Common use of Obligations of the Processor Clause in Contracts

Obligations of the Processor. The Processor will 3.1. With regard to the processing referred to in article 2 (Processing Objectives), the Processor will ensure compliance with the applicable laws and regulations, including in all cases the laws and regulation in the area of data protection such as the General Data Protection Regulation. Processing will only take place in order to use (various) applications offered by Processor for the performance of the Agreement, and those purposes that are determined with further consent. 3.2. Processor follows all the instructions of the Reponsible within a reasonable period. Instructions are generally given in writing, unless the urgency or other specific circumstances require a different (for example oral or electronic) form. Non-written instructions must be confirmed in writing by the Responsible immediately. Insofar as the execution of an instruction leads to costs for the Processor, the Responsible will first inform the Client of these costs. Only after the Responsible has confirmed that the costs for the execution of an instruction are for his account, the Processor will carry out that instruction. 3.3. Notify the information immediately if the Processor can not comply with instructions from the Responsible for any reason; 3.4. The processor takes all technical and organizational security measures that are required from it under the GDPR and in particular pursuant to Article 32 of the GDPR. 3.5. The Processor shall ensure that persons, not limited to employees, who participate in the Processing activities are bound by a confidentiality obligation with respect to the Personal Data. 3.6. Ensure that persons who have access to the Personal Data will Process Personal Data in accordance with the purposes of the Processing. 3.7. Assisting the Responsible with appropriate Technical and Organizational Measures, to the extent feasible, for compliance with the Responsible Party's obligation to respond to requests for the exercise of the data subjects' rights concerning information described in Article 8 of this Agreement of this Appendix. 3.8. Handle all questions from Responsible with regard to its Processing of the Personal Data to be processed (for example by enabling the Responsible to respond in a timely manner to complaints or requests from Parties) and comply with the advice of the Supervisory Authority regarding the Processing of the data transmitted ; 3.9. Assist the Responsible with a Data Protection Impact Assessment as required by Article 35 of the GDPR relating to the Services provided by the Processor to the Responsible and the Personal Data processed by the Processor on behalf of the Responsible;

Obligations of the Processor. The Processor will… 3.1. With with regard to the processing referred to in article 2 (Processing Objectives), the Processor will ensure compliance with the applicable laws and regulations, including in all cases the laws and regulation in the area of data protection such as the General Data Protection Regulation. Processing will only take place in order to use (various) applications offered by Processor for the performance of the Agreement, and those purposes that are determined with further consent.; 3.2. Processor follows follow all the instructions of the Reponsible Responsible within a reasonable period. Instructions are generally given in writing, unless the urgency or other specific circumstances require a different (for example oral or electronic) form. Non-written instructions must be confirmed in writing by the Responsible immediately. Insofar as the execution of an instruction leads to costs for the Processor, the Responsible will first inform the Client of these costs. Only after the Responsible has confirmed that the costs for the execution of an instruction are for his account, the Processor will carry out that instruction.; 3.3. Notify notify the information immediately if the Processor can cannot comply with instructions from the Responsible for any reason; 3.4. The processor takes take all technical and organizational security measures that are required from it under the GDPR and in particular pursuant to Article 32 of the GDPR. 3.5. The Processor shall ensure that persons, not limited to employees, who participate in the Processing activities are bound by a confidentiality obligation with respect to the Personal Data.; 3.6. Ensure ensure that persons who have access to the Personal Data will Process Personal Data in accordance with the purposes of the Processing.; 3.7. Assisting assist the Responsible with appropriate Technical and Organizational Measures, to the extent feasible, for compliance with the Responsible Party's obligation to respond to requests for the exercise of the data subjects' rights concerning information described in Article 8 of this Agreement of this Appendix.; 3.8. Handle handle all questions from Responsible with regard to its Processing of the Personal Data to be processed (for example by enabling the Responsible to respond in a timely manner to complaints or requests from Parties) and comply with the advice of the Supervisory Authority regarding the Processing of the data transmitted ;; and 3.9. Assist assist the Responsible with a Data Protection Impact Assessment as required by Article 35 of the GDPR relating to the Services provided by the Processor to the Responsible and the Personal Data processed by the Processor on behalf of the Responsible;

