GDPR DPA Schedule C: Restricted Transfer Addendum

This Addendum includes the following Annexes, each of which are part of this Addendum as applicable.

• Annex 1: Description of the Processing
• Annex 2: Technical and Organizational Measures

Section 1.  Definitions

1.1 “Controller Services” has the meaning set forth in the GDPR General Terms.

1.2 “DPF Signatory” means a signatory that has certified compliance with the Data Privacy Framework Principles (available at https://www.dataprivacyframework.gov/s/framework-text) whether under the EU-US framework, Swiss-U.S framework, or UK Extension to the EU-US framework.  

1.3 “Onward Transfers” means onward transfers by the Receiving Party to a third-party Controller or Processor.

1.4 “Processor Services” has the meaning set forth in the GDPR General Terms.

 1.5 "Restricted Transfer" means: (i) where the EU GDPR applies, a transfer of personal data from the European Economic Area (“EEA”) to a recipient in a country outside of the EEA which is not subject to an adequacy determination by the European Commission and where the recipient is not a DPF Signatory; and (ii) where the UK GDPR applies, a transfer of personal data from the United Kingdom (“UK”) to a recipient in a country which is not based on adequacy regulations pursuant to Section 17A of the United Kingdom Data Protection Act 2018 and where the recipient is not a DPF Signatory.

1.6 “Standard Contractual Clauses” means: (i) where the EU GDPR applies, the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council ("EU SCCs"); and (ii) where the UK GDPR applies, standard data protection clauses adopted pursuant to or permitted under Article 46 of the UK GDPR ("UK SCCs").

Section 2. Adagio’s Data Centers 

Adagio processes and stores Personal Data subject to European Data Protection Law in countries with European Commission adequacy decisions or using appropriate safeguards. This Addendum applies only to Restricted Transfers. Onward Transfers by either Party to third-party Controllers or Processors are under separate agreements. 

Section 3. Restricted Transfers

3.1.  In respect of any Restricted Transfer, Disclosing Party (as “data exporter”) and Receiving Party (as “data importer”), with effect from the commencement of any relevant transfer, hereby enter into Module 1 (controller-to-controller) and Module 2 (controller-to-processor) of the Standard Contractual Clauses in respect of any transfer of Personal Data from Disclosing Party to Receiving Party.

3.2 For Restricted Transfers under the EU SCCs for Controller Services subject to Module One:

(a) Clause 7 – the options docking clause will apply;

(b) Clause 11(a) – the optional language shall not apply;

(c) Clause 17 – “Option 1” applies for governing law, and the “Member State” shall be France;

(d) Clause 18 – Choice of forum and jurisdiction shall be France (Paris);

(e) Annex 1 shall be deemed completed with the information set out in Annex 1 to this Addendum;

(f) Annex 2 shall be deemed completed with the information set out in Annex 2 to this Addendum. 

3.3 For Restricted Transfers under the EU SCCs for Processor Services subject to Module Two:

(a) Clause 7 – the options docking clause will apply;

(b) Clause 9 - Option 2 applies; the time period for prior notice of sub-processor changes will be 30 days;

(c) Clause 11(a) – the optional language shall not apply;

(d) Clause 17 – “Option 1” applies for governing law, and the “Member State” shall be France;

(e) Clause 18 – Choice of forum and jurisdiction shall be France (Paris);

(f) Annex 1 shall be deemed completed with the information set out in Annex 1 to this Addendum;

(g) Annex 2 shall be deemed completed with the information set out in Annex 2 to this Addendum. 

3.4 In respect of any Restricted Transfers under the UK SCCs, the EU SCCs completed as set out above shall also apply to such transfers and shall be interpreted consistently with the information set forth in this Addendum.   

3.5 For Restricted Transfers from Switzerland, the terms of the EU SCCs shall be amended and supplemented as specified by the relevant guidance of the Swiss Federal Data Protection and Information Commissioner.

Section 4. Miscellaneous

4.1  This Restricted Transfer Addendum shall control in the event of a conflict with any other part of the DPA.