Scroll Top

DPA

DPA

EOS DATA PROCESSING ADDENDUM

Last Updated: August 25, 2023

 

This Data Processing Addendum (this “Addendum”) is effective as of the date of the entry into force of the applicable Agreement (as defined below) to which this Addendum is attached (the “Addendum Effective Date”) by and between the customer listed in the applicable EOS Customer Agreement (“Customer”) and the esh OS LTD contracting party under the Agreement (“EOS”).

This Addendum supplements the EOS Customer Agreement, as updated from time to time between Customer and EOS, or other agreements between Customer and EOS governing Customer’s use of the Service Offerings (the “Agreement”).

1.     Definitions. Unless otherwise defined in the Agreement, all capitalized terms used in this Addendum will have the meanings given to them below:

1.1.   Approved Jurisdiction” means a jurisdiction approved as having adequate legal protections for data by the European Commission, currently found here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.  

 

1.2.   “Customer Data” means the “Personal Data” (as defined in the Data Protection Laws) that is uploaded to the Services under Customer’s EOS accounts.

1.3.   "Data Subject" means an individual to whom Personal Data relates.

1.4.   “EEA” means the European Economic Area.

1.5.   “GDPR” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

1.6.   "PPL" means the Israeli Protection of Privacy Law, 1981, the regulations enacted thereunder and the guidelines issued by the Israeli Protection of Privacy Authority, as shall be from time to time.

1.7.   "Data Protection Laws" means the applicable data protection legislations applicable to the esh OS LTD contracting party under the Agreement, including, without limitation, the GDPR, Data Protection Act 2018 and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018 ("UK GDPR")  and the PPL.

1.8.   “processing” has the meaning given to it in the Data Protection Laws and “process”, “processes” and “processed” will be interpreted accordingly.

1.9.   “Security Incident” means a breach of EOS’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Data.

1.10. “Standard Contractual Clauses” means the applicable module of the standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council from June 4th 2021..

1.11. UK Addendum” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses, which was entered into force on 21 March, 2022.

 

2.     Data Processing.

2.1.   Scope and Roles. This Addendum applies when Customer Data is processed by EOS. In this context, EOS will act as “processor” to Customer who may act either as “controller” or “processor” with respect to Customer Data (as each term is defined or similarly acknowledged under the Data Protection Laws).

2.2.   Customer Controls. The Services provide Customer with a number of controls, including security features and functionalities, that Customer may use to retrieve, correct, delete or restrict Customer Data as described in the Documentation. Without prejudice to Section 6.1, Customer may use these controls as technical and organizational measures to assist it in connection with its obligations under the Data Protection Laws, including its obligations relating to responding to requests from Data Subjects.

2.3.   Details of Data Processing.

2.3.1. Subject matter. The subject matter of the data processing under this Addendum is Customer Data.

2.3.2. Duration. As between EOS and Customer, the duration of the data processing under this Addendum is determined by Customer.

2.3.3. Purpose. The purpose of the data processing under this Addendum is the provision of the Services initiated by Customer from time to time.

2.3.4. Nature of the processing: Compute, storage and such other Services as described in the Documentation and initiated by Customer from time to time.

2.3.5. Type of Customer Data: Customer Data uploaded to the Services under Customer’s EOS accounts.

2.3.6. Categories of Data Subjects: The data subjects may include Customer’s customers, employees, suppliers and end-users.

2.4.   Compliance with Laws. Each party will comply with all laws, rules and regulations applicable to it and binding on it in the performance of this Addendum, including the Data Protection Laws.

3.     Customer Instructions. The parties agree that this Addendum and the Agreement (including the provision of instructions via configuration tools such as the EOS management console and APIs made available by EOS for the Services) constitute Customer’s documented instructions regarding EOS’s processing of Customer Data (“Documented Instructions”). EOS will process Customer Data only in accordance with Documented Instructions. Additional instructions outside the scope of the Documented Instructions (if any) require prior written agreement between EOS and Customer, including agreement on any additional fees payable by Customer to EOS for carrying out such instructions. Customer is entitled to terminate this Addendum and the Agreement if EOS declines to follow instructions requested by Customer that are outside the scope of, or changed from, those given or agreed to be given in this Addendum.

