Official Supplier
As official and authorized distributors, we supply you with legitimate licenses directly from 200+ software publishers.
See all our Brands.
1.1 Both parties acknowledge that each party will solely determine the legal basis and conditions for which it processes the personal data shared under this Agreement (the “Shared Data”) as set out in their respective Privacy Statement or other notice required under Applicable Data Protection Laws as amended from time to time
1.2 ComponentSource’s Privacy Statement can be found here.
1.3 Each party and its staff, workers, agents or consultants (“Personnel”) will comply with its respective obligations under Applicable Data Protection Laws in relation to its processing of the Shared Data and will process the Shared Data in accordance with its respective Privacy Statement.
1.4 You will ensure that you have a legal basis for processing Shared Data that complies with Applicable Data Protection Laws, and that you do not supply any Shared Data to ComponentSource relating to a data subject to whom a copy of the Privacy Statement has not been provided at the time the Shared Data was collected;
1.5 Each party will:
1.5.1 promptly provide such information, assistance and/or access as the other party may reasonably require in responding to any request from a data subject and in ensuring compliance with its obligations under the Applicable Data Protection Laws with respect to security, breach notifications, audit, impact assessments and consultations with supervisory authorities and/or regulators;
1.5.2 ensure that the Shared Data is accurate and complete;
1.5.3 within two (2) business days notify the other party in writing: (i) if it has not fulfilled any of its obligations under clause 1 of this Annex; (ii) if it discovers that any of the Shared Data is inaccurate or incomplete; (iii) with details of any data subject request as a result of exercising any of its rights under Applicable Data Protection Laws. In no event will you respond directly to any such request or correspondence without ComponentSource’s prior written consent unless required by Applicable Data Protection Laws or where it is unrelated to ComponentSource’s processing activities; and (iv) of any suspected, potential, actual or threatened personal data breach involving any Shared Data it, or a third party on its behalf, processes; and
1.5.4 indemnify the other party against all liabilities arising out of or in connection with any breach of this Schedule including all amounts paid or payable by the indemnified party to a third party (including its Personnel) which would not have been paid or payable if the breach of this Schedule had not occurred. For the avoidance of doubt, the parties agree that any limitation or exclusion of liability set out in this Agreement, will not apply to their indemnification or reimbursement obligations under this Schedule.
1.6 You will:
1.6.1 promptly enter into with ComponentSource at its written request, any further agreement, and/or appropriate safeguard required under Applicable Data Protection Laws for the international transfer of the Shared Data, such as the standard contractual clauses in the form issued by the European Commission or other competent body under Applicable Data Protection Laws;
1.6.2 ensure that for any Shared Data you receive from data subjects in jurisdictions different from your own, that appropriate international transfer safeguards are put in place in accordance with Applicable Data Protection Laws;
2.1 Where Shared Data which originated in the EEA, is transferred to a territory outside of the EEA (including in the UK) that has not been designated as an Adequate Territory, then the relevant module of the EU SCCs will be deemed to apply to such transfer in accordance with the requirements set out in this clause 2 and in addition to the terms of this Agreement as follows:
2.1.1 each party will be deemed to have entered into the Module 1 of the EU SCCs in its own name and on its own behalf in relation to the Shared Data disclosed;
2.1.2 the provisions of Schedule 1 (Permitted Purposes) will be deemed to be set out in Annex I to Module 1 of the EU SCCs;
2.1.3 the provisions of Schedule 2 (Security Measures) will be deemed to be set out in Annex II to Module 1 of the Model Clauses;
2.1.4 Clause 7 (docking clause) will be unselected;
2.1.5 the optional element of Clause 11(a) (redress) will be unselected.
2.1.6 the following optional Clause 13(a) (supervision) will be selected:
2.1.6.1 Ireland as the supervisory authority with responsibility for ensuring compliance by the data exporter with Regulation (EU) 2016/679 as regards the data transfer, as indicated in Annex I.C, will act as competent supervisory authority.
