Online Version 11-20-2020
DATA PROCESSING AGREEMENT AND STANDARD CONTRACTUAL CLAUSES
This Gigamon Data Processing Agreement (“DPA”), that includes the Standard Contractual Clauses adopted by the European Commission, as applicable, supplements any existing and currently valid agreement previously made between Gigamon Inc. and/or its subsidiaries (collectively, “Gigamon” or “Data Importer” or “Processor”) with their principal place of business at 3300 Olcott Street, Santa Clara, CA 95054, U.S.A., and Gigamon customer (“Customer” or “Data Exporter” or “Controller”) with respect to the terms governing the processing of Personal Data under the Gigamon Offerings’ applicable terms and conditions (the “Agreement”).
This DPA is an amendment to the Agreement and is effective upon its incorporation into the Agreement, which incorporation may be specified in the Agreement, an Order or an executed amendment to the Agreement. Upon its incorporation into the Agreement, the DPA will form a part of the Agreement. Gigamon reserves the right to periodically update this DPA.
1. DEFINITIONS
Capitalized terms that are used but not otherwise defined in this DPA shall have the meanings given in the applicable Agreement.
1.1 “DPA Effective Date” means the effective date of the Agreement.
1.2 “EEA” means the European Economic Area.
1.3 “EU” means the European Union.
1.4 “Data Protection Legislation” means applicable data protection laws, regulations, regulatory requirements in the relevant jurisdiction, including the GDPR and other relevant data protection laws of the EU, its Member States, Switzerland, Iceland, Liechtenstein, Norway and the United Kingdom, in each case, applicable to the processing of Personal Data under the Agreement.
1.5 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.
1.6 “Gigamon Hardware” means any Gigamon-branded hardware product that is purchased by Customer directly from Gigamon or through an authorized channel partner. For clarity, Software may be included with or embedded in Gigamon Hardware (but is not included within the scope of Gigamon Hardware).
1.7 “Gigamon Offering(s)” or “Offering(s)” means Gigamon Hardware, Software (delivered on-premises or as a service), Support Services, and professional services.
1.8 “Information Security Incident” means a breach of Gigamon’s security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data in Gigamon’s possession, custody or control.
1.9 “Insight” Gigamon Software delivered as a service.
1.10 “Software” means any object or binary code or firmware, any accompanying Documentation, and any upgrades or updates therefor, that are provided by Gigamon or an Authorized Channel Partner on Gigamon’s behalf and that are either (i) included with or embedded in the Gigamon Hardware, or (ii) provided as a separate software product or service.
1.11 “Standard Contractual Clauses” means the standard data protection clauses for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010 on Standard Contractual Clauses and set forth in Appendix 4 in this DPA.
1.12 “Support Services” means the support and maintenance services purchased by Customer from Gigamon or through an authorized channel partner.
1.13 “Personal Data” means any personal data as defined in the Data Protection Legislation, including the GDPR, that Gigamon processes in connection with the Gigamon Offering.
1.14 “Security Documentation” means Appendix 2 describing the Security Measures and Section 5.4 (Reviews and Audits of Compliance).
1.15 “Security Measures” has the meaning given in Section 5.1.2 (Gigamon’s Security Measures).
1.16 “Special Categories of Personal Data” has the meaning given to it under Article 9.1 of the GDPR.
1.17 “Term” means the period from the DPA Effective Date until the end of Gigamon’s provision of the Gigamon Offering pursuant to the Agreement.
1.18 “Subprocessors” means third parties authorized under this DPA to process Personal Data in relation to the Gigamon Offering.
1.19 The terms “data subject”, “processing”, “controller”, “processor” and “supervisory authority” as used in this DPA have the meanings given in the GDPR, and the terms “data importer” and “data exporter” have the meanings given in the Standard Contractual Clauses.
2. DURATION OF DPA
This DPA will take effect on the DPA Effective Date and, notwithstanding the expiration of the Term, will remain in effect until, and automatically expire upon termination or expiration of the Agreement, or until such time as Gigamon no longer processes Personal Data.
