Processor’s Obligations. 4.1. As a Processor, Zivver must comply with its obligations under the Agreement, this Data Processing Agreement and Applicable Law. 4.2. Processor shall (a) act in accordance with the written instructions of Controller; (b) refrain from Processing the Personal Data for its own purposes; and (c) only Process the Personal Data to the extent necessary for the performance of the activities of Processor pursuant to the Agreement; unless a European or Member State law applicable to Processor obliges him to act differently and Processor informs Controller thereof without undue delay in accordance with Article 4.5 (ii). 4.3. If, during the term of this Data Processing Agreement, Processor receives a request from a Data Subject regarding his/her Personal Data pursuant to Chapter III of the GDPR, Processor shall refer the Data Subject to Controller without undue delay. Controller is at all times responsible for answering such requests. Processor shall provide the assistance reasonably required by Controller in order to enable Controller to fulfill its obligations with regard to responsing to requests from Data Subjects to exercise their rights. 4.4. Processor shall provide the assistance required by Controller in its capacity as Processor to enable Controller to perform a Data Protection Impact Assessment and a possible subsequent prior consultation from a Supervisory Authority. 4.5. Processor shall inform Controller without undue delay in the following cases: (i) a European or Member State law applicable to Processor prevents Processor from complying with the written instructions from Controller, unless such legislation prohibits Processor from providing such information; (ii) Processor holds the opinion that an instruction from Controller infringes Applicable Law. 4.6. Upon termination of the Agreement or, if earlier, after the end of the delivery of Processing Activities, Processor shall return all Personal Data to Controller in a common format and/or delete all copies of such Personal Data, at the discretion of Controller, unless a European or Member State law applicable to Processor prohibits Processor to return or delete Personal Data. 4.7. Processor may charge reasonable costs for providing assistance to Controller with complying with its obligations under Applicable Law.
Appears in 5 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Processor’s Obligations. 4.1. As a Processor, Zivver must comply with its obligations under the Agreement, this Data Processing Agreement DPA and Applicable Law.
4.2. Processor shall (a) act in accordance with the written instructions of Controller; (b) refrain from Processing the Personal Data for its own purposes; and (c) only Process the Personal Data to the extent necessary for the performance of the activities of Processor pursuant to the Agreement; unless a European or Member State law applicable to Processor obliges him to act differently and Processor informs Controller thereof without undue delay in accordance with Article 4.5 (ii).
4.3. If, during the term of this Data Processing AgreementDPA, Processor receives a request from a Data Subject regarding his/her Personal Data pursuant to Chapter III of the GDPR, Processor shall refer the Data Subject to Controller without undue delay. Controller is at all times responsible for answering such requests. Processor shall provide the assistance reasonably required by Controller in order to enable Controller to fulfill its obligations with regard to responsing responding to requests from Data Subjects to exercise their rights.
4.4. Processor shall provide the assistance required by Controller in its capacity as Processor to enable Controller to perform a Data Protection Impact Assessment and a possible subsequent prior consultation from a Supervisory Authority.
4.5. Processor shall inform Controller without undue delay in the following cases:
(i) a European or Member State law applicable to Processor prevents Processor from complying with the written instructions from Controller, unless such legislation prohibits Processor from providing such information;
(ii) Processor holds the opinion that an instruction from Controller infringes Applicable Law.
4.6. Upon termination of the Agreement or, if earlier, after the end of the delivery of Processing Activities, Processor shall return all Personal Data to Controller in a common format and/or delete all copies of such Personal Data, at the discretion of Controller, unless a European or Member State law applicable to Processor prohibits Processor to return or delete Personal Data.
4.7. Processor may charge reasonable costs for providing assistance to Controller with complying with its obligations under Applicable Law.
Appears in 2 contracts
Processor’s Obligations. 4.1. As a Processor, Zivver must comply with its obligations under the Agreement, this Data Processing Agreement and Applicable Law.
4.2. Processor shall (a) act in accordance with the written instructions of Controller; (b) refrain from Processing the Personal Data for its own purposes; and (c) only Process the Personal Data to the extent necessary for the performance of the activities of Processor pursuant to the Agreement; unless a European or Member State law applicable to Processor obliges him to act differently and Processor informs Controller thereof without undue delay in accordance with Article 4.5 (ii).
4.3. If, during the term of this Data Processing Agreement, Processor receives a request from a Data Subject regarding his/her Personal Data pursuant to Chapter III of the GDPR, Processor shall refer the Data Subject to Controller without undue delay. Controller is at all times responsible for answering such requests. Processor shall provide the assistance reasonably required by Controller in order to enable Controller to fulfill its obligations with regard to responsing responding to requests from Data Subjects to exercise their rights.
