Publicidad
17.6.2
shall provide notification of changes to Authorised Sub-Processors of Agreement Personal
Data to the Customer at least 14 calendar days in advance to provide the Customer with the
opportunity to object to the change. The Customer shall be deemed to accept the change if
an objection is not received within 10 calendar days of notification. If an objection is received
then the parties will work together in good faith to achieve an agreed outcome and any
Authorised Sub-Processors appointed shall be appointed on terms the same as this EULA and
the Company shall remain liable for the acts and omissions of such Authorised Sub-
Processors.
17.7 The Company warrants that, if acting as a Data Processor, it shall:
17.7.1
Process the Agreement Personal Data only for the purpose of performing its obligations under
this EULA and on such documented instructions received from the Customer from time to
time as are reasonable, necessary and relevant to enable each party to perform its
obligations under this EULA, save where required by Applicable Law and in such case the
Company shall notify the Customer of the nature and extent of the Applicable Laws
preventing such Processing (unless to do so would itself be a contravention of any Applicable
Law); and
17.7.2
put in place appropriate technical and organisational security measures to the standard
required under the Data Protection Law ("Security Measures") and shall provide reasonable
assistance with any privacy impact assessment(s) that may be required of the Company
under the Data Protection Laws which relate to the Processing of Agreement Personal Data
under this Agreement.
17.8 From the 25 May 2018, the Company warrants that, if acting as a Data Processor, it shall:
17.8.1
notify the Customer without undue delay after becoming aware of the accidental or unlawful
destruction, loss, alteration, unauthorised disclosure of, or access to, Agreement Personal
Data transmitted, stored or otherwise Processed ("Data Security Breach"). Where, and in so
far as, it is not possible to provide all the relevant information at the same time, the
information may be provided in phases without undue further delay;
17.8.2
except to Authorised Sub-Processors, not disclose the Agreement Personal Data to a third
party save as required for the performance of its obligations under this EULA, as otherwise
provided under this EULA, or as required by Applicable Law;
17.8.3
notify the Customer without undue delay of any notice or communication from the
Supervisory Authority which relates directly to the Processing of Agreement Personal Data;
17.8.4
ensure that any individual authorised to Process Agreement Personal Data on behalf of the
Customer is subject to appropriate statutory or contractual obligation of confidentiality;
17.8.5
will upon reasonable notice, no more than once in any one calendar year, subject to
appropriate confidentiality agreements being entered into, make available to the Customer all
reasonable information relating to the Processing of Agreement Personal Data necessary to
demonstrate compliance with the obligations set out in this EULA to the extent such
information is not already available to the Customer; and allow for and contribute to one
audit in any one calendar year, including inspection, conducted by the Customer or another
auditor mandated by the Customer to that same extent solely to the extent relevant to the
Processing of Agreement Personal Data;
17.8.6
to the extent required by Data Protection Laws, notify and provide reasonable assistance to
the Customer on receiving any:
17.8.6.1
complaint by a Data Subject in respect of their Personal Data contained in the
Agreement Personal Data or any request received from a Data Subject to have access to
his Personal Data (or to exercise any other right(s) afforded to him under the Data
Protection Laws) as contained in the Agreement Personal Data (including by appropriate
technical and organisational measures, insofar as this is possible);
17.8.6.2
notice or communication from the Supervisory Authority which relates to the processing
of Agreement Personal Data;
17.8.7
to the extent required by Data Protection Laws, reasonably assist the Customer in:
17.8.7.1
taking measures to address any Data Security Breach; and
17.8.7.2
conducting privacy impact assessments of any Processing operations and consulting with
any applicable Supervisory Authority;
V5.2 19/10/21
UD0090
148 de 149
Publicidad