4.     Confidentiality of Customer Data. EOS will not access or use, or disclose to any third party, any Customer Data, except, in each case, as necessary to maintain or provide the Services, or as necessary to comply with the law or a valid and binding order of a governmental body (such as a subpoena or court order). If a governmental body sends EOS a demand for Customer Data, EOS will attempt to redirect the governmental body to request that data directly from Customer. As part of this effort, EOS may provide Customer’s basic contact information to the government body. If compelled to disclose Customer Data to a government body, then EOS will give Customer reasonable notice of the demand to allow Customer to seek a protective order or other appropriate remedy unless EOS is legally prohibited from doing so and in any event, will provide to the government body only the portion of the Customer Data requested by the government body. If the Standard Contractual Clauses apply, nothing in this Section 4 varies or modifies the Standard Contractual Clauses.

5.     Confidentiality Obligations of EOS Personnel. EOS restricts its personnel from processing Customer Data without authorization by EOS as described in the EOS Security Standards. EOS imposes appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security, which are not less strict than those imposed on EOS under this Addendum. EOS shall take reasonable measures, commonly used in the processes for screening and placing employees, to ensure that there is no concern that any authorized individual user is not suitable to be granted access to Customer Data. EOS will keep an up-do-date record of roles, user permissions granted to these roles and the authorized users performing such roles.

6.     Security of Data Processing.

6.1.   EOS has implemented and will maintain the technical and organizational measures for the EOS Network as described in the EOS Security Standards and this Section. In particular, EOS has implemented and will maintain the following technical and organizational measures:

(a) security of the EOS Network as set out in Section 1.1 of the EOS Security Standards;

(b) physical security of the facilities as set out in Section 1.2 of the EOS Security Standards;

(c) measures to control access rights for EOS employees and contractors in relation to the EOS Network as set out in Section 1.1 of the EOS Security Standards; and

(d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by EOS as described in Section 2 of the EOS Security Standards. Without derogating from the above, access to Customer Data shall be made, as much as possible, by a physical mean subject to the exclusive control of the authorized user and EOS standards shall also prescribe instructions with respect to the manner of identification and in case the manner of identification is based on passwords, the standards will also address the password strength, number of failed attempts and the frequency of changing passwords that will take place according to the authorized user’s role, and in any event, at least every six months, the automatic disconnection following a time of inactivity, the manner of dealing with malfunctions related to identity authentication and revoking access permissions of personnel who are no longer permitted to access the Customer Data.

(e) EOS will provide from time to time and in any event no less than once every 12 months tutorials to its personnel in connection with their duties and obligations to maintain the Customer Data secure in strict confidence in accordance with this Addendum or Data Protection Laws, and with respect to new individuals that will receive access to the Customer Data, such tutorials will take place before granting access to the Customer Data.

(f) EOS will maintain the Customer Data separately from any other data it holds for its other clients and/or third parties. EOS will separate, to the extent and level reasonably possible, between the database systems which enable access to Customer Data and other computer systems used by it for its other business operations.

(g) EOS will maintain an up-to-date document of the database structure, as well as an up-to-date inventory of its database systems containing the Customer Data, including: (a) hardware infrastructure, types of information components and information security; (b) software systems used to operate the data's system, to manage and maintain such systems, to support their operation, to monitor and secure them; (c) programs and interfaces used to communicate with and from the data's systems; and (d) a diagram of the network in which the data's systems operate, including a description of the connections between the different system components and the physical location of these components. The database structure document and inventory will be updated by EOS as necessary, but in any event will be updated when implementing material changes in the operational system, the database systems or the processing of Customer Data procedures.

(h) EOS will not connect its systems containing Customer Data to the internet or to any other public network without installing appropriate security measures against unauthorized penetration or programs that are capable of causing damage or disruption to such systems. Without derogating from the foregoing, for the transfer of Customer Data through the internet or a public network, EOS will use accepted encryption methods.

