Data Access Control. The Processor takes measures to procure that the persons authorized to use a Personal Data Processing system can only access Personal Data within the scope of their access authorization. Measures are taken preventing that Personal Data can be read, copied, altered or removed without authorization during the Processing, use and after storage of the same. During the entire contractual term, the Controller has the possibility of accessing, extracting and erasing its data stored in the BuildingMinds Platform or request the Processor to do so. • Only authorized employees, according to their respective role and necessity, may be given access to Personal Data. By these means, the Processor procures that employees involved in the processing of the Controller's Personal Data only process the same upon the instructions of the Controller. In addition, these persons are obliged to maintain confidentiality and security of Personal Data, also following the end of their employment. • All authorized persons require a special personal authorization. This authentication requires a password and a second authentication factor. The authenticated user can only access Personal Data in accordance with the assigned role. • The access of employees who have left the company is blocked upon the effective date of their departure. • Access can only be granted by administrators. The number of administrators is limited to the level necessary for the operation of the Personal Data Processing systems. • Compliance with password guidelines is ensured by the system technology and all logins are recorded in the system. • Authentication mechanisms based on passwords must be renewed regularly.
Appears in 6 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
