{"id":140387,"date":"2023-03-09T06:07:52","date_gmt":"2023-03-09T13:07:52","guid":{"rendered":"https:\/\/scaledagile.com\/?page_id=140387"},"modified":"2025-03-05T13:38:56","modified_gmt":"2025-03-05T20:38:56","slug":"dsa","status":"publish","type":"page","link":"https:\/\/scaledagile.com\/dsa\/","title":{"rendered":"Data Sharing Addendum"},"content":{"rendered":"
Home<\/a><\/span> > Data Sharing Addendum<\/span><\/span><\/div>\n\n\n

EFFECTIVE: March 5, 2025<\/strong><\/p>\n\n\n\n

THIS DATA SHARING ADDENDUM <\/strong>(including its Annexes attached hereto and referenced herein) (\u201cDSA<\/strong>\u201d) to the Agreement is entered into as of the Addendum Effective Date by and between: (1) Scaled Agile, Inc.<\/strong>, a Delaware corporation with its principal business address at 4845 Pearl East Circle, Suite 101 Boulder, CO 80301 (\u201cSAI<\/strong>\u201d); and (2) the entity or other person who is a counterparty to the Agreement into which this DSA is incorporated and forms a part (\u201cCustomer<\/strong>\u201d), together the \u201cparties<\/strong>\u201d and each a \u201cparty<\/strong>.\u201d<\/p>\n\n\n\n

1. Definitions.<\/p>\n\n\n\n

1.1 In this DSA the following terms shall have the meanings set out in this Section 1, unless expressly stated otherwise:<\/p>\n\n\n\n

\n

(a) \u201cAddendum Effective Date\u201d <\/strong>means the effective date of the Agreement.<\/p>\n\n\n\n

(b)  \u201cAgreement<\/strong>\u201d means the SAFe Enterprise Agreement, Partner Program Agreement, piplanning.io Agreement and\/or other agreement entered into by and between the parties.<\/p>\n\n\n\n

(c) \u201c<\/strong>Applicable Data Protection Laws”<\/strong> means all laws governing the privacy, confidentiality, and security of Personal Data under the Agreement, including, to the extent applicable to the relevant Personal Data\/Processing, the GDPR, the FADP or the CCPA. <\/p>\n\n\n\n

(d) \u201cCCPA”<\/strong> means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the “CPRA”), and any binding regulations promulgated thereunder.<\/p>\n\n\n\n

(e) \u201c<\/strong>Clauses”<\/strong> means the clauses of the SCCs.<\/p>\n\n\n\n

(f) \u201c<\/strong>Controller”<\/strong> means the party that determines the means and purposes for Processing Personal Data.<\/p>\n\n\n\n

(g) \u201c<\/strong>Customer Provided Data”<\/strong> means electronic data or information provided by Customer to SAI to the extent such electronic data or information constitutes Personal Data.<\/p>\n\n\n\n

(h) \u201c<\/strong>Data Subject”<\/strong> means an identified or identifiable natural person to whom Personal Data relates.<\/p>\n\n\n\n

(i) \u201c<\/strong>EEA”<\/strong> means the European Economic Area.<\/p>\n\n\n\n

(j)  \u201cFADP<\/strong>\u201d means the Swiss Federal Act on Data Protection of 19 June 1992 and its revised version of 25 September 2020.<\/p>\n\n\n\n

(k) \u201cFDPIC<\/strong>\u201d means Swiss Federal Data Protection and Information Commissioner.<\/p>\n\n\n\n

(l) \u201cGDPR\u201d <\/strong>means, as applicable to the Processing concerned: (i) Regulation (EU) 2016\/679 of the European Parliament and of the Counsel of 27 April 2016 (\u201cEU GDPR<\/strong>\u201d), and\/or (ii) the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, including, in each case, any applicable national implementing or supplementary legislation (e.g., the UK Data Protection Act 2018), and any successor, amendment or re-enactment, to or of the foregoing.<\/p>\n\n\n\n

(m) \u201cInformation Security Incident\u201d <\/strong>means a breach of SAI\u2019s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Provided Data (to the extent it constitutes Personal Data) in SAI\u2019s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Customer Provided Data (to the extent it constitutes Personal Data), including unsuccessful log-in attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or networked systems.<\/p>\n\n\n\n

(n) \u201c<\/strong>Personal Data”<\/strong> means any information that constitutes “personal data,” “personal information,” or similar information governed by Applicable Data Protection Laws.<\/p>\n\n\n\n

(o) \u201c<\/strong>Processing”<\/strong> means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.<\/p>\n\n\n\n

(p) \u201cRestricted Transfer\u201d <\/strong>means the disclosure, grant of access or other transfer of Personal Data under this Agreement to any person located in: (i) in the context of the EEA, any country or territory outside the EEA which does not benefit from an adequacy decision from the European Commission (an \u201cEEA Restricted Transfer<\/strong>\u201d); (ii) in the context of the UK, any country or territory outside the UK, which does not benefit from an adequacy decision from the UK Government (a \u201cUK Restricted Transfer<\/strong>\u201d); and (iii) in the context of Switzerland, a country or territory outside of Switzerland which does not benefit from an adequacy decision from the Swiss Government (a \u201cSwiss Restricted Transfer<\/strong>\u201d), in each case, which would be prohibited without a legal basis under the GDPR and\/or FADP.<\/p>\n\n\n\n

(q) \u201cSAFe Platform<\/strong>\u201d means SAI\u2019s web-based SAFe Enterprise platform, piplanning.io platform and\/or other designated websites designed to achieve and sustain business agility.<\/p>\n\n\n\n

(r) \u201c<\/strong>Security Measures”<\/strong> has the meaning given in Section 2.1.<\/p>\n\n\n\n

(s) \u201c<\/strong>SCCs”<\/strong> means the standard contractual clauses approved by the European Commission pursuant to implementing Decision (EU) 2021\/914.<\/p>\n\n\n\n

(t) \u201c<\/strong>UK Transfer Addendum”<\/strong> means the template Addendum B.1.0 issued by the United Kingdom\u2019s Information Commissioner\u2019s Office and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under section 18 of the Mandatory Clauses included in Part 2 thereof (the “UK Mandatory Clauses”).<\/p>\n\n\n\n

(u) \u201c<\/strong>User Personal Data”<\/strong> means (i) Customer Provided Data; and (ii) Personal Data which SAI receives from time to time directly from users, or is otherwise derived from users, via the SAFe Platform or otherwise.<\/p>\n\n\n\n

1.2 The parties acknowledge and agree that the parties:<\/p>\n<\/div><\/div>\n\n\n\n

\n

(a) are independent Controllers in respect of User Personal Data; and<\/p>\n\n\n\n

(b) shall comply with their respective obligations as independent Controllers under Applicable Data Protection Laws.<\/p>\n<\/div><\/div>\n\n\n\n

1.3 For the avoidance of doubt, the parties acknowledge and agree that the parties are not “joint Controllers” as such term is interpreted under Applicable Data Protection Laws.<\/p>\n\n\n\n

2. Data Security.<\/strong><\/p>\n\n\n\n

2.1 SAI will implement and maintain administrative, technical, physical, and organizational measures designed to protect User Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, User Personal Data as described in Annex 3 (Security Measures) (the \u201cSecurity Measures<\/strong>“). SAI may update the Security Measures from time to time, provided the updated measures do not decrease the overall protection of User Personal Data.<\/p>\n\n\n\n

2.2 SAI will notify Customer without undue delay of any Information Security Incident affecting Customer Provided Data of which SAI becomes aware to the extent that Customer Provided Data constitutes Personal Data. Such notifications will describe available details of the Information Security Incident, including steps taken to mitigate the potential risks and steps SAI recommends Customer take to address the Information Security Incident. SAI\u2019s notification of or response to an Information Security Incident will not be construed as SAI\u2019s acknowledgement of any fault or liability with respect to the Information Security Incident.<\/p>\n\n\n\n

2.3 Customer agrees that, without limitation of SAI\u2019s obligations under this Section 2, Customer is solely responsible for its use of the Services, including (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Customer Provided Data; (b) securing the account authentication credentials, systems and devices Users uses to access the Services; (c) securing Customer\u2019s systems and devices that SAI uses to provide the Services; and (d) backing up Customer Provided Data.<\/p>\n\n\n\n

3. SAI\u2019s Data Subject Request Assistance.<\/h2>\n\n\n\n

SAI will provide Customer with assistance reasonably necessary for Customer to perform its obligation under Applicable Data Protection Laws to fulfill requests by Data Subjects to exercise their rights under Applicable Data Protection Laws with respect to Customer Provided Data in SAI\u2019s possession (\u201cData Subject Requests<\/strong>“). Customer shall compensate SAI for any such assistance at SAI\u2019s then-current professional services rates, which shall be made available to Customer upon request. If SAI receives a Data Subject Request, SAI will notify Customer and Customer will be responsible for responding to any such request.<\/p>\n\n\n\n

4. Data Transfers.<\/h2>\n\n\n\n

4.1 Where SAI is certified under a scheme (such as the EU-U.S. Data Privacy Framework, UK Extension and\/or Swiss-U.S. Data Privacy Framework (as applicable)) that benefits from an adequacy decision from the European Commission, UK Government and\/or Swiss Government (as applicable) (each a \u201cTransfer Scheme<\/strong>\u201d), SAI will rely on the Transfer Scheme to appropriately safeguard Restricted Transfers.<\/p>\n\n\n\n

4.2 To the extent that the transmission of Personal Data under this DSA constitutes an EEA Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such EEA Restricted Transfer and incorporated by reference into this DSA. To the extent of any conflict or inconsistency between the SCCs and this Agreement, the SCCs will govern.<\/p>\n\n\n\n

4.3 To the extent that the transmission of Personal Data under this DSA constitutes a UK Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be varied to address the requirements of the UK GDPR in accordance with the UK Transfer Addendum and populated in accordance with Part 2 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such UK Restricted Transfer and incorporated by reference into this DSA.<\/p>\n\n\n\n

4.4 To the extent that the transmission of Personal Data under this DSA constitutes a Swiss Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), varied to address the requirements of the FADP in accordance with Part 3 of Annex 2 (Restricted Transfer Details), entered into with effect from the first day of any such Swiss Restricted Transfer and incorporated by reference into this DSA.<\/p>\n\n\n\n

5 SAI may on notice vary this Section 4 and replace the SCCs or the UK Transfer Addendum with: (i) any new or replacement set(s) of standard contractual clauses; or (ii) any other transfer mechanism that enables the lawful transfer of Personal Data under this Agreement in compliance with Chapter V of the GDPR and\/or the FADP.<\/p>\n\n\n\n

5. Customer Responsibilities.<\/h2>\n\n\n\n

Customer represents and warrants to SAI that Customer Provided Data does not and will not contain any Social Security numbers or other government-issued identification numbers, protected health information subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) or other information regarding an individual\u2019s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; health insurance information; biometric information; passwords to any online accounts; credentials to any financial accounts; tax return data; any payment card information subject to the Payment Card Industry Data Security Standard; Personal Data of children under 16 years of age; or any other information that falls within any special categories of data (as defined in the Applicable Data Protection Laws). Customer shall ensure (and is solely responsible for ensuring) that it has given such notices to and obtained such consents and permissions from third parties (including, without limitation, Data Subjects), and has reserved all rights, in each case, as may be required under Applicable Data Protection Laws or otherwise for Customer to provide Customer Provided Data to SAI as contemplated by the Agreement.<\/p>\n\n\n\n

6. Liability.<\/h2>\n\n\n\n

The total combined liability of either party and its affiliates towards the other party and its Affiliates, whether in contract, tort or any other theory of liability, under or in connection with this DSA will be limited to the limitations on liability or other liability caps agreed to by the parties in the Agreement; provided that <\/strong>nothing in the Agreement or this DSA will affect any party\u2019s liability to Data Subjects under the third-party beneficiary provisions of the SCCs, where applicable, to the extent limitation of such rights is prohibited by Applicable Data Protection Laws.<\/p>\n\n\n\n

7. CCPA.<\/h2>\n\n\n\n

7.1 For purposes of this Section 7, the terms \u201cbusiness,\u201d \u201ccommercial purpose,\u201d \u201csell,\u201d \u201cshare\u201d and “service provider” shall have the respective meanings given thereto in the CCPA, and “personal information ” shall mean Customer Provided Data that constitutes \u201cpersonal information\u201d governed by the CCPA.<\/p>\n\n\n\n

7.2 In respect of any Processing by SAI of Personal Data not in relation SAI\u2019s provision of those elements of the Services to Customer, SAI (A) does not act as a service provider; (B) independently determines the purposes and means of such Processing; (C) shall comply with Applicable Data Protection Laws; and (D) shall apply technical and organizational safeguards to any relevant Personal Data that are no less protective than those required by this DSA.<\/p>\n\n\n\n

7.3 SAI (a) acknowledges that personal information is disclosed by Customer only for limited and specified purposes described in the Agreement; (b) shall comply with applicable obligations under the CCPA and shall provide the same level of privacy protection to personal information as is required by the CCPA; (c) agrees that Customer has the right to take reasonable and appropriate steps to help to ensure that SAI\u2019s use of personal information is consistent with Customer\u2019s obligations under the CCPA; (d) shall notify Customer in writing of any determination made by SAI that it can no longer meet its obligations under the CCPA; and (e) agrees that Customer has the right, upon notice, including pursuant to the preceding clause, to take reasonable and appropriate steps to stop and remediate unauthorized use of personal information.<\/p>\n\n\n\n

7.4 It is the parties\u2019 intent that with respect to any personal information within the scope of this Section 7, SAI is a service provider. SAI shall not (A) sell such personal information; (B) retain, use or disclose such personal information for any purpose other than for the specific purpose of (i) enrolling and authenticating Users in the Courseware, the Courses, and the SAFe Platform; and (ii) performing its other obligations and exercising its rights under the Agreement, including retaining, using, or disclosing the personal information for a commercial purpose other than the provision of the Services; or (C) retain, use or disclose such personal information outside of the direct business relationship between SAI and Customer. SAI hereby certifies that it understands its obligations under this Section 7.4 and will comply with them.<\/p>\n\n\n\n

7.5 The parties acknowledge that SAI\u2019s retention, use and disclosure of personal information authorized by Customer\u2019s instructions documented in the DSA are integral to SAI\u2019s provision of the Services and the business relationship between the parties.<\/p>\n\n\n\n

7.6 SAI agrees to cooperate in good faith with Customer concerning any amendments as may be necessary to address compliance with the CCPA.<\/p>\n\n\n\n

<\/p>\n\n\n\n

ANNEX 1 <\/h2>\n\n\n\n

DATA SHARING DETAILS <\/strong><\/h2>\n\n\n\n

PART 1: DETAILS OF THE PARTIES <\/strong><\/h3>\n\n\n\n
\n
\n

A. SAI \/ \u2018DATA IMPORTER\u2019 DETAILS <\/h4>\n<\/div>\n<\/div>\n\n\n\n
\n
Name:<\/td>Scaled Agile, Inc.<\/td><\/tr>
Address:<\/td>4845 Pearl East Circle, Suite 101 Boulder, CO 80301<\/td><\/tr>
Contact Details for Data Protection:<\/td>support@scaledagile.com<\/a><\/td><\/tr>
SAI Activities:<\/td>SAI is the provider of the SAFe Platform<\/td><\/tr>
Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/div>\n\n\n\n
<\/div>\n\n\n\n

B. CUSTOMER \/ \u2018DATA EXPORTER\u2019 DETAILS<\/h4>\n\n\n\n
\n
Name:<\/td>The entity or other person who is a counterparty to the Agreement<\/td><\/tr>
Address:<\/td>Customer\u2019s address is (i) the address shown in the Agreement; or (ii) if no such address is contained within the Agreement, the Customer\u2019s principal business trading address<\/td><\/tr>
Contact Details for Data Protection:<\/td>Customer\u2019s contact details are: (i) the contact details shown in the Agreement; or (ii) if no such contact details are contained within the Agreement, Customer\u2019s contact details submitted by Customer and associated with Customer\u2019s account for the Services<\/td><\/tr>

Customer Activities:<\/td>		Customer\u2019s activities relevant to this DSA are the use and receipt of the Services under and in accordance with, and for the purposes anticipated and permitted in, the Agreement<\/td><\/tr>
Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/div>\n\n\n\n
<\/div>\n\n\n\n

PART 2: DETAILS OF DATA SHARING<\/h3>\n\n\n\n

Where the SAFe Enterprise Agreement and\/or piplanning.io Agreement applies:<\/h4>\n\n\n\n
\n
Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to the Services<\/td><\/tr>
Categories of Personal Data:<\/td>Customer may submit Personal Data of Users to the Services, including first name, surname, and business email address<\/td><\/tr>
Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer in and through its use, or use on its behalf, of the Services<\/td><\/tr>
Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
Purpose of the Processing:<\/td>Customer Provided Data will be processed: (i) as necessary to provide the Services as initiated by Customer in its use thereof, and (ii) to comply with any other reasonable instructions provided by Customer in accordance with the terms of this DSA<\/td><\/tr>
Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/div>\n\n\n\n
<\/div>\n\n\n\n

Where the Partner Program Agreement applies:<\/h4>\n\n\n\n
\n
Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to SAI<\/td><\/tr>
Categories of Personal Data:<\/td>Customer may submit Personal Data of users to SAI, including first name, surname, and business email address<\/td><\/tr>
Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer<\/td><\/tr>
Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
Purpose of the Processing:<\/td>Customer Provided Data will be processed in order to (i) validate and verify users\u2019 attendance at courses held by Customer; and (ii) provide information to users regarding their course <\/td><\/tr>
Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/div>\n\n\n\n
<\/div>\n\n\n\n

ANNEX 2<\/h2>\n\n\n\n

RESTRICTED TRANSFER DETAILS<\/h2>\n\n\n\n

PART 1: EEA RESTRICTED TRANSFERS<\/h3>\n\n\n\n
    \n
  1. Population of the body of the SCCs.<\/strong> The following selections within the text of Module One and the Clauses thereof are agreed:<\/li>\n<\/ol>\n\n\n\n

    1.1 In Clause 7:<\/strong> the optional \u2018Docking Clause\u2019 is included in full.<\/p>\n\n\n\n

    1.2 In Clause 11:<\/strong> the optional language is not used and is deleted.<\/p>\n\n\n\n

    1.3 In Clause 13:<\/strong> all square brackets are removed, and all text therein is retained.<\/p>\n\n\n\n

    1.4 In Clause 17:<\/strong> the parties agree that the SCCs shall be governed by the law of Ireland in relation to any EEA Restricted Transfer, and Clause 17 is populated accordingly.<\/p>\n\n\n\n

    1.5 In Clause 18:<\/strong> the parties agree that any dispute arising from the SCCs in relation to any EEA Restricted Transfer shall be resolved by the courts of Ireland, and Clause 18(b) is populated accordingly.<\/p>\n\n\n\n

    2 Population of Annexes to the Appendix to the SCCs.<\/strong><\/p>\n\n\n\n

    2.1 Annex I to the Appendix to the SCCs is populated with the corresponding information detailed in Annex 1 (Data Sharing Details) to the Agreement, with: Customer being \u2018data exporter\u2019; and SAI being \u2018data importer\u2019.<\/p>\n\n\n\n