(i) EOS undertakes to ensure the running of an automatic documentation mechanism that enables access to the systems containing Customer Data and infrastructure to be audited with the following data: identity of the user, the date and time of the access attempt, the component of the system to which the access attempt was made, the type of access, its scope and whether the access was approved or denied (the "Control Mechanism"). Insofar as possible, the Control Mechanism shall not enable its operations to be revoked or amended and shall identify amendments to, or revocations of, its operation and shall send warning to EOS. EOS shall routinely inspect the Control Mechanism and its documentation data, and shall prepare a report of the problems discovered and steps taken as a result of them. The documentation data of the Control Mechanism shall be kept for a period of at least 24 months. EOS shall notify (in writing) any authorized persons with access to the Customer Data of the existence of the Control Mechanism.

(j) EOS undertakes to refrain, as far as possible, from using portable devices in connection with the Customer. In the event EOS enables the usage of portable devices, it shall take reasonable security measures taking into account the particular risks connected with the use of a portable device with the Customer Data and its sensitivity.

(k) EOS will ensure that the systems containing Customer Data are managed and operated properly, as commonly acceptable in the operation of such systems. EOS will ensure updating the database systems containing Customer Data on a regular basis, including the computer material required for their operation; no use will be made of systems whose manufacturer does not support their security aspects, unless an appropriate security solution is provided.

(l) EOS shall retain any logs and records generated through the implantation of the security measures in this Section 6.1 and/or the EOS Security Standards throughout the term of the services provided to the Customer and will backup such data in a manner ensuring that the data can be restored to its original form at all times.

6.2.   Customer may elect to implement technical and organizational measures in relation to Customer Data. Such technical and organizational measures include the following which may be obtained by Customer from EOS as described in the Documentation, or directly from a third party supplier:

(a) pseudonymisation and encryption to ensure an appropriate level of security;

(b) measures to ensure the ongoing confidentiality, integrity, availability and resilience of the processing systems and services that are being operated by Customer;

(c) measures to allow Customer to backup and archive appropriately in order to restore availability and access to Customer Data in a timely manner in the event of a physical or technical incident; and

(d) processes for regularly testing, assessing and evaluating the effectiveness of the technical and organizational measures implemented by Customer.

7.     Sub-processing.

7.1.    Authorized Sub-processors. Customer agrees that EOS may use sub-processors to fulfill its contractual obligations under this Addendum or to provide certain services on its behalf, such as providing support services. The EOS Site lists sub-processors that are currently engaged by EOS to carry out processing activities on Customer Data on behalf of Customer. At least 30 days before EOS engages any new sub-processor to carry out processing activities on Customer Data on behalf of Customer, EOS will update the applicable website and provide Customer with a mechanism to obtain notice of that update. If Customer objects to a new sub-processor, then without prejudice to any termination rights Customer has under the Agreement and subject to the applicable terms and conditions, Customer may move the relevant Customer Data to another EOS Region where the new sub-processor to whom Customer objects, is not engaged by EOS as a sub-processor. Customer consents to EOS’s use of sub-processors as described in this Section. Except as set forth in this Section, or as Customer may otherwise authorize, EOS will not permit any sub-processor to carry out processing activities on Customer Data on behalf of Customer.

7.2.   Sub-processor Obligations. Where EOS authorizes any sub-processor as described in Section 7.1:

(i) EOS will restrict the sub-processor’s access to Customer Data only to what is necessary to maintain the Services or to provide the Services to Customer and any End Users in accordance with the Documentation and EOS will prohibit the sub-processor from accessing Customer Data for any other purpose;

(ii) EOS will enter into a written agreement with the sub-processor and, to the extent that the sub-processor is performing the same data processing services that are being provided by EOS under this Addendum, EOS will impose on the sub-processor substantially similar contractual obligations that EOS has under this Addendum; and

(iii) EOS will remain responsible for its compliance with the obligations of this Addendum and for any acts or omissions of the sub-processors that cause EOS to breach any of EOS’s obligations under this Addendum.

8.     Data Subject Rights. Taking into account the nature of the Services, EOS offers Customer certain controls as described in Sections 2.2 and 6.2 that Customer may elect to use to comply with its obligations towards Data Subjects. Should a Data Subject contact EOS with regard to correction or deletion of its personal data, EOS will use commercially reasonable efforts to forward such requests to Customer, without undue delay.

