Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA. 4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller. 4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law. 4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA. 4.5 The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. 4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed. 4.7 The technical and organisational measures detailed in Exhibit B shall at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, provided such measures are at least equivalent to the technical and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above. 4.8 The Controller acknowledges and agrees that, in the course of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working of the Services. All such access by the Processor will be limited to those purposes. 4.9 Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data. 4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 3 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller.
4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in Exhibit B shall at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, provided such measures are at least equivalent to the technical and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, in the course of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working of the Services. All such access by the Processor will be limited to those purposes.
4.9 Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 3 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller.
4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in Exhibit B shall be at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, provided such measures are at least equivalent to the technical and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s Processor‘s obligations in clauses 4.5 and 4.6 above...
4.8 The Controller acknowledges and agrees that, in the course of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working of the Services. All such access by the Processor will be limited to those purposes.
4.9 Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's ’s obligation to respond to requests for exercising the Data Subject's ’s rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.or
Appears in 3 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 . The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with and shall take steps to ensure that any natural person acting under the documented instructions authority of the Controller.
4.3 Processor who has access to Personal Data does not process the Personal Data except on instructions from the Controller The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 applicable data protection laws. The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: :
(i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; ;
(ii) have received appropriate training on their responsibilities as a data processor; and and
(iii) are bound by the terms of this DPA.
4.5 . The Processor shall implement appropriate technical and organisational organizational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 . The Processor shall implement appropriate technical and organisational organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: which can include:
(i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; ;
(iiiii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; ;
(iviii) a process for regularly testing, assessing and evaluating the effectiveness of necessary technical and organisational organizational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 . The technical and organisational organizational measures detailed in Exhibit B the Security Documentation shall be at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational organizational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, DPA provided that such measures are at least equivalent to the technical updates and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, modifications do not result in the course degradation of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working overall security of the Services. All such access Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed only by entities which:
(i) are located in a third country or territory recognized by the Processor will be limited EU Commission to those purposes.have an adequate level of protection; or
4.9 (ii) have entered into Standard Contractual Clauses with the Processor; or
(iii) have other legally recognized appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules. Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational organizational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 . The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with and shall take steps to ensure that any natural person acting under the documented instructions authority of the Processor who has access to Personal Data does not process the Personal Data except on instructions from the Controller.
4.3 . The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 applicable data protection laws. The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: :
(ia) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; ;
(iib) have received appropriate training on their responsibilities as a data processor; and and
(iiic) are bound by the terms of this DPA.
4.5 . The Processor shall implement appropriate technical and organisational organizational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 . The Processor shall implement appropriate technical and organisational organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: :
(ia) the pseudonymisation pseudonymization and encryption of Personal Data; ;
(iib) the ability to ensure the on-going ongoing confidentiality, integrity, availability and resilience of processing systems and services; ;
(iiic) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
(ivd) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational organizational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 . The technical and organisational organizational measures detailed in Exhibit B the Security Documentation shall be at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational organizational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, DPA provided that such measures are at least equivalent to the technical updates and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, modifications do not result in the course degradation of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working overall security of the Services. All such access Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed only by entities which:
(a) are located in a third country or territory recognized by the Processor will be limited EU Commission to those purposes.have an adequate level of protection; or
4.9 (b) have entered into Standard Contractual Clauses with the Processor; or
(c) have other legally recognized appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules. Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational organizational measures, insofar as this is possible, for the fulfilment fulfillment of the Controller's obligation to respond to requests for exercising the Data Subject's ’s rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 . The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with and shall take steps to ensure that any natural person acting under the documented instructions authority of the Processor who has access to Personal Data does not process the Personal Data except on instructions from the Controller.
4.3 . The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 applicable data protection laws. The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) :
a. are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) ;
b. have received appropriate training on their responsibilities as a data processor; and (iii) and
c. are bound by the terms of this DPA.
4.5 . The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 . The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) :
a. the pseudonymisation and encryption of Personal Data; (ii) ;
b. the ability to ensure the on-going ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) ;
c. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) and
d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 . The technical and organisational measures detailed in Exhibit B the Security Documentation shall be at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, DPA provided that such measures are at least equivalent to the technical updates and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, modifications do not result in the course degradation of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working overall security of the Services. All such access Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed only by entities which:
a. are located in a third country or territory recognised by the Processor will be limited EU Commission to those purposes.have an adequate level of protection; or
4.9 b. have entered into Standard Contractual Clauses with the Processor; or
c. have other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules. Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's ’s rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 1 contract
Samples: Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process process, or use Personal Data only within the scope of this DPA.
4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller.
4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in Exhibit B shall at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, provided such measures are at least equivalent to the technical and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, in the course of while providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working of the Services. All such access by the Processor will be limited to those purposes.
4.9 Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 1 contract
Samples: Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller.
