Duties of the Processor. 3.1 The Processor may collect, process or use Personal Data only within the framework of this DPA and the Instructions given by the Controller. Material changes to the object of data processing and changes to the procedures must be agreed jointly and must be documented. While Processor will not refuse any legally compliant Instruction by Controller, Controller acknowledges and accepts that some Instructions may result in additional remuneration claims for Processor. Processor will inform Controller accordingly prior to executing the Instruction. At any time and without limiting Processor’s claim to additional fees, Controller may waive this right to be informed in prior, e.g. in urgent cases. 3.2 The Processor shall structure Processor's internal organization in a manner that is compliant with the specific requirements of the applicable Data Protection Regulations for the protection of Personal Data,. Processor shall take the appropriate technical and organizational measures to adequately protect Controller's Personal Data against misuse and loss in accordance with the applicable legal requirements in accordance with Applicable Data Protection Laws 3.3 The Processor shall provide the Controller with a summary of the technical and organizational measures , which is attached hereto as Annex 1. Controller understands that the technical and organizational measures are subject to technical progress and further development. In this respect, the Processor shall be permitted to use alternative, suitable measures. 3.4 Upon request, the Processor shall provide the Controller with information necessary for creating the processing description in accordance with Applicable Data Protection Laws. 3.5 The Processor shall provide that the personnel it uses for processing the Controller's data are bound by legal obligations to maintain data secrecy, and that they are informed about other applicable provisions concerning the protection of Personal Data, in particular telecommunications secrecy. The obligation to maintain data secrecy continues to apply after termination of their work contract. 3.6 The Processor shall provide the contact details of the Processor’s data protection officer (DPO) on the internet. As of the effective date of this DPA, the DPO’s current contact details can be found on the Controllers website. 3.7 The Processor shall inform the Controller in the case of breaches of regulations that protect the Controller's Personal Data or of if Controller's Instructions or Instructions from persons employed by the Controller were not properly observed. 3.8 The Processor shall be entitled to make backup copies of the Personal Data insofar as they are required to ensure correct data processing, and may copy and retain Personal Data that is needed for Controller’s compliance with its statutory document retention obligations. 3.9 Processor shall store and handle media provided to Processor, and all copies or reproductions thereof, with care so that they are not accessible by third parties. The Processor shall be obliged to provide for a destruction of test material and other material containing Personal Data that is to be discarded on in a manner compliant with the law only on the basis of an individual commission by the Controller and at the latter's expense. 3.10 The fulfillment of the above-mentioned duties shall be controlled by the Processor and shall be evidenced in a suitable manner within the framework of the Controller's standard audit process as per section 6 hereof. 3.11 The Processor shall inform the Controller if the Processor is of the opinion that an Instruction is in breach of applicable statutory data protection laws and thereby fulfil its duty to notify under the applicable Data Protection Requirements. The Processor shall be entitled to suspend the implementation of the relevant Instruction until it has been confirmed or amended by the Controller.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Duties of the Processor. 3.1 The Processor may collect, process or use Personal Data only within the framework of this DPA and the Instructions given by the Controller. Material changes to the object of data processing and changes to the procedures must be agreed jointly and must be documented. While Processor will not refuse any legally compliant Instruction by Controller, Controller acknowledges and accepts that some Instructions may result in additional remuneration claims for Processor. Processor will inform Controller accordingly prior to executing the Instruction. At any time and without limiting Processor’s claim to additional fees, Controller may waive this right to be informed in prior, e.g. in urgent cases.
3.2 The Processor shall structure Processor's internal organization in a manner that is compliant with the specific requirements of the applicable Data Protection Regulations for the protection of Personal Data,. Processor shall take the appropriate technical and organizational measures to adequately protect Controller's Personal Data against misuse and loss in accordance with the applicable legal requirements in accordance with the Applicable Data Protection Laws..
3.3 The Processor shall provide the Controller with a summary of the technical and organizational measures , which is attached hereto as Annex 1. Controller understands that the technical and organizational measures are subject to technical progress and further development. In this respect, the Processor shall be permitted to use alternative, suitable measures.