9.     Optional Security Features. EOS makes available a number of security features and functionalities that Customer may elect to use. Customer is responsible for (a) implementing the measures described in Section 6.2, as appropriate, (b) properly configuring the Services, (c) using the controls available in connection with the Services (including the security controls) to allow Customer to restore the availability and access to Customer Data in a timely manner in the event of a physical or technical incident (e.g. backups and routine archiving of Customer Data), and (d) taking such steps as Customer considers adequate to maintain appropriate security, protection, and deletion of Customer Data, which includes use of encryption technology to protect Customer Data from unauthorized access and measures to control access rights to Customer Data.

 

 

10.   Security Incident Notification.

10.1. Security Incident. EOS will (a) notify Customer of a Security Incident without undue delay but no more than 24 hours after becoming aware of the Security Incident, b) document such Security Incident (the said documentation will be based as much as possible on automatic records), and c) take reasonable steps to mitigate the effects and to minimize any damage resulting from the Security Incident.

10.2. EOS Assistance. To assist Customer in relation to any personal data breach notifications Customer is required to make under Data Protection Laws, EOS will include in the notification under section 10.1 such information about the Security Incident as EOS is reasonably able to disclose to Customer, taking into account the nature of the Services, the information available to EOS, and any restrictions on disclosing the information, such as confidentiality. EOS shall refrain from making any notifications to Data Subjects regarding a Security Incident occurred in connection with the Customer Data, unless required under Data Protection Laws.

10.3. Unsuccessful Security Incidents. Customer agrees that:

(i) an unsuccessful Security Incident will not be subject to this Section 10. An unsuccessful Security Incident is one that results in no unauthorized access to Customer Data or to any of EOS’s equipment or facilities storing Customer Data, and may include, without limitation, pings and other broadcast attacks on firewalls or edge servers, port scans, unsuccessful log-on attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not result in access beyond headers) or similar incidents; and

(ii) EOS’s obligation to report or respond to a Security Incident under this Section 10 is not and will not be construed as an acknowledgement by EOS of any fault or liability of EOS with respect to the Security Incident.

10.4. Communication. Notification(s) of Security Incidents, if any, will be delivered to one or more of Customer’s administrators by any means EOS selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on the EOS management console and secure transmission at all times.

11.   EOS Certifications and Audits.

11.1. ISO-Certification and SOC Reports. In addition to the information contained in this Addendum, upon Customer’s request, and provided that the parties have an applicable NDA in place, EOS will make available the following documents and information:

(i) the certificates issued in relation to the ISO 27001 certification, the ISO 27017 certification and the ISO 27018 certification (or the certifications or other documentation evidencing compliance with such alternative standards as are substantially equivalent to ISO 27001, ISO 27017 and ISO 27018); and

(ii) the System and Organization Controls (SOC) 1 Report, the System and Organization Controls (SOC) 2 Report and the System and Organization Controls (SOC) 3 Report (or the reports or other documentation describing the controls implemented by EOS that replace or are substantially equivalent to the SOC 1, SOC 2 and SOC 3).

11.2. EOS Audits. EOS uses external auditors to verify the adequacy of its security measures, including the security of the physical data centers from which EOS provides the Services. This audit: (a) will be performed at least annually; (b) will be performed according to ISO 27001 standards or such other alternative standards that are substantially equivalent to ISO 27001; (c) will be performed by independent third party security professionals at EOS’s selection and expense; and (d) will result in the generation of an audit report (“Report”), which will be EOS’s Confidential Information.

11.3. Audit Reports. At Customer’s written request, and provided that the parties have an applicable NDA in place, EOS will provide Customer with a copy of the Report so that Customer can reasonably verify EOS’s compliance with its obligations under this Addendum.

11.4. Privacy Impact Assessment and Prior Consultation. Taking into account the nature of the Services and the information available to EOS, EOS will assist Customer in complying with Customer’s obligations in respect of data protection impact assessments and prior consultation pursuant to Articles 35 and 36 of the GDPR, by providing the information EOS makes available under this Section 11.

12.   Customer Audits. Customer agrees to exercise any right it may have to conduct an audit or inspection, including under the Standard Contractual Clauses if they apply, by instructing EOS to carry out the audit described in Section 11. If Customer wishes to change this instruction regarding the audit, then Customer has the right to request a change to this instruction by sending EOS written notice as provided for in the Agreement. If EOS declines to follow any instruction requested by Customer regarding audits or inspections, Customer is entitled to terminate this Addendum and the Agreement. If the Standard Contractual Clauses apply, nothing in this Section varies or modifies the Standard Contractual Clauses nor affects any supervisory authority’s or data subject’s rights under the Standard Contractual Clauses.

13.   Transfers of Personal Data.

13.1. Regions. Customer may specify the location(s) where Customer Data will be processed within the EOS Network (each a “Region”). Once Customer has made its choice, EOS will not transfer or process Customer Data from Customer’s selected Region(s) except as necessary to provide the Services initiated by Customer, or as necessary to comply with the law or binding order of a governmental body. If the Standard Contractual Clauses apply, nothing in this Section varies or modifies the Standard Contractual Clauses.

13.2. EU Transfers. Where the GDPR is applicable, to the extent EOS or its sub-processors process Personal Data outside the EEA or an Approved Jurisdiction, then the Parties shall be deemed to have entered the applicable module of the Standard Contractual Clauses, which are incorporated to this DPA by reference, and such transfer will rely on the Standard Contractual Clauses, including the amendments as set out in Schedule 1 and Annexes I-III below, which are incorporated in the Standard Contractual Clauses by reference.

13.3. UK Transfers. If the transfer of Personal Data is subject to the UK GDPR, then to the extent that EOS or its sub-processors process Personal Data outside the UK or a third country’s system covered by UK adequacy regulations issued under Section 17A of the Data Protection Act 2018 or Paragraphs 4 and 5 of Schedule 21 of the Data Protection Act 2018, the Parties shall be deemed to enter into the Standard Contractual Clauses, subject to the UK Addendum, and any amendments contained in Schedule 1 and Annexes I-III below, which are incorporated in the Standard Contractual Clauses and the UK Addendum by reference.

13.4. If EOS or its sub-processors intend to rely on Standard Contractual Clauses including, where applicable, the UK Addendum, then if the Standard Contractual Clauses or the UK Addendum are superseded by new or modified legal mechanism for transfers of Personal Data, the new or modified legal mechanism for transfers of Personal Data shall be deemed to be incorporated into this DPA, and EOS will promptly begin complying with such legal mechanism for transfers of Personal Data. EOS will abide by the obligations set forth under the Standard Contractual Clauses and the UK Addendum for data importer and/or processor as the case may be.

 

14.   Termination of the Addendum. This Addendum shall continue in force until the termination of the Agreement (the “Termination Date”).

15.   Return or Deletion of Customer Data. The Services provide Customer with controls that Customer may use to retrieve or delete Customer Data as described in the Documentation. Up to the Termination Date, Customer will continue to have the ability to retrieve or delete Customer Data in accordance with this Section. For 180 days following the Termination Date, Customer may retrieve or delete any remaining Customer Data from the Services, subject to the terms and conditions set out in the Agreement, unless prohibited by law or the order of a governmental or regulatory body or it could subject EOS or its Affiliates to liability. No later than the end of this 180 day period, Customer will close all EOS accounts. Any remaining Customer Data will be deleted from EOS's systems upon the termination of the Customer's EOS accounts and in such case, EOS will provide Customer with a written confirmation confirming that all Customer Data has been destroyed or otherwise deleted from EOS systems and/or any systems of its sub-processors. EOS may fulfill its obligations under this sub-section by anonymizing the data, provided that after destroying or anonymizing such Customer data, it shall not include any personal information or be identifiable as data relating to any person or organization an such identifying cannot be reversed engineered or otherwise inferred from the anonymized data.

16.   Duties to Inform. Where Customer Data becomes subject to confiscation during bankruptcy or insolvency proceedings, or similar measures by third parties while being processed by EOS, EOS will inform Customer without undue delay. EOS will, without undue delay, notify all relevant parties in such action (e.g. creditors, bankruptcy trustee) that any Customer Data subjected to those proceedings is Customer’s property and area of responsibility and that Customer Data is at Customer’s sole disposition.

