Common use of Obligations of the Processor Clause in Contracts

Obligations of the Processor. (1) The Processor confirms that it is aware of the relevant data protection regulations. The Processor will organize its internal procedures in such a way that it meets the special requirements of data protection. (2) The Processor provides adequate guarantees that appropriate technical and organizational measures are in place to ensure that the processing complies with the data protection rules and the rights of the data subject. (3) The Processor warrants that it will familiarize the personnel involved in the performance of the work with the applicable data protection provisions and that persons authorized to process the personal data are bound by confidentiality or are subject to an appropriate statutory confidentiality obligation. It monitors compliance with data protection regulations. (4) The Processor may access personal data of the Controller for purposes of data processing on behalf only if this is indispensable for processing the data. (5) If required by law, the Processor will appoint a data protection officer. The contact details of the data protection officer will be communicated to the Controller to enable direct contact. (6) The Processor may process the personal data provided to it exclusively in the territory of the Federal Republic of Germany or in a member state of the European Union. Processing personal data in a third country requires the Controller's prior approval and may only be done when the special legal requirements are complied with. (7) The Processor shall support the Controller with appropriate technical and organizational measures to enable the Controller to fulfil its existing obligations towards the data subject, e.g. information and disclosure to the data subject, correction or deletion of data, restriction of processing or the right to data transferability and objection. The Processor shall appoint a contact person who will assist the Controller in complying with legal information and disclosure obligations arising in connection with data processing on behalf and shall inform the Controller of the contact details without delay. Insofar as the Controller is subject to special legal obligations to provide information in the event of unlawful knowledge of data, the Processor shall support the Controller in this. The Processor may only provide information to the data subject or third parties after being instructed accordingly by the Controller. If a person concerned asserts his or her rights under data protection law directly against the Processor, the Processor shall immediately forward this request to the Controller.

Obligations of the Processor. (1) The Processor confirms that it he is aware of the relevant data protection regulations. The Processor will organize its Processor’s internal operating procedures in such a way that it meets shall comply with the special specific requirements of an effective data protectionprotection management. (2) The Processor provides adequate guarantees that he has implemented appropriate technical and organizational measures are measures, in place to ensure a way that the processing complies is in compliance with the requirements of data protection rules law and the rights of the data subjectsubjects. (3) The Processor warrants and undertakes that it will familiarize the personnel all employees involved in the performance of the work personal data processing procedures are familiar with the applicable relevant data protection provisions and regulations. The Processor assures that persons authorized to process the personal data those employees are bound by confidentiality to maintain confidentiality, or are subject to an appropriate statutory confidentiality obligationadequate legal obligation of secrecy. It monitors The Processor shall monitor compliance with the applicable data protection regulations. (4) The Processor may only access the Controller’s personal data of if it is necessary for the Controller for purposes of carrying out the data processing on behalf only if this is indispensable for processing the dataprocessing. (5) If required by lawInsofar as it is legally required, the Processor will shall appoint a data protection officerData Protection Officer. The Processor’s Data Protection Officer’s contact details of the data protection officer will are to be communicated to shared with the Controller to enable for the purposes of making direct contact. (6) The Processor Processer may only process the personal data provided to it him exclusively in the territory of the Federal Republic of Germany or in a member state Member State of the European Union. Processing personal data in a third country requires prior explicit approval by the Controller's prior approval Controller and may only be done when must meet the special relevant legal requirements are complied withrequirements. (7) The Processor shall support supports the Controller with appropriate technical and organizational measures to enable ensure that the Controller can fulfill his obligations to fulfil its existing obligations towards respond to requests for exercising the data subject's rights, e.g. information and disclosure to the data subjectright toinformation, correction or deletion of data, restriction of processing or the right to rectification and to erasure, the right to restriction of processing, to data transferability portability and objectionto object. The Processor shall appoint will nominate a contact person who will assist support the Controller in complying with the fulfillment of legal obligations to provide information and disclosure obligations arising in connection with the data processing on behalf processing, and shall inform will share this person’s contact details with the Controller of the contact details without undue delay. Insofar The Processor shall support the Controller, insofar as the Controller is subject to special legal information obligations to provide information in the event of unlawful knowledge of data, the Processor shall support the Controller in thisa data breach. The Processor Information may only provide information be given to the data subject subjects or to third parties after being instructed accordingly by with the prior instruction of the Controller. If a person concerned asserts data subject exercises his or her data subject’s rights under data protection law directly against in respect to the Processor, the Processor shall immediately forward this request to the ControllerController without undue delay.

