Personal Data Processing. 2.1 Within the context of providing the Services the Processor may happen to take part of personal data, as defined in article 4.1 in the Data Protection Regulation (EU 2016/679), (“Data Protection Regulation”), which will be processed for purposes decided by the Controller, (“Personal Data”). The Controller is the Personal Data Controller for the Personal Data in agreement with the current Personal Data Protection Regulation, as well as any other relevant regulation, law or equivalent legislation. 2.2 The Processor commits to processing the Personal Data in accordance with what follows the Agreement or other written agreement between the Parties and only in accordance with the Controller’s documented instructions, Appendix 2a, as well as in agreement with the current Personal Data Protection Regulation, as well as any other relevant regulation, law or equivalent legislation. The Controller is responsible for ensuring that the Processor does not manage other categories of Personal Data than those stated in Appendix 2a, and to the extent stated therein. 2.3 For the case in which the Processor lacks instructions which the Processor assesses necessary to perform the commitment or commitments the Processor has received from the Controller, within the context of the Services, the Processor shall, without undue delay, inform the Controller about their position and await instructions from the Controller. 2.4 Access to the Personal Data within the Processor’s organization shall be limited to individuals who require the data to perform the Services and who are obliged to treat information with secrecy or who are legally bound to work under confidentiality. (a) the ability to continuously assure confidentiality, integrity, accessibility and resilience within the context of the processing; (b) the ability to restore availability and access to the Personal Data within a reasonable time in the event of a physical or technical incident; (c) pseudonymisation and encryption of the Personal Data when the processing so requires according to applicable law or legislation; (d) a procedure to regularly test, examine, and analyze the efficiency of the technical and organizational measures taken to assure the security of the processing, when so required by current adaptable law or legislation; (e) tenure and update of Personal Data logs, the establishment and maintenance of an IT security policy, maintaining a safe IT environment, as well as the establishment and maintenance of physical security measures and routines; and (f) ensuring routines to immediately inform the Controller of any attempt to or accomplished unauthorized access to data provided by the Controller (including the destruction of or alterations of the Personal Data). 2.5 The Processor undertakes to at all times assure that relevant personnel in its organization act in accordance with this Agreement and the instructions provided by the Controller and to assure that they are informed about the regulations in the current Personal Data Regulations. 2.6 The Processor is obliged to, to the extent possible and with the type of processing taken into consideration, guide the Controller through relevant technical and organizational measures, so that the Controller can fulfill their obligations to reply to inquiries from separate registered individuals in accordance with current regulation, law or equivalent legislation. The Processor shall also assist the Controller with fulfilling their obligations, taking into consideration the type of processing and the information the Processor has access to, in regards to: (a) security in connection to the processing; (b) reporting a personal data breach to the Supervisory Authorities; (c) information to the registered user about a personal data breach; and (d) impact assessment regarding data protection and prior consultation; to the extent the obligations under (a)-(d) above are prescribed per the current regulation, law or equivalent legislation. The Processor holds the right to fair compensation for the assistance provided to the Controller according to section 2.6. 2.7 Should the Controller in conflict with the General Data Protection Regulations not inform the registered individual about a personal data breach and Supervisory Authorities submit to the Processor to amend the error, the Controller is obliged to compensate the Processor for the costs related to fulfilling the decision of the Supervisory Authorities. 2.8 The Processor commits to undertake written records over the processing of Personal Data with the content specified in article 30.2 in the General Data Protection Regulations. The records are to be provided to the Controller upon request. 2.9 The Processor holds the right to employ another Processor (so-called “Sub-processor”) to manage the Personal Data. The Processor is obliged to inform the Controller about the Processor’s intent to replace the Processor or to employ another Processor at the latest 10 working days before the employment takes place. Should the Controller object against such a Sub-processor employment, after having been notified about which according to this section 2.9, and before the employment has taken place, the Processor is not allowed to employ the Sub-processor to manage the Personal Data, as long as the Controller had a legitimate reason for objecting. Legitimate reason in this section refers to circumstances on the Sub-processor’s side that to a significant extent effect, or with probability risk to affect, the protection of the registered individual's personal integrity, as if for example the new Sub-processor does not satisfy the requirements in the General Data Protection Regulations, or in other current data protection legislation, of a Processor. Should the Processor employ a Sub-processor the Processor is obliged to assure that the Sub-processor by contract commits to the same obligations regarding data protection as can be found in this Agreement. The Processor is fully responsible towards the Controller regarding any such commitments on behalf of the Sub-processor. 2.10 The Controller holds the right to receive information about and to control the fulfillment of the obligations of the Processor per the Agreement. The Processor shall facilitate and contribute to reviews of the performance, including inspections, executed by the Controller or by an accountant employed by the Controller. Should the Controller wish to perform an inspection the Controller must inform the Processor of this within a 2.11 An inspection following section
Appears in 4 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Personal Data Processing. 2.1 Within the context of providing the Services the Processor may happen to take part of personal data, as defined in article 4.1 in the Data Protection Regulation (EU 2016/679), (“Data Protection Regulation”), which will be processed for purposes decided by the Controller, (“Personal Data”). The Controller is the Personal Data Controller for the Personal Data in agreement with the current Personal Data Protection Regulation, as well as any other relevant regulation, law or equivalent legislation.
2.2 The Processor commits to processing the Personal Data in accordance with what follows the Agreement or other written agreement between the Parties and only in accordance with the Controller’s documented instructions, Appendix 2a, as well as in agreement with the current Personal Data Protection Regulation, as well as any other relevant regulation, law or equivalent legislation. The Controller is responsible for ensuring that the Processor does not manage other categories of Personal Data than those stated in Appendix 2a, and to the extent stated therein.
2.3 For the case in which the Processor lacks instructions which the Processor assesses necessary to perform the commitment or commitments the Processor has received from the Controller, within the context of the Services, the Processor shall, without undue delay, inform the Controller about their position and await instructions from the Controller.
2.4 Access to the Personal Data within the Processor’s organization shall be limited to individuals who require the data to perform the Services and who are obliged to treat information with secrecy or who are legally bound to work under confidentiality.
(a) the ability to continuously assure confidentiality, integrity, accessibility and resilience within the context of the processing;
(b) the ability to restore availability and access to the Personal Data within a reasonable time in the event of a physical or technical incident;
(c) pseudonymisation and encryption of the Personal Data when the processing so requires according to applicable law or legislation;
(d) a procedure to regularly test, examine, and analyze the efficiency of the technical and organizational measures taken to assure the security of the processing, when so required by current adaptable law or legislation;
(e) tenure and update of Personal Data logs, the establishment and maintenance of an IT security policy, maintaining a safe IT environment, as well as the establishment and maintenance of physical security measures and routines; and
(f) ensuring routines to immediately inform the Controller of any attempt to or accomplished unauthorized access to data provided by the Controller (including the destruction of or alterations of the Personal Data).
2.5 The Processor undertakes to at all times assure that relevant personnel in its organization act in accordance with this Agreement and the instructions provided by the Controller and to assure that they are informed about the regulations in the current Personal Data Regulations.with
2.6 The Processor is obliged to, to the extent possible and with the type of processing taken into consideration, guide the Controller through relevant technical and organizational measures, so that the Controller can fulfill their obligations to reply to inquiries from separate registered individuals in accordance with current regulation, law or equivalent legislation. The Processor shall also assist the Controller with fulfilling their obligations, taking into consideration the type of processing and the information the Processor has access to, in regards to:
(a) security in connection to the processing;
(b) reporting a personal data breach to the Supervisory Authorities;
(c) information to the registered user about a personal data breach; and
(d) impact assessment regarding data protection and prior consultation; to the extent the obligations under (a)-(d) above are prescribed per the current regulation, law or equivalent legislation. The Processor holds the right to fair compensation for the assistance provided to the Controller according to section 2.6.
2.7 Should the Controller in conflict with the General Data Protection Regulations not inform the registered individual about a personal data breach and Supervisory Authorities submit to the Processor to amend the error, the Controller is obliged to compensate the Processor for the costs related to fulfilling the decision of the Supervisory Authorities.
2.8 The Processor commits to undertake written records over the processing of Personal Data with the content specified in article 30.2 in the General Data Protection Regulations. The records are to be provided to the Controller upon request.The
2.9 The Processor holds the right to employ another Processor (so-called “Sub-processor”) to manage the Personal Data. The Processor is obliged to inform the Controller about the Processor’s intent to replace the Processor or to employ another Processor at the latest 10 working days before the employment takes place. Should the Controller object against such a Sub-processor employment, after having been notified about which according to this section 2.9, and before the employment has taken place, the Processor is not allowed to employ the Sub-processor to manage the Personal Data, as long as the Controller had a legitimate reason for objecting. Legitimate reason in this section refers to circumstances on the Sub-processor’s side that to a significant extent effect, or with probability risk to affect, the protection of the registered individual's personal integrity, as if for example the new Sub-processor does not satisfy the requirements in the General Data Protection Regulations, or in other current data protection legislation, of a Processor. Should the Processor employ a Sub-processor the Processor is obliged to assure that the Sub-processor by contract commits to the same obligations regarding data protection as can be found in this Agreement. The Processor is fully responsible towards the Controller regarding any such commitments on behalf of the Sub-processor.
2.10 The Controller holds the right to receive information about and to control the fulfillment of the obligations of the Processor per the Agreement. The Processor shall facilitate and contribute to reviews of the performance, including inspections, executed by the Controller or by an accountant employed by the Controller. Should the Controller wish to perform an inspection the Controller must inform the Processor of this within aa reasonable time in advance and simultaneously specify the content and extent of the inspection. The Processor holds the right to be compensated for reasonable costs in connection with such an inspection or other examination. If not
2.11 An inspection following section
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Personal Data Processing. 2.1 Within the context of providing the Services the Processor may happen to take part of personal data, as defined in article 4.1 in the Data Protection Regulation (EU 2016/679), (“Data Protection Regulation”), which will be processed for purposes decided by the Controller, (“Personal Data”). The Controller is the Personal Data Controller for the Personal Data in agreement with the current Personal Data Protection Regulation, as well as any other relevant regulation, law or equivalent legislation.
2.2 The Processor commits to processing the Personal Data in accordance with what follows the Agreement or other written agreement between the Parties and only in accordance with the Controller’s documented instructions, Appendix 2a, as well as in agreement with the current Personal Data Protection Regulation, as well as any other relevant regulation, law or equivalent legislation. The Controller is responsible for ensuring that the Processor does not manage other categories of Personal Data than those stated in Appendix 2a, and to the extent stated therein.
2.3 For the case in which the Processor lacks instructions which the Processor assesses necessary to perform the commitment or commitments the Processor has received from the Controller, within the context of the Services, the Processor shall, without undue delay, inform the Controller about their position and await instructions from the Controller.
2.4 Access to the Personal Data within the Processor’s organization shall be limited to individuals who require the data to perform the Services and who are obliged to treat information with secrecy or who are legally bound to work under confidentiality.
(a) the ability to continuously assure confidentiality, integrity, accessibility and resilience within the context of the processing;
(b) the ability to restore availability and access to the Personal Data within a reasonable time in the event of a physical or technical incident;
(c) pseudonymisation and encryption of the Personal Data when the processing so requires according to applicable law or legislation;
(d) a procedure to regularly test, examine, and analyze the efficiency of the technical and organizational measures taken to assure the security of the processing, when so required by current adaptable law or legislation;
(e) tenure and update of Personal Data logs, the establishment and maintenance of an IT security policy, maintaining a safe IT environment, as well as the establishment and maintenance of physical security measures and routines; and
(f) ensuring routines to immediately inform the Controller of any attempt to or accomplished unauthorized access to data provided by the Controller (including the destruction of or alterations of the Personal Data).
