Common use of DATA PROCESSOR’S OBLIGATIONS Clause in Contracts

DATA PROCESSOR’S OBLIGATIONS. 5.1 The Data Processor shall process the Personal Data: (i) in compliance with this PDP Annex and, generally, and the level of protection resulting from the Data Privacy Regulations then in force; (ii) solely for the Agreed Purpose of Processing; (iii) solely in the Agreed Territory; (iv) without exceeding the Agreed Retention period; (v) in such a way as to minimise, by means of suitable preventive security measures, the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, or Processing operations that are either unlawful or inconsistent with the Agreed Purpose. 5.2 The Data Processor shall promptly investigate any reasonable suspicion of Personal Data Breach and act in accordance with Section 12 below. 5.3 The Data Processor shall cooperate with the Data Controller to enable the latter to guarantee to every Data Subject or his/her delegates the possibility to exercise the rights granted to him/her by the Data Privacy Regulations. The Data Processor acknowledges that Data Subject rights shall be exercised only through the Data Controller. Therefore, the Data Processor undertakes to immediately notify the Data Controller of any request that Data Subjects, address directly to the Data Processor, and will not respond to any such request or take any other related action, until authorised by the Data Controller. 5.4 The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction from the Data Controller infringes any provision on the Processing of Personal Data under the present Agreement.

DATA PROCESSOR’S OBLIGATIONS. 5.1 The Data Processor shall process the Personal Data: (i) in compliance with this PDP Annex and, generally, and applying the level of protection resulting from the Data Privacy Regulations then in force; (ii) solely for the Agreed Purpose of Processing; (iii) solely in the Agreed Territory; (iv) without exceeding the Agreed Retention period; (v) in such a way as to minimise, by means of suitable preventive security measures, the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, or Processing operations that are either unlawful or inconsistent with the Agreed Purpose. 5.2 The Data Processor shall promptly investigate any reasonable suspicion of Personal Data Breach and act in accordance with Section 12 below. 5.3 The Data Processor shall cooperate with the Data Controller to enable the latter to guarantee to every Data Subject or his/her delegates the possibility to exercise the rights granted to him/her by the Data Privacy Regulations. The Data Processor acknowledges that Data Subject rights shall be exercised only through the Data Controller. Therefore, the Data Processor undertakes to immediately notify the Data Controller of any request that Data Subjects, address directly to the Data Processor, and will not respond to any such request or take any other related action, until authorised by the Data Controller. . 5.4 The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction from the Data Controller infringes any provision on the Processing of Personal Data under the present Agreement.

DATA PROCESSOR’S OBLIGATIONS. 5.1 The Data Processor shall process the Personal Data: (i) in compliance with this PDP Annex and, generally, and the level of protection resulting from the Data Privacy Regulations then in force; (ii) solely for the Agreed Purpose of Processing; (iii) solely in the Agreed Territory; (iv) without exceeding the Agreed Retention period; (v) in such a way as to minimise, by means of suitable preventive security measures, the risk of accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, or Processing operations that are either unlawful or inconsistent with the Agreed Purpose. 5.2 The Data Processor shall promptly investigate any reasonable suspicion of Personal Data Breach and act in accordance with Section 12 below. 5.3 The Data Processor shall cooperate with the Data Controller to enable the latter to guarantee to every Data Subject or his/her delegates the possibility to exercise the rights granted to him/her by the Data Privacy Regulations. The Data Processor acknowledges that Data Subject rights shall be exercised only through the Data Controller. Therefore, the Data Processor undertakes to immediately notify the Data Controller of any request that Data Subjects, address directly to the Data Processor, and will not respond to any such request or take any other related action, until authorised by the Data Controller. . 5.4 The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction from the Data Controller infringes any provision on the Processing of Personal Data under the present Agreement.