Common use of LIST OF PARTIES SEE APPENDIX 7 Clause in Contracts

LIST OF PARTIES SEE APPENDIX 7. B. DESCRIPTION OF TRANSFER SEE APPENDIX 8 A CURRENT LIST OF OUR PROCESSORS CAN BE FOUND ON OUR WEBSITE OR CAN BE REQUESTED SEPARATELY. Our list contains the following information on all processors: Company name, Link to website, Service or transmission details, Country of processing, Subject matter of (sub-) processing, Nature of (sub-) processing, Duration of (sub-) processing, Concluded contract or appropriate safeguards according to Art. 44ff GDPR. IF YOU USE OTHER PROCESSORS NOT MENTIONED IN OUR LIST AND / OR APPROVED BY US, PLEASE SEND US A LIST OF THEIR PROCESSORS FOR VERIFICATION AND / OR APPROVAL. Party Number 1: Party Number 2: Categories of data subjects / personal information subjects whose personal data is processed or transferred: Categories of personal data / personal information processed or transferred: Sensitive data processed or transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures. Sensitive data / sensitive personal information processed or transferred: Applied restrictions or safeguards: Frequency of transfer: Nature of the processing: Purpose(s) for which the personal data / personal information is processed on behalf of the controller or Purpose(s) of the data transfer and further processing: Duration of the processing: The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period For processing by or transfer to (sub-) processors, also specify subject matter, nature and duration of the processing Subject matter of (sub-) processing: SEE APPENDIX 6 Nature of (sub-) processing: SEE APPENDIX 6 Duration of (sub-) processing: SEE APPENDIX 6 The technical and organizational security measures mentioned as follows are the minimum required from you, and are also fulfilled by us. If you have not implemented these technical and organizational security measures, please inform us immediately. Furthermore, you shall send us a list of all additional technical and organizational security measures taken by you, if any. 1. Measures of pseudonymization and encryption of personal data 2. Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services 3. Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident 4. Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing 5. Measures for user identification and authorisation 6. Measures for the protection of data during transmission 7. Measures for the protection of data during storage 8. Measures for ensuring physical security of locations at which personal data are processed 9. Measures for ensuring events logging 10. Measures for ensuring system configuration, including default configuration 11. Measures for internal IT and IT security governance and management 12. Measures for certification/assurance of processes and products 13. Measures for ensuring data minimization 14. Measures for ensuring data quality 15. Measures for ensuring limited data retention 16. Measures for ensuring accountability 17. Measures for allowing data portability and ensuring erasure 18. For transfers to (sub-) processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a processor to a sub-processor, to the data exporter