Common use of Processing safety Clause in Contracts

Processing safety. (1) The Technical and Organizational Measures described in Appendix 1 are defined as binding. They define the minimum owed by the Contractor. The description of the measures must be made in such detail that a knowledgeable third party can at any time undoubtedly recognize from the de- scription alone what the minimum owed is to be. A reference to information which cannot be taken directly from this agreement or its appendices is not permissible. (2) The Contractor shall establish security pursuant to Art. 28 Para. 3 lit. c, 32 DS-GVO, in particular in connection with Art. 5 Para. 1, Para. 2 DS-GVO. Overall, the measures to be taken are data security measures and to ensure a level of protection appropriate to the risk with regard to confidentiality, integrity, availability and the resilience of the systems. The state of the art, the implementation costs and the nature, scope and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 (1) of the GDPR must be taken into account. (3) The data security measures may be adapted in accordance with the technical and organizational further development as long as the level agreed here is not undercut. The Contractor shall imple- ment any changes required to maintain information security without delay. The Customer shall be notified of any changes without delay. Significant changes shall be agreed between the parties. (4) Insofar as the security measures taken do not or no longer meet the requirements of the Customer, the Contractor shall notify the Customer without delay. (5) Copies or duplicates shall not be made without the knowledge of the client. Technically necessary, temporary duplications are excepted, insofar as an impairment of the level of data protection agreed here is excluded. (6) Dedicated data carriers originating from the Client or used for the Client shall be specially marked and shall be subject to ongoing management. They must be stored appropriately at all times and must not be accessible to unauthorized persons. Inputs and outputs are documented.

Processing safety. (1) The Technical and Organizational Measures described in Appendix 1 are defined as binding. They define the minimum owed by the Contractor. The description of the measures must be made in such detail that a knowledgeable third party can at any time undoubtedly recognize from the de- scription description alone what the minimum owed is to be. A reference to information which cannot be taken directly from this agreement or its appendices is not permissible. (2) The Contractor shall establish security pursuant to Art. 28 Para. 3 lit. c, 32 DS-GVO, in particular in connection with Art. 5 Para. 1, Para. 2 DS-GVO. Overall, the measures to be taken are data security measures and to ensure a level of protection appropriate to the risk with regard to confidentiality, integrity, availability and the resilience of the systems. The state of the art, the implementation costs and the nature, scope and purposes of the processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons within the meaning of Article 32 (1) of the GDPR must be taken into account. (3) The data security measures may be adapted in accordance with the technical and organizational further development as long as the level agreed here is not undercut. The Contractor shall imple- ment implement any changes required to maintain information security without delay. The Customer shall be notified of any changes without delay. Significant changes shall be agreed between the parties. (4) Insofar as the security measures taken do not or no longer meet the requirements of the Customer, the Contractor shall notify the Customer without delay. (5) Copies or duplicates shall not be made without the knowledge of the client. Technically necessary, temporary duplications are excepted, insofar as an impairment of the level of data protection agreed here is excluded. (6) Dedicated data carriers originating from the Client or used for the Client shall be specially marked and shall be subject to ongoing management. They must be stored appropriately at all times and must not be accessible to unauthorized persons. Inputs and outputs are documented.