Service data processing agreement

Service data processing agreement

Last Modified June 25, 2020

This Data Processing Agreement (“Agreement”) is made upon acceptance of the Terms of Service as defined below, between the Company accepting the Terms of Service (“Company”) and the Nuance entity entering into the Terms of Service (“Nuance”),
each a “Party” and together the “Parties”.

RECITALS

(A) Company has entered into one or more agreements (referred to collectively as the “Supplier Agreement”) with a third party supplier (“Supplier”) under which it procured certain Nuance products, hosted services and/or maintenance and support services (referred to collectively as “Nuance Services” or “Services”) from Supplier.

(B) In addition, Nuance and Company have entered into Terms of Service for such Nuance Services (the “Terms of Services”).

(C) The Parties have agreed that in order for Customer to consummate the Nuance Services it has obtained from Supplier under the Supplier Agreement, it will be necessary for Nuance to Process certain Personal Data in respect of which Company will be a Data Controller, or acting on behalf of the Data Controller, for the purposes of this Agreement under and subject to the Data Protection Laws (as defined below).

(D) The Parties have agreed to enter into this Agreement in order to address the compliance obligations imposed upon Company pursuant to Data Protection Laws with respect to Personal Data which will be Processed by Nuance and in respect of which Company will be a Data Controller, and to ensure that adequate safeguards are put in place with respect to the protection of such Personal Data.

1. DEFINITIONS.

The following expressions are used in this Agreement: In the event the definitions herein differ from the Terms of Service relating to data protection, this Agreement shall prevail as to the specific subject matter of such definition.

(a) “Data Subject Request” means a request from or on behalf of a Data Subject relating to access of, or the rectification of, erasure of or data portability of that person’s Personal Data or an objection from or on behalf of a Data Subject to the Processing of his or her Personal Data.

(b) “Data Protection Laws” means all laws and regulations applicable to the Processing of Personal Data by Nuance in connection with the Nuance Services, including but not limited to the GDPR.

(c) “GDPR” means Regulation (EU) 2016/79 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data (known as the General Data Protection Regulation).

(d) “EU Standard Contractual Clauses” means the standard data protection clauses for the transfer of Personal Data to Processors established in third countries which do not ensure an adequate level of data protection, as described in Article 46 of the GDPR, pursuant to the European Commission’s decision (C(2010)593) of 5 February 2010.

(e) “Personal Data” shall cover any personal data in the meaning given to it by Data Protection Laws which is processed by Nuance in connection with Company’s use of Nuance Services obtained from Supplier.

(f) “Personal Data Breach” means a Personal Data Breach as defined under Data Protection Laws that is any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data within Nuance’s scope of responsibility by any of its staff, sub-processors or any other identified or unidentified third party after Nuance becomes aware with a reasonable degree of certainty that such Personal Data Breach has occurred.

(g) “Adequate Country” means a country, territory, or specified sectors within a country and international organization published by the European Commission in the Official Journal of the European Union for which it has decided that an adequate level of protection is ensured.

(h) “Process”, “Processing”, “Controller”, “Data Controller”, “Processor”, “Data Processor”, “Data Subject”,” and “Supervisory Authority” or “National Authority” shall have the meanings given to them by GDPR. The term Data Processor includes sub-processors, sub-sub-processers etc.

2. STATUS OF THE PARTIES

2.1 Company is the Data Controller, and Nuance is the Data Processor. Accordingly, Company grants Nuance the right to Process the Personal Data for the purposes of providing the Nuance Services. Nuance agrees that it shall Process all Personal Data in performing the Nuance Services pursuant to this Agreement, Supplier Agreement and the Terms of Service.

3. PROCESSING REQUIREMENTS

3.1 Data Processing Details. Company, as Data Controller, will determine the scope, purposes, and manner by which the Personal Data may be Processed by Nuance, including the transfer by Nuance of Company Personal Data to any country or territory, as reasonably necessary for the provision of the Nuance Services. The type of Personal Data Processed pursuant to this Agreement as well as the subject matter, nature and purpose of the Processing, the Data Subjects involved, and the location(s) and duration of the Processing (details required by GDPR Article 28(3)) are as described in the Data Processing Details.