4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in Exhibit B the Security Policy shall at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, provided such measures are at least equivalent to the technical and organisational measures set out in Exhibit B the Security Policy and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, in the course of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working of the Services. All such access by the Processor will be limited to those purposes.
4.9 Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 1 contract
Samples: Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 . The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with and shall take steps to ensure that any natural person acting under the documented instructions authority of the Processor who has access to Personal Data does not process the Personal Data except on instructions from the Controller.
4.3 . The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 applicable data protection laws. The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: :
(ia) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; ;
(iib) have received appropriate training on their responsibilities as a data processor; and and
(iiic) are bound by the terms of this DPA.
4.5 . The Processor shall implement appropriate technical and organisational organizational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 . The Processor shall implement appropriate technical and organisational organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: :
(ia) the pseudonymisation pseudonymization and encryption of Personal Data; ;
(iib) the ability to ensure the on-going ongoing confidentiality, integrity, availability and resilience of processing systems and services; ;
(iiic) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and
(ivd) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational organizational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised unauthorized disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 . The technical and organisational organizational measures detailed in Exhibit B the Security Documentation shall be at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational organizational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, DPA provided that such measures are at least equivalent to the technical updates and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, modifications do not result in the course degradation of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working overall security of the Services. All such access Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed only by entities which:
(a) are located in a third country or territory recognized by the Processor will be limited EU Commission to those purposes.have an adequate level of protection; or
4.9 (b) have entered into Standard Contractual Clauses with the Processor; or
(c) have other legally recognized appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules. Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational organizational measures, insofar as this is possible, for the fulfilment fulfillment of the Controller's obligation to respond to requests for exercising the Data Subject's ’s rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 1 contract
Samples: Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller.
4.3 . The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any applicable data protection laws. The Processor confirms that it shall process Personal Data Protection Law.
4.4 on behalf of the Controller and shall take steps to ensure that any natural person acting under the authority of the Processor who has access to Personal Data does not process the Personal Data except on instructions from the Controller The Processor shall ensure that all employees, agents, agents and officers and contractors involved in the handling of Personal Data: :
(i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 . The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 . The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: :
(i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 . The technical and organisational measures detailed in Exhibit B the associated documentation shall be at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, DPA provided that such measures are at least equivalent to the technical updates and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, modifications do not result in the course degradation of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working overall security of the Services. All such access by the Processor will be limited to those purposes.
4.9 Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's ’s obligation to respond to requests for exercising the Data Subject's ’s rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 1 contract
Samples: Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 . The Processor confirms confirms that it shall process Personal Data on behalf of the Controller in accordance with and shall take steps to ensure that any natural person acting under the documented instructions authority of the Processor who has access to Personal Data does not process the Personal Data except on instructions from the Controller.
4.3 . The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 applicable data protection laws. The Processor shall ensure that all employees, agents, officers oWcers and contractors involved in the handling of Personal Data: (i) :
a. are aware of the confidential confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) confidential;
b. have received appropriate training on their responsibilities as a data processor; and (iii) and
c. are bound by the terms of this DPA.
4.5 . The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 . The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) :
a. the pseudonymisation and encryption of Personal Data; (ii) ;
b. the ability to ensure the on-going confidentialityongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) ;
c. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) and
d. a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 . The technical and organisational measures detailed in Exhibit B the Security Documentation shall be at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, DPA provided that such measures are at least equivalent to the technical updates and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, modifications do not result in the course degradation of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working overall security of the Services. All such access Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed only by entities which:
a. are located in a third country or territory recognised by the Processor will be limited EU Commission to those purposes.have an adequate level of protection; or
4.9 b. have entered into Standard Contractual Clauses with the Processor; or
c. have other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules. Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's ’s rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.
Appears in 1 contract
Samples: Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller.
4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: :
(i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in Exhibit B shall at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, provided such measures are at least equivalent to the technical and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, in the course of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working of the Services. All such access by the Processor will be limited to those purposes.
4.9 Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.;
Appears in 1 contract
Samples: Data Processing Agreement
Processor Obligations. 4.1 The Processor We may collect, process or use Personal Customer Data only within the scope of this DPA.
4.2 The Processor confirms We confirm that it we shall process Personal Customer Data on behalf of the Controller you, in accordance with the your documented instructions of the Controllerinstructions.
4.3 The Processor We shall promptly inform the Controlleryou, if in the Processor’s our opinion, any of the instructions regarding the processing of Personal Customer Data provided by the Controlleryou, breach any applicable Data Protection LawLaws.
