mod- ule 3 of the Transfer Clauses, where Client acts as Processor, the Parties acknowledge and agree that it will not be appropriate and feasible for Vendor to directly notify the Controller of a Personal Data Breach concerning Personal Data Processed by Vendor under the Transfer Clauses, and Client agrees to forward to the Controller any such notification of a Personal Data Breach with- out undue delay;
5. for purposes of Clause 8.9 (Documentation and Compliance) of Mod- ule 3 of the Transfer Clauses, where Client acts as Processor, Client agrees that all inquiries from the Controller shall be provided to Vendor by the Client (for and on behalf of the Controller) and, except as determined necessary by Vendor to ensure that inquiries are promptly and adequately be dealt with, all relevant communication shall be handled solely via the Client. In case Vendor receives an inquiry directly from the Controller, it shall promptly forward the inquiry to the Client;
6. for purposes of Clause 10 of Module 3 (Data Subject Rights) of the Transfer Clauses, where Client acts as Processor, the Parties acknowledge and agree that it will not be appropriate for Vendor to directly notify the Con- troller of any request it has received from a Data Subject, and Client agrees to promptly forward to the Controller any such notification and to be primarily responsible to assist the Controller in fulfilling the relevant obligations to re- spond to any such request, it being understood that Vendor will provide assis- tance and cooperation to Client in accordance with this Addendum;
7. for the avoidance of doubt, Vendor’s relationships with Subprocessors may still be governed by previous iterations of the Transfer Clauses as of the date of this Addendum, and this shall not be treated as a breach of this Ad- dendum or the Agreement until such time as such previous iterations are no longer recognized as having legal impact under GDPR;
8. for purposes of Clause 13 of the Transfer Clauses, the competent su- pervisory authority shall be the supervisory authority identified by Client on the signature page of this Addendum or, if Client does not so identify a competent supervisory authority on the signature page of this Addendum, the competent supervisory authority shall be the supervisory authority of the Member State in which the data exporter is established or has appointed a representative pursuant to Article 27(1) of the GDPR, and such competent supervisory au- thority shall be incorporated into Annex I.C of the Transfer Clauses; and
9. Schedules 1 and 2 of this Addendum shall serve as ▇▇▇▇▇▇▇ ▇ and II respectively of the Transfer Clauses.
C. In addition, with respect to Module 1 of the Transfer Clauses, the following additional provisions shall apply:
1. Schedule 3 of this Addendum shall serve as Annex I of the Transfer Clauses.
D. In addition, with respect to Module 4 of the Transfer Clauses, the following additional provisions shall apply:
1. Schedule 4 of this Addendum shall serve as Annex I of the Transfer Clauses.
E. In addition, with respect to Modules 1, 2, 3, and 4 of the Transfer Clauses, where transfers of Personal Data are subject to United Kingdom law, the Transfer Clauses shall be amended and subject to the following additional provisions:
1. Part 2: Mandatory Clauses of the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Pro- tection Act 2018 on 28 January 2022, as it is revised under Section 18 of those Mandatory Clauses ("Approved Addendum");
2. The information required by Part 1 of the Approved Addendum is set out at Schedule 1-4 of this Addendum (as applicable);
3. With respect to Section 19 of the Approved Addendum, in the event the Approved Addendum changes, neither party may end the Addendum except as provided for in the Approved Addendum or the Agreement; and
4. Any references to the “Clauses” in the Transfer Clauses shall include the amendments set out in this Section 4.E(5).
F. In addition, with respect to Modules 1, 2, 3, and 4 of the Transfer Clauses, where transfers of Personal Data are subject to Swiss law, the Transfer Clauses shall be amended and subject to the following additional provisions:
1. the term “EU Member State” must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility for suing their rights in their place of habitual residence (Switzerland) in accordance with the Transfer Clauses;
2. the Transfer Clauses also protect the data of legal entities until the en- try into force of the revised version of the FADP of 25 September 2020, which is scheduled to come into force on 1 January 2023 (“Revised FADP”); and
3. the FDPIC shall act as the “competent supervisory authority” insofar as the relevant data transfer is governed by the FADP.
Appears in 1 contract
Sources: Call Off Contract