Obligations and Rights of the Controller. The obligations and rights of Customer are set out in the Agreement and this DPA.
Obligations and Rights of the Controller. 4.1 The controller is responsible for verifying the validity and suitability of the processor before entering into a business relationship.
4.2 The controller shall carry out adequate and appropriate onboarding and due diligence checks for all processors, with a full assessment of the mandatory Data Protection Law requirements.
4.3 The controller shall verify that the processor has adequate and documented processes for data breaches, data retention and data transfers in place.
4.4 Where the controller has authorised the use of any sub-processor by the initial processor, the controller must verify that similar data protection agreements are in place between the initial processor and sub-processor.
4.5 The controller has the authority to approve any third party in advance of work being carried out by the processer for the purposes of the controller.
4.6 Where the controller has authorised the use of any sub-processor by the initial processor, the details of the sub-processor must be added to Schedule 2 of this agreement.
Obligations and Rights of the Controller. The obligations and rights of Customer are set out in the Agreement and this DPA. Where applicable, this Schedule 2 will serve as Xxxxx XX to the Standard Contractual Clauses. The full text of Smartsheet’s technical and organizational security measures is available at xxxxx://xxx.xxxxxxxxxx.xxx/legal/security.
Obligations and Rights of the Controller. 4.1 The Controller is responsible for verifying the validity and suitability of the Processor before entering into a business relationship.
4.2 The Controller shall carry out adequate and appropriate onboarding and due diligence checks for all Processors, with a full assessment of the mandatory Data Protection Law requirements.
4.3 The Controller shall verify that the Processor has adequate and documented processes for data breaches, data retention and data transfers in place.
4.4 The Controller shall obtain evidence from the Processor as to the: -
a) verification and reliability of the employees used by the Processor
b) certificates, accreditations and policies as referred to in the due diligence/onboarding questionnaire
Obligations and Rights of the Controller. (1) The Controller is responsible for compliance with the legal requirements of data protection law in relation to this Contract, particularly for the legal compliance with the transfer of data processing to SupplyOn as well as for the legal compliance of the data processing.
(2) The Controller shall give all further instructions not listed in §1 (2) in written form. Changes to the object of the instruction with regard to §1 (2) must be mutually agreed upon.
(3) The Controller has the right to issue instructions over the type, scope and procedure of the processing of personal data within the scope of this contract in written or in text form.
(4) The Controller shall inform SupplyOn without undue delay, if he finds an error or an irregu- larity in the inspection of the commissioned processing to occur in this CDP. The same applies where there is suspicion of a data protection breach or another irregularity in the processing of personal data.
(5) The Controller shall treat all information regarding business secrets and data security measures in the scope of this contractual relationship with SupplyOn confidential until the end of the contract.
Obligations and Rights of the Controller. 5.1. Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the Controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that Processing is performed in accordance with the GDPR. Those measures shall be reviewed and updated where necessary.
Obligations and Rights of the Controller. The rights and obligations of the Controller are as set out in the Agreement, including this DPA.
Obligations and Rights of the Controller. 6.1 The Processor shall process the Personal Data according to the Data Protection Laws and by following good data processing practices, other relevant legislation and compulsory guidance of the authorities.
6.2 The Controller reserves the right to monitor the Personal Data.
6.3 The Controller reserves the ownership of the Personal Data and any immaterial rights and other rights relating to the Personal Data, unless the Controller notifies the Processor that such ownerships belong to the Controller’s customer or another affiliate company.
Obligations and Rights of the Controller. 1. The Processor shall share with the Controller any information necessary to demonstrate the compliance with obligations to which the Processor is subject, and shall allow the Controller to conduct audits, including inspections, cooperating in any verification and correction activities. Audits shall be conducted at the Controller’s cost.
2. An audit or inspection should take place during the Processor’s working hours and cannot interfere with the Processor’s ongoing activities; the Controller should inform the Processor about a planned audit or inspection at least 30 days in advance.
3. The Processor undertakes to remove any irregularities detected by the Controller within a reasonable time limit, not longer than 30 days.
4. The Processor shall assist the Controller in compliance with its obligation to reply to a data subject in the exercise of the data subject’s rights set forth in Chapter III of the GDPR, and in compliance with obligations under Art. 32-36 of the GDPR.
5. After the end of processing related services provided, the Processor shall, at the Controller’s discretion, either erase or return all the Personal Data, unless the Processor is obliged to further process them under separate laws.
