Processor’s Obligations. 9.1. The Processor shall: a) Process User’s Data only on documented instructions from the User; b) Ensure that persons authorized to Process User’s Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Processor shall regularly train those persons to whom it grants access to User’s Data on IT security and privacy law compliance. The undertaking to data secrecy shall continue after the termination of this Agreement; c) Implement appropriate technical and organizational security measures to ensure a level of security appropriate to User’s Data; d) Ensure that any natural person acting under the authority of the Processor who has access to the Personal Data does not process them except on instructions from the User; e) Assist the User in compliance with User’s obligations under Art. 32 to 36 of the GDPR; f) Make available to the User all information necessary to demonstrate compliance with Processor’s obligations under the Agreement, the Data Protection Law, and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User; g) Appoint a data protection officer if it is legally obliged to do so or, if it is not obliged to do so, a contact person for data protection issues; h) Provide the User, upon request in writing, with the name and contact details of its data protection officer or the contact person for data protection issues; i) Monitor the Processing by way of regular reviews concerning the performance of and compliance with this Agreement, the Terms, and the applicable Data Protection Law; j) At User’s written request, reasonably support the User in dealing with requests from individual Data Subjects and/or a supervisory authority with respect to the Processing of Personal Data hereunder; k) Assist the User with the implementation of appropriate technical and organizational measures in order to respond to applications by the Data Subjects for the exercise of their rights (in particular, Art. 13 to 23 of the GDPR); l) Provide at minimum the information set out in Art. 33(3) of the GDPR in the case of a Personal Data breach; m) Communicate information to the Data Subjects after a Personal Data breach, in particular pursuant to Art. 34 of the GDPR; and n) Conduct prior (i.e. before the start of the processing) data protection impact assessments pursuant to Art. 35 of the GDPR and, if necessary, consult with a supervisory authority pursuant to Art. 36 of the GDPR. 9.2. The Processor commits to observe any and all other duties that are imposed to the Processor pursuant to Art. 28 of the GDPR. 9.3. The Processor shall collaborate with User’s data protection officer to generate the records of processing activities, pursuant to Art. 30 of the GDPR, and provide all the necessary details to the User.
Appears in 1 contract
Samples: Personal Data Processing Agreement
Processor’s Obligations. 9.1. The Processor shall:
a) Process User’s Data only on documented instructions from the User;
b) Ensure that persons authorized to Process User’s Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality5.1. The Processor shall regularly train fulfill all the obligations set forth by the Agreement and this DAP, and, specifically, it shall:
(i) follow the instructions of the Data Controller based on the functionality of the Platform and carry out only the processing activities on Personal Data agreed with the Data Controller and indicated by the latter, and strictly necessary to execute the Agreement and the DAP;
(ii) comply with the instructions given by the Data Controller related to safety regulations and with the Privacy Law, following the measures adopted by the Data Controller.
