Data Protection Addendum
In the event Personal Data is processed both Parties will comply with all applicable requirements of the Data Protection Legislation.
Definitions:
"Data Protection Legislation" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country; "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR; Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organizational measures: as defined in the Data Protection Legislation.
1.2
This Exhibit D is in addition to, and does not relieve, remove or replace, a Party's obligations or rights under the Data Protection Legislation.
1.3
The Parties acknowledge that for the purposes of the Data Protection Legislation, Customer is the Controller, and the Company is the Processor. The Agreement, and the attached exhibits sets out the scope, nature and purpose of processing by the Company, the duration of the processing and the types of Personal Data and categories of Data Subject.
1.4
Without prejudice to the generality of clause 1.1-1.3, in the event that Personal Data is processed under this Agreement, Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Company and/or lawful collection of the Personal Data by the Company on behalf of Customer for the duration and purposes of this Agreement.
1.5
Without prejudice to the generality of clause 1.1-1.3, the Company shall, in relation to any Personal Data processed in connection with the performance by the Company of its obligations under this Agreement:
Process that Personal Data only on the documented written instructions of Customer unless the Company is required by the Data Protection Legislation or other applicable laws to otherwise process that Personal Data. Where the Company is relying on the Data Protection Legislation or other applicable laws as the basis for processing Personal Data, the Company shall promptly notify Customer of this before performing the processing required by the Data Protection Legislation or applicable laws unless those laws prohibit the Company from so notifying Customer; ensure that it has in place appropriate technical and organizational measures, reviewed and approved by Customer, to protect against unauthorized or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorized or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymizing and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organizational measures adopted by it); ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and not transfer any Personal Data outside of the European Economic Area unless the prior consent of Customer has been obtained and the following conditions are fulfilled: Customer or the Company has provided appropriate safeguards in relation to the transfer; the data subject has enforceable rights and effective legal remedies; the Company complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and the Company complies with reasonable instructions notified to it in advance by Customer with respect to the processing of the Personal Data; assist Customer, at Customer's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; notify Customer without undue delay on becoming aware of a Personal Data Breach; at the written direction of Customer, delete or return Personal Data and copies thereof to Customer on termination of the agreement unless required by the Data Protection Legislation or other applicable laws to store the Personal Data; and maintain complete and accurate records and information to demonstrate its compliance with this clause and allow for audits by Customer or Customer's designated auditor and immediately inform Customer if, in the opinion of the Company, an instruction infringes the Data Protection Legislation.
1.6
The Customer consents to the Company appointing a third-party processor of Personal Data under this Agreement, as necessary, with prior written approval. The Company confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this Exhibit and in either case which the Company confirms reflect and will continue to reflect the requirements of the Data Protection Legislation. As between Customer and the Company, the Company shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this Exhibit.
1.7
Either Party may, at any time on not less than thirty (30) days’ notice, revise this Exhibit by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this Agreement).
Data Protection Addendum
In the event Personal Data is processed both Parties will comply with all applicable requirements of the Data Protection Legislation.
Definitions:
"Data Protection Legislation" means EU Data Protection Laws and, to the extent applicable, the data protection or privacy laws of any other country; "EU Data Protection Laws" means EU Directive 95/46/EC, as transposed into domestic legislation of each Member State and as amended, replaced or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR; Controller, Processor, Data Subject, Personal Data, Personal Data Breach, processing and appropriate technical and organizational measures: as defined in the Data Protection Legislation.
1.2
This Exhibit D is in addition to, and does not relieve, remove or replace, a Party's obligations or rights under the Data Protection Legislation.
1.3
The Parties acknowledge that for the purposes of the Data Protection Legislation, Customer is the Controller, and the Company is the Processor. The Agreement, and the attached exhibits sets out the scope, nature and purpose of processing by the Company, the duration of the processing and the types of Personal Data and categories of Data Subject.
1.4
Without prejudice to the generality of clause 1.1-1.3, in the event that Personal Data is processed under this Agreement, Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Company and/or lawful collection of the Personal Data by the Company on behalf of Customer for the duration and purposes of this Agreement.
1.5
Without prejudice to the generality of clause 1.1-1.3, the Company shall, in relation to any Personal Data processed in connection with the performance by the Company of its obligations under this Agreement:
Process that Personal Data only on the documented written instructions of Customer unless the Company is required by the Data Protection Legislation or other applicable laws to otherwise process that Personal Data. Where the Company is relying on the Data Protection Legislation or other applicable laws as the basis for processing Personal Data, the Company shall promptly notify Customer of this before performing the processing required by the Data Protection Legislation or applicable laws unless those laws prohibit the Company from so notifying Customer; ensure that it has in place appropriate technical and organizational measures, reviewed and approved by Customer, to protect against unauthorized or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorized or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymizing and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organizational measures adopted by it); ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and not transfer any Personal Data outside of the European Economic Area unless the prior consent of Customer has been obtained and the following conditions are fulfilled: Customer or the Company has provided appropriate safeguards in relation to the transfer; the data subject has enforceable rights and effective legal remedies; the Company complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and the Company complies with reasonable instructions notified to it in advance by Customer with respect to the processing of the Personal Data; assist Customer, at Customer's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; notify Customer without undue delay on becoming aware of a Personal Data Breach; at the written direction of Customer, delete or return Personal Data and copies thereof to Customer on termination of the agreement unless required by the Data Protection Legislation or other applicable laws to store the Personal Data; and maintain complete and accurate records and information to demonstrate its compliance with this clause and allow for audits by Customer or Customer's designated auditor and immediately inform Customer if, in the opinion of the Company, an instruction infringes the Data Protection Legislation.
1.6
The Customer consents to the Company appointing a third-party processor of Personal Data under this Agreement, as necessary, with prior written approval. The Company confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement incorporating terms which are substantially similar to those set out in this Exhibit and in either case which the Company confirms reflect and will continue to reflect the requirements of the Data Protection Legislation. As between Customer and the Company, the Company shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this Exhibit.
1.7
Either Party may, at any time on not less than thirty (30) days’ notice, revise this Exhibit by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this Agreement).
System Status
Cookie Manager
Terms of use
Trust center
Trade controls
Sign up for the ilmiya
Products
Studio
Learn
Live
Use Cases
Educators
Centers
Institutes
Pages
Blog
Courses
Tools
Tools
Learn
Live
Studio
About Us
Terms
Privacy
Legal
Status
Support
By submitting this form, you acknowledge and agree that Ilmiya will process your information.
Privacy policy
Enter your email addresss
Subscribe