3. PROCESSING OF DATA
3.1 Roles and Regulatory Compliance.
3.1.1 Processor and Controller Responsibilities. The parties acknowledge and agree that:
(a) the subject matter and details of the processing are described in Appendix 1a and/or Appendix 1b, depending on the Gigamon Offerings at issue; and
(b) Gigamon is a Processor of that Personal Data under Data Protection Legislation; and
(c) Customer is a Controller of that Personal Data under Data Protection Legislation; and
(d) Gigamon will immediately inform Customer if it believes that Customer’s instructions with respect to the Processing of Personal Data violate the GDPR or Member State provisions; and
(e) each party will comply with the obligations applicable to it in such role under the Data Protection Legislation with respect to that Personal Data.
3.1.2 Customer Responsibilities. Customer agrees that: (a) Customer has established or ensured that another party has established a legal basis for Gigamon’s processing of Personal Data contemplated by this DPA; (b) to the extent required by Data Protection Legislation given the context of the processing and unless another legal basis supports the lawfulness of processing, all notices have been given to, and consents and rights have been obtained from, the relevant data subjects and any other party as may be required under applicable law (including European Data Protection Legislation) for such processing; and (c) Personal Data does not and will not contain Special Categories of Personal Data.
3.2 Scope of Processing and Authorization.
3.2.1 Customer’s Instructions. By entering into this DPA, Customer instructs Gigamon to process Personal Data: (a) to provide the Gigamon Offering; (b) as authorized by the Agreement, including this DPA; and (c) as further documented in any other written instructions given by Customer and acknowledged in writing by Gigamon.
3.2.2 Gigamon’s Compliance with Instructions. Gigamon will only process Personal Data in accordance with Customer’s instructions described in Section 3.2.1 unless Data Protection Legislation requires otherwise, in which case Gigamon will notify Customer in writing (unless that law prohibits Gigamon from doing so on important grounds of public interest).
4. DATA DELETION AND RETENTION
4.1 Deletion on Termination. On termination of the Agreement or expiry of the Term and at the choice of the Customer, Gigamon will either delete or return (in a commonly machine readable format) the Personal Data to the Customer and certify in writing that it has done so unless Union or Member State law requires storage of the Personal Data.
4.2 Retention. Gigamon will use all commercially reasonable efforts to implement and maintain appropriate retention periods for Personal Data in accordance with Data Protection Legislation. Gigamon will delete Personal Data as soon as retention of such data is no longer necessary for the purposes of processing under this DPA, subject only to situations where a longer period is required under European Union or Member State law.
5. DATA SECURITY
5.1 Gigamon Security Measures, Controls and Assistance.
5.1.1 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Controller and the Processor shall implement and maintain appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
5.1.2 Gigamon Security Measures. Gigamon will implement and maintain technical and organizational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data as described in Appendix 2 (the “Security Measures”).
5.1.3 Gigamon Security Controls. Gigamon may grant employees, contractors and Subprocessors access to Personal Data when appropriate confidentiality arrangements or obligations no less protective than those set forth in this DPA are in place and when such access is required to perform their job duties.
5.1.4 Gigamon Security Assistance. Gigamon will (taking into account the nature of the processing of Personal Data and the information available to Gigamon) provide Customer with reasonable assistance necessary for Customer to comply with its obligations in respect of Personal Data under European Data Protection Legislation, including Articles 32 to 36 (inclusive) of the GDPR, by:
(a) implementing and maintaining the Security Measures in accordance with Section 5.1.2 (Gigamon Security Measures); and
(b) complying with the terms of Section 5.2 (Information Security Incidents).
5.2 Information Security Incidents.
5.2.1 Information Security Incident Notification. If Gigamon becomes aware of, an Information Security Incident, Gigamon will (a) notify Customer of the Information Security Incident without undue delay (and in any event within 72 hours) including: (a.1) description of the nature of the Information Security Incident, (a.2) the name and contact details for the contact point to find more information, (a.3) the description of likely consequences of Information Security Incident, and (a.4) description of the measures taken or proposed to be taken to address the Information Security Incident including, where appropriate, measures to mitigate its possible adverse effects; and Gigamon will (b) take prompt action, at its own expense, to investigate the Information Security Incident.
5.3 Customer’s Security Responsibilities and Assessment.
5.3.1 Customer’s Security Responsibilities. Customer agrees that, without limitation of Gigamon’s obligations under Section 5.1 (Gigamon’s Security Measures, Controls and Assistance) and Section 5.2 (Information Security Incidents):
(a) Customer is solely responsible for its use of the Gigamon Offering, including:
(i) securing the account authentication credentials, systems and devices Customer uses to access the Gigamon Offering;
(ii) securing Customer’s systems and devices that Gigamon uses to provide the Gigamon Offering; and
(iii) independently backing up Personal Data; and
(b) Gigamon has no obligation to protect Personal Data that Customer elects to store or transfer outside the scope of this DPA.
