Common use of Instructions of the Controller Clause in Contracts

Instructions of the Controller. (1) The Controller is responsible for compliance with data protection provisions, in particular for the ad- missibility of the data processing and for data subjects' rights according to the data protection provi- sions. (2) The Processor processes the personal data given by the Controller solely in the scope of the agreed regulations and under the instructions of the Controller. In principle, instructions can be given orally. Oral instructions must be documented by the Controller. Instructions must be given in writing or in text form, if the Processor requires it. If the Controller's instructions lead to services of the Processor that exceed the scope of the main contract, the Controller shall remunerate such services separately. (3) Data can only be corrected, deleted or locked subject the Controller’s instructions. (4) The processing occurs only under the Controller’s instruction, expect where the law of the European Union or a Member State dictates that the Processor requires certain processing of the data. In these cases, the Processor will inform the Controller of such legal requirements prior to the processing, provided that informing is not forbidden on account of an important public interest. (5) If the Processor believes that an instruction given by the Controller is in breach of data protection laws, he must notify the Controller of this prior to exercising such instruction. If, despite the Proces- sor's notification of such an instruction, the Controller inists in exercising such an instruction, the Controller shall indemnify the Processor against damages and fines resulting from the implementa- tion of the instruction.