4.4. Processor shall provide the assistance required by Controller in its capacity as Processor to enable Controller to perform a Data Protection Impact Assessment and a possible subsequent prior consultation from a Supervisory Authority.
4.5. Processor shall inform Controller without undue delay in the following cases:
(i) a European or Member State law applicable to Processor prevents Processor from complying with the written instructions from Controller, unless such legislation prohibits Processor from providing such information;
(ii) Processor holds the opinion that an instruction from Controller infringes Applicable Law.
4.6. Upon termination of the Agreement or, if earlier, after the end of the delivery of Processing Activities, Processor shall return all Personal Data to Controller in a common format and/or delete all copies of such Personal Data, at the discretion of Controller, unless a European or Member State law applicable to Processor prohibits Processor to return or delete Personal Data.
4.7. Processor may charge reasonable costs for providing assistance to Controller with complying with its obligations under Applicable Law.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Processor’s Obligations. 4.1. As a Processor, Zivver ZIVVER must comply with its obligations under the Agreement, this Data Processing Agreement and Applicable Law.
4.2. Processor shall (a) act in accordance with the written instructions of Controller; (b) refrain from Processing the Personal Data for its own purposes; and (c) only Process the Personal Data to the extent necessary for the performance of the activities of Processor pursuant to the Agreement; unless a European or Member State law applicable to Processor obliges him to act differently and Processor informs Controller thereof without undue delay in accordance with Article 4.5 (ii).
4.3. If, during the term of this Data Processing Agreement, Processor receives a request from a Data Subject regarding his/her Personal Data pursuant to Chapter III of the GDPR, Processor shall refer the Data Subject to Controller without undue delay. Controller is at all times responsible for answering such requests. Processor shall provide the assistance reasonably required by Controller in order to enable Controller to fulfill its obligations with regard to responsing to requests from Data Subjects to exercise their rights.
4.4. Processor shall provide the assistance required by Controller in its capacity as Processor to enable Controller to perform a Data Protection Impact Assessment and a possible subsequent prior consultation from a Supervisory Authority.
4.5. Processor shall inform Controller without undue delay in the following cases:
(i) a European or Member State law applicable to Processor prevents Processor from complying with the written instructions from Controller, unless such legislation prohibits Processor from providing such information;
(ii) Processor holds the opinion that an instruction from Controller infringes Applicable Law.
4.6. Upon termination of the Agreement or, if earlier, after the end of the delivery of Processing Activities, Processor shall return all Personal Data to Controller in a common format and/or delete all copies of such Personal Data, at the discretion of Controller, unless a European or Member State law applicable to Processor prohibits Processor to return or delete Personal Data.
4.7. Processor may charge reasonable costs for providing assistance to Controller with complying with its obligations under Applicable Law.
Appears in 1 contract
Samples: Data Processing Agreement
Processor’s Obligations. 4.1. As a Processor, Zivver must comply with its obligations under the Agreement, this Data Processing Agreement DPA and Applicable Law.
4.2. Processor shall (a) act in accordance with the written instructions of Controller; (b) refrain from Processing the Personal Data for its own purposes; and (c) only Process the Personal Data to the extent necessary for the performance of the activities of Processor pursuant to the Agreement; unless a European or Member State law applicable to Processor obliges him to act differently and Processor informs Controller thereof without undue delay in accordance with Article 4.5 (ii).
4.3. If, during the term of this Data Processing AgreementDPA, Processor receives a request from a Data Subject regarding his/her Personal Data pursuant to Chapter III of the GDPR, Processor shall refer the Data Subject to Controller without undue delay. Controller is at all times responsible for answering such requests. Processor shall provide the assistance reasonably required by Controller in order to enable Controller to fulfill its obligations with regard to responsing responing to requests from Data Subjects to exercise their rights.
4.4. Processor shall provide the assistance required by Controller in its capacity as Processor to enable Controller to perform a Data Protection Impact Assessment and a possible subsequent prior consultation from a Supervisory Authority.
4.5. Processor shall inform Controller without undue delay in the following cases:
(i) a European or Member State law applicable to Processor prevents Processor from complying with the written instructions from Controller, unless such legislation prohibits Processor from providing such information;
(ii) Processor holds the opinion that an instruction from Controller infringes Applicable Law.
4.6. Upon termination of the Agreement or, if earlier, after the end of the delivery of Processing Activities, Processor shall return all Personal Data to Controller in a common format and/or delete all copies of such Personal Data, at the discretion of Controller, unless a European or Member State law applicable to Processor prohibits Processor to return or delete Personal Data.
4.7. Processor may charge reasonable costs for providing assistance to Controller with complying with its obligations under Applicable Law.