5.3.2 Customer’s Security Assessment.
Customer has reviewed the Security Documentation and evaluated that the Gigamon Offering, the Security Measures and Gigamon’s commitments under this Section 5 (Data Security) meets Customer’s needs.
5.4 Reviews and Audits of Compliance.
5.4.1 Customer may audit Gigamon’s compliance with its obligations under this DPA up to once per year and on such other occasions as may be required by Data Protection Legislation, including where mandated by Customer’s supervisory authority. Gigamon will contribute to such audits by providing Customer or Customer’s supervisory authority with the information and assistance reasonably necessary to conduct the audit.
5.4.2 If a third party is to conduct the audit, Gigamon may object to the auditor if the auditor is, in Gigamon’s reasonable opinion a competitor of Gigamon. Such objection by Gigamon will require Customer to appoint another auditor or conduct the audit itself.
5.4.3 Subject to clause 5.2.1 in relation to an Information Security Incident and aside from in the event of an investigation of a supervisory authority, to request an audit, Customer must submit a detailed proposed audit plan to Gigamon at least thirty (30) days in advance of the proposed audit date and any third party auditor must sign a customary non-disclosure agreement mutually acceptable to the parties (such acceptance not to be unreasonably withheld) providing for the confidential treatment of all information exchanged in connection with the audit and any reports regarding the results or findings thereof. The proposed audit plan must describe the proposed scope, duration, and start date of the audit. Gigamon will review the proposed audit plan and provide Customer with any concerns or questions (for example, any request for information that could compromise Gigamon security, privacy, employment or other relevant policies). Gigamon will work cooperatively with Customer to agree on a final audit plan. Nothing in this Section 5.4 shall require Gigamon to disclose any information where such disclosure would result in a breach of any duties of confidentiality.
5.4.4 If the controls or measures to be assessed in the requested audit are addressed in an SSAE 16/ISAE 3402 Type 2, ISO, NIST or similar audit report performed by a qualified third party auditor within twelve (12) months of Customer’s audit request and Gigamon has confirmed there are no known material changes in the controls audited, Customer agrees to accept such report in lieu of requesting an audit of such controls or measures.
5.4.5 The audit must be conducted during regular business hours, subject to the agreed final audit plan and Gigamon’s safety, security or other relevant policies, and may not unreasonably interfere with Gigamon business activities.
5.4.6 Customer will promptly notify Gigamon of any non-compliance discovered during the course of an audit and provide Gigamon any audit reports generated in connection with any audit under this Section 5.4, unless prohibited by Data Protection Legislation or otherwise instructed by a supervisory authority. Customer may use the audit reports only for the purposes of meeting Customer’s regulatory audit requirements and/or confirming compliance with the requirements of this DPA.
5.4.7 Any audits are at Customer’s expense. Customer will be responsible for any fees charged by any auditor appointed by Customer to execute any such audit. Nothing in this DPA shall be construed to require Gigamon to furnish more information about its Subprocessors in a connection with such audits than such Subprocessors make available to Gigamon without restriction on further disclosure. If any audit reveals that Gigamon is not in compliance with the provisions of this DPA and/or Data Protection Legislation, Gigamon shall take at its own cost all commercially reasonable corrective actions including any temporary work-arounds necessary to comply with the provisions of this DPA and/or Data Protection Legislation.
6. IMPACT ASSESSMENT AND CONSULTATION
Gigamon will (taking into account the nature of the processing and the information available to Gigamon) reasonably assist Customer in complying with its obligations under Data Protection Legislation in respect of data protection impact assessments and prior consultation, including, if applicable, Customer’s obligations pursuant to Articles 35 and 36 of the GDPR, by (a) making available for review copies of the Security Documentation or other documentation or information describing relevant aspects of Gigamon’s information security program and the security measures applied in connection therewith; and (b) providing the other information contained in the Agreement including this DPA.
7. DATA SUBJECT RIGHTS
7.1 Customer’s Responsibility for Requests. During the Term, if Gigamon receives any request from a data subject in relation to the data subject’s Personal Data processed in connection with the Gigamon Offering, Gigamon will advise the data subject to submit their request to Customer and Customer will be responsible for responding to any such request, subject to the assistance to be provided by Gigamon pursuant to Section 7.2 below.