3.2 Processing under Control of Controller. Nuance shall only Process the Personal Data to provide the Nuance Services and shall act only in accordance with Company’s or Supplier’s documented instructions to the extent appropriate for the provision of the Nuance Services, and except as required to comply with a legal obligation to which Nuance is subject. . To fully optimize the speech recognition, digital dictation and communication abilities of the Nuance Services, the Data Controller instructs Nuance and its sub-processors and affiliated companies to use, compile (including creating statistical and other models), annotate and otherwise analyse the Personal Data to operate, maintain, tune, enhance, improve and provide technical support services for the speech recognition, natural language understanding and other Nuance software and technologies that are embodied in the Nuance Services. Personal Data Processing instructions can be modified, amended or replaced through an amendment to this Agreement through the established change control process. Instructions not foreseen in or covered by the Terms of Services or this Agreement shall be treated as requests for amendments to this Agreement. If applicable law requires Nuance to Process Personal Data other than that pursuant to Company’s instruction, Nuance will notify Company as reasonably practicable, unless prohibited from doing so by applicable law. Nuance shall, as soon as reasonably practicable upon becoming aware, inform Company if, in Nuance’s opinion, any instructions provided by Company will lead to infringement of Data Protection Laws.

Relationship to Supplier. Company has to provide any instructions directly to Nuance and to ensure that Supplier does not provide any instructions to Nuance with respect to Company Personal Data.

3.3 Confidentiality. Without prejudice to any existing contractual arrangements between the Parties, Nuance shall treat all Personal Data as strictly confidential. Nuance shall take appropriate steps so that only authorized personnel who are subject to binding obligations of confidentiality, either contractual or statutory, will have access to the Personal Data. Termination or expiration of this Agreement shall not discharge Nuance from its confidentiality obligations.

3.4 Limitation of Access. Nuance will ensure the performance of the Nuance Services according to this Agreement is limited to the personnel performing the Nuance Services.

3.5 Data Protection Officer (DPO). Nuance has appointed a data protection officer, who can be reached at: Privacy@Nuance.com or by mail (Worldwide) at:

Chief Privacy Officer
Nuance Communications, Inc.
1 Wayside Road
Burlington MA 01803
USA

Or by contacting our representative in the EU at:

Chief Privacy Officer
Nuance Communications Ireland, Ltd
20 Merrion Road
Ballsbridge, Dublin 4
IRELAND

Any changes to this contact information will be published at nuance.com/about-us/company-policies/privacy-policies.html.

3.6 Data Subject Notices. For Personal Data that is provided to Nuance by Company under the Agreement, Company is responsible for providing any notices and information required by Data Protection Laws to be given at the time of collection, including, but not limited to notice with respect to:

i) Sharing of Personal Data with Data Processors as permitted by Section 5 below; and

ii) Transfer of Personal Data to Nuance’s Affiliates and sub-processors overseas, as permitted by Section 5 and Section 6 below.

3.7 Data Subject Requests. As between the Parties, Company shall be responsible for addressing all Data Subject Requests. Nuance shall promptly notify Company if Nuance receives a request from a Data Subject to exercise his or her Data Subject’s rights. Taking into account the nature of the Processing and insofar as possible, Nuance shall assist Company by appropriate technical and organization measures in fulfilment of Company’s obligations to respond to said Data Subject Request under Data Protection Laws. To the extent legally permitted, Company shall be responsible for any costs arising from Nuance’s provision of such assistance.

3.8 Notice of Personal Data Breach. Nuance maintains an Incident Management Policy and shall notify Company of any Personal Data Breach without undue delay.

In the event of a Personal Data Breach, Nuance shall make reasonable efforts to identify the cause of such Personal Data Breach and take reasonable steps as Nuance deems necessary and reasonable under industry standards, in order to remediate the cause of such breach to the extent the remediation is within Nuance’s reasonable control, in fulfilling Company’s obligation under Data Protection Laws. Nuance shall not be responsible for incidents that are caused by Company, Supplier or Company’s end users.

3.9 Deletion of Personal Data. Upon Company’s written request, or as reasonably practicable following the termination of this Agreement or the Service Agreement, Nuance shall delete all Personal Data, except to the extent applicable law requires Nuance to continue to store the Personal Data. Company acknowledges that Nuance’s deletion of Personal Data represents compliance with any legal obligation to return Personal Data to Company.

3.10 Audit and Records. Subject to reasonable prior notice from Company, Nuance shall provide Company with reasonable evidence to demonstrate Nuance’s compliance with this Agreement and Data Protection Laws and shall allow for and contribute to audits, including inspections, conducted by Company or another auditor mandated by Company. Company’s right of audit under Data Protection Laws may be satisfied by Nuance through Nuance providing to Company or Supplier:

(a) an audit report not older than 18 months by a registered and independent external auditor demonstrating that Nuance’s technical and organizational measures described in the Description of Technical and Organizational Measures are sufficient and in accordance with an accepted industry audit standard such as SSAE 18 SOC 2; and/or

(b) additional information in Nuance’s possession or control to a Supervisory Authority when it requests or requires additional information in relation to the data Processing activities carried out by Nuance under this Agreement.

(c) If Nuance is unable to provide the information in (a) and (b) above, Company may audit Nuance’s control practices, including on-site at Nuance’s facilities. Company shall reimburse Nuance for any time expended for any such on-site audit at Nuance’s then-current professional services rates, which shall be made available to Company upon request. Before the commencement of any such on-site audit, Company and Nuance shall mutually agree upon the scope, timing, and duration of the audit in addition to the reimbursement rate for which Company shall be responsible. All reimbursement rates shall be reasonable, taking into account the resources expended by Nuance. Company shall promptly notify Nuance with information regarding any noncompliance discovered during the course of an audit and allow reasonable time for remediation.

(d) The Parties agree that when carrying out audit procedures relevant to the protection of Personal Data, the Company shall take all reasonable measures to limit any impact on Nuance and Nuance’s usual course of business operations.

4. SECURITY

Taking into account the most recent available technology, the costs of implementation and the nature, scope, context and purposes of Processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Nuance will maintain appropriate technical and organizational protections as set forth in the Description of Technical and Organizational Measures.

5. SUB-PROCESSING

5.1 Affiliates as Sub-Processors. Company grants a general authorization to Nuance to appoint as sub-processors to support the delivery of the Nuance Services any other entities under common ownership and control of Nuance’s parent corporation, Nuance Communications, Inc. (“Affiliates”).

5.2 Cloud Services Sub-Processor. Company grants Nuance a specific authorization to appoint Microsoft Azure as cloud services provider for the Nuance Services.

5.3 Other Sub-Processors. Company grants Nuance and Affiliates a general authorization to appoint the following types of sub-processors to support the delivery of the Nuance Services: Nuance and its Affiliates’ accountants, auditors and attorneys; consulting firms providing information technology and security advisory and support services; third party data center operators, and providers of outsourced technical support services.

5.4 List Available. A list of all sub-processors approved by Company above is included in the Sub‑Processor List.

5.5 Sub-Processor Changes; Company Right to Object. Nuance will notify Company of the names of any new and replacement sub-processors prior to them beginning sub-processing of Personal Data. Within ten (10) business days of receiving notice of a sub-processor change, Company may object by providing written notice to Nuance. The notice shall describe the basis for Company’s objection, which must have reasonable grounds. Failure to notify an objection during such time period shall constitute waiver of the right to object. If Company gives written notice of objection, Nuance and Company will discuss the objection in good faith to seek to resolve it. If no objection by Company, the Sub-Processor List is deemed amended to include the sub-processor identified in the notice.

5.6 Nuance’s Responsibility. Nuance will require all sub-processors to enter into a written agreement with Nuance to protect Personal Data with substantially similar data protection obligations to those in this Agreement. Nuance shall remain liable to Company for any breach by the sub-processor of its agreement with Nuance; Company’s authorization of the sub-processor does not remove this responsibility.

6. DATA TRANSFERS

6.1 Nuance Hosting Location. Nuance provides, operates, and maintains the Nuance Hosted Services Center in the locations described in the Data Processing Details to support the operation of the Hosted Services.

6.2 Transfer outside EEA, Switzerland and UK by Company. If, in connection with this Agreement, any Personal Data that is provided by Company from the EEA, Switzerland or the UK to a US Nuance entity or a Nuance entity outside the EEA, UK, Switzerland and an Adequate Country, such transfer will be governed by the EU Standard Contractual Clauses.

6.3 Transfers outside the UK or EEA. Company acknowledges that Nuance may transfer Personal Data to Affiliates and other sub-processors operating outside the UK or EEA. If, in the performance of this Agreement, Nuance transfers any Personal Data outside the UK or EEA (and not to an Adequate Country), Nuance shall ensure that a mechanism to achieve adequacy in respect to the Processing is in place, such as:

(a) The requirement that the sub-processor be certified under EU-US and Swiss-US Privacy Shield Framework

(b) The requirement for Nuance to execute, for itself and/or on behalf of Company, Standard Contractual Clauses, as set forth in the EU Standard Contractual Clauses. Upon request, Nuance will provide to Company for review such copies of agreements, subject to redaction for confidential commercial information not relevant to the requirements under this Agreement. Company authorizes Nuance and its Affiliates to enter into Standard Contractual Clauses consistent with this Agreement on behalf of Company

(c) The existence of any other specifically approved safeguard for data transfer under Data Protection Laws or a European Commission finding of adequacy.

