Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller and shall take steps to ensure that any natural person acting under the authority of the Processor who has access to Personal Data shall only process the Personal Data on the documented instructions of the Controller.
4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Laws.
4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and Software; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in the Security Policy shall be at all times adhered to as a minimum security standard. The Controller accepts and...
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller.
4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in Exhibit B shall be at all times adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those ...
Processor Obligations. 4-1 In respect of the processing referred to in article 2, the Processor will ensure compliance with the applicable laws and regulations, in particular the GDPR.
4-2 The Processor's obligations as ensuing from this Agreement will also extend to those processing personal data under the authority of the Processor, including but not limited to employees, in the broadest sense.
4-3 To the extent within its power, the Processor will lend its assistance to the Controller for purposes of implementation of DPIAs within the meaning of Article 35 GDPR.
Processor Obligations. 2.1. Regarding the processing operations referred to in the previous clause, Processor shall comply with all applicable legislation, including at least all data processing legislation such as the General Data Protection Regulation (GDPR).
2.2. Upon first request Processor shall inform Controller about any measures taken to comply with its obligations under this Data Processing Agreement.
2.3. All obligations for Processor under this Data Processing Agreement shall apply equally to any persons processing personal data under the supervision of Processor, including but not limited to employees in the broadest sense of the term.
2.4. Processor shall inform Controller without delay if in its opinion an instruction of Controller would violate the legislation referred to in the first clause of this article.
2.5. Processor shall provide reasonable assistance to Controller in the context of any privacy impact assessments to be made by Controller.
2.6. Processor shall, in accordance with Article 30 GDPR, keep a register of all categories of processing activities which it carries out on behalf of the Controller under this data processing agreement. At Controller’s request, Processor shall provide Controller access to this register.
Processor Obligations. 2.1. Regarding the processing operations referred to in the previous clause, Processor shall comply with all applicable legislation, including at least all data processing legislation such as the Dutch Data Protection Act.
2.2. Upon first request Processor shall inform Controller about any measures taken to comply with its obligations under this Data Processing Agreement.
2.3. All obligations for Processor under this Data Processing Agreement shall apply equally to any persons processing personal data under the supervision of Processor, including but not limited to employees in the broadest sense of the term.
2.4. Processor shall inform Controller without delay if in its opinion an instruction of Controller would violate the legislation referred to in the first clause of this article.
2.5. Processor shall provide reasonable assistance to Controller in the context of any privacy impact assessments to be made by Controller.
Processor Obligations. Processor shall, and Processor shall ensure that its Personnel, Affiliates and Sub-Processors shall, Process all Personal Data fairly and lawfully, respect the privacy of Data Subjects and comply with all Data Protection Rules. Processor shall also ensure that its Personnel, Affiliates and Sub-Processors shall have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Processor shall not (i) obtain any rights to any Personal Data by virtue of providing the Services, (ii) transfer or disclose any Personal Data (in part or in whole) to any third party, except as stipulated in these Terms, or
Processor Obligations. The Processor will, during the Term:
(a) as payment for the supply of the Milk, pay to the Xxxxxx the amounts detailed in Item 7 of Schedule 1, at the time and in the manner detailed in Item 8 of Schedule 1 (Supply Fee);
(b) collect the Milk from the Xxxxxx, at the Processor’s cost, in accordance with the Collection Procedure (detailed in Item 9 of Schedule 1);
(c) undertake the sampling procedures and volume accuracy assurances in relation to the Milk, as detailed in Schedule 2 (Processor Testing);
(d) as soon as reasonably practicable after the Processor Testing, provide written notice of the results of the Processor Testing to the Xxxxxx, with reference to the quality and quantity of Milk, in accordance with Item 2.2 of Schedule 2 (Processor Testing Results);
(e) undertake the actions detailed in Item 4 of Schedule 2 in the event of Quality Non-Compliance;
(f) as soon as reasonably practicable after the occurrence of a Rejection Event (under in Item 4 of Schedule 2) notify the Xxxxxx in writing of the rejection of the Milk, including the reasons for the rejection and consequences of the rejection;
(g) provide to the Xxxxxx written statements regarding the Milk within 16 calendar days of the conclusion of each calendar month specifying the:
(i) quantity and quality of the Milk purchased from the Xxxxxx in the preceding calendar month;
(ii) Supply Fee paid for the Milk and the dates of those purchases; and
(iii) a summary of the calculation of the Supply Fee, (Written Statement); and
(h) assist the Xxxxxx to remedy the Quality Non-Compliance (where applicable).
Processor Obligations. 5.1 The Processor shall:
(a) only carry out processing of personal data in accordance with the Controller’s documented instructions, including where relevant for transfers of third country resident personal data or to an international organisation, in which case the Processor shall inform the Controller of that legal requirement (unless prohibited by law), and shall immediately inform the Controller if, in the Processor’s opinion, any instruction given by the Controller to the Processor infringes Privacy and Data Protection Requirements;
(b) notify the Controller without undue delay of any requests received from a Data Subject exercising their rights under Privacy and Data Protection Requirements and, taking into account the nature of the processing, assist the Controller by taking appropriate technical and organisational measures, insofar as this is possible, with fulfilling its obligations in respect of Data Subject rights under the Privacy and Data Protection Requirements, including responding to any subject access requests or requests from Data Subjects for access to, rectification, erasure or portability of personal data, or for restriction of processing or objections to processing of personal data;
(c) take all security measures required in accordance with the Privacy and Data Protection Requirements (including where relevant, Article 21 and 22 of the 2018 Law), and at the request of the Controller provide a written description of, and rationale for, the technical and organisational measures implemented, or to be implemented, to protect the personal data against unauthorised or unlawful processing and accidental loss; and detect and report personal data breaches without undue delay;
(d) where relevant for the processing of third country or other international organisation’s resident personal data and taking into account the nature of the processing and the information available to the Processor, use all measures to assist the Controller in ensuring compliance with the Controller’s obligations to;
i. keep personal data secure (Article 21 of the 2018 Law);
ii. notify personal data breaches to the Authority (Article 20 of the 2018 Law);
iii. advise data subjects when there has been a personal data breach (Article 20(6) of the 2018 Law);
iv. carry out data protection impact assessments (Article 16 of the 2018 Law); and
v. consult with the Authority where a data protection impact assessment indicates that there is an unmitigated high risk to the processin...
Processor Obligations. Without prejudice to the generality of clause 3, PROCESSOR shall, in relation to any personal and special category data processed in connection with the performance by PROCESSOR of its obligations under this Agreement:
7.1. process personal data only on the written instructions of CONTROLLER unless PROCESSOR is required by any Data Protection Legislation. Where PROCESSOR is relying on Data Protection Legislation as the basis for processing personal data, PROCESSOR shall promptly notify CONTROLLER of this before performing the processing required by the Data Protection Legislation unless the Data Protection Legislation prohibit PROCESSOR from so notifying CONTROLLER;
7.2. ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
7.3. ensure that all personnel who have access to and/or process personal data are (i) obliged to keep the personal data confidential and (ii) aware of their responsibilities and are suitably trained in connection with processing the personal and special category data;
7.4. not transfer any personal and special category data outside of the United Kingdom or the European Union unless the prior written consent of the CONTROLLER has been obtained and the following conditions are fulfilled:
a) PROCESSOR has provided appropriate safeguards and/or permissions in relation to the transfer;
b) the data subject has enforceable rights and effective legal remedies;
c) PROCESSOR complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal and special category data that is transferred; and
d) PROCESSOR complies with reasonable instructions ...
Processor Obligations. The provisions of Section 10.7 of the General Terms shall be deleted and replaced as follows: