Common use of Obligations of the Processor Clause in Contracts

Obligations of the Processor. 6.1 The Processor shall: 6.1.1 process the Personal Data only on documented instructions from the Controller; 6.1.2 ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; 6.1.3 take all measures required pursuant to Article 32 of the GDPR, namely to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to the rights and freedoms of natural persons including, as a minimum, the measures set out in Schedule 2 of this Agreement; 6.1.4 respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another Processor, namely that the Processor may not engage another Processor (Sub-Processor) without the prior authorisation of the Controller. Those Sub-Processors that are authorised by the Controller at the date of this agreement are listed in Schedule 3. In cases where another Processor is engaged, the Sub-Processor must be subject to the same contractual terms as described in this Agreement; 6.1.5 assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR; 6.1.6 assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, relating to security of Processing, Personal Data Breaches and data protection impact assessments; 6.1.7 at the choice of the Controller, delete or return all the Personal Data to the Controller after the end of the provision of services relating to Processing, and delete existing copies unless applicable law requires storage of the Personal Data; 6.1.8 make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller;

Obligations of the Processor. 6.1 The Processor shall: 6.1.1 process the Personal Data only on documented instructions from the Controller; 6.1.2 ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; 6.1.3 take all measures required pursuant to Article 32 of the GDPR, namely to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to the rights and freedoms of natural persons including, as a minimum, the measures set out in Schedule 2 of this Agreement; 6.1.4 respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another Processor, namely that the Processor may not engage another Processor (Sub-Processor) without the prior authorisation of the Controller. Those Fusion Education Software Ltd does not make use of Sub-Processors that are authorised by the Controller at the date of this agreement are listed in Schedule 3. In cases where another Processor is engaged, the Sub-Processor must be subject to the same contractual terms as described in this Agreement;Processors. 6.1.5 assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR; 6.1.6 assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, relating to security of Processing, Personal Data Breaches and data protection impact assessments; 6.1.7 at the choice of the Controller, delete or return all the Personal Data to the Controller after the end of the provision of services relating to Processing, and delete existing copies unless applicable law requires storage of the Personal Data; 6.1.8 make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller;

Obligations of the Processor. 6.1 The Processor shall: 6.1.1 process the Personal Data only on documented instructions from the Controller; 6.1.2 ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; 6.1.3 take all measures required pursuant to Article 32 of the GDPR, namely to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to the rights and freedoms of natural persons including, as a minimum, the measures set out in Schedule 2 of this Agreement; 6.1.4 respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another Processor, namely that the Processor may not engage another Processor (Sub-Processor) without the prior authorisation of the Controller. Those My Learning (UK) Ltd does not make use of Sub-Processors that are authorised by the Controller at the date of this agreement are listed in Schedule 3. In cases where another Processor is engaged, the Sub-Processor must be subject to the same contractual terms as described in this Agreement;Processors. 6.1.5 assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR; 6.1.6 assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, relating to security of Processing, Personal Data Breaches and data protection impact assessments; 6.1.7 at the choice of the Controller, delete or return all the Personal Data to the Controller after the end of the provision of services relating to Processing, and delete existing copies unless applicable law requires storage of the Personal Data; 6.1.8 make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller;

Obligations of the Processor. 6.1 6.1. The Processor shall: 6.1.1 6.1.1. process the Personal Data only on documented instructions from the Controller; 6.1.2 6.1.2. ensure that persons authorised to process the Personal Data have committed themselves to confidentiality confidentiality or are under an appropriate statutory obligation of confidentialityconfidentiality; 6.1.3 6.1.3. take all measures required pursuant to Article 32 of the GDPR, namely to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to the rights and freedoms of natural persons including, as a minimum, the measures set out in Schedule 2 of this Agreement; 6.1.4 6.1.4. respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another Processor, namely that the Processor may not engage another Processor (Sub-Processor) without the prior authorisation of the Controller. Those Sub-Processors that are authorised by the Controller at the date of this agreement are listed in Schedule 3. In cases where another Processor is engaged, the Sub-Sub- Processor must be subject to the same contractual terms as described in this Agreement; 6.1.5 6.1.5. assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR; 6.1.6 6.1.6. assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, relating to security of Processing, Personal Data Breaches and data protection impact assessments; 6.1.7 6.1.7. at the choice of the Controller, delete or return all the Personal Data to the Controller after aier the end of the provision of services relating to Processing, and delete existing copies unless applicable law requires storage of the Personal Data; 6.1.8 6.1.8. make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller;