Controller’s obligations. 3.1. As a Controller, Customer must comply with its obligations under Applicable Law, the Agreement and this Data Processing Agreement.
3.2. Controller instructs Processor to Process the Personal Data on behalf of Controller and in accordance with Applicable Law. Controller’s Processing instructions are laid down in Annex 1 (Peronal Data and Processing Activities).
3.3. Controller may give additional or adjusted Processing instructions, provided that such instructions are in accordance with the conditions of the Agreement and this Data Processing Agreement, and these are reasonable and in accordance with Applicable Law. Controller shall notify Processor of such instructions in writing.
Controller’s obligations. 1. Controller shall notify Processor without undue delay, and comprehensively, of any defect or irregularity with regard to provisions on data protection detected by Controller in the results of Processor’s work.
Controller’s obligations. 5.1 The Controller represents and warrants that: (i) it shall comply with this DPA and its obligations under Data Protection Law; (ii) it has obtained any, and all, necessary permissions and authorisations necessary to permit the Processor, its Affiliates and Sub-processors, to execute their rights or perform their obligations under this DPA; and (iii) all Affiliates of the Controller who use the Services shall comply with the obligations of the Controller set out in this DPA.
5.2 The Controller shall implement appropriate technical and organisational measures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
5.3 The Controller acknowledges and agrees that some instructions from the Controller including the Processor assisting with audits, inspections, DPIAs or providing any assistance under this DPA, may result in additional fees. In such case the Processor shall notify the Controller of its fees for providing such assistance in advance and shall be entitled to charge the Controller for its reasonable costs and expenses in providing such assistance, unless agreed otherwise in writing.
Controller’s obligations. Controller’s instructions for the Processing of Personal Data shall comply with Data Protection Laws and Regulations. Controller shall have sole responsibility for the accuracy, quality, and legality of Personal Data and the means by which Controller acquires Personal Data and provides it to Processor.
Controller’s obligations. 5.1 The Controller undertakes to ensure that there is a legal basis for the processing operations under Clause 4 and to draw up written instructions to enable the Processor and, where appropriate, Subprocessors, to perform their obligations under this Agreement.
5.2 The Controller is responsible for providing information under applicable legislation to the data subjects on the processing of personal data, consulting with the Swedish Data Protection Authority where necessary, and otherwise ensuring that the processing of personal data by the Controller is lawful.
5.3 The Controller shall promptly provide information on any circumstances that may entail a need for changes in the way in which the Processor processes personal data and that may affect its obligations. The Controller shall also inform the Processor of any action by third party, including the Swedish Data Protection Authority and the data subject, in relation to the processing.
Controller’s obligations right to control
2.1.1. In the context of the contractual relationship between Customer, acting as Controller, and Processor, Customer is solely responsible for assessing the legal admissibility of the processing to be performed by Processor with regard to GDPR provisions and other rules on data protection.
2.1.2. Customer has the right to carry out inspections in consultation with Processor or to have them carried out by an examiner to be named on a case-by-case basis. Customer moreover has the right to verify that Processor complies with this Agreement in his business. The execution of such random checks shall be announced on reasonable notice. Processor shall ensure that Customer can convince himself of Processor´s compliance with regard to all of the latter´s obligations in accordance with art. 28
Controller’s obligations. 1. The Controller determines the purposes and the means of the processing of Personal Data by means of the Transics FMS.
2. The Controller warrants that:
a. The Processor gets permission to use the Personal Data for the purpose of processing as determined in this Data Processing Addendum.
b. The Personal Data have been lawfully collected and Function: Date:
i. At the choice of the Controller, delete or return all the Personal Data to the Controller after the end of the provision of the services relating to the processing, and delete existing copies unless Union or Member State Law requires storage of the Personal Data. If, after 3 months after the termination of the Services, no choice or instructions have been submitted, Transics will no processed in accordance with Data Protection Laws. Compliance with the applicable Data Protection Laws is guaranteed when the Controller transfers Personal Data to the Processor to comply with this Data Processing Addendum and when it gives instructions to the Processor regarding the processing of the Personal Data. longer make the Personal Data accessible or delete them. The Customer shall export the necessary data via the Transics tooling within 3 months after the termination of the Services.
j. Ensure that persons (e.g. employees) authorized to process the Personal Data, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
k. Without prejudice to the Controller’s obligation set out in Article 6.4 below, maintain a record of all categories of processing activities carried out on behalf of the Controller in accordance with GDPR. The Processor is entitled to claim compensation related to assistance it provides to the Controller that goes beyond what is required by Data Protection Laws and this Data Protection Addendum.
Controller’s obligations. 1.3.1 The Controller acknowledges and agrees that pursuant to its obligation under Article 28(1) of the GDPR to only appoint Processors providing sufficient guarantees to implement appropriate technical and organisational measures to meet the requirements of the GDPR, it has assessed EOL’s applicable technical and organisational measures and considers them to be sufficient, taking into account the nature, scope, context and purpose of the processing undertaken pursuant to this Agreement.
Controller’s obligations. 7.1 Lawfulness of processing
7.1.1 The Controller shall ensure and secure that during the whole duration of this Contract:
(a) all personal data disclosed by the Controller to the Processor for processing and with any relation to the service, have been collected in legal and legitimate manner in accordance with the Directive or any other applicable law;
(b) consent by the data subject is given for processing of the respective personal data by the Processor, and the consent is given freely and pursuant to Article 7 of the Directive, and that the consent will be valid for the whole period of data processing and will be not cancelled by the data subject;
(c) other terms of lawful processing pursuant to Article 6 of the Directive shall apply provided that the Data subject refuses to agree;
(d) no personal data falling into the special category of personal data as specified in Article 9 of the Directive will be disclosed to the Processor..
7.1.2 Should the Processor fail to meet any obligation specified in par.
7.1.1. during data processing or in the course of the duration of this Contract, the Controller shall inform the Processor thereof without undue delay and not later than up to 72 hours after he learns about the deficiency. The Controller shall exclude such personal data from the processing (mainly by erasing such personal data from the Controller's service), and if not possible, the Controller shall provide the Processor with all necessary assistance and cooperation to except such personal data from processing.