3.4 Upon request, the Processor shall provide the Controller with information necessary for creating the processing description in accordance with Applicable Data Protection Laws.).
3.5 The Processor shall provide that the personnel it uses for processing the Controller's data are bound by legal obligations to maintain data secrecy, and that they are informed about other applicable provisions concerning the protection of Personal Data, in particular telecommunications secrecy. The obligation to maintain data secrecy continues to apply after termination of their work contract.
3.6 The Processor shall provide the contact details of the Processor’s data protection officer (DPO) on the internet. As of the effective date of this DPA, the DPO’s current contact details can be found on the Controllers website.
3.7 The Processor shall inform the Controller in the case of breaches of regulations that protect the Controller's Personal Data or of if Controller's Instructions or Instructions from persons employed by the Controller were not properly observed.
3.8 The Processor shall be entitled to make backup copies of the Personal Data insofar as they are required to ensure correct data processing, and may copy and retain Personal Data that is needed for Controller’s compliance with its statutory document retention obligations.
3.9 Processor shall store and handle media provided to Processor, and all copies or reproductions thereof, with care so that they are not accessible by third parties. The Processor shall be obliged to provide for a destruction of test material and other material containing Personal Data that is to be discarded on in a manner compliant with the law only on the basis of an individual commission by the Controller and at the latter's expense.
3.10 The fulfillment of the above-mentioned duties shall be controlled by the Processor and shall be evidenced in a suitable manner within the framework of the Controller's standard audit process as per section 6 hereof.
3.11 The Processor shall inform the Controller if the Processor is of the opinion that an Instruction is in breach of applicable statutory data protection laws and thereby fulfil fulfill its duty to notify under the applicable Applicable Data Protection RequirementsRequirements as required. The Processor shall be entitled to suspend the implementation of the relevant Instruction until it has been confirmed or amended by the Controller.
Appears in 1 contract
Samples: Data Processing Agreement
Duties of the Processor. 3.1 The Processor may collect, process or use Personal Data only within the framework of this DPA and the Instructions given by the Controller. Material changes to the object of data processing and changes to the procedures must be agreed jointly and must be documented. While Processor will not refuse any legally compliant Instruction by Controller, Controller acknowledges and accepts that some Instructions may result in additional remuneration claims for Processor. Processor will inform Controller accordingly prior to executing the Instruction. At any time and without limiting Processor’s claim to additional fees, Controller may waive this right to be informed in prior, e.g. in urgent cases.
3.2 The Processor shall structure Processor's internal organization in a manner that is compliant with the specific requirements of the applicable Data Protection Regulations for the protection of Personal Data,. Processor shall take the appropriate technical and organizational measures to adequately protect Controller's Personal Data against misuse and loss in accordance with the applicable legal requirements in accordance with Applicable Data Protection LawsLaws Page 2/8 Ref. Rev. 07/08/2014 0000 00 Xxxxxxxxxxxxx 0, X-0000 Xxxxxxxxxx a.W., AUSTRIA Xxx X. Xxxxxxx, 51 I-31020 Villorba (TV) ITALY E. xxx@xxxxxxxx.xx xxx.xxxxxxxx.xx
3.3 The Processor shall provide the Controller with a summary of the technical and organizational measures , which is attached hereto as Annex 1. Controller understands that the technical and organizational measures are subject to technical progress and further development. In this respect, the Processor shall be permitted to use alternative, suitable measures.
3.4 Upon request, the Processor shall provide the Controller with information necessary for creating the processing description in accordance with Applicable Data Protection Laws.
3.5 The Processor shall provide that the personnel it uses for processing the Controller's data are bound by legal obligations to maintain data secrecy, and that they are informed about other applicable provisions concerning the protection of Personal Data, in particular telecommunications secrecy. The obligation to maintain data secrecy continues to apply after termination of their work contract.
3.6 The Processor shall provide the contact details of the Processor’s data protection officer (DPO) on the internet. As of the effective date of this DPA, the DPO’s current contact details can be found on the Controllers website.