7.2 Gigamon’s Data Subject Request Assistance. Gigamon will (taking into account the nature of the processing of Personal Data) provide Customer with reasonable assistance as necessary for Customer to perform its obligation under Data Protection Legislation to respond to requests by data subjects, including if applicable, Customer’s obligation to respond to requests for exercising the data subject’s rights set out in Chapter III of the GDPR.
8. DATA TRANSFERS TO A THIRD COUNTRY
8.1 Data Storage and Processing Facilities. Gigamon may, subject to Section 8.2 (Transfers of Data Out of the EEA), store and process Personal Data in the United States or anywhere Gigamon or its Subprocessors maintains facilities.
8.2 Transfers of Data Out of the EEA.
8.2.1 Gigamon’s Transfer Obligations. If Customer is established in the EEA and Gigamon’s processing of Personal Data involves transfers of Personal Data out of the EEA to Gigamon in a country not deemed by the European Commission to have adequate data protection, and the European Data Protection Legislation applies to such transfer, such transfer will be governed by the Standard Contractual Clauses. For the purposes of the Standard Contractual Clauses, Customer and Gigamon agree that (a) Customer will act as the data exporter on its own behalf and on behalf of any of its subsidiaries and (b) Gigamon will act as the data importer.
8.2.2 Standard Contractual Clauses Administration. The parties agree that (a) upon data exporter’s request under the Standard Contractual Clauses, data importer will provide the copies of the Subprocessor agreements that must be sent by the data importer to the data exporter pursuant to Clause 5(j) of the Standard Contractual Clauses, and that data importer may remove or redact all commercial information or clauses unrelated the Standard Contractual Clauses or their equivalent beforehand; (b) the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be performed in accordance with Section 5.4 of this DPA; (c) Customer’s authorizations in Section 9.1 will constitute Customer’s prior written consent to the subcontracting by Gigamon of the processing of Personal Data if such consent is required under Clause 5(h) of the Standard Contractual Clauses, provided that Gigamon shall remain responsible with its Subprocessors’ acts or omissions under the Agreement including this DPA; and (d) certification of deletion of Personal Data as described in Clause 12(1) of the Standard Contractual Clauses shall be provided only upon Customer’s request.
9. SUBPROCESSORS
9.1 Consent to Subprocessor Engagement. Customer specifically authorizes and consents to the engagement of Gigamon’s subsidiaries as Subprocessors. In addition, Customer generally authorizes and consents to the engagement of any other relevant third parties as Subprocessors as needed to provide the Gigamon Offering. Gigamon currently engages the Subprocessors listed in Appendix 3.
9.2 Requirements for Subprocessor Engagement. When first engaging any Subprocessor, Gigamon will enter into a written contract with such Subprocessor containing data protection obligations not less protective than those in this DPA with respect to Personal Data to the extent applicable to the nature of the Gigamon Offering provided by such Subprocessor.
9.3 Opportunity to Object to Subprocessor Changes.
When a new Subprocessor is engaged during the Term, Gigamon will notify Customer of the engagement (including the name and location of the relevant Subprocessor and the activities it will perform) by sending an email. If Customer objects to such engagement in a written notice to Gigamon within fifteen (15) days of being informed thereof on reasonable grounds relating to the protection of Personal Data, Customer and Gigamon will work together in good faith to find a mutually acceptable resolution to address such objection. If the parties are unable to reach a mutually acceptable resolution within a reasonable timeframe, Customer may, as its sole and exclusive remedy, terminate the Agreement by providing written notice to Gigamon.
10. NOTICES
Notwithstanding anything to the contrary in the Agreement, any notices required or permitted to be given by Gigamon to Customer under this DPA. may be given (a) in accordance with the notice clause of the Agreement; and/or (b) as described in Section 5.2.1; and/or (c) to Gigamon’s primary points of contact with Customer.
11. EFFECT OF THESE TERMS
Except as expressly modified by the DPA, the terms of the Agreement remain in full force and effect. To the extent of any conflict or inconsistency between this DPA and the remaining terms of the Agreement regarding the subject matter herein, this DPA will govern.
