Page Comparison

...

...

...

Effective starting: September 1st, 2024

...

(5) The provision of the contractually agreed data processing usually takes place in a member state of the European Union or another contracting state of the Agreement on the European Contractual Area (Decision 94/1/EC). If the Processor transfers Personal Data to subcontractors outside the EU or the EEA, they have previously agreed to comply with the standard data protection clauses pursuant to Commission Implementing Decision (EU) 2021/914 of 4.6.2021 and thus ensure an adequate level of data protection within the meaning of Art. 46 (2) lit. c GDPR. 

(6) To the extent that Provider Processes Customer Personal Data protected by Data Protection Laws in one of the regions listed in Annex 4 (Region-Specific Terms), then the terms specified therein with respect to the applicable jurisdiction(s) will apply in addition to the terms of this DPA.

§ 2 Type of data processed

...

A current list of all sub-processors can be accessed under the following link: Trust Center - yasoon. The customer ("Controller")  can set up automatic notification of sub-processors changes via e-mail through the "Subscribe to updates" function.

Annex 4 - Region-Specific Terms

A. CALIFORNIA

1. Definitions. CCPA and other capitalized terms not defined in this Annex are defined in the DPA.

1.1.  “business purpose”, “commercial purpose”, “personal information”, “sell”, “service provider” and “share” have the meanings given in the CCPA.

1.2.  The definition of “Data Subject” includes “consumer” as defined under the CCPA.

1.3.  The definition of “Controller” includes “business” as defined under the CCPA.

1.4.  The definition of “Processor” includes “service provider” as defined under the CCPA.

2. Obligations.

2.1.  Customer is providing the Customer Personal Data to Provider under the Agreement for the limited and specific business purposes of providing the Cloud Service as described in Annex 1 ( Purpose, nature of processing and categories of data subjects) to this DPA and otherwise performing under the Agreement.

2.2.  Provider will comply with its applicable obligations under the CCPA and provide the same level of privacy protection to Customer Personal Data as is required by the CCPA.

2.3.  Provider acknowledges that Customer has the right to:

(i) take reasonable and appropriate steps under Section 5 (Audits) of this DPA to help to ensure that Provider’s use of Customer Personal Data is consistent with Customer’s obligations under the CCPA,

(ii) receive from Provider notice and assistance under Section 8 (Data Subject Requests) of this DPA regarding consumers’ requests to exercise rights under the CCPA and

(iii) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized use of Customer Personal Data.

2.4.  Provider will notify Customer promptly after it makes a determination that it can no longer meet its obligations under the CCPA.

2.5.  Provider will not retain, use or disclose Customer Personal Data:

(i) for any purpose, including a commercial purpose, other than the business purposes described in Section 2.1 of this Section A (California) of Schedule 4 or

(ii) outside of the direct business relationship between Provider with Customer, except, in either case, where and to the extent permitted by the CCPA.

2.6.  Provider will not sell or share Customer Personal Data received under the Agreement.

2.7.  Provider will not combine Customer Personal Data with other personal information except to the extent a service provider is permitted to do so by the CCPA.