17.   Nondisclosure. Customer agrees that the details of this Addendum are not publicly known and constitute EOS’s Confidential Information under the confidentiality provisions of the Agreement or NDA. Customer will not disclose the contents of this Addendum to any third party except as required by law.

18.   Entire Agreement; Conflict. This Addendum supersedes and replaces all prior or contemporaneous representations, understandings, agreements, or communications between Customer and EOS, whether written or verbal, regarding the subject matter of this Addendum. Except as amended by this Addendum, the Agreement will remain in full force and effect. If there is a conflict between any other agreement between the parties including the Agreement and this Addendum, the terms of this Addendum will control.

 

                                                   

 


 

Schedule 1 – Standard Contractual Clauses Stipulations

1.     This Schedule 1 sets out the Parties' agreed interpretation of their respective obligations under Module Two of the Standard Contractual Clauses and the UK Addendum (as applicable).

2.     The Parties agree that for the purpose of transfer of Personal Data between EOS (Data Importer) and Customer (Data Exporter), the following amendments shall apply to the Standard Contractual Clauses:

2.1.    Clause 7 of the Standard Contractual Clauses shall not be applicable.

2.2.    In Clause 9, option 2 shall apply. Recipient shall inform Subsidiary of any intended addition or replacement of sub-processors at least thirty (30) days in advance.

2.3.    In Clause 11, Data Subjects shall not be able to lodge a complaint with an independent dispute resolution body.

2.4.    In Clause 17, option 1 shall apply. The Parties agree that the clauses shall be governed by the law of Ireland.

2.5.    In Clause 18(b) the Parties choose the courts of Dublin, Ireland as their choice of forum and jurisdiction.

3.     Where the transfer of Personal Data is subject to the UK GDPR and the transfer relies on the UK Addendum, then the following amendments shall apply to the UK Addendum:

3.1.    In Table 1 the “Exporter” is Subsidiary; the “Importer” is Recipient; and the parties details and signatures are included in the Agreement;

3.2.    In Table 2, the first option is selected and the “Approved EU SCCs” are those Standard Contractual Clauses incorporated into this DPA;

3.3.    In Table 3, “Annex 1A, 1B and 2 to the Approved EU SCCs” are Annexes I, II and III to the DPA; and

3.4.    In Table 4, both the “Importer” and the “Exporter” can terminate the UK Addendum in accordance with section 19 of the UK Addendum

4.     The Parties have completed Annexes I–III below, which are incorporated in the Standard Contractual Clauses by reference.


 

ANNEX 1 TO THE STANDARD CONTRACTUAL CLAUSES

Data exporter

The data exporter is the entity identified as “Customer” in the Addendum

 

Data importer

The data importer is esh OS LTD., a provider of web services.

 

Data subjects

Data subjects are defined in Section 2.3 of the Addendum.

 

Categories of data

The personal data is defined in Section 2.3 of the Addendum.

Special Categories of data

The Personal Data transferred may concern the following special categories of data: Physical or mental health condition,  racial or ethnic origin, political opinions. 

The frequency of the transfer

The Personal Data transfer shall be performed on an ongoing and continuous basis.

Nature of the processing

The personal data transferred will be subject to the following basic processing activities: collection, recording, organization, storage, retrieval, consultation, use, disclosure by transmission, dissemination, restriction and destruction.

Purpose of the transfer and further processing

As defined in Section 2.3 of the Addendum.

Retention period

Personal Data will be retained for the term of the Agreement and as defined in the Addendum.

Competent Supervisory Authority

The competent supervisory authority shall be set in accordance with the provisions of Clause 13 of the Standard Contractual Clauses.


 

ANNEX 2 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties. By signing the signature page of this Addendum, the parties will be deemed to have signed this Appendix 2.

Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached):

The technical and organizational security measures implemented by the data importer are as described in the Addendum and in EOS's Security Standards.


 

ANNEX 3 TO THE STANDARD CONTRACTUAL CLAUSES

A list of EOS's sub-processors is located at the EOS website

Our website uses cookies from third party services to improve your browsing experience. Read more about this and how you can control cookies by clicking "Privacy Preferences".
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.
Privacy Notice
You have read and agreed to our privacy notice
Required
Tracking
You have read and agreed to our cookie notice
Required
Privacy Notice Cookie Notice
Skip to content