(iii) request the Data Controller authorization if, in order to execute the Agreement, the Processor needs to carry out Processing activities on Personal Data other than those persons strictly related to whom it grants access to User’s Data on IT security and privacy law compliance. The undertaking to data secrecy shall continue after the termination object of this the Agreement;
c(iv) Implement taking into account the nature, object, context, purpose of the Processing, as well as the possible risk for the rights and freedoms of the Data Subject, adopt the appropriate technical and organizational security measures to ensure a level of security appropriate adequate to User’s Data;
d) Ensure that the risk and, in any natural person acting under case, the authority integrity, accuracy of the Processor who has access to the Personal Data does not process them except on instructions from processed and the Userlawfulness of the Processing;
e(v) Assist Grant to the User in compliance Data Controller the possibility of complying with User’s obligations under Art. 32 requests to 36 exercise the rights of the GDPR;
f) Make available to the User all information necessary to demonstrate compliance with Processor’s obligations under the AgreementData Subject, the Data Protection Lawincluding, and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User;
g) Appoint a data protection officer if it is legally obliged to do so or, if it is not obliged to do so, a contact person for data protection issues;
h) Provide the User, upon request in writing, with the name and contact details of its data protection officer or the contact person for data protection issues;
i) Monitor the Processing by way of regular reviews concerning the performance of and compliance with this Agreementexample, the Termsright of access to their Personal Data, and the applicable Data Protection Law;
j) At User’s written requestright to rectification, reasonably support the User in dealing with requests from individual Data Subjects and/or a supervisory authority with respect right to erasure (or right to be forgotten), the Processing right to restriction of Personal Data hereunder;
k) Assist processing, the User with right to data portability, the implementation of appropriate right to object, the right not to be subject to decisions based on an automated decision-making process. In particular, the Processor will be required to take the necessary technical and organizational measures to allow the timely transmission to the Controller of the aforementioned requests;
(vi) Ensure that the personnel who will carry out the processing activities are adequately trained in the protection of personal data and bound by confidentiality obligations with regard to the processing of Personal Data of the Controller;
(vii) on the basis of the information at its disposal and following receipt of a written request by the Data Controller, assist the latter in fulfilling its obligations under the Privacy Law, with particular reference to the implementation of technical and organizational measures, the performance of the necessary activities following a Data Breach, and the performance of a data protection impact assessment;
(viii) make available to the Data Controller all the information required in order to respond demonstrate the compliance with its obligations pursuant to applications the Privacy Law;
(ix) assist the Data Controller in carrying out the audit activities, including any inspections carried out by the Data Subjects for the exercise of their rights (in particular, Art. 13 to 23 of the GDPR);
l) Provide at minimum the information set out in Art. 33(3) of the GDPR in the case of a Personal Data breach;
m) Communicate information to Controller and/or another subject appointed by the Data Subjects after a Personal Data breach, in particular pursuant to Art. 34 of the GDPR; and
n) Conduct prior (i.e. before the start of the processing) data protection impact assessments pursuant to Art. 35 of the GDPR and, if necessary, consult with a supervisory authority pursuant to Art. 36 of the GDPRController.
9.2. The Processor commits to observe any and all other duties that are imposed to the Processor pursuant to Art. 28 of the GDPR.
9.3. The Processor shall collaborate with User’s data protection officer to generate the records of processing activities, pursuant to Art. 30 of the GDPR, and provide all the necessary details to the User.
Appears in 1 contract
Samples: Data Processing Agreement
Processor’s Obligations. 9.1. The Processor shall:
a) : Process User’s Data only on documented instructions from the User;
b) ; Ensure that persons authorized authorised to Process User’s Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Processor shall regularly train those persons to whom it grants access to User’s Data on IT security and privacy law compliance. The undertaking to data secrecy shall continue after the termination of this Agreement;
c) ; Implement appropriate technical and organizational organisational security measures to ensure a level of security appropriate to User’s Data;
d) ; Ensure that any natural person acting under the authority of the Processor who has access to the Personal Data does not process them except on instructions from the User;
e) ; Assist the User in compliance with User’s obligations under Art. 32 to 36 of the GDPR;
f) ; Make available to the User all information necessary to demonstrate compliance with Processor’s obligations under the Agreement, the Data Protection Law, and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User;
g) ; Appoint a data protection officer if it is legally obliged to do so or, if it is not obliged to do so, a contact person for data protection issues;
h) ; Provide the User, upon request in writing, with the name and contact details of its data protection officer or the contact person for data protection issues;
i) ; Monitor the Processing by way of regular reviews concerning the performance of and compliance with this Agreement, the Terms, and the applicable Data Protection Law;
j) ; At User’s written request, reasonably support the User in dealing with requests from individual Data Subjects and/or a supervisory authority with respect to the Processing of Personal Data hereunder;
k) ; Assist the User with the implementation of appropriate technical and organizational organisational measures in order to respond to applications by the Data Subjects for the exercise of their rights (in particular, Art. 13 to 23 of the GDPR);
l) ; Provide at minimum the information set out in Art. 33(3) of the GDPR in the case of a Personal Data breach;
m) ; Communicate information to the Data Subjects after a Personal Data breach, in particular pursuant to Art. 34 of the GDPR; and
n) and Conduct prior (i.e. before the start of the processing) data protection impact assessments pursuant to Art. 35 of the GDPR and, if necessary, consult with a supervisory authority pursuant to Art. 36 of the GDPR.
