We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content.

For more information visit our privacy policy.

OBLIGATIONS OF THE DATA PROCESSOR Sample Clauses

OBLIGATIONS OF THE DATA PROCESSOR. The Data Processor undertakes to fulfil the following obligations:
Sample 1Sample 2Sample 3See All (15)
OBLIGATIONS OF THE DATA PROCESSOR. 6.1. For the purposes of the correct processing of Personal Data, the Data Processor undertakes to: a) carry out any Personal Data processing operation in compliance with the applicable regulations relating to the protection of personal data, including the principles referred to in chapter II of the Regulation (articles 5-11); b) carry out the processing of Personal Data in the implementation of this Framework Agreement and for the purposes relative to the provision of the services therein referred to, for the time period strictly necessary for the performance of the above mentioned purposes as well as the purposes strictly linked and instrumental to the management of technical issues linked thereto; c) guarantee the full compliance with the obligations imposed by the Regulation directly onto the Data Processor, including by way of example, the obligation to hold a register of the operations carried out on behalf of the Data Controller pursuant to article 30, paragraph 2 of the Regulation and, where required, the requirement to appoint a Data Protection Officer pursuant to article 37, paragraph 1 of the Regulations; d) in compliance with article 32 of the Regulation, implement technical and organisational measures to guarantee an adequate level of security for the processing operations carried out on behalf of the Data Controller, as well as cooperate with the latter by providing the same with the information and documentation required by the same in order to assess and check from time to time that the Data Processor has adopted technical and administrative measures; e) in the performance of the data processing operations on behalf of the Data Controller, follow the provisions and instructions included in this Data Processing Agreement; f) in relation to the collection of Personal Data from data subjects, where required, the Data Processor ensures this is done in compliance with the specific procedures agreed with the Data Controller in order to guarantee that the collection of Personal Data and their subsequent processing comply with the law (e.g. privacy policy and requests of consent for the processing of data provided by the Data Controller; tracing and archiving of consents given by the data subjects); g) with the exclusion of cases strictly necessary for the provision of Services, not to disclose or share Personal Data with third parties without the previous written consent of the Data Controller and to adopt the organisational and technical measures...
Sample 1Sample 2See All (12)
OBLIGATIONS OF THE DATA PROCESSOR. 4.1 All processing by the Data Processor of the personal data provided by the Data Controller must be in accordance with instructions set forth in this Agreement (including with regard to data transfers) and which constitute the Data Controllers complete and final instructions to the Data Processor, unless i) EU or EU Member State law to which the Data Processor is subject requires other processing of the personal data by the Data Processor, or ii) in the event the Data Processors makes changes to its systems, processes, etc. which requires chan- ges to the instructions, in which case Data Processor will notify the Data Controller of amen- dents to the instructions in the same manner as the Data Processor provides notice of Amendments to the General Terms and Conditions under the Main Agreement. 4.2 Should the Data Controller in its reasonable opinion believe, and be able to substantiate, that the amendments to the instructions introduced by the Data Processor cause the Data Con- troller to be non-compliant with General Data Protection Regulation, the Data Controller shall be entitled to terminate this Agreement and the Main Agreement by giving notice of termination to the Data Processor within the 10 business days from receiving notice of the amendments, otherwise the amendments will be deemed accepted by the Data Controller and will effectively become part of this Agreement. 4.3 The Data Processor must immediately inform the Data Controller if, in the Data Processor’s opinion, an instruction infringes the EU General Data Protection Regulation or the data pro- tection provisions of a Member State. 4.4 The Data Processor must take all necessary technical and organisational security measures, including any additional measures, required to ensure that the personal data specified in clause 1.2 is not accidentally or unlawfully destroyed, lost or impaired or brought to the knowledge of unauthorised third parties, abused or otherwise processed in a manner which is contrary to applicable national law in the relevant EU/EEA member states in force at any time. These measures shall meet and be equivalent to the certificate and security require- ments specified by card associations and the authorities, including the PCI DSS (Payment Card Industry – Data Security Standard), for details see xxxxx://xxx.xxxxxxxxxxxxxxxxxxxx.xxx. The security measures deemed necessary and applied by the Data Processor shall be risk based, and will be updated from time to time by the Dat...