Obligations of the Processor. (1) The Processor confirms warrants and undertakes that it is aware of all employees involved in the data processing procedures are familiar with the relevant data protection regulations. The Processor will organize its internal procedures in such a way assures that it meets the special requirements those employees are bound to maintain confidentiality, and are subject to an adequate legal obligation of data protectionsecrecy. (2) The Processor provides adequate guarantees that appropriate technical and organizational measures are in place to ensure that may only access the processing complies with Controller’s personal data if it is necessary for the purposes of carrying out the data protection rules and the rights of the data subjectprocessing. (3) The Parties agree to provide the contact details of the appointed Data Protection Officer or a contact person for data protection topics within their organization in order to enable all necessary communications between the Parties regarding this DPA. Each Party shall be responsible to provide correct contact details and inform the other Party in case of changes. This information is included for the Processor warrants that it will familiarize in Appendix 1 and for the personnel involved Controller shall be included in the performance of the work with the applicable data protection provisions and that persons authorized to process the personal data are bound by confidentiality or are subject to an appropriate statutory confidentiality obligation. It monitors compliance with data protection regulationsOrder Form. (4) The Processor may access personal data of the Controller for purposes of data processing on behalf only if this is indispensable for processing the data. (5) If required by law, the Processor will appoint a data protection officer. The contact details of the data protection officer will be communicated to the Controller to enable direct contact. (6) The Processor may process the personal data provided to it exclusively in the territory of the Federal Republic of Germany or in a member state of the European Union. Processing personal data in a third country requires the Controller's prior approval and may only be done when the special legal requirements are complied with. (7) The Processor shall support the Controller with appropriate technical and organizational measures to enable ensure that the Controller can fulfill its obligations to fulfil its existing obligations towards respond to requests for exercising the data subject's rights, e.g. information the right of access, rectification and disclosure to the data subject, correction or deletion erasure of data, restriction of processing or the processing, data portability and right to data transferability and objectionobject. The Processor shall appoint a contact person who will assist the Controller in complying with legal information and disclosure obligations arising in connection with data processing on behalf and shall inform the Controller of the contact details without delay. Insofar as the Controller is subject Information related to special legal obligations to provide information in the event of unlawful knowledge of data, the Processor shall support the Controller in this. The Processor those requests may only provide information be provided to data subjects with the data subject or third parties after being instructed accordingly by prior instruction of the Controller. If a person concerned asserts his or her rights under data subject exercises their data protection law directly against rights upon the Processor, the Processor shall immediately forward this request to the Controller. (5) To the extent required by law, the Processor shall assist the Controller with the latter’s obligation to conduct a data protection impact assessment where required and if necessary, with prior consultations with supervisory authorities taking into the nature of processing and information available to the Processor. (6) Processing of personal data in a third country outside the EU/EEA and/or Switzerland and/or UK requires the execution of the appropriate standard contractual clauses or other legal requirements for such transfer. The parties shall, where required by applicable data protection regulations, ensure that standard contractual clauses or other legal requirements for such transfer are put in place. If a sub-processor of Processor is a data importer (as defined in the standard contractual clauses), Processor is authorized to and shall enter into the standard contractual clauses with such a sub-processor directly or on behalf of Controller and its affiliates.

Obligations of the Processor. (1) The Processor confirms that it he is aware of the relevant data protection regulations. The Processor will organize its Processor’s internal operating procedures in such a way that it meets shall comply with the special specific requirements of an effective data protectionprotec- tion management. (2) The Processor provides adequate guarantees that appropriate technical and organizational measures are in place to ensure implemented, such that the processing complies is in compliance with the requirements of data protection rules law and the rights of the data subjectsubjects. (3) The Processor warrants and undertakes that it will familiarize the personnel all employees involved in the performance of the work data processing proce- dures are familiar with the applicable relevant data protection provisions and regulations. The Processor assures that persons authorized to process the personal data those employees are bound by confidentiality or to maintain confidentiality, and are subject to an appropriate statutory confidentiality obligationadequate legal obligation of secrecy. It monitors The Processor shall monitor compliance with the applicable data protection regulations. (4) The Processor may only access the Controller’s personal data of if it is necessary for the Controller for purposes of carrying out the data processing on behalf only if this is indispensable for processing the dataprocessing. (5) If required by lawInsofar as it is legally required, the Processor will shall appoint a data protection officerData Protection Officer. The Processor’s Data Protection Officer’s contact details of the data protection officer will are to be communicated to shared with the Controller to enable for the purposes of making direct contact. (6) The Processor Processer may only process the personal data provided to it him exclusively in the territory of the Federal Republic of Germany or xxxxxxx, in a member state Member State of the European UnionUnion or in another contracting state to the Agreement on the European Economic Area. Processing The processing of personal data in a third country requires prior explicit consent of the Controller's prior approval Controller and may only be done when carried out if the special action complies with the applicable legal requirements are complied withrequirements. (7) The Processor shall support supports the Controller with appropriate technical and organizational measures to enable ensure that the Controller can fulfill his obligations to fulfil its existing obligations towards respond to requests for exercising the data subject's rights, e.g. the right of information of the data subject, e.g. information the rectification and disclosure to the data subject, correction or deletion erasure of data, the restriction of processing or processing, data portability and the right to data transferability and objectionobject. The Processor shall appoint will nominate a contact person who will assist the Controller in complying with legal information and disclosure obligations arising in connection with data processing on behalf and shall inform the Controller of the contact details without delay. Insofar as the Controller is subject to special legal obligations to provide information in the event of unlawful knowledge of data, the Processor shall support the Controller in thisthe fulfillment of legal obligations to grant information in connect with the data processing, and will share this person’s contact details with the Controller without undue delay. The Processor Information may only provide information be given to the data subject subjects or to third parties after being instructed accordingly by with the prior instruction of the Controller. If a person concerned asserts his or her rights under data subject exercises their data protection law directly against rights upon the ProcessorPro- cessor, the Processor shall immediately forward this request to the ControllerController without undue delay.