7. ADDITIONAL PROVISIONS FOR SPECIFIC TYPES OF PERSONAL DATA

7.1 Children Data. Company hereby represents and warrants that;

(a) Company’s website, services and products comply with the GDPR, US Children's Online Privacy Protection Act of 1998, (“COPPA”) and other applicable laws protecting Personal Information (as such term is defined by applicable law) from children under 16 (“Child Data”) as well as implementing rules and amendments to any of such legal obligation (collectively “Child Data Laws”);

(b) Company shall not use Nuance Hosted Services in connection with an online site, service, or product that targets children under 16 as its primary audience (“Primarily Child-Directed”). Primarily Child Directed is based on empirical evidence regarding audience composition, and evidence regarding the intended audience, such as subject matter, visual content, use of animated characters or child-oriented activities and incentives, music or other audio content, age of models, presence of child celebrities or celebrities who appeal to children, language or other characteristics of the Web site or online service, as well as whether advertising promoting or appearing on the Web site or online service is directed to children.

(c) If Company uses Nuance licensed software for Primarily Child-Directed online sites, services or products, then Company must not send to Nuance (in connection with maintenance, support and tools regarding the Nuance Licensed Software, or otherwise) any Child Data.

(d) If Company uses Nuance Services for mixed audience or general audience online sites, services or products which may be accessed by children under 16, but are not Primarily Child-Directed, then Company’s verifiable parental consent mechanism, direct notice, and web notice, as required by Child Data Laws, shall adequately disclose and sufficiently cover the transfer of Child Data to Nuance and Nuance's collection and Processing of Child Data consistent with this Agreement.

The Parties agree that Nuance is not an operator as that term is defined in COPPA. As between Company and Nuance, Company is solely responsible for any liability arising from Company’s noncompliance with its responsibilities and obligations under the Child Data Laws or this Agreement.

7.2 CCPA Compliance. To the extent that Nuance receives from Company (directly or through third parties, e.g. the Supplier) any “personal information” of any “consumer” subject to the California Consumer Privacy Act (“CCPA”) for Processing on behalf of Company pursuant to this Agreement, Nuance and Company shall each comply with all applicable provisions of the CCPA and each Party shall, upon the other’s reasonable written request, cooperate in good faith to enter into additional and modified terms to address any amendments to the CCPA or otherwise to ensure the Parties’ compliance therewith. To the extent applicable, Nuance shall be considered a “service provider” to Company under the CCPA, and shall not (a) retain, use or disclose such personal information for any purpose other than for the specific purpose of performing Nuance Services under this Agreement or as otherwise permitted by the CCPA, including for any “business purpose”; (b) retain, use or disclose such personal information for a “commercial purpose” other than providing the Nuance Services under this Agreement; (c) retain, use or disclose such personal information outside the direct business relationship between Nuance and Company; or (d) “sell” such personal information. For the purposes of this paragraph, the terms “personal information”, “consumer”, “service provider”, “business purpose”, “commercial purpose” and “sell” shall have the meanings set forth in the CCPA.

8. ADDITIONAL PROVISIONS FOR INDIVIDUALS LOCATED IN CERTAIN COUNTRIES.

Each one or more of the following additional provisions apply based on the location of the individual in the respective country whose Personal Data is being Processed.

8.1 ADDITIONAL PROVISIONS FOR ARGENTINA

8.1.1 Data Protection Law. With respect to the Personal Data of individuals in Argentina, the Data Protection Laws defined in Section 1 shall include the Argentinian Privacy Principles, as defined in Argentine Personal Data Protection Law 25 326.

8.1.2 General Processing Obligation. Nuance will Process the Personal Data in a manner consistent with the provisions of the Data Protection Laws.

8.1.3 Adequacy Decisions. “Argentine Adequate Country” means a country, territory, or specified sectors within a country and international organization for which the Argentine Personal Data Protection Authority has decided that an adequate level of protection is ensured.

8.1.4 Transfer outside Argentina by Company. If, in connection with this Agreement, any Personal Data is provided by Company to Nuance outside Argentina and not to an Argentine Adequate Country, such transfer will be governed by the Argentina Standard Contractual Clauses.