2.5 The Processor undertakes to at all times assure that relevant personnel in its organization act in accordance with this Agreement and the instructions provided by the Controller and to assure that they are informed about the regulations in the current Personal Data Regulations.instructions
2.6 The Processor is obliged to, to the extent possible and with the type of processing taken into consideration, guide the Controller through relevant technical and organizational measures, so that the Controller can fulfill their obligations to reply to inquiries from separate registered individuals in accordance with current regulation, law or equivalent legislation. The Processor shall also assist the Controller with fulfilling their obligations, taking into consideration the type of processing and the information the Processor has access to, in regards to:
(a) security in connection to the processing;
(b) reporting a personal data breach to the Supervisory Authorities;
(c) information to the registered user about a personal data breach; and
(d) impact assessment regarding data protection and prior consultation; to the extent the obligations under (a)-(d) above are prescribed per the current regulation, law or equivalent legislation. The Processor holds the right to fair compensation for the assistance provided to the Controller according to section 2.6.
2.7 Should the Controller in conflict with the General Data Protection Regulations not inform the registered individual about a personal data breach and Supervisory Authorities submit to the Processor to amend the error, the Controller is obliged to compensate the Processor for the costs related to fulfilling the decision of the Supervisory Authorities.
2.8 The Processor commits to undertake written records over the processing of Personal Data with the content specified in article 30.2 in the General Data Protection Regulations. The records are to be provided to the Controller upon request.
2.9 The Processor holds the right to employ another Processor (so-called “Sub-processor”) to manage the Personal Data. The Processor is obliged to inform the Controller about the Processor’s intent to replace the Processor or to employ another Processor at the latest 10 working days before the employment takes place. Should the Controller object against such a Sub-processor employment, after having been notified about which according to this section 2.9, and before the employment has taken place, the Processor is not allowed to employ the Sub-processor to manage the Personal Data, as long as the Controller had a legitimate reason for objecting. Legitimate reason in this section refers to circumstances on the Sub-processor’s side that to a significant extent effect, or with probability risk to affect, the protection of the registered individual's personal integrity, as if for example the new Sub-processor does not satisfy the requirements in the General Data Protection Regulations, or in other current data protection legislation, of a Processor. Should the Processor employ a Sub-processor the Processor is obliged to assure that the Sub-processor by contract commits to the same obligations regarding data protection as can be found in this Agreement. The Processor is fully responsible towards the Controller regarding any such commitments on behalf of the Sub-processor.
2.10 The Controller holds the right to receive information about and to control the fulfillment of the obligations of the Processor per the Agreement. The Processor shall facilitate and contribute to reviews of the performance, including inspections, executed by the Controller or by an accountant employed by the Controller. Should the Controller wish to perform an inspection the Controller must inform the Processor of this within aa reasonable time in advance and simultaneously specify the content and extent of the inspection. The Processor holds the right to be compensated for reasonable costs in connection with such an inspection or other examination. If not otherwise agreed and stated in writing the inspection can only be performed if
2.11 An inspection following section
Appears in 1 contract
Samples: Data Processing Agreement
Personal Data Processing. 2.1 Within the context of providing the Services the Processor may happen to take part of personal data, as defined in article 4.1 in the Data Protection Regulation (EU 2016/679), (“Data Protection Regulation”), which will be processed for purposes decided by the Controller, (“Personal Data”). The Controller is the Personal Data Controller for the Personal Data in agreement with the current Personal Data Protection Regulation, as well as any other relevant regulation, law or equivalent legislation.
2.2 The Processor commits to processing the Personal Data in accordance with what follows the Agreement or other written agreement between the Parties and only in accordance with the Controller’s documented instructions, Appendix 2a, as well as in agreement with the current Personal Data Protection Regulation, as well as any other relevant regulation, law or equivalent legislation. The Controller is responsible for ensuring that the Processor does not manage other categories of Personal Data than those stated in Appendix 2a, and to the extent stated therein.
2.3 For the case in which the Processor lacks instructions which the Processor assesses necessary to perform the commitment or commitments the Processor has received from the Controller, within the context of the Services, the Processor shall, without undue delay, inform the Controller about their position and await instructions from the Controller.
