Skip to Main

MEA Addendum

LexisNexis Legal & Professional | LexisNexis Risk Solutions

This Middle East and Africa Addendum (“MEA Addendum”) forms part of the agreement (the “Agreement”) between the LexisNexis entity (“LN”) and the customer, subscriber, licensee or other partner and any applicable affiliate (“Customer”) under which LN provides certain products or services (the "Services") and in which this MEA Addendum is referenced.

Saudi Arabia

To the extent that either party transfers personal data from the Kingdom of Saudi Arabia (“KSA”) to the other party located outside the KSA, unless the parties may rely on an alternative transfer mechanism or basis under the Data Protection Laws, the parties will be deemed to have entered into the Standard Contractual Clauses for Personal Data Transfer approved by the Saudi Data & Artificial Intelligence Authority available at https://sdaia.gov.sa/Documents/StandardContractualClausesForPersonalDataTransferEN.pdf (“KSA SCC”) in respect of such transfer, whereby:

  1. the receiving party is the “Personal Data Importer” and the other party is the “Personal Data Exporter”;
  2. to the extent that each party acts as a Controller, the First Template applies and the Second, Third and Fourth Templates are omitted;
  3. to the extent that Customer acts as a Controller and LN acts as a Processor, the Second Template applies and the First, Third and Fourth Templates are omitted;
  4. to the extent that each party acts as a Processor, the Third Template applies and the First, Second and Fourth Templates are omitted; and
  5. if there is any conflict between the terms of the Agreement and the KSA SCC, the KSA SCC will prevail.

South Africa

To the extent that LN is processing as an operator any personal information in scope of the South African Protection of Personal Information Act, No. 4 of 2013 (POPIA) for Customer as responsible party, LN will further establish and maintain the security measures referred to in section 19 of POPIA and will notify Customer immediately where there are reasonable grounds to believe that the personal information of a data subject has been accessed or acquired by any unauthorized person.

Last updated: 1 January 2025