9.2. The Processor commits to observe any and all other duties that are imposed to the Processor pursuant to Art. 28 of the GDPR.
9.3. The Processor shall collaborate with User’s data protection officer to generate the records of processing activities, pursuant to Art. 30 of the GDPR, and provide all the necessary details to the User.
Appears in 1 contract
Samples: Personal Data Processing Agreement
Processor’s Obligations. 9.1.
2.1 The data Processor shallundertakes to :
(a) Process User’s process the Personal Data only on documented instructions from the Userdata Controller, including with regard to Personal Data Transfers to a Third Country or an international organisation, unless required to do so by any applicable local law to which the data Processor is subject; in such a case, the data Processor shall inform the data Controller of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest. The data Processor shall immediately inform the data Controller if, in its opinion, an instruction infringes the GDPR or other applicable local data protection provisions;
(b) Ensure ensure that persons authorized authorised to Process User’s process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Processor shall regularly train those persons ;
(c) take all measures required pursuant to whom it grants access Article 3 of the DPA;
(d) respect the conditions referred to User’s Data on IT security and privacy law compliance. The undertaking to data secrecy shall continue after the termination in Article 5 of this AgreementDPA for engaging a sub-processor;
c(e) Implement taking into account the nature of the Processing, assist the data Controller by appropriate technical and organizational security measures to ensure a level of security appropriate to User’s Data;
d) Ensure that any natural person acting under organisational measures, insofar as this is possible, for the authority fulfilment of the Processor who has access Controller's obligation to respond to requests for exercising the Personal Data does not process them except on instructions from the User;
e) Assist the User Subject's rights laid down in compliance with User’s obligations under Art. 32 to 36 of the GDPR;
(f) Make assist the data Controller in ensuring compliance with the obligations pursuant to Articles 3 and 4 of the DPA taking into account the nature of Processing and the information available to the User Processor (including but not limited for privacy impact assessment) ;
(g) at the choice of the data Controller, delete or return all the Personal Data to the data Controller after the end of the provision of Services relating to Processing, and deletes existing copies unless any applicable local law requires storage of the Personal Data;
(h) make available to the data Controller all information necessary to demonstrate compliance with Processor’s the obligations under the Agreement, the Data Protection Law, laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the User data Controller or another auditor mandated by the User;data Controller.
g) Appoint a 2.2 The data protection officer if it is legally obliged to do so or, if it is not obliged to do so, a contact person for Processor shall communicate the data protection issues;
h) Provide the User, upon request in writing, with Controller the name and contact details of its data protection officer or the contact person for data protection issues;
i) Monitor the Processing by way of regular reviews concerning the performance of and compliance with this Agreement, the Terms, and the applicable Data Protection Law;
j) At User’s written request, reasonably support the User Officer if any in dealing accordance with requests from individual Data Subjects and/or a supervisory authority with respect to the Processing of Personal Data hereunder;
k) Assist the User with the implementation of appropriate technical and organizational measures in order to respond to applications by the Data Subjects for the exercise of their rights (in particular, Art. 13 to 23 of the GDPR);
l) Provide at minimum the information set out in Art. 33(3) of the GDPR in the case of a Personal Data breach;
m) Communicate information to the Data Subjects after a Personal Data breach, in particular pursuant to Art. 34 of the GDPR; and
n) Conduct prior (i.e. before the start of the processing) data protection impact assessments pursuant to Art. 35 of the GDPR and, if necessary, consult with a supervisory authority pursuant to Art. 36 article 37 of the GDPR.
9.2. The Processor commits to observe any and all other duties that are imposed to the Processor pursuant to Art. 28 of the GDPR.
9.3. The Processor shall collaborate with User’s data protection officer to generate the records of processing activities, pursuant to Art. 30 of the GDPR, and provide all the necessary details to the User.
