APPENDIX 1 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties. The Member States may complete or specify, according to their national procedures, any additional necessary information to be contained in this Appendix.

Data exporter

The data exporter is (please specify briefly your activities relevant to the transfer):

………………………………………………………………………………………………………………………………………………………

Data importer

The data importer is (please specify briefly activities relevant to the transfer):

A business commerce software platform enabling companies to collaborate on business documents and fully digitize their supply chains. Tradeshift processes these documents and requests on behalf of the data exporter

Data subjects

The personal data transferred concern the following categories of data subjects (please specify):

………………………………………………………………………………………………………………………………………………………

Categories of data

The personal data transferred concern the following categories of data (please specify):

………………………………………………………………………………………………………………………………………………………

Special categories of data (if appropriate)

The personal data transferred concern the following special categories of data (please specify):

………………………………………………………………………………………………………………………………………………………

Processing operations

The personal data transferred will be subject to the following basic processing activities (please specify):

………………………………………………………………………………………………………………………………………………………

Names, email addresses and other contact info incidentally entered into the business documents are processed as requested by the importer, generally this information is used to ensure documents are routed to their correct destination.

 

APPENDIX 2 TO THE STANDARD CONTRACTUAL CLAUSES

This Appendix forms part of the Clauses and must be completed and signed by the parties. Description of the technical and organizational security measures implemented by the data importer in accordance with Clauses 4(d) and 5(c) (or document/legislation attached): Regular application penetration testing, Host Based Intrusion Detection (HIDS) systems, SOC 1 compliance, SOC 2 compliance, ISAE 3402 compliance, ISO 27001 compliance, Multifactor authentication, volume and object level encryption, TLS and SSH encrypted connections over public networks, application layer access controls, “jump” hosts for administrative access, certificates for mutual TLS authentication on internal systems.

ILLUSTRATIVE INDEMNIFICATION CLAUSE (OPTIONAL)

Liability

The parties agree that if one party is held liable for a violation of the clauses committed by the other party, the latter will, to the extent to which it is liable, indemnify the first party for any cost, charge, damages, expenses or loss it has incurred. Indemnification is contingent upon:

  1. the data exporter promptly notifying the data importer of a claim; and
  2. the data importer being given the possibility to cooperate with the data exporter in the defense and settlement of the claim