2.1.7 option [1] of Clause 17 (Governing law) shall be selected and the following governing law will apply:
2.1.7.1 These Clauses will be governed by the law of one of the EU Member States, provided such law allows for third-party beneficiary rights. The Parties agree that this will be the law of Ireland.
2.1.8 The following forum and jurisdiction will be selected at Clause 18(b) (Choice of forum and jurisdiction):
2.1.8.1 The Parties agree that those will be the courts of Ireland (specify Member State).
2.1.9 The Data Importer will not disclose Personal Data to a third party located outside the EEA in the same country as the Data Importer or in another third country (an “Onward Transfer”) unless the third party is or agrees to be bound by the EU SCCs, under the appropriate module. Otherwise, an Onward Transfer by the Data Importer may only take place if the third party otherwise ensures appropriate safeguards pursuant to Articles 46 or 47 of the EU GDPR with respect to the Processing;
2.1.10 Where there is any omission or conflict between this Agreement and the applicable module of the EU SCCs, the provisions of the applicable module will prevail.
2.2 Where Shared Data which originated in the UK, is transferred to a territory outside of the UK that has not been designated as an Adequate Territory, then the EU SCCs as clarified in clause 2 above and the UKs international data transfer addendum to the EU SCCs (UK SCC Addendum) will be deemed to apply to the transfer in addition to the terms of this Agreement and in addition as follows:
2.2.1 each party will be deemed to have entered into the EU SCCs and the UK SCC Addendum in its own name and on its own behalf in relation to Shared Data disclosed;
2.2.2 The description of transfer and the technical and organizational measures are as set out in Schedule 1 and Schedule 2 to this Annex;
2.2.3 the provisions of Schedule 2 (Security Measures) will be deemed to be set out in Appendix 2 to the Old Model Clauses; and
2.2.4 if there is any conflict between this Agreement and the EU SCCs and UK SCC Addendum the latter will prevail
2.3 Where a Data Importer Processes Shared Data that originated in a non-EEA territory (the “Exporting Territory”) and the Processing takes place in a territory which is different from the Exporting Territory (the “Importing Territory”), then the Data Importer will Process the Shared Data to a standard consistent with the Applicable Privacy Law(s) of the Exporting Territory. In particular the Data Exporter will inform the Data Importer about any standards that may be required of it by the Applicable Privacy Law(s) and will cooperate fully with the Data Importer to ensure that its Processing of the Shared Data is consistent with those standards.
2.4 In any event, if any Applicable Privacy Law(s) conflict with the provisions of this Agreement, then to the extent of a conflict:
2.4.1 where the standard of data protection required by Applicable Privacy Law(s) exceeds the standard required by this Agreement, the Data Importer will Process the Shared Data to a standard consistent with Applicable Privacy Law(s); and
2.4.2 where the standard of data protection required by this Agreement exceeds the standard required by Applicable Privacy Law(s), the Data Importer will Process the Shared Data to a standard consistent with this Agreement.
Permitted Purpose is as defined above.
Processing - Shared Data
Data subjects
The Personal Data transferred concern the following categories of past, present and prospective Data Subjects:
Categories of data
The Personal Data transferred concern the following categories of data:
Recipients The Personal Data transferred may be disclosed only to the following recipients or categories of recipients:
Technical and Organizational Security Measures
ComponentSource employs a variety of security measures and procedures to protect personal data, including but not limited to:
Additional useful information (storage limits and other relevant information)
Personal Data will not be held for longer than is necessary for the purposes described above or to the extent this is required by applicable legal requirements. In any event, Personal Data will never be retained for longer than is allowed by applicable law.
Contact points for all data related enquiries or requests:
dpm@componentsource.com OR if urgent
ComponentSource at: (770) 250 6105 or +1 (770) 250 6105 or +44 (118) 982 2108
CSWWLIC 11/2023