3.7 The Processor shall inform the Controller in the case of breaches of regulations that protect the Controller's Personal Data or of if Controller's Instructions or Instructions from persons employed by the Controller were not properly observed.
3.8 The Processor shall be entitled to make backup copies of the Personal Data insofar as they are required to ensure correct data processing, and may copy and retain Personal Data that is needed for Controller’s compliance with its statutory document retention obligations.
3.9 Processor shall store and handle media provided to Processor, and all copies or reproductions thereof, with care so that they are not accessible by third parties. The Processor shall be obliged to provide for a destruction of test material and other material containing Personal Data that is to be discarded on in a manner compliant with the law only on the basis of an individual commission by the Controller and at the latter's expense.
3.10 The fulfillment of the above-mentioned duties shall be controlled by the Processor and shall be evidenced in a suitable manner within the framework of the Controller's standard audit process as per section 6 hereof.
3.11 The Processor shall inform the Controller if the Processor is of the opinion that an Instruction is in breach of applicable statutory data protection laws and thereby fulfil its duty to notify under the applicable Data Protection Requirements. The Processor shall be entitled to suspend the implementation of the relevant Instruction until it has been confirmed or amended by the Controller.
Appears in 1 contract
Samples: Data Processing Agreement
Duties of the Processor. 3.1 2.1 The Processor may collectcollects, process or use Personal Data only processes and uses personal data within the framework of this DPA the Main Agreement and the Instructions given specific individual instructions of the Controller.
2.2 In connection with the fulfilment of the Controller's obligation to make notifications in accordance with Articles 33 and 34 of the GDPR, the Processor shall notify the Controller in writing without delay in case of violations by the Controller. Material changes Processor or by the personnel involved by the Processor or by its sub-processors of the data protection regulations in relation to the object Controller's personal data or violations of the specifications made in the order. The same shall also apply in the event of loss or unlawful transmission or obtaining of knowledge of personal data processing and changes in the event of serious disruptions to the procedures must be agreed jointly and must be documented. While Processor will not refuse any legally compliant Instruction by Controlleroperational process, Controller acknowledges and accepts that some Instructions may result in additional remuneration claims for Processor. Processor will inform Controller accordingly prior to executing the Instruction. At any time and without limiting Processor’s claim to additional fees, Controller may waive this right to be informed in prior, e.g. in urgent cases.
3.2 The Processor shall structure Processor's internal organization in a manner that is compliant with the specific requirements case of the applicable Data Protection Regulations for suspicion of other violations of regulations on the protection of Personal Data,. Processor shall take personal data or other irregularities in the appropriate technical and organizational measures to adequately protect handling of the Controller's Personal Data against misuse personal data. This shall also apply in the event of inspections and loss measures by the supervisory authority pursuant to Art. 58 GDPR as well as if a competent authority investigates the Processor pursuant to Artt. 82, 83 GDPR.
2.3 If the Processor culpably violates its obligations to cooperate or, in accordance addition, fails to comply with the applicable legal requirements in accordance its statutory obligations as a processor, fails to comply with Applicable Data Protection Laws
3.3 The Processor shall provide instructions lawfully issued by the Controller with a summary of the technical and organizational measures , which is attached hereto as Annex 1. Controller understands that the technical and organizational measures are subject or acts contrary to technical progress and further development. In this respectsuch instructions, the Processor shall be permitted obligated to use alternative, suitable measurescompensate the Controller for the damage resulted therefrom and to indemnify the Controller against any claims asserted against it by third parties as a result of this. This shall not apply if the Processor proves that it is in no way responsible for the circumstance that caused the damage.
3.4 Upon request, the Processor shall provide the Controller with information necessary for creating the processing description in accordance with Applicable Data Protection Laws.
3.5 The Processor shall provide that the personnel it uses for processing the Controller's data are bound by legal obligations to maintain data secrecy, and that they are informed about other applicable provisions concerning the protection of Personal Data, in particular telecommunications secrecy. The obligation to maintain data secrecy continues to apply after termination of their work contract.
3.6 The Processor shall provide the contact details of the Processor’s data protection officer (DPO) on the internet. As of the effective date of this DPA, the DPO’s current contact details can be found on the Controllers website.
3.7 2.4 The Processor shall inform the Controller without undue delay about control actions and measures of the supervisory authority insofar as they relate to this Agreement. This shall also apply insofar as a competent authority investigates at the Processor in the case context of breaches administrative offence or criminal proceedings with regard to the processing of regulations personal data commissioned by the Controller.
2.5 Insofar as the Controller, for its part, is subject to control by the supervisory authority, administrative offence or criminal proceedings, the liability claim of a data subject or a third party or any other claim in connection with the processing commissioned with the Processor, the Processor shall assist the Controller to the best of its ability.
2.6 The Processor shall, taking into account the nature of the processing and the information available to it, assist the Controller free of charge in ensuring compliance with the obligations pursuant to Articles 32 to 36 GDPR. This shall include, inter xxxx
x. ensuring an appropriate level of security through technical and organisational measures that protect take into account the context and purposes of the processing as well as the predicted likelihood and severity of a potential infringement due to security vulnerabilities and allow for the immediate detection of relevant violations,
b. the obligation to notify the Controller without undue delay about personal data breaches,
c. the obligation to assist the Controller in fulfilling its obligation to inform the data subject and, in this context, to provide it with all relevant information without delay,
d. the assistance to the Controller in conducting its data protection impact assessment,
e. the assistance to the Controller in the context of prior consultations with the supervisory authority.
2.7 The Controller shall be entitled at any time to demand the correction, deletion and blocking of personal data. The Processor shall implement corresponding instructions of the Controller without undue delay, unless the Processor has a legal obligation to store the personal data.
2.8 After the end of the provision of the services relating to processing, the Processor shall, in accordance with the Controller's Personal Data instructions, destroy in a data protection compliant manner or return the personal data or data carriers that were handed over to the Processor for the fulfilment of if its obligations under the Main Agreement. Copies or duplicates of the data shall not be made without the Controller's Instructions or Instructions from persons employed by the Controller were knowledge. This shall not properly observed.
3.8 The Processor shall be entitled apply to make backup copies of the Personal Data insofar as where they are required to ensure correct proper data processing, and may copy and retain Personal Data that is needed for processing or to any data required to comply with statutory retention obligations. After completion of the contractually agreed work or earlier upon Controller’s compliance with its statutory document retention obligations.
3.9 request - at the latest upon termination of the Main Agreement - the Processor shall store hand over to the Controller or, after prior consent, destroy in a data protection compliant matter all documents, processing and handle media provided utilisation results produced and data files which have come into its possession and which relate to Processor, the contractual relationship. The same applies to test and all copies or reproductions thereof, reject material. The protocol of the deletion shall be submitted upon request. Documentation which serves as proof of orderly and proper data processing shall be kept by the Processor beyond the end of the Agreement in accordance with care so that they are not accessible by third partiesthe respective retention periods. The Processor shall be obliged may hand them over to provide for a destruction of test material and other material containing Personal Data that is to be discarded on in a manner compliant with the law only on the basis of an individual commission by the Controller and at the latter's expenseend of the Agreement to discharge the Processor.
3.10 The fulfillment of the above-mentioned duties shall be controlled by the Processor and shall be evidenced in a suitable manner within the framework of the Controller's standard audit process as per section 6 hereof.
3.11 2.9 The Processor shall inform document the data processing and shall, upon request, make the documentation available to the Controller if the Processor is of the opinion that an Instruction is in breach of applicable statutory data protection laws and thereby fulfil its duty to notify under the applicable Data Protection Requirements. without delay.
2.10 The Processor shall be entitled undertakes to suspend the implementation maintain a record of the relevant Instruction until it has been confirmed or amended by the Controller.processing activities in accordance with Art. 30
Appears in 1 contract
Samples: Data Processing Agreement
