Duties of the Processor Sample Clauses

Duties of the Processor. Data processing

Duties of the Processor. 3.1 The Processor may collect, process or use Personal Data only within the framework of this DPA and the Instructions given by the Controller. Material changes to the object of data processing and changes to the procedures must be agreed jointly and must be documented. While Processor will not refuse any legally compliant Instruction by Controller, Controller acknowledges and accepts that some Instructions may result in additional remuneration claims for Processor. Processor will inform Controller accordingly prior to executing the Instruction. At any time and without limiting Processor’s claim to additional fees, Controller may waive this right to be informed in prior, e.g. in urgent cases. 3.2 The Processor shall structure Processor's internal organization in a manner that is compliant with the specific requirements of the applicable Data Protection Regulations for the protection of Personal Data,. Processor shall take the appropriate technical and organizational measures to adequately protect Controller's Personal Data against misuse and loss in accordance with the applicable legal requirements in accordance with Applicable Data Protection Laws 3.3 The Processor shall provide the Controller with a summary of the technical and organizational measures , which is attached hereto as Annex 1. Controller understands that the technical and organizational measures are subject to technical progress and further development. In this respect, the Processor shall be permitted to use alternative, suitable measures. 3.4 Upon request, the Processor shall provide the Controller with information necessary for creating the processing description in accordance with Applicable Data Protection Laws. 3.5 The Processor shall provide that the personnel it uses for processing the Controller's data are bound by legal obligations to maintain data secrecy, and that they are informed about other applicable provisions concerning the protection of Personal Data, in particular telecommunications secrecy. The obligation to maintain data secrecy continues to apply after termination of their work contract. 3.6 The Processor shall provide the contact details of the Processor’s data protection officer (DPO) on the internet. As of the effective date of this DPA, the DPO’s current contact details can be found on the Controllers website. 3.7 The Processor shall inform the Controller in the case of breaches of regulations that protect the Controller's Personal Data or of if Controller's Instru...

Duties of the Processor. 3.1. The Processor shall process the Personal Data (“Data”) on behalf of the Controller as established by the applicable law and, in particular, by the GDPR. 3.2. The Processor acts according to the instructions of the Controller, as below.

Duties of the Processor. 3.3.1. to process the Data exclusively for the purposes of the processing carried out on behalf of the Controller; 3.3.2. to process the data according to the written instructions of the Controller, as set out in the Agreement. Furthermore, if the Processor has to transfer data to a third (non-EU) country or to a third party organisation, in accordance with European Union law or a Member State law to which the Processor is subject, the Processor shall inform the Controller of this legal requirement before processing, unless that law prohibits such information for public interest reasons; 3.3.3. to guarantee the confidentiality of the Data processed under the Agreement; 3.3.4. to inform the Controller without undue delay of any substantial change that has affected the security measures regarding the processing; 3.3.5. to guarantee that the personnel authorised to process the Data under the Agreement: 3.3.5.1. respects confidentiality or is subject to an adequate obligation of confidentiality; 3.3.5.2. receives the necessary training on data protection; 3.3.5.3. does not process data except on indication and according to the instructions of the Processor; 3.3.6. to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR and ensures the protection of data subject rights; 3.3.7. to immediately inform the Controller of any request and/or inspection by the Data Protection Authority regarding the processing of Data carried out pursuant to the Agreement. In the case of controls at the offices of the Processor, the latter agrees that a person specifically appointed for this purpose by the Controller shall be present at the time of the check by the proceeding Data Protection Authority (“DPA”); 3.3.8. to respect all the obligations established by article 6 below in the event of a data breach; 3.3.9. to collaborate according to the instructions of the Controller in the case of a citation, injunction, formal notification or any other decision from the DPA or any other competent Authority or assist the Controller in preparing the responses to the said Authorities; 3.3.10. except as indicated below, not to transfer or communicate all or part of the data processed to another person or body, even free of charge.