Obligations of the Processor. Processor guarantees that it, as well as any person acting under its authority, shall process personal data on documented instructions of the Controller only insofar as such shall be necessary for delivering the Performances under the Agreement (including with regard to transfers of personal data to a third country or an international organization), unless he is required to do so by Union or Member State law to which Processor is subject. In such a case, Processor will inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. The Processor will 3.1will not disclose personal data directly or indirectly to any person, company or governmental entity, except for what is determined under article 3.3. With regard If such disclosure is necessary for the proper processing of personal data, this may only occur (1) after prior written permission of the Controller and then only under a full obligation of confidentiality or (2) pursuant to an order issued by a court, a governmental agency or required by the processing referred to in article 2 law. This Annex does not comprise consultancy services by NRB concerning data protection (Processing Objectiveslike risk assessment, an evaluation of compliance with the GDPR or a classification of data), nor a posting of personnel for assistance of the Controller in his project to achieving compliance with the GDPR, particularly by taking the function of Data protection officer (DPO) or responsible for the security of information systems or the realization of awareness campaigns within the personnel of the Controller. If the Parties wish to include certain of those elements in the mission of the Processor, they will agree to that in writing and the Processor will ensure compliance with the applicable laws and regulations, including submit a price offer in that regard. Each Party conforms to all cases the laws and regulation in the area of regulations applicable concerning personal data protection such as and particularly the General Data Protection RegulationPA and, after May 25th 2018, the GDPR. Processing will only take place in order to use (various) applications offered by Processor for the performance The Controller remains responsible of the Agreement, and those purposes that are determined with further consent. 3.2. Processor follows all the instructions lawfulness of the Reponsible within a reasonable periodprocessing of the personal data, including where applicable, the obtaining of the consent of the data subjects concerned by the processing of their personal data. Instructions are generally given in writingIn case the Controller provides, unless the urgency manages or other specific circumstances require a different controls components (where applicable for example oral or electronic) form. Non-written instructions must be confirmed in writing by workstations linked to the Responsible immediately. Insofar as the execution services of an instruction leads to costs for the Processor, the Responsible will first inform the Client of these costs. Only after the Responsible has confirmed that the costs for the execution of an instruction are for his accountmechanisms to transfer data, the Processor will carry out that instruction. 3.3. Notify access and identifying information provided to his personnel), he needs to implement and maintain the information immediately if the Processor can not comply with instructions from the Responsible for any reason; 3.4. The processor takes all technical and organizational security measures that are required from it under the GDPR and in particular pursuant to Article 32 of the GDPR. 3.5. The Processor shall ensure that persons, not limited to employees, who participate in the Processing activities are bound by a confidentiality obligation with respect to the Personal Datadata protection. 3.6. Ensure that persons who have access to the Personal Data will Process Personal Data in accordance with the purposes of the Processing. 3.7. Assisting the Responsible with appropriate Technical and Organizational Measures, to the extent feasible, for compliance with the Responsible Party's obligation to respond to requests for the exercise of the data subjects' rights concerning information described in Article 8 of this Agreement of this Appendix. 3.8. Handle all questions from Responsible with regard to its Processing of the Personal Data to be processed (for example by enabling the Responsible to respond in a timely manner to complaints or requests from Parties) and comply with the advice of the Supervisory Authority regarding the Processing of the data transmitted ; 3.9. Assist the Responsible with a Data Protection Impact Assessment as required by Article 35 of the GDPR relating to the Services provided by the Processor to the Responsible and the Personal Data processed by the Processor on behalf of the Responsible;

Obligations of the Processor. The Processor will 3.1. With regard to the processing referred to in article 2 (Processing Objectives), the Processor will ensure compliance with the applicable laws and regulations, including in all cases the laws and regulation in the area of data protection such as the General Data Protection Regulation. Processing will only take place in order to use (various) applications offered by Processor for the performance of the Agreement, and those purposes that are determined with further consent. 3.2. Processor follows all the instructions of the Reponsible within a reasonable period. Instructions are generally given in writing, unless the urgency or other specific circumstances require a different (for example oral or electronic) form. Non-written instructions must be confirmed in writing by the Responsible immediately. Insofar as the execution of an instruction leads to costs for the Processor, the Responsible will first inform the Client of these costs. Only after the Responsible has confirmed that the costs for the execution of an instruction are for his account, the Processor will carry out that instruction. 3.3. Notify the information immediately if the Processor can cannot comply with instructions from the Responsible for any reason; 3.4. The processor takes all technical and organizational security measures that are required from it under the GDPR and in particular pursuant to Article 32 of the GDPR. 3.5. The Processor shall ensure that persons, not limited to employees, who participate in the Processing activities are bound by a confidentiality obligation with respect to the Personal Data. 3.6. Ensure that persons who have access to the Personal Data will Process Personal Data in accordance with the purposes of the Processing. 3.7. Assisting the Responsible with appropriate Technical and Organizational Measures, to the extent feasible, for compliance with the Responsible Party's obligation to respond to requests for the exercise of the data subjects' rights concerning information described in Article 8 of this Agreement of this Appendix. 3.8. Handle all questions from Responsible with regard to its Processing of the Personal Data to be processed (for example by enabling the Responsible to respond in a timely manner to complaints or requests from Parties) and comply with the advice of the Supervisory Authority regarding the Processing of the data transmitted ; 3.9. Assist the Responsible with a Data Protection Impact Assessment as required by Article 35 of the GDPR relating to the Services provided by the Processor to the Responsible and the Personal Data processed by the Processor on behalf of the Responsible;