Untitled

 avatar
unknown
plain_text
4 years ago
8.1 kB
5
Indexable
### **Provisions Specific for European Data**

<ol type="a">
  <li>The parties acknowledge and agree that European Data Protection Law will apply to the processing of Customer Data if</li>
  <ol type="a">
    <li>the processing is carried out in the context of the activities of an establishment of Customer in the territory of the EEA or the UK; and/or</li>
    <li>Customer Personal Data is personal data relating to data subjects who are in the EEA or the UK and the processing relates to the offering to them of goods or services in the EEA or the UK, or the monitoring of their behavior in the EEA or the UK.</li>
    <li>&quot;Controller&quot; means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data</li>
    <li>&quot;Processor&quot; means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.</li>
  </ol>
  <li>Relationship between Customer and Holistics</li>
  <ol type="a">
    <li>Holistics is the Processor of the Customer Database for the purposes described in the Terms. &quot;Processor&quot;means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.</li>
    <li>Customer is the Controller of data (which may include Personal Data and Data Subjects) stored in the Customer Database.</li>
    <li>Holistics and the Customer shall be separately responsible for conforming with such statutory data protection regulations as are applicable to them</li>
  </ol>
  <li>Legacy MCCs: The SCCs will, as of the Transition Date, supersede and terminate any Model Contract Clauses approved under Directive 95/46/EC and previously entered into by Customer and Holistics. The Transition Date means October 27, 2021 if (a) Customer&#39;s billing address is outside EMEA, and (b) the processing of Customer Personal Data is subject to European Data Protection Law. If both (a) and (b) do not apply, the Transition Date is September 27, 2021.</li>
  <li> Data Protection Impact Assessments and Consultation with Supervisory Authorities: Holistics will (taking into account the nature of the processing and the information available to Holistics) assist Customer in ensuring compliance with its (or, where Customer is a processor, the relevant controller&#39;s) obligations under Articles 35 and 36 of the GDPR, by: <ol type="a">
      <li>Providing and updating our public documentation on technical security measures (https://docs.holistics.io/docs/data-security)</li>
      <li>Providing public documentation on how Holistics caching and job queuing mechanism work (https://docs.holistics.io/docs/data-caching)</li>
      <li>Providing the Security Measures (Annex 2) contained in the Agreement including these Terms; and</li>
      <li>if the above subsections are insufficient for Customer (or the relevant controller) to comply with such obligations, upon Customer&#39;s request, providing Customer with additional reasonable cooperation and assistance.</li>
    </ol>
  </li>
  <li> Transfer Mechanism for Data Transfers: <ol type="a">
      <li> Permitted Transfers. The parties acknowledge that European Data Protection Law does not require SCCs or an Alternative Transfer Solution in order for Customer Personal Data to be processed in or transferred to an Adequate Country (&quot;Permitted Transfers&quot;). </li>
      <li> Restricted Transfers. If the processing of Customer Personal Data is not processed in an Adequate Country, and European Data Protection Law applies to those transfers, then <ol type="a">
          <li>The EU SCCs (EU Controller-to-Processor) will apply with respect to Restricted Transfers between Customer and Holistics that are subject to the EU GDPR and/or the Swiss FDPA; and</li>
          <li> the UK SCCs (UK Controller-to-Processor) will apply (regardless of whether Customer is a controller and/or processor) with respect to Restricted Transfers between Customer and Holistics that are subject to the UK GDPR. </li>
          <li>Holistics agrees to abide by and process European Data in compliance with the Standard Contractual Clauses.</li>
          <li> Although Holistics does not rely on the Singapore Personal Data Protection Act 2012 (&quot;PDPA&quot;) as a legal basis for transfers of Personal Data, Holistics will inform Customer if it is unable to comply with this requirement if any conflicts arise. </li>
        </ol>
      </li>
      <li> The parties agree that for the purposes of the Standard Contractual Clauses, <ol type="a">
          <li>Holistics will be the &quot;data importer&quot; and Customer will be the &quot;data exporter&quot; (on behalf of itself and Permitted Affiliates);</li>
          <li>the Annexes of the Standard Contractual Clauses shall be populated with the relevant information set out in Annex 1 and Annex 2 of this DPA;</li>
          <li>if and to the extent the Standard Contractual Clauses conflict with any provision of this DPA, the Standard Contractual Clauses will prevail to the extent of such conflict.</li>
        </ol>
      </li>
      <li>To extent that and for so long as the Standard Contractual Clauses as implemented in accordance with this DPA cannot be relied on by the parties to lawfully transfer Personal Data in compliance with the GDPR, the applicable standard data protection clauses issued, adopted or permitted under the GDPR shall be incorporated by reference, and the annexes, appendices or tables of such clauses shall be deemed populated with the relevant information set out in Annex 1 and Annex 2 of this DPA.</li>
    </ol>
  </li>
   <li>
     Demonstration of Compliance 
       <ol type="a">
      <li>Holistics will make all information reasonably necessary to demonstrate compliance with this DPA available to Customer and allow for and contribute to audits, including inspections conducted by or an auditor appointed by Customer in order to assess compliance with this DPA.</li>
      <li>Customer acknowledges and agree to exercise audit rights under this DPA and Clause 8 of the Standard Contractual Clauses by instructing Holistics to comply with the audit measures described in this &#39;Demonstration of Compliance&#39; section.</li>
      <li>Customer acknowledges that the Subscription Service is hosted by our data center partners (listed in our sub-processors) who maintain independently validated security programs.</li>
      <li>Holistics may charge a fee (based on Holistics&#39; reasonable costs) for any audit under Demonstration of Compliance. Holistics will provide the Customer with further details of any applicable fee, and the basis of its calculation, in advance of any such audit. Customer will be responsible for any fees charged by any auditor appointed by Customer to execute any such audit.</li>
      <li>Holistics may object in writing to an auditor appointed by Customer to conduct any audit under Demonstration of Compliance if the auditor is, in Holistics&#39; reasonable opinion, not suitably qualified or independent, a competitor of Holistics, or otherwise manifestly unsuitable. Any such objection by Holistics will require the Customer to appoint another auditor or conduct the audit itself.</li>
       </ol>
   </li>
  </li>
  <li>Processing Records: Holistics will keep appropriate documentation of its processing activities. To the extent the GDPR requires Holistics to collect and maintain records of certain information relating to Customer, Customer will, where requested, supply such information to Holistics and keep it accurate and up-to-date. Holistics may make any such information available to the Supervisory Authorities if required by the GDPR.</li>
  <li>No Modification of SCCs. Nothing in the Agreement (including these Terms) is intended to modify or contradict any SCCs or prejudice the fundamental rights or freedoms of data subjects under European Data Protection Law.</li>
</ol>
Editor is loading...