    2.2 Part C of Annex I to the Appendix to the SCCs is populated as below:<\/p>\n\n\n\n

    \n

    (a) The competent supervisory authority shall be determined as follows:<\/p>\n\n\n\n

    \n


    (i) Where Customer is established in an EU Member State: the competent supervisory authority shall be the supervisory authority of that EU Member State in which Customer is established.<\/p>\n\n\n\n


    (ii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies and Customer has appointed an EU representative under Article 27 of the GDPR: the competent supervisory authority shall be the supervisory authority of the EU Member State in which Customer\u2019s EU representative relevant to the processing hereunder is based (from time-to-time).<\/p>\n\n\n\n


    (iii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies, but Customer has not appointed an EU representative under Article 27 of the GDPR the competent supervisory authority shall be the Irish Data Protection Commission will be the competent supervisory authority; unless no data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located in Ireland, in which case the parties agree to work together to agree the appropriate competent supervisory authority, which must be an EU Member State in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located.<\/p>\n\n\n\n

    2.3 Annex II to the Appendix to the SCCs is populated as below:<\/p>\n\n\n\n

    (a) General:<\/strong> Please refer to Annex 3 (Security Measures).<\/p>\n\n\n\n

    <\/p>\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n

    PART 2: UK RESTRICTED TRANSFERS<\/h3>\n\n\n\n
    \n

    1 UK Transfer Addendum<\/strong><\/p>\n\n\n\n

    1.1 Where relevant in accordance with Section 4.3 of the DSA, the SCCs also apply in the context of UK Restricted Transfers as varied by the UK Transfer Addendum as follows:<\/p>\n<\/div><\/div>\n\n\n\n

    \n

    (a) Part 1 to the UK Transfer Addendum<\/strong>. The parties agree:<\/p>\n\n\n\n

    (i) Tables 1, 2 and 3 to the UK Transfer Addendum are deemed populated with the corresponding details set out in Annex 1 (Data Sharing Details) of this DSA and Part 1 of this Annex 2 (Restricted Transfer Details) (subject to the variations effected by the UK Mandatory Clauses described in Paragraph 1.1(b) below); and
    (ii) Table 4 to the UK Transfer Addendum is completed by the box labelled \u2018Data Importer\u2019 being deemed to have been ticked.<\/p>\n\n\n\n

    (b) Part 2 to the UK Transfer Addendum. The parties agree to be bound by the UK Mandatory Clauses of the UK Transfer Addendum.<\/p>\n\n\n\n

    <\/p>\n<\/div><\/div>\n\n\n\n

    1.2 As permitted by section 17 of the UK Mandatory Clauses, the parties agree to the presentation of the information required by \u2018Part 1: Tables\u2019 of the UK Transfer Addendum in the manner set out in Paragraph 1.1 of this Part 2; provided that the parties further agree that nothing in the manner of that presentation shall operate or be construed so as to reduce the Appropriate Safeguards (as defined in section 3 of the UK Mandatory Clauses).<\/p>\n\n\n\n

    1.3 In relation to any UK Restricted Transfer to which they apply, where the context permits and requires, any reference in the DSA to the SCCs, shall be read as a reference to those SCCs as varied in the manner set out in Paragraph 1.1 of this Part 2.<\/p>\n\n\n\n

    PART 3: SWISS RESTRICTED TRANSFERS<\/h3>\n\n\n\n
    \n

    1.1 Where relevant in accordance with Section 4.4 of the DSA, the SCCs are varied as follows:<\/p>\n<\/div><\/div>\n\n\n\n

    \n

    (a) the FDPIC is the sole Supervisory Authority for Swiss Restricted Transfers exclusively subject to the FADP;<\/p>\n\n\n\n

    (b) the terms \u201cGeneral Data Protection Regulation\u201d or \u201cRegulation (EU) 2016\/679\u201d as utilized in the SCCs are interpreted to include the FADP with respect to Swiss Restricted Transfers; <\/p>\n\n\n\n

    (c) references to Regulation (EU) 2018\/1725 are removed; and<\/p>\n\n\n\n

    (d) references to the \u201cUnion\u201d, \u201cEU\u201d and \u201cEU Member State\u201d are not interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of exercising their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the SCCs.<\/p>\n\n\n\n

    <\/p>\n<\/div><\/div>\n\n\n\n

    ANNEX 3<\/h2>\n\n\n\n

    SECURITY MEASURES<\/h2>\n\n\n\n
      \n
    1. Organizational management and dedicated staff responsible for the development, implementation, and maintenance of SAI\u2019s information security program.<\/li>\n\n\n\n
    2. Periodic review and assessment of security risks to SAI\u2019s organization, monitoring and maintaining compliance with SAI\u2019s security policies and procedures, and reporting the condition of its information security and compliance to internal senior management as needed.<\/li>\n\n\n\n
    3. Data security controls which include, at a minimum, logical segregation of data, restricted (e.g., role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for User Personal Data that is transmitted over public networks (i.e., the Internet) or when transmitted wirelessly or stored on portable or removable media (i.e., laptop computers, CD\/DVD, USB drives, back-up tapes).<\/li>\n\n\n\n
    4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review, and revoking\/changing access promptly when employment terminates or changes in job functions occur).<\/li>\n\n\n\n
    5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that SAI\u2019s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on SAI\u2019s computer systems; (iii) must have defined complexity; (iv) must have a history threshold to prevent reuse of recent passwords; and (v) newly issued passwords must be changed after first use.<\/li>\n\n\n\n
    6. System audit or event logging and related monitoring procedures to proactively record user access and system activity.<\/li>\n\n\n\n
    7. Physical and environmental security of data centers, server room facilities and other areas containing User Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor, and log movement of persons into and out of SAI\u2019s facilities, and (iii) guard against environmental hazards such as heat, fire, and water damage.<\/li>\n\n\n\n
    8. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from SAI\u2019s possession. Change management procedures and tracking mechanisms designed to test, approve, and monitor all material changes to SAI\u2019s technology and information assets.<\/li>\n\n\n\n
    9. Incident management procedures design to allow SAI to investigate, respond to, mitigate, and notify of events related to SAI\u2019s technology and information assets.<\/li>\n\n\n\n
    10. Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.<\/li>\n\n\n\n
    11. Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate, and protect against identified security threats, viruses, and other malicious code.<\/li>\n\n\n\n
    12. Business resiliency\/continuity and disaster recovery procedures designed to maintain service and\/or recovery from foreseeable emergencies or disasters.<\/li>\n<\/ol>\n\n\n\n
      <\/div>\n","protected":false},"excerpt":{"rendered":"

      EFFECTIVE: March 5, 2025 THIS DATA SHARING ADDENDUM (including its Annexes attached hereto and referenced herein) (\u201cDSA\u201d) to the Agreement is entered into as of the Addendum Effective Date by and between: (1) Scaled Agile, Inc., a Delaware corporation with its principal business address at 4845 Pearl East Circle, Suite 101 Boulder, CO 80301 (\u201cSAI\u201d); […]<\/p>\n","protected":false},"author":453,"featured_media":170837,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"52845,52846,52847,52848,53145,54538","_relevanssi_noindex_reason":"","footnotes":""},"role":[],"class_list":["post-140387","page","type-page","status-publish","has-post-thumbnail","hentry"],"acf":{"enable_jump_to":false,"hide_page_title":false,"page_header_background":false,"page_header_title":"","page_header_content":"","add_intercom":true,"hide_breadcrumb":false},"has_blocks":true,"block_data":[{"blockName":"core\/block","attrs":{"ref":187286,"content":[],"lock":[],"metadata":[],"openPopupId":""},"innerBlocks":[],"innerHTML":"","innerContent":[],"rendered":"

      Home<\/a><\/span> > Data Sharing Addendum<\/span><\/span><\/div>"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"EFFECTIVE: March 5, 2025<\/strong>","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      EFFECTIVE: March 5, 2025<\/strong><\/p>\n","innerContent":["\n

      EFFECTIVE: March 5, 2025<\/strong><\/p>\n"],"rendered":"\n

      EFFECTIVE: March 5, 2025<\/strong><\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"THIS DATA SHARING ADDENDUM <\/strong>(including its Annexes attached hereto and referenced herein) (\u201cDSA<\/strong>\u201d) to the Agreement is entered into as of the Addendum Effective Date by and between: (1) Scaled Agile, Inc.<\/strong>, a Delaware corporation with its principal business address at 4845 Pearl East Circle, Suite 101 Boulder, CO 80301 (\u201cSAI<\/strong>\u201d); and (2) the entity or other person who is a counterparty to the Agreement into which this DSA is incorporated and forms a part (\u201cCustomer<\/strong>\u201d), together the \u201cparties<\/strong>\u201d and each a \u201cparty<\/strong>.\u201d","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      THIS DATA SHARING ADDENDUM <\/strong>(including its Annexes attached hereto and referenced herein) (\u201cDSA<\/strong>\u201d) to the Agreement is entered into as of the Addendum Effective Date by and between: (1) Scaled Agile, Inc.<\/strong>, a Delaware corporation with its principal business address at 4845 Pearl East Circle, Suite 101 Boulder, CO 80301 (\u201cSAI<\/strong>\u201d); and (2) the entity or other person who is a counterparty to the Agreement into which this DSA is incorporated and forms a part (\u201cCustomer<\/strong>\u201d), together the \u201cparties<\/strong>\u201d and each a \u201cparty<\/strong>.\u201d<\/p>\n","innerContent":["\n

      THIS DATA SHARING ADDENDUM <\/strong>(including its Annexes attached hereto and referenced herein) (\u201cDSA<\/strong>\u201d) to the Agreement is entered into as of the Addendum Effective Date by and between: (1) Scaled Agile, Inc.<\/strong>, a Delaware corporation with its principal business address at 4845 Pearl East Circle, Suite 101 Boulder, CO 80301 (\u201cSAI<\/strong>\u201d); and (2) the entity or other person who is a counterparty to the Agreement into which this DSA is incorporated and forms a part (\u201cCustomer<\/strong>\u201d), together the \u201cparties<\/strong>\u201d and each a \u201cparty<\/strong>.\u201d<\/p>\n"],"rendered":"\n

      THIS DATA SHARING ADDENDUM <\/strong>(including its Annexes attached hereto and referenced herein) (\u201cDSA<\/strong>\u201d) to the Agreement is entered into as of the Addendum Effective Date by and between: (1) Scaled Agile, Inc.<\/strong>, a Delaware corporation with its principal business address at 4845 Pearl East Circle, Suite 101 Boulder, CO 80301 (\u201cSAI<\/strong>\u201d); and (2) the entity or other person who is a counterparty to the Agreement into which this DSA is incorporated and forms a part (\u201cCustomer<\/strong>\u201d), together the \u201cparties<\/strong>\u201d and each a \u201cparty<\/strong>.\u201d<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1. Definitions.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      1. Definitions.<\/p>\n","innerContent":["\n

      1. Definitions.<\/p>\n"],"rendered":"\n

      1. Definitions.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.1 In this DSA the following terms shall have the meanings set out in this Section 1, unless expressly stated otherwise:","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      1.1 In this DSA the following terms shall have the meanings set out in this Section 1, unless expressly stated otherwise:<\/p>\n","innerContent":["\n

      1.1 In this DSA the following terms shall have the meanings set out in this Section 1, unless expressly stated otherwise:<\/p>\n"],"rendered":"\n

      1.1 In this DSA the following terms shall have the meanings set out in this Section 1, unless expressly stated otherwise:<\/p>\n"},{"blockName":"core\/group","attrs":{"className":"pl-6","tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/paragraph","attrs":{"align":"","content":"(a) \u201cAddendum Effective Date\u201d <\/strong>means the effective date of the Agreement.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (a) \u201cAddendum Effective Date\u201d <\/strong>means the effective date of the Agreement.<\/p>\n","innerContent":["\n

      (a) \u201cAddendum Effective Date\u201d <\/strong>means the effective date of the Agreement.<\/p>\n"],"rendered":"\n

      (a) \u201cAddendum Effective Date\u201d <\/strong>means the effective date of the Agreement.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(b) \u00a0\u201cAgreement<\/strong>\u201d means the SAFe Enterprise Agreement, Partner Program Agreement, piplanning.io Agreement and\/or other agreement entered into by and between the parties.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (b)  \u201cAgreement<\/strong>\u201d means the SAFe Enterprise Agreement, Partner Program Agreement, piplanning.io Agreement and\/or other agreement entered into by and between the parties.<\/p>\n","innerContent":["\n

      (b)  \u201cAgreement<\/strong>\u201d means the SAFe Enterprise Agreement, Partner Program Agreement, piplanning.io Agreement and\/or other agreement entered into by and between the parties.<\/p>\n"],"rendered":"\n

      (b)  \u201cAgreement<\/strong>\u201d means the SAFe Enterprise Agreement, Partner Program Agreement, piplanning.io Agreement and\/or other agreement entered into by and between the parties.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(c) \u201c<\/strong>Applicable Data Protection Laws\"<\/strong> means all laws governing the privacy, confidentiality, and security of Personal Data under the Agreement, including, to the extent applicable to the relevant Personal Data\/Processing, the GDPR, the FADP or the CCPA.\u00a0","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (c) \u201c<\/strong>Applicable Data Protection Laws\"<\/strong> means all laws governing the privacy, confidentiality, and security of Personal Data under the Agreement, including, to the extent applicable to the relevant Personal Data\/Processing, the GDPR, the FADP or the CCPA. <\/p>\n","innerContent":["\n

      (c) \u201c<\/strong>Applicable Data Protection Laws\"<\/strong> means all laws governing the privacy, confidentiality, and security of Personal Data under the Agreement, including, to the extent applicable to the relevant Personal Data\/Processing, the GDPR, the FADP or the CCPA. <\/p>\n"],"rendered":"\n

      (c) \u201c<\/strong>Applicable Data Protection Laws\"<\/strong> means all laws governing the privacy, confidentiality, and security of Personal Data under the Agreement, including, to the extent applicable to the relevant Personal Data\/Processing, the GDPR, the FADP or the CCPA. <\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(d) \u201cCCPA\"<\/strong> means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the \"CPRA\"), and any binding regulations promulgated thereunder.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (d) \u201cCCPA\"<\/strong> means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the \"CPRA\"), and any binding regulations promulgated thereunder.<\/p>\n","innerContent":["\n

      (d) \u201cCCPA\"<\/strong> means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the \"CPRA\"), and any binding regulations promulgated thereunder.<\/p>\n"],"rendered":"\n

      (d) \u201cCCPA\"<\/strong> means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the \"CPRA\"), and any binding regulations promulgated thereunder.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(e) \u201c<\/strong>Clauses\"<\/strong> means the clauses of the SCCs.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (e) \u201c<\/strong>Clauses\"<\/strong> means the clauses of the SCCs.<\/p>\n","innerContent":["\n

      (e) \u201c<\/strong>Clauses\"<\/strong> means the clauses of the SCCs.<\/p>\n"],"rendered":"\n

      (e) \u201c<\/strong>Clauses\"<\/strong> means the clauses of the SCCs.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(f) \u201c<\/strong>Controller\"<\/strong> means the party that determines the means and purposes for Processing Personal Data.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (f) \u201c<\/strong>Controller\"<\/strong> means the party that determines the means and purposes for Processing Personal Data.<\/p>\n","innerContent":["\n

      (f) \u201c<\/strong>Controller\"<\/strong> means the party that determines the means and purposes for Processing Personal Data.<\/p>\n"],"rendered":"\n

      (f) \u201c<\/strong>Controller\"<\/strong> means the party that determines the means and purposes for Processing Personal Data.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(g) \u201c<\/strong>Customer Provided Data\"<\/strong> means electronic data or information provided by Customer to SAI to the extent such electronic data or information constitutes Personal Data.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (g) \u201c<\/strong>Customer Provided Data\"<\/strong> means electronic data or information provided by Customer to SAI to the extent such electronic data or information constitutes Personal Data.<\/p>\n","innerContent":["\n

      (g) \u201c<\/strong>Customer Provided Data\"<\/strong> means electronic data or information provided by Customer to SAI to the extent such electronic data or information constitutes Personal Data.<\/p>\n"],"rendered":"\n

      (g) \u201c<\/strong>Customer Provided Data\"<\/strong> means electronic data or information provided by Customer to SAI to the extent such electronic data or information constitutes Personal Data.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(h) \u201c<\/strong>Data Subject\"<\/strong> means an identified or identifiable natural person to whom Personal Data relates.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (h) \u201c<\/strong>Data Subject\"<\/strong> means an identified or identifiable natural person to whom Personal Data relates.<\/p>\n","innerContent":["\n

      (h) \u201c<\/strong>Data Subject\"<\/strong> means an identified or identifiable natural person to whom Personal Data relates.<\/p>\n"],"rendered":"\n

      (h) \u201c<\/strong>Data Subject\"<\/strong> means an identified or identifiable natural person to whom Personal Data relates.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(i) \u201c<\/strong>EEA\"<\/strong> means the European Economic Area.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (i) \u201c<\/strong>EEA\"<\/strong> means the European Economic Area.<\/p>\n","innerContent":["\n

      (i) \u201c<\/strong>EEA\"<\/strong> means the European Economic Area.<\/p>\n"],"rendered":"\n

      (i) \u201c<\/strong>EEA\"<\/strong> means the European Economic Area.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(j) \u00a0\u201cFADP<\/strong>\u201d means the Swiss Federal Act on Data Protection of 19 June 1992 and its revised version of 25 September 2020.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (j)  \u201cFADP<\/strong>\u201d means the Swiss Federal Act on Data Protection of 19 June 1992 and its revised version of 25 September 2020.<\/p>\n","innerContent":["\n

      (j)  \u201cFADP<\/strong>\u201d means the Swiss Federal Act on Data Protection of 19 June 1992 and its revised version of 25 September 2020.<\/p>\n"],"rendered":"\n

      (j)  \u201cFADP<\/strong>\u201d means the Swiss Federal Act on Data Protection of 19 June 1992 and its revised version of 25 September 2020.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(k) \u201cFDPIC<\/strong>\u201d means Swiss Federal Data Protection and Information Commissioner.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (k) \u201cFDPIC<\/strong>\u201d means Swiss Federal Data Protection and Information Commissioner.<\/p>\n","innerContent":["\n

      (k) \u201cFDPIC<\/strong>\u201d means Swiss Federal Data Protection and Information Commissioner.<\/p>\n"],"rendered":"\n

      (k) \u201cFDPIC<\/strong>\u201d means Swiss Federal Data Protection and Information Commissioner.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(l) \u201cGDPR\u201d <\/strong>means, as applicable to the Processing concerned: (i) Regulation (EU) 2016\/679 of the European Parliament and of the Counsel of 27 April 2016 (\u201cEU GDPR<\/strong>\u201d), and\/or (ii) the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, including, in each case, any applicable national implementing or supplementary legislation (e.g., the UK Data Protection Act 2018), and any successor, amendment or re-enactment, to or of the foregoing.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (l) \u201cGDPR\u201d <\/strong>means, as applicable to the Processing concerned: (i) Regulation (EU) 2016\/679 of the European Parliament and of the Counsel of 27 April 2016 (\u201cEU GDPR<\/strong>\u201d), and\/or (ii) the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, including, in each case, any applicable national implementing or supplementary legislation (e.g., the UK Data Protection Act 2018), and any successor, amendment or re-enactment, to or of the foregoing.<\/p>\n","innerContent":["\n

      (l) \u201cGDPR\u201d <\/strong>means, as applicable to the Processing concerned: (i) Regulation (EU) 2016\/679 of the European Parliament and of the Counsel of 27 April 2016 (\u201cEU GDPR<\/strong>\u201d), and\/or (ii) the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, including, in each case, any applicable national implementing or supplementary legislation (e.g., the UK Data Protection Act 2018), and any successor, amendment or re-enactment, to or of the foregoing.<\/p>\n"],"rendered":"\n

      (l) \u201cGDPR\u201d <\/strong>means, as applicable to the Processing concerned: (i) Regulation (EU) 2016\/679 of the European Parliament and of the Counsel of 27 April 2016 (\u201cEU GDPR<\/strong>\u201d), and\/or (ii) the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, including, in each case, any applicable national implementing or supplementary legislation (e.g., the UK Data Protection Act 2018), and any successor, amendment or re-enactment, to or of the foregoing.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(m) \u201cInformation Security Incident\u201d <\/strong>means a breach of SAI\u2019s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Provided Data (to the extent it constitutes Personal Data) in SAI\u2019s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Customer Provided Data (to the extent it constitutes Personal Data), including unsuccessful log-in attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or networked systems.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (m) \u201cInformation Security Incident\u201d <\/strong>means a breach of SAI\u2019s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Provided Data (to the extent it constitutes Personal Data) in SAI\u2019s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Customer Provided Data (to the extent it constitutes Personal Data), including unsuccessful log-in attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or networked systems.<\/p>\n","innerContent":["\n

      (m) \u201cInformation Security Incident\u201d <\/strong>means a breach of SAI\u2019s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Provided Data (to the extent it constitutes Personal Data) in SAI\u2019s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Customer Provided Data (to the extent it constitutes Personal Data), including unsuccessful log-in attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or networked systems.<\/p>\n"],"rendered":"\n

      (m) \u201cInformation Security Incident\u201d <\/strong>means a breach of SAI\u2019s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Provided Data (to the extent it constitutes Personal Data) in SAI\u2019s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Customer Provided Data (to the extent it constitutes Personal Data), including unsuccessful log-in attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or networked systems.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(n) \u201c<\/strong>Personal Data\"<\/strong> means any information that constitutes \"personal data,\" \"personal information,\" or similar information governed by Applicable Data Protection Laws.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (n) \u201c<\/strong>Personal Data\"<\/strong> means any information that constitutes \"personal data,\" \"personal information,\" or similar information governed by Applicable Data Protection Laws.<\/p>\n","innerContent":["\n

      (n) \u201c<\/strong>Personal Data\"<\/strong> means any information that constitutes \"personal data,\" \"personal information,\" or similar information governed by Applicable Data Protection Laws.<\/p>\n"],"rendered":"\n

      (n) \u201c<\/strong>Personal Data\"<\/strong> means any information that constitutes \"personal data,\" \"personal information,\" or similar information governed by Applicable Data Protection Laws.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(o) \u201c<\/strong>Processing\"<\/strong> means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (o) \u201c<\/strong>Processing\"<\/strong> means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.<\/p>\n","innerContent":["\n

      (o) \u201c<\/strong>Processing\"<\/strong> means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.<\/p>\n"],"rendered":"\n

      (o) \u201c<\/strong>Processing\"<\/strong> means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(p) \u201cRestricted Transfer\u201d <\/strong>means the disclosure, grant of access or other transfer of Personal Data under this Agreement to any person located in: (i) in the context of the EEA, any country or territory outside the EEA which does not benefit from an adequacy decision from the European Commission (an \u201cEEA Restricted Transfer<\/strong>\u201d); (ii) in the context of the UK, any country or territory outside the UK, which does not benefit from an adequacy decision from the UK Government (a \u201cUK Restricted Transfer<\/strong>\u201d); and (iii) in the context of Switzerland, a country or territory outside of Switzerland which does not benefit from an adequacy decision from the Swiss Government (a \u201cSwiss Restricted Transfer<\/strong>\u201d), in each case, which would be prohibited without a legal basis under the GDPR and\/or FADP.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (p) \u201cRestricted Transfer\u201d <\/strong>means the disclosure, grant of access or other transfer of Personal Data under this Agreement to any person located in: (i) in the context of the EEA, any country or territory outside the EEA which does not benefit from an adequacy decision from the European Commission (an \u201cEEA Restricted Transfer<\/strong>\u201d); (ii) in the context of the UK, any country or territory outside the UK, which does not benefit from an adequacy decision from the UK Government (a \u201cUK Restricted Transfer<\/strong>\u201d); and (iii) in the context of Switzerland, a country or territory outside of Switzerland which does not benefit from an adequacy decision from the Swiss Government (a \u201cSwiss Restricted Transfer<\/strong>\u201d), in each case, which would be prohibited without a legal basis under the GDPR and\/or FADP.<\/p>\n","innerContent":["\n

      (p) \u201cRestricted Transfer\u201d <\/strong>means the disclosure, grant of access or other transfer of Personal Data under this Agreement to any person located in: (i) in the context of the EEA, any country or territory outside the EEA which does not benefit from an adequacy decision from the European Commission (an \u201cEEA Restricted Transfer<\/strong>\u201d); (ii) in the context of the UK, any country or territory outside the UK, which does not benefit from an adequacy decision from the UK Government (a \u201cUK Restricted Transfer<\/strong>\u201d); and (iii) in the context of Switzerland, a country or territory outside of Switzerland which does not benefit from an adequacy decision from the Swiss Government (a \u201cSwiss Restricted Transfer<\/strong>\u201d), in each case, which would be prohibited without a legal basis under the GDPR and\/or FADP.<\/p>\n"],"rendered":"\n

      (p) \u201cRestricted Transfer\u201d <\/strong>means the disclosure, grant of access or other transfer of Personal Data under this Agreement to any person located in: (i) in the context of the EEA, any country or territory outside the EEA which does not benefit from an adequacy decision from the European Commission (an \u201cEEA Restricted Transfer<\/strong>\u201d); (ii) in the context of the UK, any country or territory outside the UK, which does not benefit from an adequacy decision from the UK Government (a \u201cUK Restricted Transfer<\/strong>\u201d); and (iii) in the context of Switzerland, a country or territory outside of Switzerland which does not benefit from an adequacy decision from the Swiss Government (a \u201cSwiss Restricted Transfer<\/strong>\u201d), in each case, which would be prohibited without a legal basis under the GDPR and\/or FADP.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(q) \u201cSAFe Platform<\/strong>\u201d means SAI\u2019s web-based SAFe Enterprise platform, piplanning.io platform and\/or other designated websites designed to achieve and sustain business agility.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (q) \u201cSAFe Platform<\/strong>\u201d means SAI\u2019s web-based SAFe Enterprise platform, piplanning.io platform and\/or other designated websites designed to achieve and sustain business agility.<\/p>\n","innerContent":["\n

      (q) \u201cSAFe Platform<\/strong>\u201d means SAI\u2019s web-based SAFe Enterprise platform, piplanning.io platform and\/or other designated websites designed to achieve and sustain business agility.<\/p>\n"],"rendered":"\n

      (q) \u201cSAFe Platform<\/strong>\u201d means SAI\u2019s web-based SAFe Enterprise platform, piplanning.io platform and\/or other designated websites designed to achieve and sustain business agility.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(r) \u201c<\/strong>Security Measures\"<\/strong> has the meaning given in Section 2.1.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (r) \u201c<\/strong>Security Measures\"<\/strong> has the meaning given in Section 2.1.<\/p>\n","innerContent":["\n

      (r) \u201c<\/strong>Security Measures\"<\/strong> has the meaning given in Section 2.1.<\/p>\n"],"rendered":"\n

      (r) \u201c<\/strong>Security Measures\"<\/strong> has the meaning given in Section 2.1.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(s) \u201c<\/strong>SCCs\"<\/strong> means the standard contractual clauses approved by the European Commission pursuant to implementing Decision (EU) 2021\/914.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (s) \u201c<\/strong>SCCs\"<\/strong> means the standard contractual clauses approved by the European Commission pursuant to implementing Decision (EU) 2021\/914.<\/p>\n","innerContent":["\n

      (s) \u201c<\/strong>SCCs\"<\/strong> means the standard contractual clauses approved by the European Commission pursuant to implementing Decision (EU) 2021\/914.<\/p>\n"],"rendered":"\n

      (s) \u201c<\/strong>SCCs\"<\/strong> means the standard contractual clauses approved by the European Commission pursuant to implementing Decision (EU) 2021\/914.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(t) \u201c<\/strong>UK Transfer Addendum\"<\/strong> means the template Addendum B.1.0 issued by the United Kingdom\u2019s Information Commissioner\u2019s Office and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under section 18 of the Mandatory Clauses included in Part 2 thereof (the \"UK Mandatory Clauses\").","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (t) \u201c<\/strong>UK Transfer Addendum\"<\/strong> means the template Addendum B.1.0 issued by the United Kingdom\u2019s Information Commissioner\u2019s Office and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under section 18 of the Mandatory Clauses included in Part 2 thereof (the \"UK Mandatory Clauses\").<\/p>\n","innerContent":["\n

      (t) \u201c<\/strong>UK Transfer Addendum\"<\/strong> means the template Addendum B.1.0 issued by the United Kingdom\u2019s Information Commissioner\u2019s Office and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under section 18 of the Mandatory Clauses included in Part 2 thereof (the \"UK Mandatory Clauses\").<\/p>\n"],"rendered":"\n

      (t) \u201c<\/strong>UK Transfer Addendum\"<\/strong> means the template Addendum B.1.0 issued by the United Kingdom\u2019s Information Commissioner\u2019s Office and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under section 18 of the Mandatory Clauses included in Part 2 thereof (the \"UK Mandatory Clauses\").<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(u) \u201c<\/strong>User Personal Data\"<\/strong> means (i) Customer Provided Data; and (ii) Personal Data which SAI receives from time to time directly from users, or is otherwise derived from users, via the SAFe Platform or otherwise.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (u) \u201c<\/strong>User Personal Data\"<\/strong> means (i) Customer Provided Data; and (ii) Personal Data which SAI receives from time to time directly from users, or is otherwise derived from users, via the SAFe Platform or otherwise.<\/p>\n","innerContent":["\n

      (u) \u201c<\/strong>User Personal Data\"<\/strong> means (i) Customer Provided Data; and (ii) Personal Data which SAI receives from time to time directly from users, or is otherwise derived from users, via the SAFe Platform or otherwise.<\/p>\n"],"rendered":"\n

      (u) \u201c<\/strong>User Personal Data\"<\/strong> means (i) Customer Provided Data; and (ii) Personal Data which SAI receives from time to time directly from users, or is otherwise derived from users, via the SAFe Platform or otherwise.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.2 The parties acknowledge and agree that the parties:","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      1.2 The parties acknowledge and agree that the parties:<\/p>\n","innerContent":["\n

      1.2 The parties acknowledge and agree that the parties:<\/p>\n"],"rendered":"\n

      1.2 The parties acknowledge and agree that the parties:<\/p>\n"}],"innerHTML":"\n

      \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<\/div>\n","innerContent":["\n
      ",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"<\/div>\n"],"rendered":"\n
      \n

      (a) \u201cAddendum Effective Date\u201d <\/strong>means the effective date of the Agreement.<\/p>\n\n\n\n

      (b)  \u201cAgreement<\/strong>\u201d means the SAFe Enterprise Agreement, Partner Program Agreement, piplanning.io Agreement and\/or other agreement entered into by and between the parties.<\/p>\n\n\n\n

      (c) \u201c<\/strong>Applicable Data Protection Laws\"<\/strong> means all laws governing the privacy, confidentiality, and security of Personal Data under the Agreement, including, to the extent applicable to the relevant Personal Data\/Processing, the GDPR, the FADP or the CCPA. <\/p>\n\n\n\n

      (d) \u201cCCPA\"<\/strong> means the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (the \"CPRA\"), and any binding regulations promulgated thereunder.<\/p>\n\n\n\n

      (e) \u201c<\/strong>Clauses\"<\/strong> means the clauses of the SCCs.<\/p>\n\n\n\n

      (f) \u201c<\/strong>Controller\"<\/strong> means the party that determines the means and purposes for Processing Personal Data.<\/p>\n\n\n\n

      (g) \u201c<\/strong>Customer Provided Data\"<\/strong> means electronic data or information provided by Customer to SAI to the extent such electronic data or information constitutes Personal Data.<\/p>\n\n\n\n

      (h) \u201c<\/strong>Data Subject\"<\/strong> means an identified or identifiable natural person to whom Personal Data relates.<\/p>\n\n\n\n

      (i) \u201c<\/strong>EEA\"<\/strong> means the European Economic Area.<\/p>\n\n\n\n

      (j)  \u201cFADP<\/strong>\u201d means the Swiss Federal Act on Data Protection of 19 June 1992 and its revised version of 25 September 2020.<\/p>\n\n\n\n

      (k) \u201cFDPIC<\/strong>\u201d means Swiss Federal Data Protection and Information Commissioner.<\/p>\n\n\n\n

      (l) \u201cGDPR\u201d <\/strong>means, as applicable to the Processing concerned: (i) Regulation (EU) 2016\/679 of the European Parliament and of the Counsel of 27 April 2016 (\u201cEU GDPR<\/strong>\u201d), and\/or (ii) the EU GDPR as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, including, in each case, any applicable national implementing or supplementary legislation (e.g., the UK Data Protection Act 2018), and any successor, amendment or re-enactment, to or of the foregoing.<\/p>\n\n\n\n

      (m) \u201cInformation Security Incident\u201d <\/strong>means a breach of SAI\u2019s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Customer Provided Data (to the extent it constitutes Personal Data) in SAI\u2019s possession, custody or control. Information Security Incidents do not include unsuccessful attempts or activities that do not compromise the security of Customer Provided Data (to the extent it constitutes Personal Data), including unsuccessful log-in attempts, pings, port scans, denial of service attacks or other network attacks on firewalls or networked systems.<\/p>\n\n\n\n

      (n) \u201c<\/strong>Personal Data\"<\/strong> means any information that constitutes \"personal data,\" \"personal information,\" or similar information governed by Applicable Data Protection Laws.<\/p>\n\n\n\n

      (o) \u201c<\/strong>Processing\"<\/strong> means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.<\/p>\n\n\n\n

      (p) \u201cRestricted Transfer\u201d <\/strong>means the disclosure, grant of access or other transfer of Personal Data under this Agreement to any person located in: (i) in the context of the EEA, any country or territory outside the EEA which does not benefit from an adequacy decision from the European Commission (an \u201cEEA Restricted Transfer<\/strong>\u201d); (ii) in the context of the UK, any country or territory outside the UK, which does not benefit from an adequacy decision from the UK Government (a \u201cUK Restricted Transfer<\/strong>\u201d); and (iii) in the context of Switzerland, a country or territory outside of Switzerland which does not benefit from an adequacy decision from the Swiss Government (a \u201cSwiss Restricted Transfer<\/strong>\u201d), in each case, which would be prohibited without a legal basis under the GDPR and\/or FADP.<\/p>\n\n\n\n

      (q) \u201cSAFe Platform<\/strong>\u201d means SAI\u2019s web-based SAFe Enterprise platform, piplanning.io platform and\/or other designated websites designed to achieve and sustain business agility.<\/p>\n\n\n\n

      (r) \u201c<\/strong>Security Measures\"<\/strong> has the meaning given in Section 2.1.<\/p>\n\n\n\n

      (s) \u201c<\/strong>SCCs\"<\/strong> means the standard contractual clauses approved by the European Commission pursuant to implementing Decision (EU) 2021\/914.<\/p>\n\n\n\n

      (t) \u201c<\/strong>UK Transfer Addendum\"<\/strong> means the template Addendum B.1.0 issued by the United Kingdom\u2019s Information Commissioner\u2019s Office and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under section 18 of the Mandatory Clauses included in Part 2 thereof (the \"UK Mandatory Clauses\").<\/p>\n\n\n\n

      (u) \u201c<\/strong>User Personal Data\"<\/strong> means (i) Customer Provided Data; and (ii) Personal Data which SAI receives from time to time directly from users, or is otherwise derived from users, via the SAFe Platform or otherwise.<\/p>\n\n\n\n

      1.2 The parties acknowledge and agree that the parties:<\/p>\n<\/div><\/div>\n"},{"blockName":"core\/group","attrs":{"className":"pl-6","tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/paragraph","attrs":{"align":"","content":"(a) are independent Controllers in respect of User Personal Data; and","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (a) are independent Controllers in respect of User Personal Data; and<\/p>\n","innerContent":["\n

      (a) are independent Controllers in respect of User Personal Data; and<\/p>\n"],"rendered":"\n

      (a) are independent Controllers in respect of User Personal Data; and<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(b) shall comply with their respective obligations as independent Controllers under Applicable Data Protection Laws.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      (b) shall comply with their respective obligations as independent Controllers under Applicable Data Protection Laws.<\/p>\n","innerContent":["\n

      (b) shall comply with their respective obligations as independent Controllers under Applicable Data Protection Laws.<\/p>\n"],"rendered":"\n

      (b) shall comply with their respective obligations as independent Controllers under Applicable Data Protection Laws.<\/p>\n"}],"innerHTML":"\n

      \n\n<\/div>\n","innerContent":["\n
      ",null,"\n\n",null,"<\/div>\n"],"rendered":"\n
      \n

      (a) are independent Controllers in respect of User Personal Data; and<\/p>\n\n\n\n

      (b) shall comply with their respective obligations as independent Controllers under Applicable Data Protection Laws.<\/p>\n<\/div><\/div>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.3 For the avoidance of doubt, the parties acknowledge and agree that the parties are not \"joint Controllers\" as such term is interpreted under Applicable Data Protection Laws.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      1.3 For the avoidance of doubt, the parties acknowledge and agree that the parties are not \"joint Controllers\" as such term is interpreted under Applicable Data Protection Laws.<\/p>\n","innerContent":["\n

      1.3 For the avoidance of doubt, the parties acknowledge and agree that the parties are not \"joint Controllers\" as such term is interpreted under Applicable Data Protection Laws.<\/p>\n"],"rendered":"\n

      1.3 For the avoidance of doubt, the parties acknowledge and agree that the parties are not \"joint Controllers\" as such term is interpreted under Applicable Data Protection Laws.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"2. Data Security.<\/strong>","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      2. Data Security.<\/strong><\/p>\n","innerContent":["\n

      2. Data Security.<\/strong><\/p>\n"],"rendered":"\n

      2. Data Security.<\/strong><\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"2.1 SAI will implement and maintain administrative, technical, physical, and organizational measures designed to protect User Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, User Personal Data as described in Annex 3 (Security Measures) (the \u201cSecurity Measures<\/strong>\"). SAI may update the Security Measures from time to time, provided the updated measures do not decrease the overall protection of User Personal Data.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      2.1 SAI will implement and maintain administrative, technical, physical, and organizational measures designed to protect User Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, User Personal Data as described in Annex 3 (Security Measures) (the \u201cSecurity Measures<\/strong>\"). SAI may update the Security Measures from time to time, provided the updated measures do not decrease the overall protection of User Personal Data.<\/p>\n","innerContent":["\n

      2.1 SAI will implement and maintain administrative, technical, physical, and organizational measures designed to protect User Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, User Personal Data as described in Annex 3 (Security Measures) (the \u201cSecurity Measures<\/strong>\"). SAI may update the Security Measures from time to time, provided the updated measures do not decrease the overall protection of User Personal Data.<\/p>\n"],"rendered":"\n

      2.1 SAI will implement and maintain administrative, technical, physical, and organizational measures designed to protect User Personal Data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, User Personal Data as described in Annex 3 (Security Measures) (the \u201cSecurity Measures<\/strong>\"). SAI may update the Security Measures from time to time, provided the updated measures do not decrease the overall protection of User Personal Data.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"2.2 SAI will notify Customer without undue delay of any Information Security Incident affecting Customer Provided Data of which SAI becomes aware to the extent that Customer Provided Data constitutes Personal Data. Such notifications will describe available details of the Information Security Incident, including steps taken to mitigate the potential risks and steps SAI recommends Customer take to address the Information Security Incident. SAI\u2019s notification of or response to an Information Security Incident will not be construed as SAI\u2019s acknowledgement of any fault or liability with respect to the Information Security Incident.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      2.2 SAI will notify Customer without undue delay of any Information Security Incident affecting Customer Provided Data of which SAI becomes aware to the extent that Customer Provided Data constitutes Personal Data. Such notifications will describe available details of the Information Security Incident, including steps taken to mitigate the potential risks and steps SAI recommends Customer take to address the Information Security Incident. SAI\u2019s notification of or response to an Information Security Incident will not be construed as SAI\u2019s acknowledgement of any fault or liability with respect to the Information Security Incident.<\/p>\n","innerContent":["\n

      2.2 SAI will notify Customer without undue delay of any Information Security Incident affecting Customer Provided Data of which SAI becomes aware to the extent that Customer Provided Data constitutes Personal Data. Such notifications will describe available details of the Information Security Incident, including steps taken to mitigate the potential risks and steps SAI recommends Customer take to address the Information Security Incident. SAI\u2019s notification of or response to an Information Security Incident will not be construed as SAI\u2019s acknowledgement of any fault or liability with respect to the Information Security Incident.<\/p>\n"],"rendered":"\n

      2.2 SAI will notify Customer without undue delay of any Information Security Incident affecting Customer Provided Data of which SAI becomes aware to the extent that Customer Provided Data constitutes Personal Data. Such notifications will describe available details of the Information Security Incident, including steps taken to mitigate the potential risks and steps SAI recommends Customer take to address the Information Security Incident. SAI\u2019s notification of or response to an Information Security Incident will not be construed as SAI\u2019s acknowledgement of any fault or liability with respect to the Information Security Incident.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"2.3 Customer agrees that, without limitation of SAI\u2019s obligations under this Section 2, Customer is solely responsible for its use of the Services, including (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Customer Provided Data; (b) securing the account authentication credentials, systems and devices Users uses to access the Services; (c) securing Customer\u2019s systems and devices that SAI uses to provide the Services; and (d) backing up Customer Provided Data.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      2.3 Customer agrees that, without limitation of SAI\u2019s obligations under this Section 2, Customer is solely responsible for its use of the Services, including (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Customer Provided Data; (b) securing the account authentication credentials, systems and devices Users uses to access the Services; (c) securing Customer\u2019s systems and devices that SAI uses to provide the Services; and (d) backing up Customer Provided Data.<\/p>\n","innerContent":["\n

      2.3 Customer agrees that, without limitation of SAI\u2019s obligations under this Section 2, Customer is solely responsible for its use of the Services, including (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Customer Provided Data; (b) securing the account authentication credentials, systems and devices Users uses to access the Services; (c) securing Customer\u2019s systems and devices that SAI uses to provide the Services; and (d) backing up Customer Provided Data.<\/p>\n"],"rendered":"\n

      2.3 Customer agrees that, without limitation of SAI\u2019s obligations under this Section 2, Customer is solely responsible for its use of the Services, including (a) making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of the Customer Provided Data; (b) securing the account authentication credentials, systems and devices Users uses to access the Services; (c) securing Customer\u2019s systems and devices that SAI uses to provide the Services; and (d) backing up Customer Provided Data.<\/p>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"3. SAI\u2019s Data Subject Request Assistance.","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-3-sai-s-data-subject-request-assistance"},"innerBlocks":[],"innerHTML":"\n

      3. SAI\u2019s Data Subject Request Assistance.<\/h2>\n","innerContent":["\n

      3. SAI\u2019s Data Subject Request Assistance.<\/h2>\n"],"rendered":"\n

      3. SAI\u2019s Data Subject Request Assistance.<\/h2>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"SAI will provide Customer with assistance reasonably necessary for Customer to perform its obligation under Applicable Data Protection Laws to fulfill requests by Data Subjects to exercise their rights under Applicable Data Protection Laws with respect to Customer Provided Data in SAI\u2019s possession (\u201cData Subject Requests<\/strong>\"). Customer shall compensate SAI for any such assistance at SAI\u2019s then-current professional services rates, which shall be made available to Customer upon request. If SAI receives a Data Subject Request, SAI will notify Customer and Customer will be responsible for responding to any such request.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      SAI will provide Customer with assistance reasonably necessary for Customer to perform its obligation under Applicable Data Protection Laws to fulfill requests by Data Subjects to exercise their rights under Applicable Data Protection Laws with respect to Customer Provided Data in SAI\u2019s possession (\u201cData Subject Requests<\/strong>\"). Customer shall compensate SAI for any such assistance at SAI\u2019s then-current professional services rates, which shall be made available to Customer upon request. If SAI receives a Data Subject Request, SAI will notify Customer and Customer will be responsible for responding to any such request.<\/p>\n","innerContent":["\n

      SAI will provide Customer with assistance reasonably necessary for Customer to perform its obligation under Applicable Data Protection Laws to fulfill requests by Data Subjects to exercise their rights under Applicable Data Protection Laws with respect to Customer Provided Data in SAI\u2019s possession (\u201cData Subject Requests<\/strong>\"). Customer shall compensate SAI for any such assistance at SAI\u2019s then-current professional services rates, which shall be made available to Customer upon request. If SAI receives a Data Subject Request, SAI will notify Customer and Customer will be responsible for responding to any such request.<\/p>\n"],"rendered":"\n

      SAI will provide Customer with assistance reasonably necessary for Customer to perform its obligation under Applicable Data Protection Laws to fulfill requests by Data Subjects to exercise their rights under Applicable Data Protection Laws with respect to Customer Provided Data in SAI\u2019s possession (\u201cData Subject Requests<\/strong>\"). Customer shall compensate SAI for any such assistance at SAI\u2019s then-current professional services rates, which shall be made available to Customer upon request. If SAI receives a Data Subject Request, SAI will notify Customer and Customer will be responsible for responding to any such request.<\/p>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"4. Data Transfers.","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-4-data-transfers"},"innerBlocks":[],"innerHTML":"\n

      4. Data Transfers.<\/h2>\n","innerContent":["\n

      4. Data Transfers.<\/h2>\n"],"rendered":"\n

      4. Data Transfers.<\/h2>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"4.1 Where SAI is certified under a scheme (such as the EU-U.S. Data Privacy Framework, UK Extension and\/or Swiss-U.S. Data Privacy Framework (as applicable)) that benefits from an adequacy decision from the European Commission, UK Government and\/or Swiss Government (as applicable) (each a \u201cTransfer Scheme<\/strong>\u201d), SAI will rely on the Transfer Scheme to appropriately safeguard Restricted Transfers.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      4.1 Where SAI is certified under a scheme (such as the EU-U.S. Data Privacy Framework, UK Extension and\/or Swiss-U.S. Data Privacy Framework (as applicable)) that benefits from an adequacy decision from the European Commission, UK Government and\/or Swiss Government (as applicable) (each a \u201cTransfer Scheme<\/strong>\u201d), SAI will rely on the Transfer Scheme to appropriately safeguard Restricted Transfers.<\/p>\n","innerContent":["\n

      4.1 Where SAI is certified under a scheme (such as the EU-U.S. Data Privacy Framework, UK Extension and\/or Swiss-U.S. Data Privacy Framework (as applicable)) that benefits from an adequacy decision from the European Commission, UK Government and\/or Swiss Government (as applicable) (each a \u201cTransfer Scheme<\/strong>\u201d), SAI will rely on the Transfer Scheme to appropriately safeguard Restricted Transfers.<\/p>\n"],"rendered":"\n

      4.1 Where SAI is certified under a scheme (such as the EU-U.S. Data Privacy Framework, UK Extension and\/or Swiss-U.S. Data Privacy Framework (as applicable)) that benefits from an adequacy decision from the European Commission, UK Government and\/or Swiss Government (as applicable) (each a \u201cTransfer Scheme<\/strong>\u201d), SAI will rely on the Transfer Scheme to appropriately safeguard Restricted Transfers.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"4.2 To the extent that the transmission of Personal Data under this DSA constitutes an EEA Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such EEA Restricted Transfer and incorporated by reference into this DSA. To the extent of any conflict or inconsistency between the SCCs and this Agreement, the SCCs will govern.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      4.2 To the extent that the transmission of Personal Data under this DSA constitutes an EEA Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such EEA Restricted Transfer and incorporated by reference into this DSA. To the extent of any conflict or inconsistency between the SCCs and this Agreement, the SCCs will govern.<\/p>\n","innerContent":["\n

      4.2 To the extent that the transmission of Personal Data under this DSA constitutes an EEA Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such EEA Restricted Transfer and incorporated by reference into this DSA. To the extent of any conflict or inconsistency between the SCCs and this Agreement, the SCCs will govern.<\/p>\n"],"rendered":"\n

      4.2 To the extent that the transmission of Personal Data under this DSA constitutes an EEA Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such EEA Restricted Transfer and incorporated by reference into this DSA. To the extent of any conflict or inconsistency between the SCCs and this Agreement, the SCCs will govern.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"4.3 To the extent that the transmission of Personal Data under this DSA constitutes a UK Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be varied to address the requirements of the UK GDPR in accordance with the UK Transfer Addendum and populated in accordance with Part 2 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such UK Restricted Transfer and incorporated by reference into this DSA.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      4.3 To the extent that the transmission of Personal Data under this DSA constitutes a UK Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be varied to address the requirements of the UK GDPR in accordance with the UK Transfer Addendum and populated in accordance with Part 2 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such UK Restricted Transfer and incorporated by reference into this DSA.<\/p>\n","innerContent":["\n

      4.3 To the extent that the transmission of Personal Data under this DSA constitutes a UK Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be varied to address the requirements of the UK GDPR in accordance with the UK Transfer Addendum and populated in accordance with Part 2 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such UK Restricted Transfer and incorporated by reference into this DSA.<\/p>\n"],"rendered":"\n

      4.3 To the extent that the transmission of Personal Data under this DSA constitutes a UK Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be varied to address the requirements of the UK GDPR in accordance with the UK Transfer Addendum and populated in accordance with Part 2 of Annex 2 (Restricted Transfer Details), entered into with effect from the first date of any such UK Restricted Transfer and incorporated by reference into this DSA.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"4.4 To the extent that the transmission of Personal Data under this DSA constitutes a Swiss Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), varied to address the requirements of the FADP in accordance with Part 3 of Annex 2 (Restricted Transfer Details), entered into with effect from the first day of any such Swiss Restricted Transfer and incorporated by reference into this DSA.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      4.4 To the extent that the transmission of Personal Data under this DSA constitutes a Swiss Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), varied to address the requirements of the FADP in accordance with Part 3 of Annex 2 (Restricted Transfer Details), entered into with effect from the first day of any such Swiss Restricted Transfer and incorporated by reference into this DSA.<\/p>\n","innerContent":["\n

      4.4 To the extent that the transmission of Personal Data under this DSA constitutes a Swiss Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), varied to address the requirements of the FADP in accordance with Part 3 of Annex 2 (Restricted Transfer Details), entered into with effect from the first day of any such Swiss Restricted Transfer and incorporated by reference into this DSA.<\/p>\n"],"rendered":"\n

      4.4 To the extent that the transmission of Personal Data under this DSA constitutes a Swiss Restricted Transfer and is not otherwise appropriately safeguarded under a Transfer Scheme, the parties shall comply with their respective obligations set out in the SCCs, which are deemed to be populated in accordance with Part 1 of Annex 2 (Restricted Transfer Details), varied to address the requirements of the FADP in accordance with Part 3 of Annex 2 (Restricted Transfer Details), entered into with effect from the first day of any such Swiss Restricted Transfer and incorporated by reference into this DSA.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"5 SAI may on notice vary this Section 4 and replace the SCCs or the UK Transfer Addendum with: (i) any new or replacement set(s) of standard contractual clauses; or (ii) any other transfer mechanism that enables the lawful transfer of Personal Data under this Agreement in compliance with Chapter V of the GDPR and\/or the FADP.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      5 SAI may on notice vary this Section 4 and replace the SCCs or the UK Transfer Addendum with: (i) any new or replacement set(s) of standard contractual clauses; or (ii) any other transfer mechanism that enables the lawful transfer of Personal Data under this Agreement in compliance with Chapter V of the GDPR and\/or the FADP.<\/p>\n","innerContent":["\n

      5 SAI may on notice vary this Section 4 and replace the SCCs or the UK Transfer Addendum with: (i) any new or replacement set(s) of standard contractual clauses; or (ii) any other transfer mechanism that enables the lawful transfer of Personal Data under this Agreement in compliance with Chapter V of the GDPR and\/or the FADP.<\/p>\n"],"rendered":"\n

      5 SAI may on notice vary this Section 4 and replace the SCCs or the UK Transfer Addendum with: (i) any new or replacement set(s) of standard contractual clauses; or (ii) any other transfer mechanism that enables the lawful transfer of Personal Data under this Agreement in compliance with Chapter V of the GDPR and\/or the FADP.<\/p>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"5. Customer Responsibilities.","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-5-customer-responsibilities"},"innerBlocks":[],"innerHTML":"\n

      5. Customer Responsibilities.<\/h2>\n","innerContent":["\n

      5. Customer Responsibilities.<\/h2>\n"],"rendered":"\n

      5. Customer Responsibilities.<\/h2>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"Customer represents and warrants to SAI that Customer Provided Data does not and will not contain any Social Security numbers or other government-issued identification numbers, protected health information subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) or other information regarding an individual\u2019s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; health insurance information; biometric information; passwords to any online accounts; credentials to any financial accounts; tax return data; any payment card information subject to the Payment Card Industry Data Security Standard; Personal Data of children under 16 years of age; or any other information that falls within any special categories of data (as defined in the Applicable Data Protection Laws). Customer shall ensure (and is solely responsible for ensuring) that it has given such notices to and obtained such consents and permissions from third parties (including, without limitation, Data Subjects), and has reserved all rights, in each case, as may be required under Applicable Data Protection Laws or otherwise for Customer to provide Customer Provided Data to SAI as contemplated by the Agreement.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      Customer represents and warrants to SAI that Customer Provided Data does not and will not contain any Social Security numbers or other government-issued identification numbers, protected health information subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) or other information regarding an individual\u2019s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; health insurance information; biometric information; passwords to any online accounts; credentials to any financial accounts; tax return data; any payment card information subject to the Payment Card Industry Data Security Standard; Personal Data of children under 16 years of age; or any other information that falls within any special categories of data (as defined in the Applicable Data Protection Laws). Customer shall ensure (and is solely responsible for ensuring) that it has given such notices to and obtained such consents and permissions from third parties (including, without limitation, Data Subjects), and has reserved all rights, in each case, as may be required under Applicable Data Protection Laws or otherwise for Customer to provide Customer Provided Data to SAI as contemplated by the Agreement.<\/p>\n","innerContent":["\n

      Customer represents and warrants to SAI that Customer Provided Data does not and will not contain any Social Security numbers or other government-issued identification numbers, protected health information subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) or other information regarding an individual\u2019s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; health insurance information; biometric information; passwords to any online accounts; credentials to any financial accounts; tax return data; any payment card information subject to the Payment Card Industry Data Security Standard; Personal Data of children under 16 years of age; or any other information that falls within any special categories of data (as defined in the Applicable Data Protection Laws). Customer shall ensure (and is solely responsible for ensuring) that it has given such notices to and obtained such consents and permissions from third parties (including, without limitation, Data Subjects), and has reserved all rights, in each case, as may be required under Applicable Data Protection Laws or otherwise for Customer to provide Customer Provided Data to SAI as contemplated by the Agreement.<\/p>\n"],"rendered":"\n

      Customer represents and warrants to SAI that Customer Provided Data does not and will not contain any Social Security numbers or other government-issued identification numbers, protected health information subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) or other information regarding an individual\u2019s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; health insurance information; biometric information; passwords to any online accounts; credentials to any financial accounts; tax return data; any payment card information subject to the Payment Card Industry Data Security Standard; Personal Data of children under 16 years of age; or any other information that falls within any special categories of data (as defined in the Applicable Data Protection Laws). Customer shall ensure (and is solely responsible for ensuring) that it has given such notices to and obtained such consents and permissions from third parties (including, without limitation, Data Subjects), and has reserved all rights, in each case, as may be required under Applicable Data Protection Laws or otherwise for Customer to provide Customer Provided Data to SAI as contemplated by the Agreement.<\/p>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"6. Liability.","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-6-liability"},"innerBlocks":[],"innerHTML":"\n

      6. Liability.<\/h2>\n","innerContent":["\n

      6. Liability.<\/h2>\n"],"rendered":"\n

      6. Liability.<\/h2>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"The total combined liability of either party and its affiliates towards the other party and its Affiliates, whether in contract, tort or any other theory of liability, under or in connection with this DSA will be limited to the limitations on liability or other liability caps agreed to by the parties in the Agreement; provided that <\/strong>nothing in the Agreement or this DSA will affect any party\u2019s liability to Data Subjects under the third-party beneficiary provisions of the SCCs, where applicable, to the extent limitation of such rights is prohibited by Applicable Data Protection Laws.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      The total combined liability of either party and its affiliates towards the other party and its Affiliates, whether in contract, tort or any other theory of liability, under or in connection with this DSA will be limited to the limitations on liability or other liability caps agreed to by the parties in the Agreement; provided that <\/strong>nothing in the Agreement or this DSA will affect any party\u2019s liability to Data Subjects under the third-party beneficiary provisions of the SCCs, where applicable, to the extent limitation of such rights is prohibited by Applicable Data Protection Laws.<\/p>\n","innerContent":["\n

      The total combined liability of either party and its affiliates towards the other party and its Affiliates, whether in contract, tort or any other theory of liability, under or in connection with this DSA will be limited to the limitations on liability or other liability caps agreed to by the parties in the Agreement; provided that <\/strong>nothing in the Agreement or this DSA will affect any party\u2019s liability to Data Subjects under the third-party beneficiary provisions of the SCCs, where applicable, to the extent limitation of such rights is prohibited by Applicable Data Protection Laws.<\/p>\n"],"rendered":"\n

      The total combined liability of either party and its affiliates towards the other party and its Affiliates, whether in contract, tort or any other theory of liability, under or in connection with this DSA will be limited to the limitations on liability or other liability caps agreed to by the parties in the Agreement; provided that <\/strong>nothing in the Agreement or this DSA will affect any party\u2019s liability to Data Subjects under the third-party beneficiary provisions of the SCCs, where applicable, to the extent limitation of such rights is prohibited by Applicable Data Protection Laws.<\/p>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"7. CCPA.","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-7-ccpa"},"innerBlocks":[],"innerHTML":"\n

      7. CCPA.<\/h2>\n","innerContent":["\n

      7. CCPA.<\/h2>\n"],"rendered":"\n

      7. CCPA.<\/h2>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"7.1 For purposes of this Section 7, the terms \u201cbusiness,\u201d \u201ccommercial purpose,\u201d \u201csell,\u201d \u201cshare\u201d and \"service provider\" shall have the respective meanings given thereto in the CCPA, and \"personal information \" shall mean Customer Provided Data that constitutes \u201cpersonal information\u201d governed by the CCPA.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      7.1 For purposes of this Section 7, the terms \u201cbusiness,\u201d \u201ccommercial purpose,\u201d \u201csell,\u201d \u201cshare\u201d and \"service provider\" shall have the respective meanings given thereto in the CCPA, and \"personal information \" shall mean Customer Provided Data that constitutes \u201cpersonal information\u201d governed by the CCPA.<\/p>\n","innerContent":["\n

      7.1 For purposes of this Section 7, the terms \u201cbusiness,\u201d \u201ccommercial purpose,\u201d \u201csell,\u201d \u201cshare\u201d and \"service provider\" shall have the respective meanings given thereto in the CCPA, and \"personal information \" shall mean Customer Provided Data that constitutes \u201cpersonal information\u201d governed by the CCPA.<\/p>\n"],"rendered":"\n

      7.1 For purposes of this Section 7, the terms \u201cbusiness,\u201d \u201ccommercial purpose,\u201d \u201csell,\u201d \u201cshare\u201d and \"service provider\" shall have the respective meanings given thereto in the CCPA, and \"personal information \" shall mean Customer Provided Data that constitutes \u201cpersonal information\u201d governed by the CCPA.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"7.2 In respect of any Processing by SAI of Personal Data not in relation SAI\u2019s provision of those elements of the Services to Customer, SAI (A) does not act as a service provider; (B) independently determines the purposes and means of such Processing; (C) shall comply with Applicable Data Protection Laws; and (D) shall apply technical and organizational safeguards to any relevant Personal Data that are no less protective than those required by this DSA.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      7.2 In respect of any Processing by SAI of Personal Data not in relation SAI\u2019s provision of those elements of the Services to Customer, SAI (A) does not act as a service provider; (B) independently determines the purposes and means of such Processing; (C) shall comply with Applicable Data Protection Laws; and (D) shall apply technical and organizational safeguards to any relevant Personal Data that are no less protective than those required by this DSA.<\/p>\n","innerContent":["\n

      7.2 In respect of any Processing by SAI of Personal Data not in relation SAI\u2019s provision of those elements of the Services to Customer, SAI (A) does not act as a service provider; (B) independently determines the purposes and means of such Processing; (C) shall comply with Applicable Data Protection Laws; and (D) shall apply technical and organizational safeguards to any relevant Personal Data that are no less protective than those required by this DSA.<\/p>\n"],"rendered":"\n

      7.2 In respect of any Processing by SAI of Personal Data not in relation SAI\u2019s provision of those elements of the Services to Customer, SAI (A) does not act as a service provider; (B) independently determines the purposes and means of such Processing; (C) shall comply with Applicable Data Protection Laws; and (D) shall apply technical and organizational safeguards to any relevant Personal Data that are no less protective than those required by this DSA.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"7.3 SAI (a) acknowledges that personal information is disclosed by Customer only for limited and specified purposes described in the Agreement; (b) shall comply with applicable obligations under the CCPA and shall provide the same level of privacy protection to personal information as is required by the CCPA; (c) agrees that Customer has the right to take reasonable and appropriate steps to help to ensure that SAI\u2019s use of personal information is consistent with Customer\u2019s obligations under the CCPA; (d) shall notify Customer in writing of any determination made by SAI that it can no longer meet its obligations under the CCPA; and (e) agrees that Customer has the right, upon notice, including pursuant to the preceding clause, to take reasonable and appropriate steps to stop and remediate unauthorized use of personal information.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      7.3 SAI (a) acknowledges that personal information is disclosed by Customer only for limited and specified purposes described in the Agreement; (b) shall comply with applicable obligations under the CCPA and shall provide the same level of privacy protection to personal information as is required by the CCPA; (c) agrees that Customer has the right to take reasonable and appropriate steps to help to ensure that SAI\u2019s use of personal information is consistent with Customer\u2019s obligations under the CCPA; (d) shall notify Customer in writing of any determination made by SAI that it can no longer meet its obligations under the CCPA; and (e) agrees that Customer has the right, upon notice, including pursuant to the preceding clause, to take reasonable and appropriate steps to stop and remediate unauthorized use of personal information.<\/p>\n","innerContent":["\n

      7.3 SAI (a) acknowledges that personal information is disclosed by Customer only for limited and specified purposes described in the Agreement; (b) shall comply with applicable obligations under the CCPA and shall provide the same level of privacy protection to personal information as is required by the CCPA; (c) agrees that Customer has the right to take reasonable and appropriate steps to help to ensure that SAI\u2019s use of personal information is consistent with Customer\u2019s obligations under the CCPA; (d) shall notify Customer in writing of any determination made by SAI that it can no longer meet its obligations under the CCPA; and (e) agrees that Customer has the right, upon notice, including pursuant to the preceding clause, to take reasonable and appropriate steps to stop and remediate unauthorized use of personal information.<\/p>\n"],"rendered":"\n

      7.3 SAI (a) acknowledges that personal information is disclosed by Customer only for limited and specified purposes described in the Agreement; (b) shall comply with applicable obligations under the CCPA and shall provide the same level of privacy protection to personal information as is required by the CCPA; (c) agrees that Customer has the right to take reasonable and appropriate steps to help to ensure that SAI\u2019s use of personal information is consistent with Customer\u2019s obligations under the CCPA; (d) shall notify Customer in writing of any determination made by SAI that it can no longer meet its obligations under the CCPA; and (e) agrees that Customer has the right, upon notice, including pursuant to the preceding clause, to take reasonable and appropriate steps to stop and remediate unauthorized use of personal information.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"7.4 It is the parties\u2019 intent that with respect to any personal information within the scope of this Section 7, SAI is a service provider. SAI shall not (A) sell such personal information; (B) retain, use or disclose such personal information for any purpose other than for the specific purpose of (i) enrolling and authenticating Users in the Courseware, the Courses, and the SAFe Platform; and (ii) performing its other obligations and exercising its rights under the Agreement, including retaining, using, or disclosing the personal information for a commercial purpose other than the provision of the Services; or (C) retain, use or disclose such personal information outside of the direct business relationship between SAI and Customer. SAI hereby certifies that it understands its obligations under this Section 7.4 and will comply with them.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      7.4 It is the parties\u2019 intent that with respect to any personal information within the scope of this Section 7, SAI is a service provider. SAI shall not (A) sell such personal information; (B) retain, use or disclose such personal information for any purpose other than for the specific purpose of (i) enrolling and authenticating Users in the Courseware, the Courses, and the SAFe Platform; and (ii) performing its other obligations and exercising its rights under the Agreement, including retaining, using, or disclosing the personal information for a commercial purpose other than the provision of the Services; or (C) retain, use or disclose such personal information outside of the direct business relationship between SAI and Customer. SAI hereby certifies that it understands its obligations under this Section 7.4 and will comply with them.<\/p>\n","innerContent":["\n

      7.4 It is the parties\u2019 intent that with respect to any personal information within the scope of this Section 7, SAI is a service provider. SAI shall not (A) sell such personal information; (B) retain, use or disclose such personal information for any purpose other than for the specific purpose of (i) enrolling and authenticating Users in the Courseware, the Courses, and the SAFe Platform; and (ii) performing its other obligations and exercising its rights under the Agreement, including retaining, using, or disclosing the personal information for a commercial purpose other than the provision of the Services; or (C) retain, use or disclose such personal information outside of the direct business relationship between SAI and Customer. SAI hereby certifies that it understands its obligations under this Section 7.4 and will comply with them.<\/p>\n"],"rendered":"\n

      7.4 It is the parties\u2019 intent that with respect to any personal information within the scope of this Section 7, SAI is a service provider. SAI shall not (A) sell such personal information; (B) retain, use or disclose such personal information for any purpose other than for the specific purpose of (i) enrolling and authenticating Users in the Courseware, the Courses, and the SAFe Platform; and (ii) performing its other obligations and exercising its rights under the Agreement, including retaining, using, or disclosing the personal information for a commercial purpose other than the provision of the Services; or (C) retain, use or disclose such personal information outside of the direct business relationship between SAI and Customer. SAI hereby certifies that it understands its obligations under this Section 7.4 and will comply with them.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"7.5 The parties acknowledge that SAI\u2019s retention, use and disclosure of personal information authorized by Customer\u2019s instructions documented in the DSA are integral to SAI\u2019s provision of the Services and the business relationship between the parties.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      7.5 The parties acknowledge that SAI\u2019s retention, use and disclosure of personal information authorized by Customer\u2019s instructions documented in the DSA are integral to SAI\u2019s provision of the Services and the business relationship between the parties.<\/p>\n","innerContent":["\n

      7.5 The parties acknowledge that SAI\u2019s retention, use and disclosure of personal information authorized by Customer\u2019s instructions documented in the DSA are integral to SAI\u2019s provision of the Services and the business relationship between the parties.<\/p>\n"],"rendered":"\n

      7.5 The parties acknowledge that SAI\u2019s retention, use and disclosure of personal information authorized by Customer\u2019s instructions documented in the DSA are integral to SAI\u2019s provision of the Services and the business relationship between the parties.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"7.6 SAI agrees to cooperate in good faith with Customer concerning any amendments as may be necessary to address compliance with the CCPA.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      7.6 SAI agrees to cooperate in good faith with Customer concerning any amendments as may be necessary to address compliance with the CCPA.<\/p>\n","innerContent":["\n

      7.6 SAI agrees to cooperate in good faith with Customer concerning any amendments as may be necessary to address compliance with the CCPA.<\/p>\n"],"rendered":"\n

      7.6 SAI agrees to cooperate in good faith with Customer concerning any amendments as may be necessary to address compliance with the CCPA.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

      <\/p>\n","innerContent":["\n

      <\/p>\n"],"rendered":"\n

      <\/p>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"ANNEX 1\u00a0","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-annex-1-nbsp"},"innerBlocks":[],"innerHTML":"\n

      ANNEX 1 <\/h2>\n","innerContent":["\n

      ANNEX 1 <\/h2>\n"],"rendered":"\n

      ANNEX 1 <\/h2>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"DATA SHARING DETAILS\u00a0<\/strong>","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-data-sharing-details-nbsp"},"innerBlocks":[],"innerHTML":"\n

      DATA SHARING DETAILS <\/strong><\/h2>\n","innerContent":["\n

      DATA SHARING DETAILS <\/strong><\/h2>\n"],"rendered":"\n

      DATA SHARING DETAILS <\/strong><\/h2>\n"},{"blockName":"core\/heading","attrs":{"level":3,"textAlign":"","content":"PART 1: DETAILS OF THE PARTIES\u00a0<\/strong>","levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-part-1-details-of-the-parties-nbsp"},"innerBlocks":[],"innerHTML":"\n

      PART 1: DETAILS OF THE PARTIES <\/strong><\/h3>\n","innerContent":["\n

      PART 1: DETAILS OF THE PARTIES <\/strong><\/h3>\n"],"rendered":"\n

      PART 1: DETAILS OF THE PARTIES <\/strong><\/h3>\n"},{"blockName":"core\/columns","attrs":{"verticalAlignment":"","isStackedOnMobile":true,"templateLock":null,"lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/column","attrs":{"width":"100%","verticalAlignment":"","allowedBlocks":[],"templateLock":null,"lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/heading","attrs":{"level":4,"textAlign":"","content":"A. SAI \/ \u2018DATA IMPORTER\u2019 DETAILS\u00a0","levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-a-sai-data-importer-details-nbsp"},"innerBlocks":[],"innerHTML":"\n

      A. SAI \/ \u2018DATA IMPORTER\u2019 DETAILS <\/h4>\n","innerContent":["\n

      A. SAI \/ \u2018DATA IMPORTER\u2019 DETAILS <\/h4>\n"],"rendered":"\n

      A. SAI \/ \u2018DATA IMPORTER\u2019 DETAILS <\/h4>\n"}],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      ",null,"<\/div>\n"],"rendered":"\n
      \n

      A. SAI \/ \u2018DATA IMPORTER\u2019 DETAILS <\/h4>\n<\/div>\n"}],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      ",null,"<\/div>\n"],"rendered":"\n
      \n
      \n

      A. SAI \/ \u2018DATA IMPORTER\u2019 DETAILS <\/h4>\n<\/div>\n<\/div>\n"},{"blockName":"core\/group","attrs":{"tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/table","attrs":{"hasFixedLayout":false,"className":"is-style-stripes bg-white","caption":"","head":[],"body":[{"cells":[{"content":"Name:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Scaled Agile, Inc.","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Address:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"4845 Pearl East Circle, Suite 101 Boulder, CO 80301","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Contact Details for Data Protection:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"support@scaledagile.com<\/a>","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"SAI Activities:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"SAI is the provider of the SAFe Platform","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Role:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Controller","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]}],"foot":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
      Name:<\/td>Scaled Agile, Inc.<\/td><\/tr>
      Address:<\/td>4845 Pearl East Circle, Suite 101 Boulder, CO 80301<\/td><\/tr>
      Contact Details for Data Protection:<\/td>support@scaledagile.com<\/a><\/td><\/tr>
      SAI Activities:<\/td>SAI is the provider of the SAFe Platform<\/td><\/tr>
      Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n","innerContent":["\n
      Name:<\/td>Scaled Agile, Inc.<\/td><\/tr>
      Address:<\/td>4845 Pearl East Circle, Suite 101 Boulder, CO 80301<\/td><\/tr>
      Contact Details for Data Protection:<\/td>support@scaledagile.com<\/a><\/td><\/tr>
      SAI Activities:<\/td>SAI is the provider of the SAFe Platform<\/td><\/tr>
      Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n"],"rendered":"\n
      Name:<\/td>Scaled Agile, Inc.<\/td><\/tr>
      Address:<\/td>4845 Pearl East Circle, Suite 101 Boulder, CO 80301<\/td><\/tr>
      Contact Details for Data Protection:<\/td>support@scaledagile.com<\/a><\/td><\/tr>
      SAI Activities:<\/td>SAI is the provider of the SAFe Platform<\/td><\/tr>
      Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n"}],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      ",null,"<\/div>\n"],"rendered":"\n
      \n
      Name:<\/td>Scaled Agile, Inc.<\/td><\/tr>
      Address:<\/td>4845 Pearl East Circle, Suite 101 Boulder, CO 80301<\/td><\/tr>
      Contact Details for Data Protection:<\/td>support@scaledagile.com<\/a><\/td><\/tr>
      SAI Activities:<\/td>SAI is the provider of the SAFe Platform<\/td><\/tr>
      Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/div>\n"},{"blockName":"core\/spacer","attrs":{"height":"40px","width":"","lock":[],"metadata":[],"className":"","style":[],"openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      <\/div>\n"],"rendered":"\n
      <\/div>\n"},{"blockName":"core\/heading","attrs":{"level":4,"textAlign":"","content":"B. CUSTOMER \/ \u2018DATA EXPORTER\u2019 DETAILS","levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-b-customer-data-exporter-details"},"innerBlocks":[],"innerHTML":"\n

      B. CUSTOMER \/ \u2018DATA EXPORTER\u2019 DETAILS<\/h4>\n","innerContent":["\n

      B. CUSTOMER \/ \u2018DATA EXPORTER\u2019 DETAILS<\/h4>\n"],"rendered":"\n

      B. CUSTOMER \/ \u2018DATA EXPORTER\u2019 DETAILS<\/h4>\n"},{"blockName":"core\/group","attrs":{"tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/table","attrs":{"className":"is-style-stripes bg-white","hasFixedLayout":true,"caption":"","head":[],"body":[{"cells":[{"content":"Name:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"The entity or other person who is a counterparty to the Agreement","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Address:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Customer\u2019s address is (i) the address shown in the Agreement; or (ii) if no such address is contained within the Agreement, the Customer\u2019s principal business trading address","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Contact Details for Data Protection:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Customer\u2019s contact details are: (i) the contact details shown in the Agreement; or (ii) if no such contact details are contained within the Agreement, Customer\u2019s contact details submitted by Customer and associated with Customer\u2019s account for the Services","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"
      Customer Activities:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Customer\u2019s activities relevant to this DSA are the use and receipt of the Services under and in accordance with, and for the purposes anticipated and permitted in, the Agreement","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Role:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Controller","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]}],"foot":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
      Name:<\/td>The entity or other person who is a counterparty to the Agreement<\/td><\/tr>
      Address:<\/td>Customer\u2019s address is (i) the address shown in the Agreement; or (ii) if no such address is contained within the Agreement, the Customer\u2019s principal business trading address<\/td><\/tr>
      Contact Details for Data Protection:<\/td>Customer\u2019s contact details are: (i) the contact details shown in the Agreement; or (ii) if no such contact details are contained within the Agreement, Customer\u2019s contact details submitted by Customer and associated with Customer\u2019s account for the Services<\/td><\/tr>

      Customer Activities:<\/td>      		Customer\u2019s activities relevant to this DSA are the use and receipt of the Services under and in accordance with, and for the purposes anticipated and permitted in, the Agreement<\/td><\/tr>
      Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n","innerContent":["\n
      Name:<\/td>The entity or other person who is a counterparty to the Agreement<\/td><\/tr>
      Address:<\/td>Customer\u2019s address is (i) the address shown in the Agreement; or (ii) if no such address is contained within the Agreement, the Customer\u2019s principal business trading address<\/td><\/tr>
      Contact Details for Data Protection:<\/td>Customer\u2019s contact details are: (i) the contact details shown in the Agreement; or (ii) if no such contact details are contained within the Agreement, Customer\u2019s contact details submitted by Customer and associated with Customer\u2019s account for the Services<\/td><\/tr>

      Customer Activities:<\/td>      		Customer\u2019s activities relevant to this DSA are the use and receipt of the Services under and in accordance with, and for the purposes anticipated and permitted in, the Agreement<\/td><\/tr>
      Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n"],"rendered":"\n
      Name:<\/td>The entity or other person who is a counterparty to the Agreement<\/td><\/tr>
      Address:<\/td>Customer\u2019s address is (i) the address shown in the Agreement; or (ii) if no such address is contained within the Agreement, the Customer\u2019s principal business trading address<\/td><\/tr>
      Contact Details for Data Protection:<\/td>Customer\u2019s contact details are: (i) the contact details shown in the Agreement; or (ii) if no such contact details are contained within the Agreement, Customer\u2019s contact details submitted by Customer and associated with Customer\u2019s account for the Services<\/td><\/tr>

      Customer Activities:<\/td>      		Customer\u2019s activities relevant to this DSA are the use and receipt of the Services under and in accordance with, and for the purposes anticipated and permitted in, the Agreement<\/td><\/tr>
      Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n"}],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      ",null,"<\/div>\n"],"rendered":"\n
      \n
      Name:<\/td>The entity or other person who is a counterparty to the Agreement<\/td><\/tr>
      Address:<\/td>Customer\u2019s address is (i) the address shown in the Agreement; or (ii) if no such address is contained within the Agreement, the Customer\u2019s principal business trading address<\/td><\/tr>
      Contact Details for Data Protection:<\/td>Customer\u2019s contact details are: (i) the contact details shown in the Agreement; or (ii) if no such contact details are contained within the Agreement, Customer\u2019s contact details submitted by Customer and associated with Customer\u2019s account for the Services<\/td><\/tr>

      Customer Activities:<\/td>      		Customer\u2019s activities relevant to this DSA are the use and receipt of the Services under and in accordance with, and for the purposes anticipated and permitted in, the Agreement<\/td><\/tr>
      Role:<\/td>Controller<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/div>\n"},{"blockName":"core\/spacer","attrs":{"height":"40px","width":"","lock":[],"metadata":[],"className":"","style":[],"openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      <\/div>\n"],"rendered":"\n
      <\/div>\n"},{"blockName":"core\/heading","attrs":{"level":3,"textAlign":"","content":"PART 2: DETAILS OF DATA SHARING","levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-part-2-details-of-data-sharing"},"innerBlocks":[],"innerHTML":"\n

      PART 2: DETAILS OF DATA SHARING<\/h3>\n","innerContent":["\n

      PART 2: DETAILS OF DATA SHARING<\/h3>\n"],"rendered":"\n

      PART 2: DETAILS OF DATA SHARING<\/h3>\n"},{"blockName":"core\/heading","attrs":{"level":4,"textAlign":"","content":"Where the SAFe Enterprise Agreement and\/or piplanning.io Agreement applies:","levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-where-the-safe-enterprise-agreement-and-or-piplanning-io-agreement-applies"},"innerBlocks":[],"innerHTML":"\n

      Where the SAFe Enterprise Agreement and\/or piplanning.io Agreement applies:<\/h4>\n","innerContent":["\n

      Where the SAFe Enterprise Agreement and\/or piplanning.io Agreement applies:<\/h4>\n"],"rendered":"\n

      Where the SAFe Enterprise Agreement and\/or piplanning.io Agreement applies:<\/h4>\n"},{"blockName":"core\/group","attrs":{"tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/table","attrs":{"className":"is-style-stripes bg-white","hasFixedLayout":true,"caption":"","head":[],"body":[{"cells":[{"content":"Categories of Data Subjects:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Customer may submit Personal Data of users to the Services","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Categories of Personal Data:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Customer may submit Personal Data of Users to the Services, including first name, surname, and business email address","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Sensitive Categories of Data, and associated additional restrictions\/safeguards:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"N\/A","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Frequency of transfer:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Ongoing \u2013 as initiated by Customer in and through its use, or use on its behalf, of the Services","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Nature of the Processing:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Processing operations required in order to provide the Services in accordance with the Agreement","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Purpose of the Processing:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Customer Provided Data will be processed: (i) as necessary to provide the Services as initiated by Customer in its use thereof, and (ii) to comply with any other reasonable instructions provided by Customer in accordance with the terms of this DSA","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Duration of Processing \/ Retention Period:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]}],"foot":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
      Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to the Services<\/td><\/tr>
      Categories of Personal Data:<\/td>Customer may submit Personal Data of Users to the Services, including first name, surname, and business email address<\/td><\/tr>
      Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
      Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer in and through its use, or use on its behalf, of the Services<\/td><\/tr>
      Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
      Purpose of the Processing:<\/td>Customer Provided Data will be processed: (i) as necessary to provide the Services as initiated by Customer in its use thereof, and (ii) to comply with any other reasonable instructions provided by Customer in accordance with the terms of this DSA<\/td><\/tr>
      Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n","innerContent":["\n
      Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to the Services<\/td><\/tr>
      Categories of Personal Data:<\/td>Customer may submit Personal Data of Users to the Services, including first name, surname, and business email address<\/td><\/tr>
      Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
      Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer in and through its use, or use on its behalf, of the Services<\/td><\/tr>
      Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
      Purpose of the Processing:<\/td>Customer Provided Data will be processed: (i) as necessary to provide the Services as initiated by Customer in its use thereof, and (ii) to comply with any other reasonable instructions provided by Customer in accordance with the terms of this DSA<\/td><\/tr>
      Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n"],"rendered":"\n
      Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to the Services<\/td><\/tr>
      Categories of Personal Data:<\/td>Customer may submit Personal Data of Users to the Services, including first name, surname, and business email address<\/td><\/tr>
      Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
      Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer in and through its use, or use on its behalf, of the Services<\/td><\/tr>
      Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
      Purpose of the Processing:<\/td>Customer Provided Data will be processed: (i) as necessary to provide the Services as initiated by Customer in its use thereof, and (ii) to comply with any other reasonable instructions provided by Customer in accordance with the terms of this DSA<\/td><\/tr>
      Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n"}],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      ",null,"<\/div>\n"],"rendered":"\n
      \n
      Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to the Services<\/td><\/tr>
      Categories of Personal Data:<\/td>Customer may submit Personal Data of Users to the Services, including first name, surname, and business email address<\/td><\/tr>
      Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
      Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer in and through its use, or use on its behalf, of the Services<\/td><\/tr>
      Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
      Purpose of the Processing:<\/td>Customer Provided Data will be processed: (i) as necessary to provide the Services as initiated by Customer in its use thereof, and (ii) to comply with any other reasonable instructions provided by Customer in accordance with the terms of this DSA<\/td><\/tr>
      Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/div>\n"},{"blockName":"core\/spacer","attrs":{"height":"40px","width":"","lock":[],"metadata":[],"className":"","style":[],"openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      <\/div>\n"],"rendered":"\n
      <\/div>\n"},{"blockName":"core\/heading","attrs":{"level":4,"textAlign":"","content":"Where the Partner Program Agreement applies:","levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-where-the-partner-program-agreement-applies"},"innerBlocks":[],"innerHTML":"\n

      Where the Partner Program Agreement applies:<\/h4>\n","innerContent":["\n

      Where the Partner Program Agreement applies:<\/h4>\n"],"rendered":"\n

      Where the Partner Program Agreement applies:<\/h4>\n"},{"blockName":"core\/group","attrs":{"tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/table","attrs":{"className":"is-style-stripes bg-white","hasFixedLayout":true,"caption":"","head":[],"body":[{"cells":[{"content":"Categories of Data Subjects:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Customer may submit Personal Data of users to SAI","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Categories of Personal Data:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Customer may submit Personal Data of users to SAI, including first name, surname, and business email address","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Sensitive Categories of Data, and associated additional restrictions\/safeguards:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"N\/A","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Frequency of transfer:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Ongoing \u2013 as initiated by Customer","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Nature of the Processing:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Processing operations required in order to provide the Services in accordance with the Agreement","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Purpose of the Processing:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Customer Provided Data will be processed in order to (i) validate and verify users\u2019 attendance at courses held by Customer; and (ii) provide information to users regarding their course\u00a0","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]},{"cells":[{"content":"Duration of Processing \/ Retention Period:","tag":"td","scope":"","align":"","colspan":"","rowspan":""},{"content":"Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing","tag":"td","scope":"","align":"","colspan":"","rowspan":""}]}],"foot":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
      Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to SAI<\/td><\/tr>
      Categories of Personal Data:<\/td>Customer may submit Personal Data of users to SAI, including first name, surname, and business email address<\/td><\/tr>
      Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
      Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer<\/td><\/tr>
      Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
      Purpose of the Processing:<\/td>Customer Provided Data will be processed in order to (i) validate and verify users\u2019 attendance at courses held by Customer; and (ii) provide information to users regarding their course <\/td><\/tr>
      Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n","innerContent":["\n
      Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to SAI<\/td><\/tr>
      Categories of Personal Data:<\/td>Customer may submit Personal Data of users to SAI, including first name, surname, and business email address<\/td><\/tr>
      Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
      Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer<\/td><\/tr>
      Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
      Purpose of the Processing:<\/td>Customer Provided Data will be processed in order to (i) validate and verify users\u2019 attendance at courses held by Customer; and (ii) provide information to users regarding their course <\/td><\/tr>
      Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n"],"rendered":"\n
      Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to SAI<\/td><\/tr>
      Categories of Personal Data:<\/td>Customer may submit Personal Data of users to SAI, including first name, surname, and business email address<\/td><\/tr>
      Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
      Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer<\/td><\/tr>
      Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
      Purpose of the Processing:<\/td>Customer Provided Data will be processed in order to (i) validate and verify users\u2019 attendance at courses held by Customer; and (ii) provide information to users regarding their course <\/td><\/tr>
      Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n"}],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      ",null,"<\/div>\n"],"rendered":"\n
      \n
      Categories of Data Subjects:<\/td>Customer may submit Personal Data of users to SAI<\/td><\/tr>
      Categories of Personal Data:<\/td>Customer may submit Personal Data of users to SAI, including first name, surname, and business email address<\/td><\/tr>
      Sensitive Categories of Data, and associated additional restrictions\/safeguards:<\/td>N\/A<\/td><\/tr>
      Frequency of transfer:<\/td>Ongoing \u2013 as initiated by Customer<\/td><\/tr>
      Nature of the Processing:<\/td>Processing operations required in order to provide the Services in accordance with the Agreement<\/td><\/tr>
      Purpose of the Processing:<\/td>Customer Provided Data will be processed in order to (i) validate and verify users\u2019 attendance at courses held by Customer; and (ii) provide information to users regarding their course <\/td><\/tr>
      Duration of Processing \/ Retention Period:<\/td>Concurrent with the term of the Agreement and then thereafter pursuant to the terms of the Agreement, unless otherwise agreed in writing<\/td><\/tr><\/tbody><\/table><\/figure>\n<\/div><\/div>\n"},{"blockName":"core\/spacer","attrs":{"height":"40px","width":"","lock":[],"metadata":[],"className":"","style":[],"openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
      <\/div>\n","innerContent":["\n
      <\/div>\n"],"rendered":"\n
      <\/div>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"ANNEX 2","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-annex-2"},"innerBlocks":[],"innerHTML":"\n

      ANNEX 2<\/h2>\n","innerContent":["\n

      ANNEX 2<\/h2>\n"],"rendered":"\n

      ANNEX 2<\/h2>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"RESTRICTED TRANSFER DETAILS","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-restricted-transfer-details"},"innerBlocks":[],"innerHTML":"\n

      RESTRICTED TRANSFER DETAILS<\/h2>\n","innerContent":["\n

      RESTRICTED TRANSFER DETAILS<\/h2>\n"],"rendered":"\n

      RESTRICTED TRANSFER DETAILS<\/h2>\n"},{"blockName":"core\/heading","attrs":{"level":3,"textAlign":"","content":"PART 1: EEA RESTRICTED TRANSFERS","levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-part-1-eea-restricted-transfers"},"innerBlocks":[],"innerHTML":"\n

      PART 1: EEA RESTRICTED TRANSFERS<\/h3>\n","innerContent":["\n

      PART 1: EEA RESTRICTED TRANSFERS<\/h3>\n"],"rendered":"\n

      PART 1: EEA RESTRICTED TRANSFERS<\/h3>\n"},{"blockName":"core\/list","attrs":{"ordered":true,"values":"","type":"","start":0,"reversed":false,"placeholder":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Population of the body of the SCCs.<\/strong> The following selections within the text of Module One and the Clauses thereof are agreed:","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
    13. Population of the body of the SCCs.<\/strong> The following selections within the text of Module One and the Clauses thereof are agreed:<\/li>\n","innerContent":["\n
    14. Population of the body of the SCCs.<\/strong> The following selections within the text of Module One and the Clauses thereof are agreed:<\/li>\n"],"rendered":"\n
    15. Population of the body of the SCCs.<\/strong> The following selections within the text of Module One and the Clauses thereof are agreed:<\/li>\n"}],"innerHTML":"\n
        <\/ol>\n","innerContent":["\n
          ",null,"<\/ol>\n"],"rendered":"\n
            \n
          1. Population of the body of the SCCs.<\/strong> The following selections within the text of Module One and the Clauses thereof are agreed:<\/li>\n<\/ol>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.1 In Clause 7:<\/strong> the optional \u2018Docking Clause\u2019 is included in full.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1.1 In Clause 7:<\/strong> the optional \u2018Docking Clause\u2019 is included in full.<\/p>\n","innerContent":["\n

            1.1 In Clause 7:<\/strong> the optional \u2018Docking Clause\u2019 is included in full.<\/p>\n"],"rendered":"\n

            1.1 In Clause 7:<\/strong> the optional \u2018Docking Clause\u2019 is included in full.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.2 In Clause 11:<\/strong> the optional language is not used and is deleted.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1.2 In Clause 11:<\/strong> the optional language is not used and is deleted.<\/p>\n","innerContent":["\n

            1.2 In Clause 11:<\/strong> the optional language is not used and is deleted.<\/p>\n"],"rendered":"\n

            1.2 In Clause 11:<\/strong> the optional language is not used and is deleted.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.3 In Clause 13:<\/strong> all square brackets are removed, and all text therein is retained.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1.3 In Clause 13:<\/strong> all square brackets are removed, and all text therein is retained.<\/p>\n","innerContent":["\n

            1.3 In Clause 13:<\/strong> all square brackets are removed, and all text therein is retained.<\/p>\n"],"rendered":"\n

            1.3 In Clause 13:<\/strong> all square brackets are removed, and all text therein is retained.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.4 In Clause 17:<\/strong> the parties agree that the SCCs shall be governed by the law of Ireland in relation to any EEA Restricted Transfer, and Clause 17 is populated accordingly.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1.4 In Clause 17:<\/strong> the parties agree that the SCCs shall be governed by the law of Ireland in relation to any EEA Restricted Transfer, and Clause 17 is populated accordingly.<\/p>\n","innerContent":["\n

            1.4 In Clause 17:<\/strong> the parties agree that the SCCs shall be governed by the law of Ireland in relation to any EEA Restricted Transfer, and Clause 17 is populated accordingly.<\/p>\n"],"rendered":"\n

            1.4 In Clause 17:<\/strong> the parties agree that the SCCs shall be governed by the law of Ireland in relation to any EEA Restricted Transfer, and Clause 17 is populated accordingly.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.5 In Clause 18:<\/strong> the parties agree that any dispute arising from the SCCs in relation to any EEA Restricted Transfer shall be resolved by the courts of Ireland, and Clause 18(b) is populated accordingly.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1.5 In Clause 18:<\/strong> the parties agree that any dispute arising from the SCCs in relation to any EEA Restricted Transfer shall be resolved by the courts of Ireland, and Clause 18(b) is populated accordingly.<\/p>\n","innerContent":["\n

            1.5 In Clause 18:<\/strong> the parties agree that any dispute arising from the SCCs in relation to any EEA Restricted Transfer shall be resolved by the courts of Ireland, and Clause 18(b) is populated accordingly.<\/p>\n"],"rendered":"\n

            1.5 In Clause 18:<\/strong> the parties agree that any dispute arising from the SCCs in relation to any EEA Restricted Transfer shall be resolved by the courts of Ireland, and Clause 18(b) is populated accordingly.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"2 Population of Annexes to the Appendix to the SCCs.<\/strong>","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            2 Population of Annexes to the Appendix to the SCCs.<\/strong><\/p>\n","innerContent":["\n

            2 Population of Annexes to the Appendix to the SCCs.<\/strong><\/p>\n"],"rendered":"\n

            2 Population of Annexes to the Appendix to the SCCs.<\/strong><\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"2.1 Annex I to the Appendix to the SCCs is populated with the corresponding information detailed in Annex 1 (Data Sharing Details) to the Agreement, with: Customer being \u2018data exporter\u2019; and SAI being \u2018data importer\u2019.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            2.1 Annex I to the Appendix to the SCCs is populated with the corresponding information detailed in Annex 1 (Data Sharing Details) to the Agreement, with: Customer being \u2018data exporter\u2019; and SAI being \u2018data importer\u2019.<\/p>\n","innerContent":["\n

            2.1 Annex I to the Appendix to the SCCs is populated with the corresponding information detailed in Annex 1 (Data Sharing Details) to the Agreement, with: Customer being \u2018data exporter\u2019; and SAI being \u2018data importer\u2019.<\/p>\n"],"rendered":"\n

            2.1 Annex I to the Appendix to the SCCs is populated with the corresponding information detailed in Annex 1 (Data Sharing Details) to the Agreement, with: Customer being \u2018data exporter\u2019; and SAI being \u2018data importer\u2019.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"2.2 Part C of Annex I to the Appendix to the SCCs is populated as below:","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            2.2 Part C of Annex I to the Appendix to the SCCs is populated as below:<\/p>\n","innerContent":["\n

            2.2 Part C of Annex I to the Appendix to the SCCs is populated as below:<\/p>\n"],"rendered":"\n

            2.2 Part C of Annex I to the Appendix to the SCCs is populated as below:<\/p>\n"},{"blockName":"core\/group","attrs":{"className":"pl-6","tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/paragraph","attrs":{"align":"","content":"(a) The competent supervisory authority shall be determined as follows:","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            (a) The competent supervisory authority shall be determined as follows:<\/p>\n","innerContent":["\n

            (a) The competent supervisory authority shall be determined as follows:<\/p>\n"],"rendered":"\n

            (a) The competent supervisory authority shall be determined as follows:<\/p>\n"},{"blockName":"core\/group","attrs":{"className":"pl-6 mt-0 ","tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/paragraph","attrs":{"align":"","content":"
            (i) Where Customer is established in an EU Member State: the competent supervisory authority shall be the supervisory authority of that EU Member State in which Customer is established.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n


            (i) Where Customer is established in an EU Member State: the competent supervisory authority shall be the supervisory authority of that EU Member State in which Customer is established.<\/p>\n","innerContent":["\n


            (i) Where Customer is established in an EU Member State: the competent supervisory authority shall be the supervisory authority of that EU Member State in which Customer is established.<\/p>\n"],"rendered":"\n


            (i) Where Customer is established in an EU Member State: the competent supervisory authority shall be the supervisory authority of that EU Member State in which Customer is established.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"
            (ii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies and Customer has appointed an EU representative under Article 27 of the GDPR: the competent supervisory authority shall be the supervisory authority of the EU Member State in which Customer\u2019s EU representative relevant to the processing hereunder is based (from time-to-time).","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n


            (ii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies and Customer has appointed an EU representative under Article 27 of the GDPR: the competent supervisory authority shall be the supervisory authority of the EU Member State in which Customer\u2019s EU representative relevant to the processing hereunder is based (from time-to-time).<\/p>\n","innerContent":["\n


            (ii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies and Customer has appointed an EU representative under Article 27 of the GDPR: the competent supervisory authority shall be the supervisory authority of the EU Member State in which Customer\u2019s EU representative relevant to the processing hereunder is based (from time-to-time).<\/p>\n"],"rendered":"\n


            (ii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies and Customer has appointed an EU representative under Article 27 of the GDPR: the competent supervisory authority shall be the supervisory authority of the EU Member State in which Customer\u2019s EU representative relevant to the processing hereunder is based (from time-to-time).<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"
            (iii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies, but Customer has not appointed an EU representative under Article 27 of the GDPR the competent supervisory authority shall be the Irish Data Protection Commission will be the competent supervisory authority; unless no data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located in Ireland, in which case the parties agree to work together to agree the appropriate competent supervisory authority, which must be an EU Member State in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n


            (iii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies, but Customer has not appointed an EU representative under Article 27 of the GDPR the competent supervisory authority shall be the Irish Data Protection Commission will be the competent supervisory authority; unless no data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located in Ireland, in which case the parties agree to work together to agree the appropriate competent supervisory authority, which must be an EU Member State in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located.<\/p>\n","innerContent":["\n


            (iii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies, but Customer has not appointed an EU representative under Article 27 of the GDPR the competent supervisory authority shall be the Irish Data Protection Commission will be the competent supervisory authority; unless no data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located in Ireland, in which case the parties agree to work together to agree the appropriate competent supervisory authority, which must be an EU Member State in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located.<\/p>\n"],"rendered":"\n


            (iii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies, but Customer has not appointed an EU representative under Article 27 of the GDPR the competent supervisory authority shall be the Irish Data Protection Commission will be the competent supervisory authority; unless no data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located in Ireland, in which case the parties agree to work together to agree the appropriate competent supervisory authority, which must be an EU Member State in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"2.3 Annex II to the Appendix to the SCCs is populated as below:","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            2.3 Annex II to the Appendix to the SCCs is populated as below:<\/p>\n","innerContent":["\n

            2.3 Annex II to the Appendix to the SCCs is populated as below:<\/p>\n"],"rendered":"\n

            2.3 Annex II to the Appendix to the SCCs is populated as below:<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(a) General:<\/strong> Please refer to Annex 3 (Security Measures).","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            (a) General:<\/strong> Please refer to Annex 3 (Security Measures).<\/p>\n","innerContent":["\n

            (a) General:<\/strong> Please refer to Annex 3 (Security Measures).<\/p>\n"],"rendered":"\n

            (a) General:<\/strong> Please refer to Annex 3 (Security Measures).<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            <\/p>\n","innerContent":["\n

            <\/p>\n"],"rendered":"\n

            <\/p>\n"}],"innerHTML":"\n

            \n\n\n\n\n\n\n\n\n\n<\/div>\n","innerContent":["\n
            ",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"<\/div>\n"],"rendered":"\n
            \n


            (i) Where Customer is established in an EU Member State: the competent supervisory authority shall be the supervisory authority of that EU Member State in which Customer is established.<\/p>\n\n\n\n


            (ii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies and Customer has appointed an EU representative under Article 27 of the GDPR: the competent supervisory authority shall be the supervisory authority of the EU Member State in which Customer\u2019s EU representative relevant to the processing hereunder is based (from time-to-time).<\/p>\n\n\n\n


            (iii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies, but Customer has not appointed an EU representative under Article 27 of the GDPR the competent supervisory authority shall be the Irish Data Protection Commission will be the competent supervisory authority; unless no data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located in Ireland, in which case the parties agree to work together to agree the appropriate competent supervisory authority, which must be an EU Member State in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located.<\/p>\n\n\n\n

            2.3 Annex II to the Appendix to the SCCs is populated as below:<\/p>\n\n\n\n

            (a) General:<\/strong> Please refer to Annex 3 (Security Measures).<\/p>\n\n\n\n

            <\/p>\n<\/div><\/div>\n"}],"innerHTML":"\n

            \n\n<\/div>\n","innerContent":["\n
            ",null,"\n\n",null,"<\/div>\n"],"rendered":"\n
            \n

            (a) The competent supervisory authority shall be determined as follows:<\/p>\n\n\n\n

            \n


            (i) Where Customer is established in an EU Member State: the competent supervisory authority shall be the supervisory authority of that EU Member State in which Customer is established.<\/p>\n\n\n\n


            (ii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies and Customer has appointed an EU representative under Article 27 of the GDPR: the competent supervisory authority shall be the supervisory authority of the EU Member State in which Customer\u2019s EU representative relevant to the processing hereunder is based (from time-to-time).<\/p>\n\n\n\n


            (iii) Where Customer is not established in an EU Member State, Article 3(2) of the GDPR applies, but Customer has not appointed an EU representative under Article 27 of the GDPR the competent supervisory authority shall be the Irish Data Protection Commission will be the competent supervisory authority; unless no data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located in Ireland, in which case the parties agree to work together to agree the appropriate competent supervisory authority, which must be an EU Member State in which the data subjects whose personal data is transferred under these Clauses in relation to the offering of goods or services to them, or whose behaviour is monitored, are located.<\/p>\n\n\n\n

            2.3 Annex II to the Appendix to the SCCs is populated as below:<\/p>\n\n\n\n

            (a) General:<\/strong> Please refer to Annex 3 (Security Measures).<\/p>\n\n\n\n

            <\/p>\n<\/div><\/div>\n<\/div><\/div>\n"},{"blockName":"core\/heading","attrs":{"level":3,"textAlign":"","content":"PART 2: UK RESTRICTED TRANSFERS","levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-part-2-uk-restricted-transfers"},"innerBlocks":[],"innerHTML":"\n

            PART 2: UK RESTRICTED TRANSFERS<\/h3>\n","innerContent":["\n

            PART 2: UK RESTRICTED TRANSFERS<\/h3>\n"],"rendered":"\n

            PART 2: UK RESTRICTED TRANSFERS<\/h3>\n"},{"blockName":"core\/group","attrs":{"tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/paragraph","attrs":{"align":"","content":"1 UK Transfer Addendum<\/strong>","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1 UK Transfer Addendum<\/strong><\/p>\n","innerContent":["\n

            1 UK Transfer Addendum<\/strong><\/p>\n"],"rendered":"\n

            1 UK Transfer Addendum<\/strong><\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.1 Where relevant in accordance with Section 4.3 of the DSA, the SCCs also apply in the context of UK Restricted Transfers as varied by the UK Transfer Addendum as follows:","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1.1 Where relevant in accordance with Section 4.3 of the DSA, the SCCs also apply in the context of UK Restricted Transfers as varied by the UK Transfer Addendum as follows:<\/p>\n","innerContent":["\n

            1.1 Where relevant in accordance with Section 4.3 of the DSA, the SCCs also apply in the context of UK Restricted Transfers as varied by the UK Transfer Addendum as follows:<\/p>\n"],"rendered":"\n

            1.1 Where relevant in accordance with Section 4.3 of the DSA, the SCCs also apply in the context of UK Restricted Transfers as varied by the UK Transfer Addendum as follows:<\/p>\n"}],"innerHTML":"\n

            \n\n<\/div>\n","innerContent":["\n
            ",null,"\n\n",null,"<\/div>\n"],"rendered":"\n
            \n

            1 UK Transfer Addendum<\/strong><\/p>\n\n\n\n

            1.1 Where relevant in accordance with Section 4.3 of the DSA, the SCCs also apply in the context of UK Restricted Transfers as varied by the UK Transfer Addendum as follows:<\/p>\n<\/div><\/div>\n"},{"blockName":"core\/group","attrs":{"className":"pl-6","tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/paragraph","attrs":{"align":"","content":"(a) Part 1 to the UK Transfer Addendum<\/strong>. The parties agree:","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            (a) Part 1 to the UK Transfer Addendum<\/strong>. The parties agree:<\/p>\n","innerContent":["\n

            (a) Part 1 to the UK Transfer Addendum<\/strong>. The parties agree:<\/p>\n"],"rendered":"\n

            (a) Part 1 to the UK Transfer Addendum<\/strong>. The parties agree:<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"className":"pl-6","align":"","content":"(i) Tables 1, 2 and 3 to the UK Transfer Addendum are deemed populated with the corresponding details set out in Annex 1 (Data Sharing Details) of this DSA and Part 1 of this Annex 2 (Restricted Transfer Details) (subject to the variations effected by the UK Mandatory Clauses described in Paragraph 1.1(b) below); and
            (ii) Table 4 to the UK Transfer Addendum is completed by the box labelled \u2018Data Importer\u2019 being deemed to have been ticked.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            (i) Tables 1, 2 and 3 to the UK Transfer Addendum are deemed populated with the corresponding details set out in Annex 1 (Data Sharing Details) of this DSA and Part 1 of this Annex 2 (Restricted Transfer Details) (subject to the variations effected by the UK Mandatory Clauses described in Paragraph 1.1(b) below); and
            (ii) Table 4 to the UK Transfer Addendum is completed by the box labelled \u2018Data Importer\u2019 being deemed to have been ticked.<\/p>\n","innerContent":["\n

            (i) Tables 1, 2 and 3 to the UK Transfer Addendum are deemed populated with the corresponding details set out in Annex 1 (Data Sharing Details) of this DSA and Part 1 of this Annex 2 (Restricted Transfer Details) (subject to the variations effected by the UK Mandatory Clauses described in Paragraph 1.1(b) below); and
            (ii) Table 4 to the UK Transfer Addendum is completed by the box labelled \u2018Data Importer\u2019 being deemed to have been ticked.<\/p>\n"],"rendered":"\n

            (i) Tables 1, 2 and 3 to the UK Transfer Addendum are deemed populated with the corresponding details set out in Annex 1 (Data Sharing Details) of this DSA and Part 1 of this Annex 2 (Restricted Transfer Details) (subject to the variations effected by the UK Mandatory Clauses described in Paragraph 1.1(b) below); and
            (ii) Table 4 to the UK Transfer Addendum is completed by the box labelled \u2018Data Importer\u2019 being deemed to have been ticked.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(b) Part 2 to the UK Transfer Addendum. The parties agree to be bound by the UK Mandatory Clauses of the UK Transfer Addendum.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            (b) Part 2 to the UK Transfer Addendum. The parties agree to be bound by the UK Mandatory Clauses of the UK Transfer Addendum.<\/p>\n","innerContent":["\n

            (b) Part 2 to the UK Transfer Addendum. The parties agree to be bound by the UK Mandatory Clauses of the UK Transfer Addendum.<\/p>\n"],"rendered":"\n

            (b) Part 2 to the UK Transfer Addendum. The parties agree to be bound by the UK Mandatory Clauses of the UK Transfer Addendum.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            <\/p>\n","innerContent":["\n

            <\/p>\n"],"rendered":"\n

            <\/p>\n"}],"innerHTML":"\n

            \n\n\n\n\n\n<\/div>\n","innerContent":["\n
            ",null,"\n\n",null,"\n\n",null,"\n\n",null,"<\/div>\n"],"rendered":"\n
            \n

            (a) Part 1 to the UK Transfer Addendum<\/strong>. The parties agree:<\/p>\n\n\n\n

            (i) Tables 1, 2 and 3 to the UK Transfer Addendum are deemed populated with the corresponding details set out in Annex 1 (Data Sharing Details) of this DSA and Part 1 of this Annex 2 (Restricted Transfer Details) (subject to the variations effected by the UK Mandatory Clauses described in Paragraph 1.1(b) below); and
            (ii) Table 4 to the UK Transfer Addendum is completed by the box labelled \u2018Data Importer\u2019 being deemed to have been ticked.<\/p>\n\n\n\n

            (b) Part 2 to the UK Transfer Addendum. The parties agree to be bound by the UK Mandatory Clauses of the UK Transfer Addendum.<\/p>\n\n\n\n

            <\/p>\n<\/div><\/div>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.2 As permitted by section 17 of the UK Mandatory Clauses, the parties agree to the presentation of the information required by \u2018Part 1: Tables\u2019 of the UK Transfer Addendum in the manner set out in Paragraph 1.1 of this Part 2; provided that the parties further agree that nothing in the manner of that presentation shall operate or be construed so as to reduce the Appropriate Safeguards (as defined in section 3 of the UK Mandatory Clauses).","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1.2 As permitted by section 17 of the UK Mandatory Clauses, the parties agree to the presentation of the information required by \u2018Part 1: Tables\u2019 of the UK Transfer Addendum in the manner set out in Paragraph 1.1 of this Part 2; provided that the parties further agree that nothing in the manner of that presentation shall operate or be construed so as to reduce the Appropriate Safeguards (as defined in section 3 of the UK Mandatory Clauses).<\/p>\n","innerContent":["\n

            1.2 As permitted by section 17 of the UK Mandatory Clauses, the parties agree to the presentation of the information required by \u2018Part 1: Tables\u2019 of the UK Transfer Addendum in the manner set out in Paragraph 1.1 of this Part 2; provided that the parties further agree that nothing in the manner of that presentation shall operate or be construed so as to reduce the Appropriate Safeguards (as defined in section 3 of the UK Mandatory Clauses).<\/p>\n"],"rendered":"\n

            1.2 As permitted by section 17 of the UK Mandatory Clauses, the parties agree to the presentation of the information required by \u2018Part 1: Tables\u2019 of the UK Transfer Addendum in the manner set out in Paragraph 1.1 of this Part 2; provided that the parties further agree that nothing in the manner of that presentation shall operate or be construed so as to reduce the Appropriate Safeguards (as defined in section 3 of the UK Mandatory Clauses).<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.3 In relation to any UK Restricted Transfer to which they apply, where the context permits and requires, any reference in the DSA to the SCCs, shall be read as a reference to those SCCs as varied in the manner set out in Paragraph 1.1 of this Part 2.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1.3 In relation to any UK Restricted Transfer to which they apply, where the context permits and requires, any reference in the DSA to the SCCs, shall be read as a reference to those SCCs as varied in the manner set out in Paragraph 1.1 of this Part 2.<\/p>\n","innerContent":["\n

            1.3 In relation to any UK Restricted Transfer to which they apply, where the context permits and requires, any reference in the DSA to the SCCs, shall be read as a reference to those SCCs as varied in the manner set out in Paragraph 1.1 of this Part 2.<\/p>\n"],"rendered":"\n

            1.3 In relation to any UK Restricted Transfer to which they apply, where the context permits and requires, any reference in the DSA to the SCCs, shall be read as a reference to those SCCs as varied in the manner set out in Paragraph 1.1 of this Part 2.<\/p>\n"},{"blockName":"core\/heading","attrs":{"level":3,"textAlign":"","content":"PART 3: SWISS RESTRICTED TRANSFERS","levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-part-3-swiss-restricted-transfers"},"innerBlocks":[],"innerHTML":"\n

            PART 3: SWISS RESTRICTED TRANSFERS<\/h3>\n","innerContent":["\n

            PART 3: SWISS RESTRICTED TRANSFERS<\/h3>\n"],"rendered":"\n

            PART 3: SWISS RESTRICTED TRANSFERS<\/h3>\n"},{"blockName":"core\/group","attrs":{"tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/paragraph","attrs":{"align":"","content":"1.1 Where relevant in accordance with Section 4.4 of the DSA, the SCCs are varied as follows:","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            1.1 Where relevant in accordance with Section 4.4 of the DSA, the SCCs are varied as follows:<\/p>\n","innerContent":["\n

            1.1 Where relevant in accordance with Section 4.4 of the DSA, the SCCs are varied as follows:<\/p>\n"],"rendered":"\n

            1.1 Where relevant in accordance with Section 4.4 of the DSA, the SCCs are varied as follows:<\/p>\n"}],"innerHTML":"\n

            <\/div>\n","innerContent":["\n
            ",null,"<\/div>\n"],"rendered":"\n
            \n

            1.1 Where relevant in accordance with Section 4.4 of the DSA, the SCCs are varied as follows:<\/p>\n<\/div><\/div>\n"},{"blockName":"core\/group","attrs":{"className":"pl-6","tagName":"div","templateLock":null,"allowedBlocks":[],"lock":[],"metadata":[],"align":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","layout":[],"ariaLabel":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/paragraph","attrs":{"align":"","content":"(a) the FDPIC is the sole Supervisory Authority for Swiss Restricted Transfers exclusively subject to the FADP;","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            (a) the FDPIC is the sole Supervisory Authority for Swiss Restricted Transfers exclusively subject to the FADP;<\/p>\n","innerContent":["\n

            (a) the FDPIC is the sole Supervisory Authority for Swiss Restricted Transfers exclusively subject to the FADP;<\/p>\n"],"rendered":"\n

            (a) the FDPIC is the sole Supervisory Authority for Swiss Restricted Transfers exclusively subject to the FADP;<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(b) the terms \u201cGeneral Data Protection Regulation\u201d or \u201cRegulation (EU) 2016\/679\u201d as utilized in the SCCs are interpreted to include the FADP with respect to Swiss Restricted Transfers;\u00a0","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            (b) the terms \u201cGeneral Data Protection Regulation\u201d or \u201cRegulation (EU) 2016\/679\u201d as utilized in the SCCs are interpreted to include the FADP with respect to Swiss Restricted Transfers; <\/p>\n","innerContent":["\n

            (b) the terms \u201cGeneral Data Protection Regulation\u201d or \u201cRegulation (EU) 2016\/679\u201d as utilized in the SCCs are interpreted to include the FADP with respect to Swiss Restricted Transfers; <\/p>\n"],"rendered":"\n

            (b) the terms \u201cGeneral Data Protection Regulation\u201d or \u201cRegulation (EU) 2016\/679\u201d as utilized in the SCCs are interpreted to include the FADP with respect to Swiss Restricted Transfers; <\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(c) references to Regulation (EU) 2018\/1725 are removed; and","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            (c) references to Regulation (EU) 2018\/1725 are removed; and<\/p>\n","innerContent":["\n

            (c) references to Regulation (EU) 2018\/1725 are removed; and<\/p>\n"],"rendered":"\n

            (c) references to Regulation (EU) 2018\/1725 are removed; and<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"(d) references to the \u201cUnion\u201d, \u201cEU\u201d and \u201cEU Member State\u201d are not interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of exercising their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the SCCs.","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            (d) references to the \u201cUnion\u201d, \u201cEU\u201d and \u201cEU Member State\u201d are not interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of exercising their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the SCCs.<\/p>\n","innerContent":["\n

            (d) references to the \u201cUnion\u201d, \u201cEU\u201d and \u201cEU Member State\u201d are not interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of exercising their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the SCCs.<\/p>\n"],"rendered":"\n

            (d) references to the \u201cUnion\u201d, \u201cEU\u201d and \u201cEU Member State\u201d are not interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of exercising their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the SCCs.<\/p>\n"},{"blockName":"core\/paragraph","attrs":{"align":"","content":"","dropCap":false,"placeholder":"","direction":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n

            <\/p>\n","innerContent":["\n

            <\/p>\n"],"rendered":"\n

            <\/p>\n"}],"innerHTML":"\n

            \n\n\n\n\n\n\n\n<\/div>\n","innerContent":["\n
            ",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"<\/div>\n"],"rendered":"\n
            \n

            (a) the FDPIC is the sole Supervisory Authority for Swiss Restricted Transfers exclusively subject to the FADP;<\/p>\n\n\n\n

            (b) the terms \u201cGeneral Data Protection Regulation\u201d or \u201cRegulation (EU) 2016\/679\u201d as utilized in the SCCs are interpreted to include the FADP with respect to Swiss Restricted Transfers; <\/p>\n\n\n\n

            (c) references to Regulation (EU) 2018\/1725 are removed; and<\/p>\n\n\n\n

            (d) references to the \u201cUnion\u201d, \u201cEU\u201d and \u201cEU Member State\u201d are not interpreted in such a way as to exclude Data Subjects in Switzerland from the possibility of exercising their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the SCCs.<\/p>\n\n\n\n

            <\/p>\n<\/div><\/div>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"ANNEX 3","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-annex-3"},"innerBlocks":[],"innerHTML":"\n

            ANNEX 3<\/h2>\n","innerContent":["\n

            ANNEX 3<\/h2>\n"],"rendered":"\n

            ANNEX 3<\/h2>\n"},{"blockName":"core\/heading","attrs":{"textAlign":"","content":"SECURITY MEASURES","level":2,"levelOptions":[],"placeholder":"","lock":[],"metadata":[],"align":"","className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":"h-security-measures"},"innerBlocks":[],"innerHTML":"\n

            SECURITY MEASURES<\/h2>\n","innerContent":["\n

            SECURITY MEASURES<\/h2>\n"],"rendered":"\n

            SECURITY MEASURES<\/h2>\n"},{"blockName":"core\/list","attrs":{"ordered":true,"values":"\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n","type":"","start":0,"reversed":false,"placeholder":"","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Organizational management and dedicated staff responsible for the development, implementation, and maintenance of SAI\u2019s information security program.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          2. Organizational management and dedicated staff responsible for the development, implementation, and maintenance of SAI\u2019s information security program.<\/li>\n","innerContent":["\n
          3. Organizational management and dedicated staff responsible for the development, implementation, and maintenance of SAI\u2019s information security program.<\/li>\n"],"rendered":"\n
          4. Organizational management and dedicated staff responsible for the development, implementation, and maintenance of SAI\u2019s information security program.<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Periodic review and assessment of security risks to SAI\u2019s organization, monitoring and maintaining compliance with SAI\u2019s security policies and procedures, and reporting the condition of its information security and compliance to internal senior management as needed.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          5. Periodic review and assessment of security risks to SAI\u2019s organization, monitoring and maintaining compliance with SAI\u2019s security policies and procedures, and reporting the condition of its information security and compliance to internal senior management as needed.<\/li>\n","innerContent":["\n
          6. Periodic review and assessment of security risks to SAI\u2019s organization, monitoring and maintaining compliance with SAI\u2019s security policies and procedures, and reporting the condition of its information security and compliance to internal senior management as needed.<\/li>\n"],"rendered":"\n
          7. Periodic review and assessment of security risks to SAI\u2019s organization, monitoring and maintaining compliance with SAI\u2019s security policies and procedures, and reporting the condition of its information security and compliance to internal senior management as needed.<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Data security controls which include, at a minimum, logical segregation of data, restricted (e.g., role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for User Personal Data that is transmitted over public networks (i.e., the Internet) or when transmitted wirelessly or stored on portable or removable media (i.e., laptop computers, CD\/DVD, USB drives, back-up tapes).","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          8. Data security controls which include, at a minimum, logical segregation of data, restricted (e.g., role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for User Personal Data that is transmitted over public networks (i.e., the Internet) or when transmitted wirelessly or stored on portable or removable media (i.e., laptop computers, CD\/DVD, USB drives, back-up tapes).<\/li>\n","innerContent":["\n
          9. Data security controls which include, at a minimum, logical segregation of data, restricted (e.g., role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for User Personal Data that is transmitted over public networks (i.e., the Internet) or when transmitted wirelessly or stored on portable or removable media (i.e., laptop computers, CD\/DVD, USB drives, back-up tapes).<\/li>\n"],"rendered":"\n
          10. Data security controls which include, at a minimum, logical segregation of data, restricted (e.g., role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for User Personal Data that is transmitted over public networks (i.e., the Internet) or when transmitted wirelessly or stored on portable or removable media (i.e., laptop computers, CD\/DVD, USB drives, back-up tapes).<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review, and revoking\/changing access promptly when employment terminates or changes in job functions occur).","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          11. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review, and revoking\/changing access promptly when employment terminates or changes in job functions occur).<\/li>\n","innerContent":["\n
          12. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review, and revoking\/changing access promptly when employment terminates or changes in job functions occur).<\/li>\n"],"rendered":"\n
          13. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review, and revoking\/changing access promptly when employment terminates or changes in job functions occur).<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that SAI\u2019s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on SAI\u2019s computer systems; (iii) must have defined complexity; (iv) must have a history threshold to prevent reuse of recent passwords; and (v) newly issued passwords must be changed after first use.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          14. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that SAI\u2019s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on SAI\u2019s computer systems; (iii) must have defined complexity; (iv) must have a history threshold to prevent reuse of recent passwords; and (v) newly issued passwords must be changed after first use.<\/li>\n","innerContent":["\n
          15. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that SAI\u2019s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on SAI\u2019s computer systems; (iii) must have defined complexity; (iv) must have a history threshold to prevent reuse of recent passwords; and (v) newly issued passwords must be changed after first use.<\/li>\n"],"rendered":"\n
          16. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that SAI\u2019s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on SAI\u2019s computer systems; (iii) must have defined complexity; (iv) must have a history threshold to prevent reuse of recent passwords; and (v) newly issued passwords must be changed after first use.<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"System audit or event logging and related monitoring procedures to proactively record user access and system activity.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          17. System audit or event logging and related monitoring procedures to proactively record user access and system activity.<\/li>\n","innerContent":["\n
          18. System audit or event logging and related monitoring procedures to proactively record user access and system activity.<\/li>\n"],"rendered":"\n
          19. System audit or event logging and related monitoring procedures to proactively record user access and system activity.<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Physical and environmental security of data centers, server room facilities and other areas containing User Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor, and log movement of persons into and out of SAI\u2019s facilities, and (iii) guard against environmental hazards such as heat, fire, and water damage.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          20. Physical and environmental security of data centers, server room facilities and other areas containing User Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor, and log movement of persons into and out of SAI\u2019s facilities, and (iii) guard against environmental hazards such as heat, fire, and water damage.<\/li>\n","innerContent":["\n
          21. Physical and environmental security of data centers, server room facilities and other areas containing User Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor, and log movement of persons into and out of SAI\u2019s facilities, and (iii) guard against environmental hazards such as heat, fire, and water damage.<\/li>\n"],"rendered":"\n
          22. Physical and environmental security of data centers, server room facilities and other areas containing User Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor, and log movement of persons into and out of SAI\u2019s facilities, and (iii) guard against environmental hazards such as heat, fire, and water damage.<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from SAI\u2019s possession. Change management procedures and tracking mechanisms designed to test, approve, and monitor all material changes to SAI\u2019s technology and information assets.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          23. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from SAI\u2019s possession. Change management procedures and tracking mechanisms designed to test, approve, and monitor all material changes to SAI\u2019s technology and information assets.<\/li>\n","innerContent":["\n
          24. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from SAI\u2019s possession. Change management procedures and tracking mechanisms designed to test, approve, and monitor all material changes to SAI\u2019s technology and information assets.<\/li>\n"],"rendered":"\n
          25. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from SAI\u2019s possession. Change management procedures and tracking mechanisms designed to test, approve, and monitor all material changes to SAI\u2019s technology and information assets.<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Incident management procedures design to allow SAI to investigate, respond to, mitigate, and notify of events related to SAI\u2019s technology and information assets.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          26. Incident management procedures design to allow SAI to investigate, respond to, mitigate, and notify of events related to SAI\u2019s technology and information assets.<\/li>\n","innerContent":["\n
          27. Incident management procedures design to allow SAI to investigate, respond to, mitigate, and notify of events related to SAI\u2019s technology and information assets.<\/li>\n"],"rendered":"\n
          28. Incident management procedures design to allow SAI to investigate, respond to, mitigate, and notify of events related to SAI\u2019s technology and information assets.<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          29. Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.<\/li>\n","innerContent":["\n
          30. Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.<\/li>\n"],"rendered":"\n
          31. Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate, and protect against identified security threats, viruses, and other malicious code.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          32. Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate, and protect against identified security threats, viruses, and other malicious code.<\/li>\n","innerContent":["\n
          33. Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate, and protect against identified security threats, viruses, and other malicious code.<\/li>\n"],"rendered":"\n
          34. Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate, and protect against identified security threats, viruses, and other malicious code.<\/li>\n"},{"blockName":"core\/list-item","attrs":{"placeholder":"","content":"Business resiliency\/continuity and disaster recovery procedures designed to maintain service and\/or recovery from foreseeable emergencies or disasters.","lock":[],"metadata":[],"className":"","style":[],"backgroundColor":"","textColor":"","gradient":"","fontSize":"","fontFamily":"","borderColor":"","openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
          35. Business resiliency\/continuity and disaster recovery procedures designed to maintain service and\/or recovery from foreseeable emergencies or disasters.<\/li>\n","innerContent":["\n
          36. Business resiliency\/continuity and disaster recovery procedures designed to maintain service and\/or recovery from foreseeable emergencies or disasters.<\/li>\n"],"rendered":"\n
          37. Business resiliency\/continuity and disaster recovery procedures designed to maintain service and\/or recovery from foreseeable emergencies or disasters.<\/li>\n"}],"innerHTML":"\n
              \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n<\/ol>\n","innerContent":["\n
                ",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"\n\n",null,"<\/ol>\n"],"rendered":"\n
                  \n
                1. Organizational management and dedicated staff responsible for the development, implementation, and maintenance of SAI\u2019s information security program.<\/li>\n\n\n\n
                2. Periodic review and assessment of security risks to SAI\u2019s organization, monitoring and maintaining compliance with SAI\u2019s security policies and procedures, and reporting the condition of its information security and compliance to internal senior management as needed.<\/li>\n\n\n\n
                3. Data security controls which include, at a minimum, logical segregation of data, restricted (e.g., role-based) access and monitoring, and utilization of commercially available industry standard encryption technologies for User Personal Data that is transmitted over public networks (i.e., the Internet) or when transmitted wirelessly or stored on portable or removable media (i.e., laptop computers, CD\/DVD, USB drives, back-up tapes).<\/li>\n\n\n\n
                4. Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions, (e.g., granting access on a need-to-know and least privilege basis, use of unique IDs and passwords for all users, periodic review, and revoking\/changing access promptly when employment terminates or changes in job functions occur).<\/li>\n\n\n\n
                5. Password controls designed to manage and control password strength, expiration and usage including prohibiting users from sharing passwords and requiring that SAI\u2019s passwords that are assigned to its employees: (i) be at least eight (8) characters in length, (ii) not be stored in readable format on SAI\u2019s computer systems; (iii) must have defined complexity; (iv) must have a history threshold to prevent reuse of recent passwords; and (v) newly issued passwords must be changed after first use.<\/li>\n\n\n\n
                6. System audit or event logging and related monitoring procedures to proactively record user access and system activity.<\/li>\n\n\n\n
                7. Physical and environmental security of data centers, server room facilities and other areas containing User Personal Data designed to: (i) protect information assets from unauthorized physical access, (ii) manage, monitor, and log movement of persons into and out of SAI\u2019s facilities, and (iii) guard against environmental hazards such as heat, fire, and water damage.<\/li>\n\n\n\n
                8. Operational procedures and controls to provide for configuration, monitoring and maintenance of technology and information systems, including secure disposal of systems and media to render all information or data contained therein as undecipherable or unrecoverable prior to final disposal or release from SAI\u2019s possession. Change management procedures and tracking mechanisms designed to test, approve, and monitor all material changes to SAI\u2019s technology and information assets.<\/li>\n\n\n\n
                9. Incident management procedures design to allow SAI to investigate, respond to, mitigate, and notify of events related to SAI\u2019s technology and information assets.<\/li>\n\n\n\n
                10. Network security controls that provide for the use of enterprise firewalls and layered DMZ architectures, and intrusion detection systems and other traffic and event correlation procedures designed to protect systems from intrusion and limit the scope of any successful attack.<\/li>\n\n\n\n
                11. Vulnerability assessment, patch management and threat protection technologies, and scheduled monitoring procedures designed to identify, assess, mitigate, and protect against identified security threats, viruses, and other malicious code.<\/li>\n\n\n\n
                12. Business resiliency\/continuity and disaster recovery procedures designed to maintain service and\/or recovery from foreseeable emergencies or disasters.<\/li>\n<\/ol>\n"},{"blockName":"core\/spacer","attrs":{"height":"100px","width":"","lock":[],"metadata":[],"className":"","style":[],"openPopupId":"","anchor":""},"innerBlocks":[],"innerHTML":"\n
                  <\/div>\n","innerContent":["\n
                  <\/div>\n"],"rendered":"\n
                  <\/div>\n"}],"yoast_head":"\nScaled Agile Data Sharing Addendum | Privacy & Compliance<\/title>\n<meta name=\"description\" content=\"Explore the Scaled Agile Data Sharing Addendum, ensuring privacy and compliance across your enterprise data practices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/scaledagile.com\/dsa\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Sharing Addendum\" \/>\n<meta property=\"og:description\" content=\"Explore the Scaled Agile Data Sharing Addendum, ensuring privacy and compliance across your enterprise data practices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/scaledagile.com\/dsa\/\" \/>\n<meta property=\"og:site_name\" content=\"Scaled Agile\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ScaledAgile\/\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-05T20:38:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/scaledagile.com\/wp-content\/uploads\/2023\/03\/Cert-Mark-SAFe-Certified-150.png\" \/>\n\t<meta property=\"og:image:width\" content=\"551\" \/>\n\t<meta property=\"og:image:height\" content=\"625\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/scaledagile.com\/dsa\/\",\"url\":\"https:\/\/scaledagile.com\/dsa\/\",\"name\":\"Scaled Agile Data Sharing Addendum | Privacy & Compliance\",\"isPartOf\":{\"@id\":\"https:\/\/scaledagile.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/scaledagile.com\/dsa\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/scaledagile.com\/dsa\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/scaledagile.com\/wp-content\/uploads\/2023\/03\/Cert-Mark-SAFe-Certified-150.png\",\"datePublished\":\"2023-03-09T13:07:52+00:00\",\"dateModified\":\"2025-03-05T20:38:56+00:00\",\"description\":\"Explore the Scaled Agile Data Sharing Addendum, ensuring privacy and compliance across your enterprise data practices.\",\"breadcrumb\":{\"@id\":\"https:\/\/scaledagile.com\/dsa\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/scaledagile.com\/dsa\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/scaledagile.com\/dsa\/#primaryimage\",\"url\":\"https:\/\/scaledagile.com\/wp-content\/uploads\/2023\/03\/Cert-Mark-SAFe-Certified-150.png\",\"contentUrl\":\"https:\/\/scaledagile.com\/wp-content\/uploads\/2023\/03\/Cert-Mark-SAFe-Certified-150.png\",\"width\":551,\"height\":625},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/scaledagile.com\/dsa\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/scaledagile.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data Sharing Addendum\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/scaledagile.com\/#website\",\"url\":\"https:\/\/scaledagile.com\/\",\"name\":\"Scaled Agile\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/scaledagile.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/scaledagile.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/scaledagile.com\/#organization\",\"name\":\"Scaled Agile, Inc\",\"url\":\"https:\/\/scaledagile.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/scaledagile.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/scaledagile.com\/wp-content\/uploads\/2024\/07\/SAI_temp-logo_dteal.jpg\",\"contentUrl\":\"https:\/\/scaledagile.com\/wp-content\/uploads\/2024\/07\/SAI_temp-logo_dteal.jpg\",\"width\":1295,\"height\":387,\"caption\":\"Scaled Agile, Inc\"},\"image\":{\"@id\":\"https:\/\/scaledagile.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/ScaledAgile\/\",\"https:\/\/www.linkedin.com\/company\/2434776\/\",\"https:\/\/www.youtube.com\/@ScaledAgileInc\"]}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Scaled Agile Data Sharing Addendum | Privacy & Compliance","description":"Explore the Scaled Agile Data Sharing Addendum, ensuring privacy and compliance across your enterprise data practices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/scaledagile.com\/dsa\/","og_locale":"en_US","og_type":"article","og_title":"Data Sharing Addendum","og_description":"Explore the Scaled Agile Data Sharing Addendum, ensuring privacy and compliance across your enterprise data practices.","og_url":"https:\/\/scaledagile.com\/dsa\/","og_site_name":"Scaled Agile","article_publisher":"https:\/\/www.facebook.com\/ScaledAgile\/","article_modified_time":"2025-03-05T20:38:56+00:00","og_image":[{"width":551,"height":625,"url":"https:\/\/scaledagile.com\/wp-content\/uploads\/2023\/03\/Cert-Mark-SAFe-Certified-150.png","type":"image\/png"}],"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/scaledagile.com\/dsa\/","url":"https:\/\/scaledagile.com\/dsa\/","name":"Scaled Agile Data Sharing Addendum | Privacy & Compliance","isPartOf":{"@id":"https:\/\/scaledagile.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/scaledagile.com\/dsa\/#primaryimage"},"image":{"@id":"https:\/\/scaledagile.com\/dsa\/#primaryimage"},"thumbnailUrl":"https:\/\/scaledagile.com\/wp-content\/uploads\/2023\/03\/Cert-Mark-SAFe-Certified-150.png","datePublished":"2023-03-09T13:07:52+00:00","dateModified":"2025-03-05T20:38:56+00:00","description":"Explore the Scaled Agile Data Sharing Addendum, ensuring privacy and compliance across your enterprise data practices.","breadcrumb":{"@id":"https:\/\/scaledagile.com\/dsa\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/scaledagile.com\/dsa\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/scaledagile.com\/dsa\/#primaryimage","url":"https:\/\/scaledagile.com\/wp-content\/uploads\/2023\/03\/Cert-Mark-SAFe-Certified-150.png","contentUrl":"https:\/\/scaledagile.com\/wp-content\/uploads\/2023\/03\/Cert-Mark-SAFe-Certified-150.png","width":551,"height":625},{"@type":"BreadcrumbList","@id":"https:\/\/scaledagile.com\/dsa\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/scaledagile.com\/"},{"@type":"ListItem","position":2,"name":"Data Sharing Addendum"}]},{"@type":"WebSite","@id":"https:\/\/scaledagile.com\/#website","url":"https:\/\/scaledagile.com\/","name":"Scaled Agile","description":"","publisher":{"@id":"https:\/\/scaledagile.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/scaledagile.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/scaledagile.com\/#organization","name":"Scaled Agile, Inc","url":"https:\/\/scaledagile.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/scaledagile.com\/#\/schema\/logo\/image\/","url":"https:\/\/scaledagile.com\/wp-content\/uploads\/2024\/07\/SAI_temp-logo_dteal.jpg","contentUrl":"https:\/\/scaledagile.com\/wp-content\/uploads\/2024\/07\/SAI_temp-logo_dteal.jpg","width":1295,"height":387,"caption":"Scaled Agile, Inc"},"image":{"@id":"https:\/\/scaledagile.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/ScaledAgile\/","https:\/\/www.linkedin.com\/company\/2434776\/","https:\/\/www.youtube.com\/@ScaledAgileInc"]}]}},"_links":{"self":[{"href":"https:\/\/scaledagile.com\/wp-json\/wp\/v2\/pages\/140387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/scaledagile.com\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/scaledagile.com\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/scaledagile.com\/wp-json\/wp\/v2\/users\/453"}],"replies":[{"embeddable":true,"href":"https:\/\/scaledagile.com\/wp-json\/wp\/v2\/comments?post=140387"}],"version-history":[{"count":0,"href":"https:\/\/scaledagile.com\/wp-json\/wp\/v2\/pages\/140387\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/scaledagile.com\/wp-json\/wp\/v2\/media\/170837"}],"wp:attachment":[{"href":"https:\/\/scaledagile.com\/wp-json\/wp\/v2\/media?parent=140387"}],"wp:term":[{"taxonomy":"role","embeddable":true,"href":"https:\/\/scaledagile.com\/wp-json\/wp\/v2\/role?post=140387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}