COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer Controller to Processor Identify the competent supervisory authority/ies in accordance with Clause 13
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor ● Ireland’s Data Protection Commissioner. ANNEX II TO THE STANDARD CONTRACTUAL CLAUSES TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Webflow has a SOC 2 certification and is dedicated to the continued validation of its security program. Specifically, Webflow implements the following security measures with respect to the Personal Data:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor The supervisory authority mandated by Xxxxxx 13. If no supervisory authority is mandated by Xxxxxx 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Data importer shall implement and maintain appropriate technical and organisational measures designed to protect personal data in accordance with the DPA. Pursuant to Clause 10(b), data importer will provide data exporter assistance with data subject requests in accordance with the DPA. ANNEX III Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018 UK Addendum to the EU Commission Standard Contractual Clauses Date of this Addendum:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE THREE: Transfer processor to processor See Section 7(b)(viii) of this DPA.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor The competent supervisory authority specified in accordance with Clause 13. ANNEX II - TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Data Importer will maintain and enforce physical and logical security procedures with respect to its access and maintenance of personal data contained on Data Importer servers. Data Importer will use reasonable measures to secure and defend its location and Services against “hackers” and others who may seek to modify or access the Data Importer servers or the information found therein without authorization. Data Importer will test its systems for potential security breaches and vulnerabilities at least annually. Data Importer has a written information security program (“Information Security Program”) that includes administrative, technical, and physical safeguards that protect against any reasonably anticipated threats or hazards to the confidentiality of the personal data, and protect against unauthorized access, use, disclosure, alteration, or destruction of the personal data. In particular, the Data Importer’s Information Security Program shall include, but not be limited, to the following safeguards where appropriate or necessary to ensure the protection of personal data: Access Controls – policies, procedures, and physical and technical controls: (i) to limit physical access to its information systems and the facility or facilities in which they are housed to properly authorized persons and (ii) to authenticate and permit access only to authorized individuals. Access controls at Data Importer are based on the principle of “least privilege,” whereby authorized users are only granted access to information systems, networks and data as necessary to carry out their roles and responsibilities. No access is granted beyond that which is required for a user to fulfill his or her responsibilities. Security Incident Procedures – policies and procedures to detect, respond to, and otherwise address security incidents, including procedures to monitor systems and to detect actual and attempted attacks on or intrusions into personal data or information systems relating thereto, and procedures to identify and respond to validated security incidents, mitigate harmful effects of security incidents, and document security incidents and their outcomes. Data Importer monitors changes to roles...
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13: The data exporter's competent supervisory authority will be determined in accordance with the GDPR. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Xxxx uses reasonable technical and organizational measures designed to protect the Service and Customer Content as described in the Security Policy. ANNEX III
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13 (Customer to confirm on a case-by-case basis): … TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor EXPLANATORY NOTE: The technical and organisational measures must be described in specific (and not generic) terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Please refer to Annex 3 to the DPA into which these Clauses are incorporated. For the purposes of Clause 10, the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance in respect of data subject requests shall be provided, as well as the scope and the extent of the assistance required, is: provided via self-service functionality within the Services, which enables Customers’ users to (i) change certain Personal Data, such as name, username, email address and password; and (ii) to download an archive of certain Personal Data. The user can also contact Customer Support in the event that assistance is required in making use of this functionality. ANNEX III LIST OF SUB-PROCESSORS MODULE TWO: Transfer controller to processor EXPLANATORY NOTE:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties con - sistent with the conditions set forth in Clause 13. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISA- TIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA See Exhibit A of the Addendum. ANNEX III Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protec- tion Xxx 0000 UK Addendum to the EU Commission Standard Contractual Clauses Date of this Addendum:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE THREE: Transfer processor to processor Identify the competent supervisory authority/ies in accordance with Clause 13 If the data exporter is established in an EU Member State, then that Member State’s supervisory authority will be responsible for ensuring compliance by the data exporter with GDPR as regards the data transfer and will act as competent supervisory authority in the context of this DPA.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13: Please see clause 8.2.2 of this DPA. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor As the data importer, Domo maintains appropriate technical and organizational measures for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as applicable to the specific Services purchased by data exporter and any Personal Data limitations and restrictions provided in the Agreement, as described in this Annex.