Duties of the Processor. 1. Any processing of personal data shall be carried out exclusively in accordance with the provisions of the Main Agreement and any instructions issued by the Customer. This also applies to the transfer of personal data to a third country or international organization. This paragraph 1 shall not apply where the Processor is obliged to process personal data by the law of the Union or of the Member States to which it is subject, in which case the Processor shall notify the Customer of these legal requirements prior to processing, unless the law concerned prohibits such notification on grounds of an important public interest. 2. The Processor confirms that it is not legally obliged to appoint a data protection officer within the meaning of the GDPR. In its place, the Processor shall appoint a contact person for the Customer for all data protection issues and the implementation of this contract. 3. The Processor shall bind any person authorized to process personal data to confidentiality unless they are already subject to an appropriate statutory duty of confidentiality. The scope of the obligation shall be in reasonable proportion to the data processed and the consequences of any breach of the protection of personal data. Any further obligations resulting from a separate confidentiality agreement concluded between the parties shall remain unaffected. 4. Upon request, the Processor shall provide its records of processing activities in respect to the processing for the Customer. 5. Taking into account the type of processing and the information available to the Processor, the Processor shall assist the Customer in complying with the obligations set out in Articles 32 to 36 GDPR. To this end, the Processor shall in particular provide the services provided for in this Agreement. 6. As far as necessary, the Processor shall support the Customer in carrying out a data protection impact assessment in accordance with Article 35 GDPR and shall provide the Customer with all information required for this from its sphere. The Processor shall be obligated accordingly if the Customer is required to conduct a prior consultation with a supervisory authority in accordance with Article 36

Duties of the Processor. ‌ (1) The Processor will process personal data exclusively as contractually agreed upon or as instructed by the Controller unless the Processor is legally obligated to carry out specific processing. (2) The Processor acknowledges all relevant and general data protection regulations. The Processor observes the legal principles of data processing. (3) Persons who could obtain knowledge of the processing data in connection with this Agreement are obligated in writing to confidentiality and have been made aware of the relevant provisions of data protection and this Agreement. (4) In connection with processing within this Agreement, the Processor will support the Controller in fulfilling the legal obligations of data protection, especially in preparing and updating records of processing activities, carrying out data protection impact assessments and necessary consultation with supervisory authorities. The Processor is to retain and provide the necessary details and doc- umentation to the Controller immediately upon request. (5) If the Controller subject to inspection or requests for information from supervisory authorities or other bodies, or if data subjects assert their rights, the Processor shall support the Controller inso- far as it involves the processing in this Agreement. (6) The Processor may provide information to third parties or to data subjects only after prior approval is given by the Controller. The Processor will forward any directly received requests immediately to the Controller. (7) Processing is to be conducted exclusively within the EU or the European Economic Area.

Duties of the Processor. 1. The Processor undertakes to adhere to all legally applicable requirements concerning the processing of entrusted data, including requirements set out in GDPR, the Act, or regulations implementing the Act, and in particular undertakes to: a) process the entrusted data in a manner ensuring the adequate protection of this data, including by means of adequate technical and organizational means, and ensure their protection against unauthorized or unlawful processing, accidental loss, damage or destruction, b) implement adequate technical and organizational means to ensure the protection level appropriate for the risk level, taking into account the state of technical know-how, cost of implementation and nature, scope, context and aims of processing, c) assessing if the protection level is appropriate - provide adequate analysis of risk of breaching the right and liberty of persons who the data refers to. In this analysis the Processor is obliged to take into account the risk related to processing, in particular resulting from accidental or unlawful destruction, loss, modification, unauthorized disclosure or unauthorized access to personal data transferred, stored or processed in any other manner, d) allow processing the entrusted data only to person authorized to process the personal data by the Processor and ensure confidentiality (referred to in art. 28 section 2 letter b) of GDPR) of data processing by these persons, both in the term of their employment by the Processor and after its termination, e) maintain the list of persons authorized to process personal data and present the Controller with this list upon its demand within the time limits the Controller indicated. f) assist the Controller in required scope in satisfying the Controller’s duties set out in art. 32-36 of GDPR, and in particular responding to requests of persons who the data refers to, g) having discovered a breach of personal data, report this fact to the Controller without undue delay, however not later than within 24 hours from the moment of discovering the breach. The report referred to above should include, among others, • date and hour of occurrence, • description of the nature and circumstances of personal data breach, • nature and content of personal data subjected to breach, • number of persons the breach referred to, • description of potential consequences and adverse effects of personal data breach for persons who the data refers to, • description of technical and organizational...