Appears in 1 contract
Samples: Master Services Agreement
Processor’s Obligations. 4.13.1. As a Processor, Zivver must comply with In view of its obligations under the AgreementData Protection Laws, this the Data Processing Agreement and Applicable Law.Processor shall:
4.23.1.1. Processor shall (a) act in accordance with Act only upon the written strict instructions of Controller; (b) refrain from Processing the Personal Data for its own purposes; Controller and (c) only Process not process any personal data that may be transferred to it by the Personal Data to the extent Controller except as may be necessary for the performance of any service or task provided by the activities Data Processor to/for the Data Controller and, in particular, to process the said personal data only on documented instructions from the Data Controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by EU or Maltese law. In such a case, the Data Processor pursuant shall inform the Data Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
3.1.2. Ensure that persons authorised to process the personal data (including but not limited to the Agreement; unless Data Processor’s employees) have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
3.1.3. Implement appropriate technical and organisational measures to protect any personal data that may be processed on behalf of the Data Controller (if any) against accidental destruction or loss or unlawful forms of processing thereby providing the best possible level of security appropriate to the particular risks in question and take any other such measures as required by the Data Processor’s direct obligations as a European data processor in terms of Article 32 of the GDPR;
3.1.4. Not engage another data processor without prior specific or Member State law applicable general written authorisation of the Data Controller. In the case of general written authorisation, the Data Processor shall inform the Data Controller of any intended changes concerning the addition or replacement of other processors, thereby giving the Data Controller the opportunity to object to such changes. Where the Data Processor obliges him engages another processor for carrying out specific processing activities on behalf of the Data Controller (as authorised by the Data Controller), the same data protection obligations as set out in this DPA shall be imposed on that other processor or sub-processor by way of a contract or other legal act under EU or Maltese law, in particular providing sufficient guarantees to act differently implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR. Where that other processor or sub-processor fails to fulfil its data protection obligations, the Data Processor informs shall remain fully liable to the Data Controller thereof without undue delay for the performance of that other processor or sub-processor's obligations. A list of sub-processors currently employed by Data Processor can be found in accordance with Article 4.5 (ii).“Annex A”;
4.33.1.5. IfAssist the Data Controller by appropriate technical and organisational measures, during insofar as this is possible, for the term fulfilment of this the Data Processing Agreement, Processor receives a request from a Data Subject regarding his/her Personal Data pursuant Controller’s obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR, Processor shall refer taking into account the nature of the processing;
3.1.6. Assist the Data Subject to Controller without undue delay. Controller is at all times responsible for answering such requests. Processor shall provide the assistance reasonably required by Controller in order ensuring compliance with the obligations pursuant to enable Controller Articles 32 to fulfill its obligations with regard 36 of the GDPR (security obligations, notification of personal data breach to responsing the supervisory authority obligation, communication of a personal data breach to requests from Data Subjects to exercise their rights.
4.4. Processor shall provide the assistance required by Controller in its capacity as Processor to enable Controller to perform a Data Protection Impact Assessment data subject obligation, data protection impact assessment obligation and a possible subsequent prior consultation from a Supervisory Authority.with the supervisory authority obligation) taking into account the nature of processing and the information available to the Data Processor;
4.53.1.7. Processor shall inform In any case, notify the Data Controller without undue delay in after becoming aware of a personal data breach;
3.1.8. At the following cases:
(i) a European or Member State law applicable to Processor prevents Processor from complying with choice of the written instructions from Data Controller, unless such legislation prohibits Processor from providing such information;
(ii) Processor holds delete or return all the opinion that an instruction from personal data to the Data Controller infringes Applicable Law.
4.6. Upon termination of the Agreement or, if earlier, after the end of the delivery provision of Processing Activitiesservices relating to processing, and delete existing copies unless EU or Maltese law requires storage of the personal data;
3.1.9. Make available to the Data Controller all information necessary to demonstrate compliance with the obligations laid down in this Clause 2 and in the applicable data protection law(s) and allow for and contribute to audits, including inspections, conducted by the Data Controller or another auditor mandated by the Data Controller. In this regard, the Data Processor shall return immediately inform the Data Controller if, in its opinion, an instruction in connection with point (h) of the first subparagraph of Article 28 of the GDPR infringes the GDPR or other EU or Maltese data protection provisions;
3.1.10. Take all Personal Data such measures necessary to Controller in a common format and/or delete all copies ensure that processing will meet the requirements of such Personal Data, at the discretion GDPR and ensure the protection of Controller, unless a European or Member State law applicable to Processor prohibits Processor to return or delete Personal Datathe rights of data subjects.
4.7. Processor may charge reasonable costs for providing assistance to Controller with complying with its obligations under Applicable Law.
Appears in 1 contract
Samples: Data Processing Agreement