12. ADDITIONAL TERMS TO STANDARD CONTRACTUAL CLAUSES (Commission Decision C(2010)593 Standard Contractual Clauses (processors))
12.1 These terms apply where the Standard Contractual Clauses (Commission Decision C(2010)593 Standard Contractual Clauses (processors)) are adopted by the parties in lieu of another adequate personal data transfer mechanism to the transfer of Customer Personal Data from the European Economic Area, Switzerland, or the United Kingdom to another jurisdiction not recognized as adequate by the European Commission, Swiss Federal Data Protection and Information Commissioner, or United Kingdom Information Commissioner’s Office respectively.
12.2 The Standard Contractual Clauses and the additional terms specified in this Section 13 of this DPA shall apply to (i) the legal entity that has executed the Standard Contractual Clauses as a data exporter and, (ii) all subsidiaries of Customer established within the European Economic Area, Switzerland and the United Kingdom, which have signed an Agreement for Gigamon Offering. With regard to the Standard Contractual Clauses and this Section 13, the aforementioned entities shall be deemed “Data Exporters”.
12.3 Instructions. This DPA and the Agreement are Customer’s complete and final documented instructions at the time of signature of the Agreement to Gigamon for the Processing of Personal Data. Any additional or alternate instructions must be agreed upon separately. For the purposes of Clause 5(a) of the Standard Contractual Clauses, the following is deemed an instruction by the Customer to process Personal Data: (a) Processing in accordance with the Agreement and where applicable Order Form(s); (b) Processing initiated by Customer in their use of the Gigamon Offering and (c) Processing to comply with other reasonable documented instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.
12.4 Appointment of new Subprocessors and List of current Subprocessors. Pursuant to Clause 5(h) of the Standard Contractual Clauses, Customer acknowledges and expressly agrees that (a) Gigamon’s subsidiaries may be retained as Subprocessors; and (b) Gigamon and Gigamon’s subsidiaries respectively may engage third-party Subprocessors in connection with the provision of the Gigamon Offering. Gigamon shall make available to Customer the current list of Subprocessors in accordance with Section 9 of this DPA.
12.5 Notification of New Subprocessors and Objection Right for new Subprocessors. Pursuant to Clause 5(h) of the Standard Contractual Clauses and consistent with Article 28 of the GDPR, Customer acknowledges and expressly agrees that Gigamon may engage new Subprocessors as described in Section 9 of the DPA.
12.6 Sub-processor Agreements. The parties agree that Subprocessing obligations pursuant to Clause 11 of the Standard Contractual Clauses shall be carried out in accordance with GDPR Article 28. The parties agree that the copies of the Subprocessor agreements that must be provided by Gigamon to Customer pursuant to Clause 5(j) of the Standard Contractual Clauses may have all commercial and confidential information, or clauses unrelated to the Standard Contractual Clauses or their equivalent, redacted by Gigamon beforehand; and, that such copies will be provided by Gigamon, in a manner to be determined in its discretion, only upon written request by Customer.
12.7 Audits. The parties agree that the audits described in Clause 5(f) and Clause 12(2) of the Standard Contractual Clauses shall be carried out in accordance with Section 5.4 of this DPA. To the extent the Standard Contractual Clauses additionally require Gigamon’s facilities be submitted for inspection, Customer may contact Gigamon through prior written notice to request an on-site audit of the procedures relevant to the protection of Customer Personal Data. Customer shall reimburse Gigamon for any time expended for any such on-site audit at the Gigamon’s then-current professional services rates, which shall be made available to Customer upon request. Before the commencement of any such on-site audit, Customer and Gigamon shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Customer shall be responsible. Customer shall promptly notify Gigamon with information regarding any noncompliance discovered during the course of an audit.
12.8 Certification of Deletion. The parties agree that the certification of deletion of Personal Data that is described in Clause 12(1) of the Standard Contractual Clauses shall be provided by Gigamon to Customer only upon Customer’s request pursuant to Section 4 of this DPA.
12.9 Conflict. In the event and to the extent of any conflict or inconsistency between the body of this DPA and any of its Schedules (not including the Standard Contractual Clauses) and the Standard Contractual Clauses in Appendix 4 in a way that materially affects the adequacy of the transfer, the Standard Contractual Clauses shall prevail.