Sample 1Sample 2See All (8)
OBLIGATIONS OF THE DATA PROCESSOR. 5.1 The Data Controller instructs the Data Processor to only Process Personal Data according to its lawful instructions, that have been described in Schedule 1 (instructions to the Data Processor). It is the Data Controller's responsibility to ensure that the instructions are not contrary to Personal Data Legislation. 5.2 In addition to what otherwise follows from the Agreement, the Data Processor undertakes: a) to assist the Data Controller in ensuring compliance with the obligations deriving from applicable Personal Data Legislation, taking into account the nature of Processing and the information available to the Data Processor; b) to immediately inform the Data Controller if, in the Data Processors opinion, an instruction infringes the applicable Personal Data Legislation and the Data Processor is then not obligated to carry out the relevant Processing until the parties have decided how to solve the matter or until a supervisory authority declares the instruction as lawful. c) to implement appropriate technical and organisational measures according to Schedule 1 in order to protect and safeguard the Personal Data that is Processed against Personal Data Breaches (Data Processor may amend the technical and organizational measures from time to time provided that the amended technical and organizational measures are not less protective of the Personal Data as those set out in Appendix 1); d) to maintain records of all categories of Processing performed on behalf of the Data Controller, including name and contact details and, where applicable, transfers of Personal Data to a Third Country or international organisation and, where possible, a general description of the technical and organisational security measures; e) to ensure that only authorised persons can Process Personal Data, and ensure that these persons have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; f) to without undue delay refer any third party requesting information relating to the Personal Data to the Data Controller, unless such reference is prohibited under criminal law (e.g. to preserve the confidentiality of a law enforcement investigation) and on request cooperate with relevant supervisory authority in the performance of its tasks and without undue delay inform the Data Controller of this; g) to assist the Data Controller through appropriate technical and organisational measures, to the extent possible, so that the Data Cont...
Sample 1Sample 2See All (7)
OBLIGATIONS OF THE DATA PROCESSOR. 4.1 All processing by the Data Processor of the personal data provided by the Data Controller must be in accordance with these instructions from the Data Controller, and the Data Processor is, furthermore, obliged to comply with any and all data protection legislation in force from time to time. If European Union law or law of a EU Member State to which the Data Processor is subject stipulates that the Data Processor is required to process the personal data listed in clause 1.2, the Data Processor must inform the Data Controller of that legal requirement before processing. However, this does not apply if this legislation prohibits such information on important grounds of public interests. The Data Processor must immediately inform the Data Controller if, in the Data Processor’s opinion, an instruction infringes the EU General Data Protection Regulation or the data protection provisions of a EU Member State. 4.2 The Data Processor must take all necessary technical and organisational security measures, including any additional measures, required to ensure that the personal data specified in clause 1.2 is not accidentally or unlawfully destroyed, lost or impaired or brought to the knowledge of unauthorised third parties, abused or otherwise processed in a manner which is contrary to Danish data protection legislation in force at any time. These measures are described in more detail in Schedule 1. 4.3 The Data Processor must ensure that employees authorised to process the personal data have committed themselves to confidentiality or are under the appropriate statutory obligation of confidentiality. 4.4 If so requested by the Data Controller, the Data Processor must state and/or document that the Data Processor complies with the requirements of the applicable data protection legislation, including documentation regarding the data flows of the Data Processor as well as procedures/policies for processing of personal data. 4.5 Taking into account the nature of the processing, the Data Processor must, as far as possible, assist the controller by appropriate technical and organisational measures, for the fulfilment of the Data Controller’s obligation to respond to requests for exercising the data subject’s rights as laid down in chapter 3 in the General Data Protection Regulation. 4.6 The Data Processor, or another Data Processor (sub-Data Processor) must send requests and objections from data subjects to the Data Controller, for the Data Controller's further proces...
Sample 1Sample 2Sample 3See All (6)
OBLIGATIONS OF THE DATA PROCESSORData Processing 6.1 Only process the Personal Data & Special Categories of Personal Data for the purpose of providing the Services and in accordance with the Data Controller’s instructions, unless the Data Processor is required to do otherwise by law. 6.2 Only process the Personal Data & Special Categories of Personal Data only to the extent and in such a manner as is necessary for the provision of the services. 6.3 Only process the Personal Data & Special Categories of Personal Data in compliance with the Data Protection Act 2018 and the GDPR. 6.4 Assist the Data Controller in providing subject access and allowing data subjects to exercise all their other rights under the GDPR. The response to all subject information and other GDPR requests that may be received from the data subjects shall be provided within 14 days. All such requests must be received by the Data Controller and all communication with the Data Subjects must be via the Data Controller. If any requests are received by the Data Processor, the Data Subject would normally be instructed to contact the Data Controller. 6.5 Implement appropriate technical and organisational measures to protect the Personal Data, and any other Confidential Information, against unauthorised or unlawful Processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Personal Data and/or other Confidential Information. As a minimum all data shall be encrypted in transit (with HTTPS via TLS 1.2 or higher) and at rest via Transparent Data Encryption (TDE);
