b. The Parties acknowledge that if the Data Importer cannot ensure such compliance in accordance with Clause 5(a) and Clause 5(b) for any reason, the Data Importer undertakes to promptly inform the Data Exporter of its inability to comply, in which case the Data Exporter is entitled to suspend the data transfer and/or terminate the contract for the relevant parts of the Services in accordance with under the terms of the contract. Hibernation: We store user passwords in accordance with industry security policies. We have implemented technologies to ensure that stored data is encrypted at rest. This HubSpot Data Processing Agreement and its Appendices (”DPA”) reflect the parties` agreement regarding the processing of personal data by us on your behalf in connection with the HubSpot Subscription Services in accordance with the HubSpot Customer Terms of Service between you and us (also referred to as the ”Agreement” in this DPA). `applicable data protection law` means the legislation protecting the fundamental rights and freedoms of natural persons, and in particular their right to privacy with regard to the processing of personal data, applicable to a controller in the Member State in which the data exporter is established; 1. The data importer shall not subcontract any of its processing operations carried out on behalf of the data exporter in accordance with the clauses without the prior written consent of the data exporter. If the data importer subcontracts its obligations under the Clauses with the consent of the data exporter, it will only do so through a written agreement with the sub-processor imposing on the sub-processor the same obligations as the data importer under the Clauses. If the Sub-Processor fails to comply with its data protection obligations under such a written agreement, the Data Importer will remain fully liable to the Data Exporter for the performance of the Sub-Processor`s obligations under this Agreement. `technical and organisational security measures` means the measures taken to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and before any other form of unlawful processing. One.
The data exporter acknowledges and agrees to exercise its right to audit under clause 5(f) by requiring the data importer to comply with the audit measures described in the ”Demonstrate Compliance” section of the DPA. `data importer` means the processor who agrees to receive from the data exporter personal data intended after the transfer in accordance with its instructions and the provisions of the clauses relating to processing on its behalf and which is not subject to the system of a third country which ensures adequate protection within the meaning of Article 25, paragraph 1 of Directive 95/46/EC; ”Data Protection Laws” means all applicable global data protection and privacy laws applicable to the relevant party in the personal data processing role under the Agreement, including, but not limited to, the European data protection laws, the CCPA and the data protection laws of Australia and Singapore; in each case as amended, repealed, consolidated or replaced from time to time. Detection: We designed our infrastructure to log rich information about system behavior, traffic received, system authentication, and other application requirements. Internal systems aggregate log data and alert employees to malicious, unintentional or abnormal activity. Our staff, including security, operations and support personnel, respond to known incidents. 2. The data subject may apply this clause, clause 5 (a) to (e) and (g), clause 6, clause 7, clause 8 (2) and clauses 9 to 12 against the data importer if the data exporter has effectively disappeared or ceased to exist before the law, unless a successor company has assumed all the legal obligations of the data exporter by contract or by operation of law. accordingly, it assumes the rights and obligations of the data exporter, in which case the data subject may assert them against that body. (h) in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent; The clauses shall be governed by the law of the Member State in which the data exporter is established. 2.
The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause in accordance with clause 3 for cases where the data subject is unable to assert the claim referred to in clause 6(1) against the data exporter or data importer because they have in fact disappeared or no longer legally exist or have become insolvent and have no successor The company has all the legal obligations of the exporter or importer of data contractually or ipso jure. .
