OBLIGATIONS OF DATA PROCESSOR. 3.1 The Parties agree that the subject-matter and duration of Processing performed by Data Processor under this DPA, including the nature and purpose of Processing, the type of Personal Data, and categories of Data Subjects, shall be as described in Exhibit A of this DPA and in the Master Subscription Agreement.
OBLIGATIONS OF DATA PROCESSOR. The Data Processor warrants that the Data Processor will:
OBLIGATIONS OF DATA PROCESSOR. 4.1 The Parties agree that the subject-matter and duration of Processing performed by Data Processor under this Agreement, including the nature and purpose of Processing, the type of Personal Data, and categories of Data Subjects, shall be as described in the End User Licence Agreement.
OBLIGATIONS OF DATA PROCESSOR. The Data Processor shall always carry out the Processing of Personal Data in compliance with the technical and organizational measures for the protection of Personal Data maintained by the Data Processor which herewith are agreed and shall be considered as being appropriate and that are exclusively set forth in Appendix 3 “myIDTravel_Data Protection Measures”. The Data Processor shall impose obligations on any person acting under its authority who has access to Personal Data of the Data Controller stipulating the confidentiality of such Personal Data and that the Processing of such Personal Data shall always be carried out in accordance with the terms of this Agreement or the instructions from the Data Processor or the Data Controller. The Data Processor shall be entitled to subcontract the Processing of the Data Controller’s Personal Data to IBM Deutschland Aviation Industry Services GmbH, Frankfurt/Main, Germany. The Data Processor shall not subcontract the Processing of the Data Controller’s Personal Data to any additional subcontractor without prior written approval of the Data Controller; such approval shall not unreasonably withhold. Notwithstanding the foregoing, the Data Processor shall be entitled to involve and subcontract any company of the Lufthansa group, which comprises all affiliates of Deutsche Lufthansa AG in the meaning of §§ 15 et seq. AktG, solely in context with the Processing of the Data Controller’s Personal Data and the monitoring, development and testing of the myIDTravel solution. The responsibilities and obligations of Lufthansa Industry Solutions described in this clause 9 and in Appendix 3 in context with the protection of Personal Data shall commence upon Lufthansa Industry Solutions has received Personal Data from Letiště Praha or the Data Subjects and shall end upon Lufthansa Industry Solutions is transmitting the Personal Data to the carrier(s) or airline(s) to which the (i) booking, (ii) listing of flights and/or (iii) the issuance of a Ticket Record for ID staff travel, of the Data Subject refers to. For avoidance of doubt, such airlines or carriers receive Personal Data of Data Subjects for the airline’s or carrier’s purposes,
OBLIGATIONS OF DATA PROCESSOR. Security Measures Data Processor shall implement appropriate technical and organisational measures to ensure that personal data is processed in accordance with the requirements in the applicable data protection law, the conditions in the Service Order and this DPA. All security measures shall be at least equal to the level which the competent supervisory authority typically requires for equivalent processing activities. The measures shall be documented and submitted to Data Controller upon written request, without undue delay.
OBLIGATIONS OF DATA PROCESSOR. Data Processor shall process Data only within the scope of the work to be carried out, according to documented instructions of Data Controller, unless Data Processor is required to otherwise by Union or Member State law. In this case, Data Processor shall inform Data Controller of that legal requirement before processing, unless such information is prohibited by that law. Data Processor shall supervise and keep records on any technical and organizational measures with respect to § 2 No. 5 of the Data Processing Agreement on a regular basis. Data Processor shall provide Data Controller with respective records on request. Data Processor has appointed the person listed below as a contact person for data protection purposes: Xxxxxx Xxxxxxxx Xxxxxx GDPR responsible Digital Solutions e-mail: Xxxxxx.Xxxxxx@xxx.xxx Data Processor shall be liable with regard to ensuring Data confidentiality. All persons of Data Processor who may access Data shall be pledged to confidentiality or shall be under an appropriate statutory obligation of confidentiality, and shall be notified of the data protection obligations specifically arising from the work to be carried out, and any order or appropriation hereof. The processing of Data shall only take place within the EU or the European Economic Area (EEA). Data Processor may not transfer or authorize the transfer of Data to countries outside the EU and or the EEA without approval of Data Controller except for Affiliates
OBLIGATIONS OF DATA PROCESSOR. 3.1. When acting as a Data Processor in relation to Personal Data provided by Goodlord Agent acting as a Data Controller, Goodlord shall:
OBLIGATIONS OF DATA PROCESSOR. 4.1. In providing the Company Services, Data Processor shall comply with the instructions of Data Controller for the Processing of Personal Data and Process the Personal Data exclusively in connection with the provision of the Company Services. The provisions of this Data Processing Agreement are the main source of instructions issued by Data Controller. Any amendments to the Processing requirements shall be agreed between the Parties and documented in writing.
OBLIGATIONS OF DATA PROCESSOR. 2.1. The Data Processor shall only process Personal Data on the documented instructions of the Data Controller unless required to do so by the EU/EEA law, which Data Processor is subject to. In such case, Data Processor must disclose that legal requirement to the Data Controller before processing, unless that law prohibits such disclosure on important grounds of public interest.
OBLIGATIONS OF DATA PROCESSOR. The DATA PROCESSOR is responsible for the following obligations: ● It shall specify the obligations and guarantees that the DATA SUBPROCESSOR shall implement in order to comply with the data protection regulation and DATA CONTROLLER’s requirements. ● It shall allow DATA SUBPROCESSOR the personal data subject to processing in accordance with the GDPR. In this regard, DATA PROCESSOR declares to have informed, and if necessary, to have obtained the consent of DATA CONTROLLER to carry out the present subcontracting. ● It shall carry out the analysis of risks that may result from the processing activity to be subject to control and, on the basis of such analysis, to indicate to the DATA SUBPROCESSOR the technical and organizational measures to be implemented for the provision of the service subject to processing. ● It shall carry out, if necessary, an impact assessment on the protection of personal data from the processing operations to be carried out by DATA SUBPROCESSOR. ● If necessary, it shall consult the appropriate Supervisory Authorities, where appropriate. ● It shall ensure, in advance and throughout the processing, compliance with the GDPR by DATA SUBPROCESSOR. ● It shall oversee data processing carried out by DATA SUBPROCESSOR, including the performance of inspections and audits.