8.1.5 Transfers outside Argentina by Nuance. Company acknowledges that Nuance may, in the performance of this Agreement, transfer Personal Data to Affiliates and other sub-processors established outside Argentina. Where such sub-processor is located not in an Argentine Adequate Country, Nuance shall ensure that a mechanism to achieve adequacy in respect to the Processing is in place, such as:

(a) The consent of each individual whose Personal Data is transferred to a non-Argentine Adequate Country;

(b) The execution by Nuance, for itself and/or on behalf of Company, of the Argentina Standard Contractual Clauses. Upon request, Nuance will provide to Company for review such copies of agreements, subject to redaction for confidential commercial information not relevant to the requirements under this Agreement. Company authorizes Nuance and its Affiliates to enter into Argentina Standard Contractual Clauses consistent with this Agreement and the Argentina Standard Contractual Clauses for processors, on behalf of Company;

(c) The existence of any self-regulation framework or binding corporate rules providing adequate protection to the transferred Personal Data.

8.2 ADDITIONAL PROVISIONS FOR AUSTRALIA

8.2.1 Data Protection Law. With respect to the Personal Data of individuals in Australia, the Data Protection Laws defined in Section 1 shall include the Australian Privacy Principles, as defined in the Australian Privacy Act 1988 (Cth) General Processing Obligation.

8.2.2 General Processing Obligation. Nuance will Process the Personal Data in a manner consistent with Data Protection Laws.

8.2.3 Breach Notification Obligation. If Company is located in Australia, the definition of Personal Data Breach set forth in Section 1 shall include any “eligible data breaches” as defined under the Australian Notifiable Data Breach Scheme.

8.2.4 Transfers outside Australia. In addition to the requirements of Section 6.2, in the event that Nuance transfers Personal Data outside Australia, Nuance will enter or have entered into agreements with the transferees that include contractual protections to secure and protect the Personal Data to the same extent as required by the obligations imposed on Nuance by this Agreement.

8.3 ADDITIONAL PROVISIONS FOR BRAZIL

8.3.1 Data Protection Law: With respect to the Personal Data of individuals in Brazil, the Data Protection Laws defined in Section 1 shall include the “LGPD” or the Brazilian General Data Protection Regulation, Law Nº 13.709/2018 which regulates the Processing of Personal Data in Brazil.

8.3.2 General Processing Obligation. Nuance will Process the Personal Data in a manner consistent with the Brazilian General Data Protection Regulation, Law Nº 13.709/2018.

8.3.3 Transfers outside Brazil. In the event that Nuance transfers Personal Data outside Brazil, Nuance will enter or have entered into agreements with the transferees that include contractual protections to secure and protect the Personal Data to the same extent as required by the obligations imposed on Nuance by this Agreement.

8.4 ADDITIONAL PROVISIONS FOR CHILE

8.4.1 Data Protection Law: With respect to the Personal Data of individuals in Chile, the Data Protection Laws defined in Section 1 shall include the Chilean Law 19,628 on the Protection of Private Life to existing language.

8.5 ADDITIONAL PROVISIONS FOR COLUMBIA

8.5.1 Data Protection Law. With respect to the Personal Data of individuals in Columbia, the Data Protection Laws defined in Section 1 shall include Columbian Law 1581 of 2012 and Decree 1074 of 2015.

8.5.2 General Processing Obligation. Nuance will Process the Personal Data in a manner consistent with the Colombian Privacy Principles, as defined in article 4 Law 1581 of 2012.

8.5.3 Adequacy Decisions. “Columbian Adequate Country” means a country and international organization published by the Colombian Data Protection Authority (Superintendence of Industry and Commerce).

8.5.4 Transfers outside Columbia. Nuance may transfer or transmit the Personal Data to any country or territory, even if it is not considered as an Adequate Country under Columbian law, except in cases where the Company expressly and by writing requires not to transfer or transmit to a particular country. Company guarantees that transfers or transmissions by Nuance are allowed under the scope of the consent provided by the Data Subject.

8.5.5 Notice of Personal Data Breach. Company and Nuance will work cooperatively to meet their mutual obligation to report to the Superintendence of Industry and Commerce any violation of the security measures and the existence of risks in the administration of the Personal Data, within 15 working days from the date in which the Personal Data Breach is detected.

