Processing safety Clause Samples

Processing safety. (1) The Technical and Organizational Measures described in Appendix 1 are defined as binding. They define the minimum owed by the Contractor. The description of the measures must be made in such detail that a knowledgeable third party can at any time undoubtedly recognize from the de- scription alone what the minimum owed is to be. A reference to information which cannot be taken directly from this agreement or its appendices is not permissible. (2) The Contractor shall establish security pursuant to Art. 28 Para. 3 lit. c, 32 DS-GVO, in particular in connection with Art. 5 Para. 1, Para. 2 DS-GVO. Overall, the measures to be taken are data security measures and to ensure a level of protection appropriate to the risk with regard to confidentiality, integrity, availability and the resilience of the systems. The state of the art, the implementation costs and the nature, scope and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 (1) of the GDPR must be taken into account. (3) The data security measures may be adapted in accordance with the technical and organizational further development as long as the level agreed here is not undercut. The Contractor shall imple- ment any changes required to maintain information security without delay. The Customer shall be notified of any changes without delay. Significant changes shall be agreed between the parties. (4) Insofar as the security measures taken do not or no longer meet the requirements of the Customer, the Contractor shall notify the Customer without delay. (5) Copies or duplicates shall not be made without the knowledge of the client. Technically necessary, temporary duplications are excepted, insofar as an impairment of the level of data protection agreed here is excluded. (6) Dedicated data carriers originating from the Client or used for the Client shall be specially marked and shall be subject to ongoing management. They must be stored appropriately at all times and must not be accessible to unauthorized persons. Inputs and outputs are documented.
View SourceView Similar (4)
Processing safety. (a) The processor implements at least the technical and organizational measures to ensure the security of personal data. These measures include the protection of data against any breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data (personal data breach). In assessing the appropriate level of security, the parties shall take due account of the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks to data subjects. (b) The subcontractor shall grant members of its staff access to the personal data being processed only to the extent strictly necessary for the performance, management and monitoring of the contract. The processor shall ensure that persons authorized to process personal data undertake to respect confidentiality or are subject to an appropriate legal obligation of confidentiality.
View SourceView Similar (3)
Processing safety. The level of security must reflect: That it is not a matter of processing personal data covered by Article 9 of the General Data Protection Regu- lation on "special categories of personal data", which is why there is no requirement that a "high" level of security must be established. • The data processor is then entitled and obliged to make decisions about which technical and organ- isational security measures are to be used in order to create the necessary (and agreed) level of security around the data. • However, the Data Processor must – in all cases and as a minimum – implement the following measures agreed with the Data Controller (based on the risk assessment carried out by the Data Controller): • Access to Flea Lover is through encrypted channels • User access is through https, with a certificate issued by the Internet Security Research Group (ISRG). • It can be accessed when the client has knowledge of the username and password. Both parameters are case sensitive. • Furthermore, https access can be granted via API. • Data is processed and stored on servers provided by Digital Ocean LLC, with whom there is a data processing agreement. This person is responsible for ensuring the ongoing confidentiality, integrity, availability and robustness of processing systems and services, as well as securing against unauthor- ized physical/technical access. • NoviPOS ApS ensures the necessary functionality in relation to traceability in searches for personal data and the data controller's need for anonymization of personal data.
View Source
Processing safety. The level of security must reflect: The processing of personal data relates entirely to personal data of a general nature, cf. GDPR Art 6. Accordingly, no personal data are processed, cf. GDPR Art 9. However, the processing involves a large amount of personal data of users, including children under 16 years of age. The data processor is then entitled and required to decide on the technical and organizational security measures to be implemented to establish the necessary (and agreed) level of security. However, the data processor must - in any case and as a minimum - apply the following measures agreed with the data controller: • Access to all data processor systems is secured with MFA and all data processor employees with access to operational environments have signed an enhanced privacy statement. • The primary operating environment is AWS in Ireland, where data is hosted and where AWS's built-in CloudTrail is enabled. This means that all data processor employee logins and actions performed in operational environments are logged for 90 days. Audit logs are continuously monitored. • The products use both "in transit" and "at rest" encryption. This means, among other things, that all connections to the backend are encrypted with TLS v1.3 "in transit". Encryption "at rest" depends on the media, but AES256 is most used. • Encryption keys and certificates are issued via Let's Encrypt, AWS KMS or ACM. • The data processor carries out continuous operational monitoring of the IT systems. • Access to the data processor's network is secured, among other things, by using a firewall, VPN client and protected WiFi.
View Source
Processing safety. 6.1 The contractor is responsible, according to article. 32 DSGVO, to take all necessary and suitable technical and organizational measures–taking into account the state of technology, the cost of implementation, the scope, circumstance and the purpose of processing client data, as well as the various likelihood and risks to the rights and freedoms of the affected persons–to guarantee an adequate level of protection against any risks to any client data. 6.2 The contractor has the right to change or adapt any technical and organizational measures throughout the term of the contract, as long as they fulfill and follow legal requirements.
View Source

Related to Processing safety

  • Subprocessing The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.

  • Child Safety BCHS values children from all backgrounds and is committed to making our community a safe, nurturing and welcoming place for children to grow and develop. We are committed to making sure ALL children reach their individual potential.

  • CONTRACT WORK HOURS AND SAFETY STANDARDS As per the Contract Work Hours and Safety Standards Act (40 U.S.C. 3701-3708), where applicable, all Customer Purchase Orders in excess of ,000 that involve the employment of mechanics or laborers must include a provision for compliance with 40 U.S.C. 3702 and 3704, as supplemented by Department of Labor regulations (29 CFR Part 5). Under 40 U.S.C. 3702 of the Act, each contractor must be required to compute the wages of every mechanic and laborer on the basis of a standard work week of 40 hours. Work in excess of the standard work week is permissible provided that the worker is compensated at a rate of not less than one and a half times the basic rate of pay for all hours worked in excess of 40 hours in the work week. The requirements of 40 U.S.C. 3704 are applicable to construction work and provide that no laborer or mechanic must be required to work in surroundings or under working conditions which are unsanitary, hazardous or dangerous. These requirements do not apply to the purchases of supplies or materials or articles ordinarily available on the open market, or contracts for transportation or transmission of intelligence.

  • Electrical appliance safety The Hirer shall ensure that any electrical appliances brought by them to the premises and used there shall be safe, in good working order, and used in a safe manner in accordance with the Electricity at Work Regulations 1989. Where a residual circuit breaker is provided the hirer must make use of it in the interests of public safety.

  • Fire Safety Resident will not tamper with fire alarms, smoke detectors, fire extinguishers, fire hoses, or exit signs. Resident will promptly evacuate Residence Facility upon the sounding of an alarm or as otherwise directed by College Housing staff. Resident will participate in any periodic fire drill and fire safety training conducted by College for the Residence Facility.