Workday Data Processing Agreement

www.workday.com/en-us/pages/workday-cloud-platform-apps.html#app-5 For the purposes of Article 26(2) of Directive 95/46/EC on the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection …. (the data exporter) [2] Mandatory requirements of national law applicable to the data importer which.m do not go beyond what is necessary in a democratic society on the basis of one of the interests listed in Article 13(1) of Directive 95/46/EC. if they constitute a measure necessary for the protection of national security, defence and public security, the prevention, investigation, detection and prosecution of criminal offences or violations of the ethics of the regulated professions, of an important economic or financial interest of the State or of the protection of the data subject or of the rights and freedoms of others are not contrary to the standard contractual clauses. Examples of such binding requirements that do not go beyond what is necessary in a democratic society include internationally recognized sanctions, tax reporting obligations or reporting obligations to combat money laundering. This Data Processing Addendum (“DTA”) to the Technology Services Agreement or other similar master agreement regarding certain Services with Appirio, Inc. (the “Agreement”) between Customer and Appirio, Inc. (“Appirio”) to reflect the agreement of the parties on the processing of personal data, if any, in accordance with the requirements of data protection laws and regulations. References to the Agreement shall be construed as including, but not limited to, this DTA. Third-party providers may use their own subcontractors who have access to personal data (sub-processors). It is our policy to use only third-party service providers who provide adequate safeguards for the protection of personal data and to process the personal data transmitted to them only in accordance with PwC`s documented instructions and to pass these obligations on to their sub-processors. b. EU-U.S. and SWISS-U.S.

Privacy Shield Self-Certification. . . .