Duties of the Processor. (1) The Processor shall ensure and regularly check that the processing of the Controller Data within the scope of the provision of services under the Main Contract in its area of responsibility, which includes the sub-contractors under Clause 9 of this Contract, is carried out in compliance with the provisions of this Contract. (2) The Processor has appointed the data protection officer Xxxxxx Xxxx, Ingenious Technologies AG, Xxxxxxxxxxxx Xxxxxxx 00, 00000 Xxxxxx. The Processor must inform the Controller immediately in the event of a change of the data protection officer. (3) Pursuant to Art. 28, para. 3, sentence 2 (b), GDPR, the Processor shall impose an obligation of data secrecy by written agreement on all persons authorised to access personal data of the Controller, and shall advise them of the particular data protection obligations arising from this commission and also of the existing commitment to observe instructions and of the restriction to the specified purpose. (4) Without the prior consent of the Controller, the Processor may not make any copies or duplicates of Controller Data within the scope of the Commissioned Processing. However, excepted herefrom are copies which are necessary in order to ensure orderly data processing and the orderly provision of services in accordance with the Main Contract (including data back-ups), and also copies which are necessary to comply with statutory obligations of retention. (5) Within the scope of that which is conscionable and necessary and in return for reimbursement of the expenses and costs thereby incurred by the Processor, the latter shall be obliged to support the Controller in the performance of its statutory obligations. This includes compliance with the Französische Str. 48 10117 Berlin Germany Xxxxxxxxx Xxxxxxxxxx (CEO) Xxxxx Xxxxxx Xxxxx xxx xxx Xxxx (Chairman) Xxxxx Xxxxxxxxx Xxxx Xxxxxxxx-Xxx HRB 160612 Tax No.: 30/358/36764 VAT ID: DE814087813 Commerzbank AG IBAN DE29 7008 0000 0409 8547 00 BIC XXXXXXXX000 technical and organisational measures, the notification of data mishaps to the supervisory authority and to data subjects, the performance of data protection impact assessments and also prior consultation with the competent supervisory authority. (6) The Processor shall be obliged to provide the Controller with all necessary information, including certifications and the results of reviews and inspections, which serve as documentary proof of compliance with the duties laid down in this Contr...

Duties of the Processor a) The Processor is obliged to process personal data exclusively in accordance with the instructions and in accordance with the stipulations of this DPA. The processing of personal data for own purposes or for third parties is prohibited. In particular, no copies may be made unless this is the subject of the data processing or the Controller has given its express consent. b) The Processor will maintain the confidentiality of all data of the Controller and will not disclose data of the Controller to third parties unless Controller or this DPA specifically authorizes the disclosure, or as required by law. If a law, court, regulator or supervisory authority requires Processor to process or disclose personal data, Processor must first inform Controller of the legal or regulatory requirement and give Controller an opportunity to object or challenge the requirement, unless the law prohibits such notice. c) In granting the rights of the persons concerned in accordance with Art. 15 et seq. GDPR (correction, restriction of processing, deletion, notification and provision of information) the Processor will support the Controller at first request within the scope of its possibilities. The Processor will take appropriate technical and organizational measures for this purpose. The Processor shall, on instruction, correct, delete or restrict the processing of personal data processed on behalf of the Controller. d) If the data collected on behalf of the Controller is subject to a request for data portability in accordance with Art. 20 of the GDPR, the Processor shall make the data set available to the Controller without delay, upon request, within the set time limit, otherwise within 5 working days, in a structured, common and machine-readable format. e) When a data subject makes direct contact with the Processor to exercise rights, the Processor shall forward this request to the Controller without delay. f) The Processor shall inform the Controller without delay if the Processor is of the opinion that an instruction given violates legal regulations. The Processor may suspend the execution of the corresponding instruction until it has been confirmed or modified by the Controller. g) The Processor shall be obliged to notify the Controller no later than 24 (twenty-four) hours after any breach of data protection regulations, of the provisions made in the Contract and the Agreement and/or instructions given by the persons employed by the Controller or other third parties inv...

Duties of the Processor. (1) In addition to complying with the provisions of this agreement, the Processor shall comply with the statutory obligations set out in Articles 28 to 33 GDPR. Without limitation, the Processor shall ensure compliance with the following requirements: (2) Written appointment of a data protection officer who will perform their duties in accordance with Articles 38 and 39 GDPR. The contact details for the data protection officer are set out in Annex 1. (3) Maintaining confidentiality in accordance with Articles 28(3)(b), 29, 32(4)