Transfer mechanisms for data transfers Clause Samples

Transfer mechanisms for data transfers. If, in the performance of the Services, Personal Data that is subject to Data Protection Laws that apply in EEA/UK/Switzerland is transferred out of such regions to countries which do not ensure an adequate level of data protection within the meaning of the applicable Data Protection Laws, the transfer mechanisms listed below shall apply to such transfers and can be directly enforced by the Parties to the extent such transfers are subject to the Data Protection Laws.

Transfer mechanisms for data transfers. If, in the performance of the Services, Personal Data that is subject to the GDPR or any other law relating to the protection or privacy of individuals that applies in Europe is transferred out of Europe to countries which do not ensure an adequate level of data protection within the meaning of the Data Protection Laws and Regulations of Europe, the transfer mechanisms listed below shall apply to such transfers and can be directly enforced by the Parties to the extent such transfers are subject to the Data Protection Laws and Regulations of Europe:

Transfer mechanisms for data transfers. (A) HubSpot shall not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) transferring such data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws, or to a recipient that has executed appropriate standard contractual clauses in each case as adopted or approved in accordance with applicable European Data Protection Laws. (B) You acknowledge that in connection with the performance of the Subscription Services, HubSpot, Inc. is a recipient of European Data in the United States. The parties acknowledge and agree the following: (a) Standard Contractual Clauses: The parties agree to abide by and process European Data in compliance with the Standard Contractual Clauses. (b) Privacy Shield: Although HubSpot, Inc. does not rely on the EU-US Privacy Shield as a legal basis for transfers of Personal Data in light of the judgment of the Court of Justice of the EU in Case C-311/18, for as long as HubSpot, Inc. is self-certified to the Privacy Shield HubSpot Inc will process European Data in compliance with the Privacy Shield Principles and let you know if it is unable to comply with this requirement. (C) The parties agree that for the purposes of the Standard Contractual Clauses, (i) HubSpot, Inc. will be the "data importer" and Customer will be the "data exporter" (on behalf of itself and Permitted Affiliates); (ii) the Annexes of the Standard Contractual Clauses shall be populated with the relevant information set out in Annex 1 and Annex 2 of this DPA; (iii) where the HubSpot contracting entity under the Agreement is not HubSpot, Inc., such contracting entity (not HubSpot, Inc.) will remain fully and solely DocuSign Envelope ID: 1A08F25F-AA85-44CB-9938-9904100C1242 responsible and liable to you for the performance of the Standard Contractual Clauses by HubSpot, Inc., and you will direct any instructions, claims or enquiries in relation to the Standard Contractu...

Transfer mechanisms for data transfers. (A) HubSpot will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) transferring such data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws, or to a recipient that has executed appropriate standard contractual clauses in each case as adopted or approved in accordance with applicable European Data Protection Laws. (B) You acknowledge that in connection with the performance of the Subscription Services, HubSpot, Inc. is a recipient of European Data in the United States. Subject to sub-sections (C) and (D), the parties agree that the Standard Contractual Clauses will be incorporated by reference and form part of the Agreement as follows:

Transfer mechanisms for data transfers. Subject to the additional terms in Schedule 1, Loomio makes available the transfer mechanisms listed below which shall apply, to any transfers of Personal Data under this DPA from the European Economic Area and/or their member states, Switzerland and the United Kingdom to countries which do not ensure an adequate level of data protection within the meaning of Data Protection Laws and Regulations of the foregoing territories, to the extent such transfers are subject to such Data Protection Laws and Regulations: 12.3.1 The Standard Contractual Clauses set forth in Schedule 3 to this DPA apply to transfers of personal data made in connection with the Processing described in clause 2.1.1 of this DPA subject to the additional terms in Schedule 1; 12.3.2 The Standard Contractual Clauses set forth in Schedule 4 to this DPA apply to transfers of personal data made in connection with the Processing described in clause 2.1.2 of this DPA (other than as described in clause 12.3.3 below) subject to the additional terms in Schedule 1; and 12.3.3 Article 49(1)(b) of the GDPR (the transfer is necessary for the performance of a contract), and the equivalent provisions in the Data Protection Laws and Regulations, applies to transfers of personal data made in connection with product fulfilment, in connection with surveys, newsletters and blogs, in connection with providing Customer support to prospective Customers, and in connection with recruiting for prospective new hires. Schedule 1: Transfer Mechanisms for European Data Transfers Schedule 2: Details of the Processing Schedule 4: Standard Contractual Clauses (controller to processor) Schedule 5: Standard Contractual Clauses (controller to controller) The parties’ authorized signatures have duly executed this Agreement: Loomio Limited Customer (as registered with Loomio) Signature Signature Name: ▇▇▇▇▇ ▇▇▇▇▇▇ ▇▇▇▇▇▇▇▇ Name: Position: Chief Executive Officer Position: Email: ▇▇▇▇▇@▇▇▇▇▇▇.▇▇▇ Email: Date: Date: 1. ADDITIONAL TERMS FOR SCC SERVICES 1.1 Customers covered by the Standard Contractual Clauses. The Standard Contractual Clauses and the additional terms specified in this Section 1 of this Schedule 1 apply to (i) the legal entity that has entered into the Standard Contractual Clauses as a data exporter and its Invited Users and (ii) all Affiliates, including, but not limited to, Invited Users of Customer established within the European Economic Area, Switzerland and the United Kingdom, which have entered into Agreeme...

Transfer mechanisms for data transfers. (A) HubSpot will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) (i) transferring such data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, including the Data Privacy Framework;

Transfer mechanisms for data transfers. (i) Vendor will not perform an Onward Transfer of Personal Data except as necessary to provide the Services initiated by Customer, or as necessary to comply with the law or binding order of a governmental body. (ii) Subject to Section 7(e)(v), the Standard Contractual Clauses will only apply to Customer Data that is transferred, either directly or via Onward Transfer, to any Third Country, (each a “Data Transfer”). (iii) When Customer is acting as a Controller, the Controller-to-Processor Clauses set forth in Attachment 3 to this DPA will apply to a Data Transfer. (iv) When Customer is acting as a Processor, the Processor-to-Processor Clauses set forth in Attachment 4 to this DPA will apply to a Data Transfer. Taking into account the nature of the Processing, Customer agrees that it is unlikely that Vendor will know the identity of Customer’s Controllers because Vendor has no direct relationship with Customer’s Controllers; therefore, Customer will fulfill Vendor’s obligations to Customer’s Controllers under the Processor-to- Processor Clauses. (v) The Standard Contractual Clauses will not apply to a Data Transfer if Vendor has adopted Binding Corporate Rules for Processors or an alternative recognized compliance standard for lawful Data Transfers. (vi) If and to the extent the Standard Contractual Clauses (where applicable) conflict with any provision of this DPA, the Standard Contractual Clauses shall prevail to the extent of such conflict.

Transfer mechanisms for data transfers. 1) IPsoft / ▇▇▇▇▇▇ shall not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data (within the meaning of applicable European Data Protection Laws), unless it first takes all such measures as are necessary to ensure the transfer is in compliance with applicable European Data Protection Laws. Such measures may include (without limitation) transferring such data to a recipient that is covered by a suitable framework or other legally adequate transfer mechanism recognized by the relevant authorities or courts as providing an adequate level of protection for Personal Data, to a recipient that has achieved binding corporate rules authorization in accordance with European Data Protection Laws, or to a recipient that has executed appropriate standard contractual clauses in each case as adopted or approved in accordance with applicable European Data Protection Laws. 2) You acknowledge that in connection with the performance of the Subscription Services, ▇▇▇▇▇▇ US LLC is a recipient of European Data in the United States. The parties acknowledge and agree the following:

Transfer mechanisms for data transfers. Subject to the additional terms in Schedule 1, SafePaaS makes available the transfer mechanisms listed below which shall apply, in the order of precedence as set out in Section 11.4, to any transfers of Personal Data under this DPA from the European Union, the European Economic Area and/or their member states, Switzerland and the United Kingdom to countries which do not ensure an adequate level of data protection within the meaning of Data Protection Laws and Regulations of the foregoing territories, to the extent such transfers are subject to such Data Protection 1. The SafePaaS Processor Binding Corporate Rules apply to the Services listed in Schedule 2 to this DPA (the“BCR Services”), subject to the additional terms in Section 1 of Schedule 1; 2. SafePaaS’s EU-U.S. and Swiss-U.S. Privacy Shield Framework self-certifications apply to the Services listed in Schedule 3 to this DPA (the “EU-US and Swiss-US Privacy Shield Services”), subject to the additional terms in Section 2 of Schedule 1; 3. The Standard Contractual Clauses set forth in Schedule 5 to this DPA apply to the Services listed in Appendix 3 to the Standard Contractual Clauses (the “SCC Services”), subject to the additional terms in Section 3 of Schedule 1.