The details of the transfer, and in particular the special categories of personal data, are set out, where applicable, in Annex 1, which forms an integral part of the clauses. (c) it has taken the technical and organisational security measures referred to in Annex 2 before processing the personal data transmitted; 1. All claims made under the Clauses are subject to the Terms and Conditions, including but not limited to the exclusions and limitations set forth in the Agreement. Under no circumstances shall a party limit its liability with respect to the rights of the data subject under these clauses. (b) The data stream in the remote connection is encrypted and requires 2-factor authentication. 4. The parties shall not object to a data subject being represented by an association or other body if the data subject expressly so wishes and where national law so permits. 1. The data subject may apply this clause, clause 4 (b) to (i), clause 5 (a) to (e) and (g) to (j), clause 6 (1) and (2), clause 7, clause 8 (2) and clauses 9 to 12 as a third party beneficiary against the data exporter. (i) any legally binding request for disclosure of personal data by a law enforcement authority, unless otherwise prohibited, such as. B a criminal prohibition to maintain the confidentiality of a law enforcement investigation, 4.
In addition, the data exporter and the data importer shall cooperate appropriately during the spa period to agree on additional safeguards or other measures, if any, that are reasonably necessary to ensure the data importer`s compliance with the applicable data protection clauses and law. 4.3 Customer Security Responsibilities. Notwithstanding the foregoing, Customer agrees that, except as provided in this DPA, Customer is responsible for the secure use of the Products, including securing its account authentication credentials, protecting the security of Customer Data in transit to and from the Products, and taking appropriate measures to securely encrypt or secure Customer Data processed in connection with the Products. The customer must take and maintain appropriate technical and organizational security measures to protect personal data from security incidents and to maintain the security and confidentiality of personal data during its control and control. 1.9 «Security Incident» means any confirmed security breach that results in the destruction, loss, alteration, unauthorized disclosure or accidental or unlawful access to Customer Data transmitted, stored or processed by Nutanix in connection with the provision of the Products. «Security Incident» does not include unsuccessful attempts or activities that do not compromise the security of Personal Data, including unsuccessful login attempts, pings, port scans, denial of service attacks, and other network attacks on firewalls or network systems. 3. The provisions relating to the data protection aspects of the subcontracting of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established. (g) transmit any communication received from the data importer or a sub-processor in accordance with clause 5 (b) and clause 8 (3) to the data protection supervisory authority if the data exporter decides to continue the transfer or lift the suspension; 2.
The Parties acknowledge that if the Data Importer cannot ensure compliance in accordance with Clause 5(a) and/or Clause 5(b), the Data Importer undertakes to promptly inform the Data Exporter of its inability to comply, in which case the Data Exporter is entitled to suspend the data transfer and/or terminate the relevant parts of the Services in accordance with the terms of the Contract. 2. The parties agree that the choice made by the data subject shall not affect his or her substantive or procedural right to remedies under other provisions of national or international law. 2. The Parties further acknowledge that, in accordance with the sub-processor`s confidentiality restrictions, the data importer may be prevented from disclosing other subcontracting agreements to the data exporter. Notwithstanding the foregoing, the data importer shall use reasonable efforts to require any subordinate subcontractor designated by the data importer to allow it to disclose the sub-processor agreement to the data exporter. 9.1 Disclosures. Customer acknowledges that Nutanix may disclose this DPA (including the Model Clauses) and any relevant data protection provisions in the Agreement to the U.S. Department of Commerce, the Federal Trade Commission, a European data protection authority, or any other U.S. or European judicial or regulatory authority upon request. 1.2 Nutanix adheres to ISO 27001, Information Security Management Systems, and relevant National Institute of Standards and Technology (NIST) standards to design, implement, monitor and refine security and data processing controls. The following sections describe our key security and data processing practices.
2. The Parties agree that the supervisory authority shall have the right to carry out an audit of the data importer and each sub-processor of the same scope and subject to the same conditions as would apply to an audit of the data exporter under applicable data protection law. (f) where the transfer concerns special categories of data, the data subject has been or will be informed before or as soon as possible after the transfer that his or her data may be transferred to a third country which does not offer adequate protection within the meaning of Directive 95/46/EC; 2. Where a data subject is unable to assert a claim for damages referred to in paragraph 1 against the data exporter resulting from a breach by the data importer or its sub-processor of any of its obligations under Clause 3 or Clause 11 because the data exporter has effectively disappeared or legally ceases to exist or has become insolvent, The data importer agrees that the data subject may assert a claim against the data importer as if he or she were the data exporter, unless a successor company has assumed all the legal obligations of the data exporter by contract or by operation of law, in which case the data subject may assert his or her rights against that body. 1. The data importer agrees that if the data subject invokes third-party beneficiary rights against him or her and/or claims damages in accordance with the clauses, the data importer accepts the data subject`s decision: 3. Even if the data importer cannot disclose a subcontracting agreement inferior to the data exporter, the parties agree that, at the request of the data exporter, the data importer shall provide the data exporter with all information reasonable to it under such a subcontract. Obligation after the end of the processing of personal data Nutanix implements the following technical and organizational security measures to protect personal data and relevant operational processes. For the purposes of this Annex, «DPA» means the addendum on data processing that exists between the importer and the data exporter and in which these clauses have been incorporated, and «agreement» has the meaning assigned to it in the DPA. (d) after examining the requirements of the applicable data protection legislation, security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against any other unlawful form of processing, and that these measures guarantee a level of security; which is proportionate to the risks associated with the processing and the nature of the data to be protected, taking into account the state of the art and the cost of its implementation; (d) promptly informs the Data Exporter of the following: 2.3 Processing of Personal Data by Nutanix.
As a processor, Nutanix processes Customer Data only for the purposes described in this DPA and only in accordance with the Customer`s documented legal instructions. The parties agree that the Agreement sets out customer`s complete and final instructions to Nutanix with respect to the processing of Customer Data and that processing outside the scope of these Instructions (if any) requires prior written consent between Customer and Nutanix. Without prejudice to Section 2.4 (Customer`s Responsibilities), Nutanix will inform customer in writing, unless prohibited by applicable data protection law, if nutanix becomes aware of it or believes that Customer`s data processing instructions violate applicable data protection law. . . .