For the avoidance of doubt, this transmission restriction does not apply to the data controller or authorized users of its affiliates who have access to the data controller`s software and data, and the processor is not responsible for the actions of the data controller or authorized users of its affiliated companies. Neither the Data Controller nor its authorized users have the right to use the Software or Subscription Services in a country where data localization laws should host the Data Controller`s environment in that country. Authorization: Customer data is stored in portable storage systems that customers can only access using application user interfaces and application programming interfaces. Customers do not have direct access to the underlying application infrastructure. The authorization model for each of our products must ensure that only the persons assigned accordingly can access the relevant functions, views and adaptation options. Authorization for records is performed by verifying the user`s permissions using the attributes assigned to each record. (h) make available to data subjects, upon request, a copy of the clauses, with the exception of Annex 2, together with a summary description of the security measures and a copy of each sub-processing contract to be concluded in accordance with the clauses, unless the clauses or the contract contain commercial information, in which case it may withdraw that commercial information; `technical and organisational security measures` means any measure to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unapproprised disclosure or unauthorized access, in particular where the processing involves the transfer of data over a network, and before any other unlawful form of processing. . . .