Appears in 1 contract
Samples: Data Processing Agreement
Processor’s Obligations. 9.1. The Processor shall:
a) Process User’s Data only on documented instructions from the User;
b) Ensure that persons authorized to Process User’s Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality5.1. The Processor shall regularly train fulfill all the obligations set forth by the Agreement and this DAP, and, specifically, it shall:
(i) follow the instructions of the Data Controller based on the functionality of the Platform and carry out only the processing activities on Personal Data agreed with the Data Controller and indicated by the latter, and strictly necessary to execute the Agreement and the DAP;
(ii) comply with the instructions given by the Data Controller related to safety regulations and with the Privacy Law, following the measures adopted by the Data Controller.
(iii) request the Data Controller authorization if, in order to execute the Agreement, the Processor needs to carry out Processing activities on Personal Data other than those persons strictly related to whom it grants access to User’s Data on IT security and privacy law compliance. The undertaking to data secrecy shall continue after the termination object of this the Agreement;
c(iv) Implement taking into account the nature, object, context, purpose of the Processing, as well as the possible risk for the rights and freedoms of the Data Subject, adopt the appropriate technical and organizational security measures to ensure a level of security appropriate adequate to User’s Data;
d) Ensure that the risk and, in any natural person acting under case, the authority integrity, accuracy of the Processor who has access to the Personal Data does not process them except on instructions from processed and the Userlawfulness of the Processing;
e(v) Assist Xxxxx to the User in compliance Data Controller the possibility of complying with User’s obligations under Art. 32 requests to 36 exercise the rights of the GDPR;
f) Make available to the User all information necessary to demonstrate compliance with Processor’s obligations under the AgreementData Subject, the Data Protection Lawincluding, and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User;
g) Appoint a data protection officer if it is legally obliged to do so or, if it is not obliged to do so, a contact person for data protection issues;
h) Provide the User, upon request in writing, with the name and contact details of its data protection officer or the contact person for data protection issues;
i) Monitor the Processing by way of regular reviews concerning the performance of and compliance with this Agreementexample, the Termsright of access to their Personal Data, and the applicable Data Protection Law;
j) At User’s written requestright to rectification, reasonably support the User in dealing with requests from individual Data Subjects and/or a supervisory authority with respect right to erasure (or right to be forgotten), the Processing right to restriction of Personal Data hereunder;
k) Assist processing, the User with right to data portability, the implementation of appropriate right to object, the right not to be subject to decisions based on an automated decision-making process. In particular, the Processor will be required to take the necessary technical and organizational measures to allow the timely transmission to the Controller of the aforementioned requests;
(vi) Ensure that the personnel who will carry out the processing activities are adequately trained in the protection of personal data and bound by confidentiality obligations with regard to the processing of Personal Data of the Controller;
(vii) on the basis of the information at its disposal and following receipt of a written request by the Data Controller, assist the latter in fulfilling its obligations under the Privacy Law, with particular reference to the implementation of technical and organizational measures, the performance of the necessary activities following a Data Breach, and the performance of a data protection impact assessment;
(viii) make available to the Data Controller all the information required in order to respond demonstrate the compliance with its obligations pursuant to applications the Privacy Law;
(ix) assist the Data Controller in carrying out the audit activities, including any inspections carried out by the Data Subjects for the exercise of their rights (in particular, Art. 13 to 23 of the GDPR);
l) Provide at minimum the information set out in Art. 33(3) of the GDPR in the case of a Personal Data breach;
m) Communicate information to Controller and/or another subject appointed by the Data Subjects after a Personal Data breach, in particular pursuant to Art. 34 of the GDPR; and
n) Conduct prior (i.e. before the start of the processing) data protection impact assessments pursuant to Art. 35 of the GDPR and, if necessary, consult with a supervisory authority pursuant to Art. 36 of the GDPRController.
9.2. The Processor commits to observe any and all other duties that are imposed to the Processor pursuant to Art. 28 of the GDPR.
9.3. The Processor shall collaborate with User’s data protection officer to generate the records of processing activities, pursuant to Art. 30 of the GDPR, and provide all the necessary details to the User.
Appears in 1 contract
Samples: Data Processing Agreement