Appendix 1a to the DPA - Insight
Subject Matter and Details of the Data Processing
Appendix 1b to the DPA – GIGAMON OFFERINGS
Subject Matter and Details of the Data Processing
Subject Matter |
Gigamon’s delivery of Gigamon Offerings. |
Duration of Processing |
Duration of the applicable purchase order. |
Nature and Purpose of the Processing |
Gigamon’s delivery of Gigamon Offerings. |
Categories of Personal Data |
Contact Information: Gigamon receives and uses contact information (name, email, title, phone, address) for Customer’s employees for billing purposes. Gigamon may also receive contact information of our customer’s employees, when these employees contact Gigamon’s Customer Success organization requesting assistance with product issues. |
Categories of Statutorily Defined Data Subjects for Whom the Customer’s Personal Data Relates |
Data subjects such as Customer’s system user’s data and other individuals whose personal data Customer is responsible for and which personal data is processed in connection with support and or delivery of Gigamon Offerings. |
Appendix 2 to the DPA
Security Measures
As from the DPA Effective Date, Gigamon will implement and maintain the Security Measures set out in this Appendix 2.
Security Control Category |
Description |
1. Governance |
|
2. Risk Assessment |
|
3. Information Security Policies |
|
4. Human Resources Security |
|
5. Asset Management |
|
6. Access Controls |
|
7. Cryptography |
|
8. Physical Security |
|
9. Operations Security |
|
10. Communications Security |
|
11. System Acquisition, Development, and Maintenance |
|
12. Supplier Relationshipa. |
|
13. Information Security Incident Management |
|
14. Business Continuity Management |
|
Appendix 3 to the DPA
Subprocessors
Appendix 4 to the DPA
Commission Decision C(2010)593
Standard Contractual Clauses (processors)
For the purposes of Article 26(2) of Directive 95/46/EC for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection
Name of the data exporting organisation: Customer
And
Name of the data importing organisation: Gigamon
each a “party”; together “the parties”,
HAVE AGREED on the following Contractual Clauses (the Clauses) in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of individuals for the transfer by the data exporter to the data importer of the personal data specified in Appendix 1.
Clause 1
Definitions
For the purposes of the Clauses:
Clause 2
Details of the transfer
The details of the transfer and in particular the special categories of personal data where applicable are specified in Appendix 1 which forms an integral part of the Clauses.
Clause 3
Third-party beneficiary clause
Clause 4
Obligations of the data exporter
The data exporter agrees and warrants:
Clause 5
Obligations of the data importer
The data importer agrees and warrants:
Mandatory requirements of the national legislation applicable to the data importer which do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC, that is, if they constitute a necessary measure to safeguard national security, defence, public security, the prevention, investigation, detection and prosecution of criminal offences or of breaches of ethics for the regulated professions, an important economic or financial interest of the State or the protection of the data subject or the rights and freedoms of others, are not in contradiction with the standard contractual clauses. Some examples of such mandatory requirements which do not go beyond what is necessary in a democratic society are, inter alia, internationally recognised sanctions, tax-reporting requirements or anti-money-laundering reporting requirements.
Clause 6
Liability
Clause 7
Mediation and jurisdiction
Clause 8
Cooperation with supervisory authorities
Clause 9
Governing Law
The Clauses shall be governed by the law of the Member State in which the data exporter is established.
Clause 10
Variation of the contract
The parties undertake not to vary or modify the Clauses. This does not preclude the parties from adding clauses on business related issues where required as long as they do not contradict the Clause.
Clause 11
Subprocessing
Clause 12
Obligation after the termination of personal data processing services
Appendix 1 to the Standard Contractual Clauses
This Appendix forms part of the Clauses and must be completed and signed by the parties.
The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.
Data exporter
The data exporters are (please specify briefly your activities relevant to the transfer):
Each of the Customer EEA Affiliates (as defined in the DPA)
Data importer
The data importer is (please specify briefly activities relevant to the transfer):
Gigamon (as defined in the DPA)
Data subjects
The personal data transferred concern the following categories of data subjects (please specify):
As described in the section entitled "Categories of Statutorily Defined Data Subjects for Whom the Customers' Personal Data Relates" in Appendix 1 to the DPA.
Categories of data
The personal data transferred concern the following categories of data (please specify):
As described in the section entitled "Categories of Personal Data" in Appendix 1 to the DPA.
Special categories of data (if appropriate)
The personal data transferred concern the following special categories of data (please specify):
None.
Processing operations
The personal data transferred will be subject to the following basic processing activities (please specify):
As described in the section entitled "Nature and Purpose of the Processing" in Appendix 1 to the DPA.