Professional Documents
Culture Documents
(PROCESSOR AS PROCESSOR)
DEFINITIONS
"Customer Personal Data" means any personal data that is subject to the Regulation
processed by Processor on behalf of the Customer under the Processor End User
License Agreement, dated as of [___], between Processor and Customer (the
“Agreement”).
"Data Protection Laws" means the Regulation, any successor thereto, and any
applicable European Union or Member State law relating to the data protection or
privacy of individuals.
"Regulation" means Regulation (EU) 2016/679 of the European Parliament and the
Council (General Data Protection Regulation).
"Regulator" means the data protection supervisory authority which has jurisdiction
over the Controller's or the Processor's processing of Personal Data.
DATA PROTECTION
4. Processor shall: (i) ensure that all Processor personnel who have access to
Customer Personal Data are bound by the duty of confidentiality; (ii) ensure
that Processor personnel do not process Customer Personal Data except on
instructions from Customer, unless they are required to do so by European
Union or Member State law; (iii) provide training to Processor personnel
regarding this Addendum.
5. Processor shall: (i) not disclose Customer Personal Data to any of its personnel
or any third party except as necessary to perform the Services, to comply with
European Union or Member State law to which it is subject, or with
Customer's prior written consent; (ii) implement and maintain technical and
organisational measures to protect Customer Personal Data against accidental
or unlawful destruction, loss, alteration, unauthorised disclosure, access or
processing in accordance with Article 32 of the Regulation; (iii) provide
reasonable assistance to Customer in implementing its own technical and
organisational measures.
9. Processor shall assist Customer in complying with any obligations under the
Data Protection Laws, including obligations to investigate, remediate and
provide information to Regulators or Data Subjects about Personal Data
Breaches without undue delay, to carry out data privacy impact assessments
and to consult with Regulators regarding processing which is the subject of a
data privacy impact assessment.
10. No Customer Personal Data processed within the European Economic Area by
Processor pursuant to this Agreement shall be exported outside the European
Economic Area without the prior written permission of Customer. Where that
permission is given it shall be conditional on any export being carried out on
the terms of the Standard Contractual Clauses for the Transfer of Personal Data
to Processors Established in Third Countries approved by EC Commission
Decision of 5 February 2010 (Decision 2010/87/EU) whose Appendices 1 and
2 are exhibited in this Agreement (the "Clauses"). The Clauses are hereby
incorporated in this Agreement and are binding on the parties. In case of
conflict between the Agreement and the Clauses, the Clauses shall prevail.
2
Customer hereby consents to Processor subcontracting the processing of
Customer Personal Data, so long as Processor: (i) ensures that it has a written
contract (the "Processing Contract") in place with the relevant subcontractor
which meets the requirements of Data Protection Laws and which imposes on
the subcontractor the same obligations in respect of processing of Customer
Personal Data as are imposed on Processor under this Agreement; (ii) remains
liable to Customer for acts or omissions of the subcontractor under the
Processing Contract and (iii) Processor shall inform the Customer of any
intended changes concerning the addition or replacement of other processors,
thereby giving the Customer 30 days to object to such changes. during which
Processor shall be afforded an opportunity to designate an alternate and
reasonably acceptable subcontractor whose approval shall not be unreasonably
withheld or delayed.
11. Processor shall promptly delete or return Customer Personal Data to Customer
after the end of the provision of the Services, save where it is required to retain
such data for compliance with applicable European Union or Member State
law.
Each party’s and all of its affiliates’ liability, taken together in the aggregate,
arising out of or related to this Addendum and the End User License
Agreement (EULA), whether in contract, tort or under any other theory of
liability, is subject to the terms, conditions and limitations of the EULA and
shall apply to the liability of a party and all of its affiliates under both the
EULA and this Addendum. Unless otherwise set forth in the EULA,
Processor’s total liability for all claims from Customer and all of its affiliates
arising out of or related to the EULA and this Addendum shall not exceed the
amounts paid by Customer to Processor under the EULA and shall apply in the
aggregate for all claims under both the EULA and this Addendum, including
by Customer and all affiliates, and, in particular, shall not be understood to
apply individually and severally to Customer and/or to any affiliate of
Customer .Unless otherwise required by applicable law, in the event of any
conflict between this Section and the provisions of the Model Clauses,
including without limitation, Clause 6 therein, the language of this Section
shall prevail.
3
Standard Contractual Clauses (processors)