Common use of Transfer Mechanisms for European Data Transfers Clause in Contracts

Transfer Mechanisms for European Data Transfers. 3.1 Standard Contractual Clauses (“SCCs”). Supplier agrees that it shall abide by the relevant terms of the SCCs attached as Schedule 2 to this Vendor Privacy Exhibit. The SCCs shall apply to Supplier in its role as processor as if it were the “data importer.” The SCCs shall apply to SFDC and, to the extent legally required, all of SFDC’s Affiliates established within the European Economic Area, Switzerland and/or the United Kingdom, in their role as controllers and these entities shall be deemed “data exporters.” In particular, Supplier agrees that as provided in the SCCs, individuals shall be third party beneficiaries to the SCCs. In addition, SFDC and Supplier hereby agree that the security provisions in the Agreement shall apply to Appendix 2 of the SCCs. To the extent SFDC is acting as Processor with respect to the Personal Data, then the parties agree that SFDC shall be entitled to exercise the rights under the SCCs on behalf of the Controller (as if it were the “data exporter”) or to delegate such rights to the Controller and/or to procure from Supplier that Controller may directly exercise such rights with Supplier. 3.2 EU-US and Swiss-US Privacy Shield Frameworks. Supplier will: a. Provide at least the same level of protection for Personal Data as is required by the relevant principles of the EU- U.S. and Swiss-U.S. Privacy Shield frameworks. b. Promptly notify SFDC of any failure or inability to provide at least the same level of protection. c. Where Supplier permits a Sub-processor to access Personal Data (subject to SFDC’s approval right as set forth in the “Sub-processing” section), Supplier will require the Sub-processor to provide at least the same level of protection as is required by the relevant principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.

Transfer Mechanisms for European Data Transfers. 3.1 Standard Contractual Clauses (“SCCs”). Supplier agrees that it shall abide by the relevant terms of the SCCs attached as Schedule 2 to this Vendor Privacy Exhibit. The SCCs shall apply to Supplier in its role as processor as if it were the “data importer.” The SCCs shall apply to SFDC and, to the extent legally required, all of SFDC’s Affiliates established within the European Economic Area, Switzerland and/or the United Kingdom, in their role as controllers and these entities shall be deemed “data exporters.” SFDC signs the SCCs in name and on behalf of these data exporters. In particular, Supplier agrees that as provided in the SCCs, individuals shall be third party beneficiaries to the SCCs. In addition, SFDC and Supplier hereby agree that the security provisions in the Agreement shall apply to Appendix 2 of the SCCs. To the extent SFDC is acting as Processor with respect to the Personal Data, then the parties agree that SFDC shall be entitled to exercise the rights under the SCCs on behalf of the Controller (as if it were the “data exporter”) or to delegate such rights to the Controller and/or to procure from Supplier that Controller may directly exercise such rights with Supplier. 3.2 EU-US and Swiss-US Privacy Shield Frameworks. Supplier will: a. Provide at least the same level of protection for Personal Data as is required by the relevant principles of the EU- U.S. and Swiss-U.S. Privacy Shield frameworks. b. Promptly notify SFDC of any failure or inability to provide at least the same level of protection. c. Where Supplier permits a Sub-processor to access Personal Data (subject to SFDC’s approval right as set forth in the “Sub-processing” section), Supplier will require the Sub-processor to provide at least the same level of protection as is required by the relevant principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks.