Standard Data Processor Agreement

E. If, at the end of the Cure period, the data importer is unable to remedy non-compliance or cannot remedy the data breach, the data exporter may suspend and/or terminate the relevant portion of the services in accordance with the provisions of the contract without liability of any of the parties (without prejudice to the costs incurred by the data exporter prior to suspension or termination). The data exporter is not required to provide such a notification if it believes that there is a significant risk of harm to the individuals concerned or their personal data. 5.2 Security reports. The client acknowledges that Mailchimp is regularly monitored by independent external auditors or internal auditors according to SSAE 16 or PCI standards. On written request, Mailchimp sends the client (on a confidential basis) a summary of the most up-to-date audit report (“report”), so that the client can verify that Mailchimp meets the audit standards on which it has been evaluated and that it respects that authority. 1. The purpose of the data processor`s handling of personal data on behalf of the data manager is: (i) to maintain an updated list of its subcontractors on the data processor`s website under (or a future website used by the data processor); (a) to process personal data only on behalf of the data exporter and in accordance with its instructions and clauses; if, for whatever reason, it is unable to comply, it undertakes to immediately inform the data exporter of its inability to comply, in which case the data exporter is authorized to suspend the transfer of data and/or terminate the contract; the transfer of personal data from the company by a contract subcontractor to a subcontractor or between two branches of a commercial subcontractor, at least where such transmission would be prohibited by data protection legislation (or by the conditions of data transfer agreements put in place to impose restrictions on data protection); Since the RGPD came into force, data protection authorities have demonstrated their willingness to impose sanctions. And small and medium-sized enterprises have not been neglected. RGPD fines can reach 20 million euros, or 4% of the company`s global turnover.

(a) CSC: Mailchimp undertakes to respect and process EU data in accordance with the CSSS, in the form specified in Appendix C. For the purposes of csc descriptions, Mailchimp agrees that it is the “data importer” and that the customer is the “data exporter” (regardless of whether the customer himself may be a unit outside Europe). 3.3 Changes to subprocessors. DigitalOcean will provide the customer with appropriate notice (for which the email should suffice) if it adds or removes subprocessors.