Standard Contractual Clauses (SCCs) for International Data Transfers

Effective Date: June 4, 2021. The Standard Contractual Clauses (SCCs) remain unchanged and continue to apply as referenced in our Data Processing Agreement (DPA).

These Standard Contractual Clauses (SCCs) are incorporated into and form an integral part of the LogicManager Data Processing Agreement (DPA). These SCCs apply automatically to all cross-border transfers of Personal Data from the European Economic Area (EEA), the United Kingdom (UK), and Switzerland to jurisdictions without an adequacy decision. By continuing to use LogicManager’s services, you acknowledge the binding nature of these SCCs for such data transfers.

Addendum to the LogicManager Data Processing Agreement (DPA)

This Addendum (the “Addendum”) is made as of the Effective Date of the Data Processing Agreement (DPA) and is incorporated into and forms part of the LogicManager DPA between:

  • Data Exporter: LogicManager Ltd., a company incorporated under the laws of Ireland, with its principal place of business at 12 Merrion Square N, Dublin 2, D02 H798, Ireland.
  • Data Importer: LogicManager, Inc., a company incorporated under the laws of the United States, with its principal place of business at 6 Liberty Square #2316 Boston, MA 02109.
  1. Purpose and Scope

1.1 The purpose of this Addendum is to incorporate the European Commission’s Standard Contractual Clauses (SCCs) (2021/914) into the DPA, ensuring compliance with GDPR when transferring Personal Data from the EEA, UK, and Switzerland to a third country outside these jurisdictions.

1.2 The parties agree that the applicable SCCs include:

  • Module 2 (Controller-to-Processor) where the Data Exporter is acting as a Controller and the Data Importer is acting as a Processor.
  • Module 3 (Processor-to-Processor) where the Data Exporter is acting as a Processor and the Data Importer is acting as a Subprocessor.
  1. Definitions

Unless otherwise defined herein, capitalized terms in this SCC shall have the meanings ascribed to them in the Master Subscription Agreement (MSA) and the Data Processing Agreement (DPA) executed between the Parties. For clarity, the definitions, rights, and obligations set forth in the MSA and DPA are hereby incorporated by reference into this SCC.

Addendum A: Standard Contractual Clauses (SCCs)

SECTION I – GENERAL CLAUSES

Clause 1 – Purpose and Scope

1.1 These SCCs apply to the transfer of Personal Data from LogicManager Ltd. (Ireland) (the “Data Exporter”) to LogicManager, Inc. (USA) (the “Data Importer”). 

1.2 The purpose is to ensure compliance with GDPR when transferring Personal Data outside the EEA, UK, or Switzerland.

Clause 2 – Effect and Invariability of the Clauses

2.1 The SCCs cannot be modified except to select the appropriate module(s) or add details required by the GDPR. 

2.2 The SCCs set forth in this agreement shall prevail over any conflicting provisions in any existing Standard Contractual Clauses (SCCs) between LogicManager Inc. and LogicManager Ltd. 

2.3 The SCCs shall prevail over any conflicting provisions in the Master Subscription Agreement (MSA), Data Processing Agreement (DPA), and any applicable Order Form between Customers and LogicManager. The Order Form may specify additional commercial terms but shall not modify, override, or diminish the obligations set forth in the SCCs unless required by applicable law and agreed upon in writing by both parties.

Clause 3 – Third-Party Beneficiaries

3.1 Data subjects may enforce this agreement directly against both the Data Exporter and Data Importer regarding their Personal Data rights.

Clause 4 – Interpretation

4.1 Terms shall have the same meaning as in GDPR (e.g., “Personal Data,” “Processing,” “Controller,” “Processor”).

SECTION II – OBLIGATIONS OF THE PARTIES

Clause 5 – Data Protection Safeguards

5.1 Purpose Limitation: The Data Importer shall only process Personal Data for the specified purposes as instructed by the Data Exporter.

5.2 Security Measures: The Data Importer shall implement appropriate technical and organizational measures, including:

  • Encryption using AES-256 and TLS 1.2+ for Personal Data in transit and at rest.
  • Role-based access controls (RBAC) and Multi-Factor Authentication (MFA) where applicable.
  • Regular security audits, including SOC 2 Type II, ISO 27001 compliance.

5.3 Data Subject Rights:

  • Data subjects must have the right to access, rectify, delete, or restrict processing.
  • The Data Importer shall assist the Data Exporter in handling such requests within GDPR timelines.

5.4 Subprocessing:

  • The Data Importer may engage Third Party Subprocessors only with prior written approval from the Data Exporter.
  • All Third Party Subprocessors must sign a subprocessing agreement incorporating SCCs or equivalent safeguards.

5.5 Data Breaches:

  • The Data Importer must notify the Data Exporter within 72 hours of a Personal Data breach.
  • The notification must include impact assessment & mitigation steps.

5.6 Data Retention & Deletion:

  • Upon contract termination, the Data Importer must delete or return all Personal Data, unless legally required to retain it.

SECTION III – LOCAL LAWS AND GOVERNMENT ACCESS

Clause 6 – Transfer Impact Assessment (TIA)

6.1 Before initiating any Personal Data transfer, the Data Exporter has conducted a Transfer Impact Assessment (TIA) to assess the risks associated with the recipient country. 

6.2 The Data Importer shall notify the Data Exporter if any material changes in local laws impact the ability to comply with the SCCs.

Clause 7 – Government Access Requests

7.1 The Data Importer shall:

  • Promptly notify the Data Exporter if a government authority requests access to Personal Data (unless prohibited by law).
  • Challenge any access request that is not legally binding or conflicts with GDPR.
  • Provide transparency reports regarding access requests upon request.

SECTION IV – TERMINATION & FINAL PROVISIONS

Clause 8 – Termination

8.1 If the Data Importer fails to comply with the SCCs, the Data Exporter may suspend Personal Data transfers or terminate this agreement.

Clause 9 – Governing Law & Dispute Resolution

9.1 This Agreement shall be governed by the laws of Ireland. 9.2 Any disputes shall be resolved by:

  • The Irish Data Protection Commission (DPC) as the primary supervisory authority.
  • Arbitration in Dublin, Ireland under the International Chamber of Commerce (ICC) rules.
© LogicManager, Inc. 2025