8.5.6 Governing Law. Without prejudice to Section 8, this Agreement shall be governed by and construed in all respects in accordance with the laws of Ireland and the Parties to this Agreement hereby agree to submitting the dispute to an international arbitration in respect of any dispute arising under or in relation to this Agreement.

8.6 ADDITIONAL PROVISIONS FOR MEXICO

8.6.1 Data Protection Law. With respect to the Personal Data of individuals in Mexico, the Data Protection Laws defined in Section 1 shall include Mexican Federal Law on the Protection of Personal Data held by Private Parties.

8.6.2 Transfers outside Mexico. In the event that Nuance transfers Personal Data outside Mexico, Nuance will enter or have entered into agreements with the transferees that include contractual protections to secure and protect the Personal Data to the same extent as required by the obligations imposed on Nuance by this Agreement.

8.7 ADDITIONAL PROVISIONS FOR JAPAN

8.7.1 Data Protection Laws. With respect to the Personal Data of individuals in Japan, the Data Protection Laws defined in Section 1 shall include the Japanese Act on Protection of Personal Information and relevant guidelines issued by the Personal Information Protection Commission of Japan.

8.7.2 Transfers outside Japan. With respect to the Personal Data of individuals in Japan, if Nuance transfers such Personal Data outside Japan, Nuance will enter or have entered into agreements with the transferees that include contractual protections to secure and protect the Personal Data to the same extent as required by the obligations imposed on Nuance by this Agreement.

8.8 ADDITIONAL PROVISIONS FOR SOUTH KOREA

8.8.1 Data Protection Laws. With respect to the Personal Data of individuals in South Korea, the Data Protection Laws defined in Section 1 shall include the Korean Personal Data Protection Law and Law on Information and Communications Network Utilization and Information Protection.

8.8.2 General Processing Obligation. Nuance will Process the Personal Data in a manner consistent with the Korean Privacy Principles, as defined in the applicable Data Protection Laws.

8.8.3 Breach Notification Obligation. If Company is located in South Korea, Nuance shall notify Company immediately of any Personal Data Breach after Nuance becomes aware with a reasonable degree of certainty that such Personal Data Breach has occurred.

8.8.4 Liability for Damages to Data Subjects. In the event the Data Subjects incur damages due to breach of this Agreement by Nuance, its officers and/or employees or its sub-processors, liability for such damages will be borne by Nuance.

8.8.5 Technical and Organizational Measures. In connection with maintaining appropriate technical and organizational protections as set forth in the Description of Technical and Organizational Measures under Section 4, Nuance will also comply with the requirement to procure data security under the Korean Personal Data Protection Law and Law on Information and Communications Network Utilization and Information Protection and standards announced by the Korean regulators pursuant to such laws.

9. GOVERNING LAW

Without prejudice to the Standard Contractual Clauses this Agreement shall be governed by and construed in all respects in accordance with the laws of Ireland and the Parties to this Agreement hereby submit to the exclusive jurisdiction of the courts of Ireland in respect of any dispute arising under or in relation to this Agreement.

Should any provision of this Agreement be invalid or unenforceable, then the remainder of the Agreement shall remain valid and in force. The invalid or unenforceable provisions shall be either (i) amended as necessary to ensure their validity and enforceability, while preserving the Parties’ intentions as closely as possible or, if this is not possible, (ii) construed in a manner as if the invalid or unenforceable part had never been contained therein.

10. MISCELLANEOUS PROVISIONS

10.1 Liability

10.1.1 As between the Parties, in no event shall Nuance be responsible for any liability arising from Supplier’s acts, omission or negligence or from Nuance’s compliance with Company’s or Supplier’s instructions.

10.1.2 Nuance shall only be liable for the direct damages caused by Processing if it (a) did not comply with its specific obligations of the GDPR, or (b) acted outside or in violation of the lawful instructions of the Company.

10.1.3 Apportionment of liability will be settled as foreseen in article 82 GDPR. In the scope of this agreement, in no event shall Nuance be liable for any indirect and consequential damages such as frustrated investments and loss of good will, business, profit or revenue.

10.2 Order of Precedence. To the extent that any provisions of this Agreement conflict with any provisions in the Terms of Service, this Agreement shall prevail as to the specific subject matter of such provisions; provided, however, that any limitations and exclusions of liability in the Terms of Service and any indemnification provisions in the Terms of Service shall in any event prevail over any provision of this Agreement. If Nuance provides this Agreement in more than one language for the country of your billing address, and there is a discrepancy between the English text and the translated text, the English text will govern.