2.4 Access to the Personal Data within the Processor’s organization organisation shall be limited to individuals who require the data to perform the Services and who are obliged to treat information with secrecy or who are legally bound to work under confidentiality.
(a) the ability to continuously assure confidentiality, integrity, accessibility and resilience within the context of the processing;
(b) the ability to restore availability and access to the Personal Data within a reasonable time in the event of a physical or technical incident;
(c) pseudonymisation and encryption of the Personal Data when the processing so requires according to applicable law or legislation;
(d) a procedure to regularly test, examine, and analyze analyse the efficiency of the technical and organizational organisational measures taken to assure the security of the processing, when so required by current adaptable law or legislation;
(e) tenure and update of Personal Data logs, the establishment and maintenance of an IT security policy, maintaining a safe IT environment, as well as the establishment and maintenance of physical security measures and routines; and
(f) ensuring routines to immediately inform the Controller of any attempt to or accomplished unauthorized unauthorised access to data provided by the Controller (including the destruction of or alterations of the Personal Data).
2.5 The Processor undertakes to at all times assure that relevant personnel in its organization organisation act in accordance with this Agreement and the instructions provided by the Controller and to assure that they are informed about the regulations in the current Personal Data Regulations.
2.6 The Processor is obliged to, to the extent possible and with the type of processing taken into consideration, guide the Controller through relevant technical and organizational organisational measures, so that the Controller can fulfill fulfil their obligations to reply to inquiries from separate registered individuals in accordance with current regulation, law or equivalent legislation. The Processor shall also assist the Controller with fulfilling their obligations, taking into consideration the type of processing and the information the Processor has access to, in regards to:
(a) security in connection to the processing;
(b) reporting a personal data breach to the Supervisory Authorities;
(c) information to the registered user about a personal data breach; and
(d) impact assessment regarding data protection and prior consultation; to the extent the obligations under (a)-(d) above are prescribed per the current regulation, law or equivalent legislation. The Processor holds the right to fair compensation for the assistance provided to the Controller according to section 2.6.
2.7 Should the Controller in conflict with the General Data Protection Regulations not inform the registered individual about a personal data breach and Supervisory Authorities submit to the Processor to amend the error, the Controller is obliged to compensate the Processor for the costs related to fulfilling the decision of the Supervisory Authorities.
2.8 The Processor commits to undertake written records over the processing of Personal Data with the content specified in article 30.2 in the General Data Protection Regulations. The records are to be provided to the Controller upon request.
2.9 The Processor holds the right to employ another Processor (so-called “Sub-processor”) to manage the Personal Data. The Processor is obliged to inform the Controller about the Processor’s intent to replace the Processor or to employ another Processor at the latest 10 working days before the employment takes place. Should the Controller object against such a Sub-processor employment, after having been notified about which according to this section 2.9, and before the employment has taken place, the Processor is not allowed to employ the Sub-processor to manage the Personal Data, as long as the Controller had a legitimate reason for objecting. Legitimate reason in this section refers to circumstances on the Sub-processor’s side that to a significant extent effect, or with probability risk to affect, the protection of the registered individual's personal integrity, as if for example the new Sub-processor does not satisfy the requirements in the General Data Protection Regulations, or in other current data protection legislation, of a Processor. Should the Processor employ a Sub-processor the Processor is obliged to assure that the Sub-processor by contract commits to the same obligations regarding data protection as can be found in this Agreement. The Processor is fully responsible towards the Controller regarding any such commitments on behalf of the Sub-processor.
2.10 The Controller holds the right to receive information about and to control the fulfillment fulfilment of the obligations of the Processor per the Agreement. The Processor shall facilitate and contribute to reviews of the performance, including inspections, executed by the Controller or by an accountant employed by the Controller. Should the Controller wish to perform an inspection the Controller must inform the Processor of this within a
2.11 An inspection following section
Appears in 1 contract
Samples: Data Processing Agreement