Sample 1Sample 2Sample 3See All (5)
OBLIGATIONS OF THE DATA PROCESSOR. 2.3.1 The Data Processor will process the Personal Data in compliance with applicable data protection regulations, including the Data Protection Xxx 0000 and Regulation (EU) 2016/679 (the “General Data Protection Regulations”). 2.3.2 The Data Processor undertakes that it shall process the Personal Data strictly in accordance with the Data Controller's instructions for the processing of that personal data. 2.3.3 The Data Processor will process the Personal Data for the purposes defined in Schedule C only. 2.3.4 The Data Processor will treat the personal data, and any other Information provided by the Data Controller as confidential, and will ensure that access to the Personal Data is limited to only those employees who require access to it for the purpose of the Data Processor carrying out the permitted processing and complying with its obligations under this Agreement. 2.3.5 The Data Processor will ensure that only such of its employees who may be required by it to assist it in meeting its obligations under the Agreement shall have access to the Personal Data. The Data Processor will ensure that all such employees have undergone training in the law of data protection, their duty of confidentiality under contract and in the care and handling of Personal Data. 2.3.6 The Data Processor agrees to assist the Data Controller promptly with all subject information requests, rectification requests, erasure requests, requests for restriction of processing, objections or complaints which may be received from the data subjects of the Personal Data. 2.3.7 The Data Processor will notify and cooperate with the Data Controller promptly with requests made under the Freedom of Information Xxx 0000. 2.3.8 The Data Processor will not disclose the Personal Data to a third party in any circumstances other than at the specific written request of the Data Controller, unless the disclosure is required by law. 2.3.9 The Data Processor will transfer or store the Personal data only as permitted in Schedule B. 2.3.10 The Data Processor will not sub-contract any of the processing without explicit written agreement from the Data Controller, detailed in Schedule B. Where such written agreement is provided, the Data Processor will ensure that any sub-contractor it uses to process the personal data complies with the terms of this agreement. 2.3.11 The Data Processor will employ appropriate operational and technological processes and procedures summarised in Schedule E to keep the Personal ...
Sample 1See All (5)
OBLIGATIONS OF THE DATA PROCESSOR. 3.1 The Data Processor undertakes to Process Personal Data only in accordance with the Data Controller’s documented instructions and the provisions contained in this Data Processing Agreement and in the Access Agreement. The Data Processor shall not Process Personal Data for which the Data Controller is a Data Controller for any other purposes. 3.2 Should the Data Controller present new instructions that go beyond the provisions contained in this Data Processing Agreement or the Access Agreement, the Data Processor shall be entitled to remuneration in accordance with the Data Processing Agreement’s price list applicable from time to time, or as agreed between the Parties. 3.3 Notwithstanding what is stated in section 3.1 above, the Data Processor may Process Personal Data to the extent required to enable the Data Processor to fulfil its obligations under Applicable Legislation. However, the Data Processor is obligated to inform the Data Controller of the legal obligation, unless the Data Processor is prevented by Applicable Legislation from providing such information. 3.4 Notwithstanding the governing law provisions set forth in the Access Agreement, the Applicable Personal Data Legislation shall apply to the Processing of Personal Data that are subject to the terms of this Data Processing Agreement. 3.5 The Data Processor must notify the Data Controller if the Data Processor is unable to meet its obligations set forth in this Data Processing Agreement, or if the Data Processor considers that an instruction given by the Data Controller concerning the Processing of Personal Data would constitute a violation of Applicable Personal Data Legislation, unless the Data Processor is prevented by Applicable Legislation from providing such information to the Data Controller.
Sample 1Sample 2See All (4)
OBLIGATIONS OF THE DATA PROCESSOR. 3.1. The Data Processor undertakes to process personal data only on documented instructions from the Data Controller, including with regard to transfers of personal data to a third country or an international organization. 3.2. The Data Processor will not make any use of any Personal Data supplied to it by the Data Controller other than in connection with the provision of the Services to the Data Controller. 3.3. The Data Processor shall implement appropriate technical and organizational measures to secure all Personal Data accessed or processed by the Data Processor against accidental or unlawful loss; against destruction or damage; against any unauthorized access to and knowledge of the personal data and against any other processing of personal data in violation of this Agreement.
Sample 1Sample 2
OBLIGATIONS OF THE DATA PROCESSOR. 3.1. The Data Processor shall solely be permitted to process Personal Data on documented instructions from the Data Controller to the extent necessary to perform its obligations under the Agreement, unless processing is required under UK, EU or Member State law to which the Data Processor is subject. In this case, and where possible to do so, the Data Processor shall inform the Data Controller of this legal requirement prior to processing unless that law prohibits disclosure of such information on important grounds of public interest. 3.2. The Data Processor shall inform the Data Controller as soon as reasonably possible if the instructions, in the opinion of the Data Processor, contravene the Applicable Data Protection Laws .
Sample 1Sample 2