4.4 The Processor We shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Customer Data: (i) are aware of the confidential nature of the Personal Customer Data and are contractually bound to keep the Personal Customer Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor We shall implement appropriate technical and organisational procedures to protect Personal Customer Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor We shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Customer Data; (ii) the ability to ensure the on-on- going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Customer Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Customer Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in Exhibit Appendix B shall be at all times be adhered to as a minimum security standard. The Controller accepts You accept and agrees agree that the technical and organisational measures are subject to development and review and that the Processor we may use alternative suitable measures to those detailed in the attachments to this DPA, DPA provided such measures are at least equivalent to the technical and organisational organizational measures set out in Exhibit Appendix B and appropriate pursuant to the Processor’s our obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges You acknowledge and agrees agree that, in the course of providing the Services to the Controlleryou, it may be necessary for the Processor us to access the Personal Customer Data to respond to any technical problems or Controller queries and to ensure the proper working of the ServicesCloud Service. All such access by the Processor us will be limited to those purposespurposes defined in Appendix A.
4.9 Where Customer Data relating to an EU (or UK or Swiss) Data Subject is transferred outside of the EEA (or the UK or Switzerland) it shall be processed in accordance with the Standard Contractual Clauses unless the processing: (i) takes place in a third country or territory recognised by the EU Commission as having an adequate level of protection; or (ii) is by an organization located in a country which has other legally recognised appropriate safeguards in place.
4.9 4.10 Taking into account the nature of the processing and the information available to the Processorus, the Processor we shall assist the Controller you by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's your obligation to respond to requests for exercising the Data Subject's rights and the Controller’s your compliance with the Controller’s your data protection obligations in respect of the processing of Personal Customer Data.
4.10 4.11 We confirm that we and/or our Affiliate(s) have appointed a data protection officer where such appointment is required by applicable data protection legislation. The Processor appointed data protection officer may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreementbe reached at xxxxxxxxxxx.xxx/xxxxx.
Appears in 1 contract
Samples: Data Processing Agreement
Processor Obligations. 4.1 The Processor We may collect, process or use Personal Customer Data only within the scope of this DPA.
4.2 The Processor confirms We confirm that it we shall process Personal Customer Data on behalf of you and shall take steps to ensure that any natural person acting under the Controller in accordance with authority of us who has access to Customer Data does not process the documented Customer Data except on instructions of the Controllerfrom you.
4.3 The Processor We shall promptly inform the Controlleryou, if in the Processor’s our opinion, any of the instructions regarding the processing of Personal Customer Data provided by the Controlleryou, breach any Data Protection Lawapplicable data protection laws.
4.4 The Processor We shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Customer Data: (i) are aware of the confidential nature of the Personal Customer Data and are contractually bound to keep the Personal Customer Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor We shall implement appropriate technical and organisational procedures to protect Personal Customer Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor We shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Customer Data; (ii) the ability to ensure the on-on- going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Customer Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Customer Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in Exhibit Appendix B shall be at all times be adhered to as a minimum security standard. The Controller accepts You accept and agrees agree that the technical and organisational measures are subject to development and review and that the Processor we may use alternative suitable measures to those detailed in the attachments to this DPA, provided such measures are at least equivalent to the technical and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges You acknowledge and agrees agree that, in the course of providing the Services to the Controlleryou, it may be necessary for the Processor us to access the Personal Customer Data to respond to any technical problems or Controller queries and to ensure the proper working of the ServicesCloud Service. All such access by the Processor us will be limited to those purposes.purposes defined in Appendix A.
4.9 Taking into account the nature Where Customer Data relating to an EU (or UK or Swiss) Data Subject is transferred outside of the processing and the information available to the Processor, the Processor EEA it shall assist the Controller be processed by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may notan entity: (i) sell Personal Datalocated in a third country or territory recognised by the EU Commission as having an adequate level of protection; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.or
Appears in 1 contract
Samples: Data Processing Agreement
Processor Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA.
4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller.
4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach any Data Protection Law.
4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA.
4.5 The Processor shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
4.7 The technical and organisational measures detailed in Exhibit B shall at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detailed in the attachments to this DPA, provided such measures are at least equivalent to the technical and organisational measures set out in Exhibit B and appropriate pursuant to the Processor’s obligations in clauses 4.5 and 4.6 above.
4.8 The Controller acknowledges and agrees that, in the course of providing the Services to the Controller, it may be necessary for the Processor to access the Personal Data to respond to any technical problems or Controller queries and to ensure the proper working of the Services. All such access by the Processor will be limited to those purposes.
4.9 Taking into account the nature of the processing and the information available to the Processor, the Processor shall assist the Controller by having in place appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the Data Subject's rights and the Controller’s compliance with the Controller’s data protection obligations in respect of the processing of Personal Data.
4.10 The Processor may not: (i) sell Personal Data; (ii) retain, use, or disclose Personal Data for commercial purposes other than providing the Services under the terms of the Agreement; or (iii) retain, use, or disclose Personal Data outside of the Agreement.or
Appears in 1 contract
Samples: Data Processing Agreement
