Processor’s Obligations. 5.1 The Processor processes personal data in accordance with the Applicable Data Protection Law. 5.2 The Processor processes personal data only on instructions from the Controller and only in accordance with the instructions as well as any other purposes agreed between the Parties in writing. The processing of personal data shall be performed in accordance with good data processing practices. 5.3 The Processor is obliged to store personal data on behalf of the Controller and in accordance with its instructions throughout the duration of the Customer Agreement, unless the Controller instructs the Processor to store the personal data for a longer period. 5.4 At the expiry of the contract period of the Customer Agreement and at the Controller’s option, the Processor shall 1) erase or 2) return to the Controller all personal data and remove existing copies. The Processor shall erase personal data from all IT systems within 30 days, when so instructed by the Controller and future storage no longer serves a legitimate purpose. 5.5 The Processor trains and instructs employees in confidential processing of personal data and ensures that processing is done solely in accordance with the purposes of the DPA and the Controller’s instructions. The Processor ensures that their employees have committed themselves to confidentiality with respect to all personal data and treat personal data accordingly. 5.6 The Processor has the duty to establish, implement and maintain, organisational, administrative and IT technical security measures that prevent personal data from accidentally or illegally being destroyed or lost, deteriorate or be disclosed to unauthorised persons, abused or otherwise processed in violation of the law. The Processor shall give instructions that place responsibility for, and describe processing and erasure of, personal data and operation of IT equipment. At the Controller’s request, the Processor shall provide the Controller with information adequate to check whether the mentioned technical and organisational security measures are implemented. 5.7 The Processor shall, to the extent possible and taking into account the nature of the processing, assist the Controller in complying with the Controller's obligation to respond to Data Subjects’ exercise of their rights in accordance with chapter 3 of the General Data Protection Regulation. The Controller is responsible for direct communication with the Data Subjects. The Controller shall put its request for the Processor’s assistance in writing and strive to describe as accurately and limited as possible the activities with which the Controller is requesting the Processor's assistance. 5.8 Upon written request by Controller with a notice period of thirty (30) days to Processor, Controller is entitled to audit compliance of this Data Processing Agreement, at most once a year, at its own costs, by accessing the technical and organizational security measures of Processor in accordance with the Applicable Data Protection Law. Such audit shall be carried out by the Controller or an inspection authority composed of independent persons and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the Controller. Controller will furnish immediately after the verification or inspection to the Processor a copy of the report of such audit. Processor will cooperate with such an audit or inspection. If any audit or inspection shows that Processor does not take and implement appropriate technical and organizational security measures in accordance with the Applicable Data Protection Law, Processor and Controller shall discuss and agree to improve the technical or organizational security measures in good cooperation.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Processor’s Obligations. 5.1 The Processor processes personal data in accordance with the Applicable Data Protection Law.
5.2 The Processor processes personal data only on instructions from the Controller and only in accordance with the instructions as well as any other purposes agreed between the Parties in writing. The processing of personal data shall be performed in accordance with good data processing pro- cessing practices.
5.3 The Processor is obliged to store personal data on behalf of the Controller and in accordance with its instructions throughout the duration of the Customer Agreement, unless the Controller instructs the Processor to store the personal data for a longer period.
. Last update: 8th November 2021 5.4 At the expiry Forecast shall delete customer personal data within 90 days of the contract period termination of the Customer Agreement and at the Controller’s optionAgreement, the Processor shall 1) erase or 2) return to the Controller all personal data and remove existing copies. The Processor shall erase personal data from all IT systems within 30 days, when so instructed unless otherwise requested in writing by the Controller and future storage no longer serves a legitimate purposeCustomer to delete sooner.
5.5 The Processor trains and instructs employees in confidential processing of personal data and ensures that processing is done solely in accordance with the purposes of the DPA and the Controller’s instructions. The Processor ensures that their employees have committed themselves them- selves to confidentiality with respect to all personal data and treat personal data accordingly.
5.6 The Processor has the duty to establish, implement and maintain, organisational, administrative and IT technical security measures that prevent personal data from accidentally or illegally being destroyed or lost, deteriorate or be disclosed to unauthorised persons, abused or otherwise processed in violation of the law. The Processor shall give instructions that place responsibility for, and describe processing and erasure of, personal data and operation of IT equipment. At the Controller’s request, the Processor shall provide the Controller with information adequate to check whether the mentioned technical and organisational security measures are implemented.
5.7 The Processor shall, to the extent possible and taking into account the nature of the processing, assist the Controller in complying with the Controller's obligation to respond to Data Subjects’ exercise of their rights in accordance with chapter 3 of the General Data Protection RegulationEU GDPR. The Controller is responsible respon- sible for direct communication with the Data Subjects. The Controller shall put its request for the Processor’s assistance in writing and strive to describe as accurately and limited as possible the activities with which the Controller is requesting the Processor's assistance.
5.8 Upon written request by Controller with a notice period of thirty (30) days to Processor, Controller Control- ler is entitled to audit compliance of this Data Processing Agreement, at most once a year, at its own costs, by accessing the technical and organizational security measures of Processor in accordance with the Applicable Data Protection Law. Such audit shall be carried out by the Controller or an inspection authority composed of independent persons and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the ControllerCon- troller. Controller will furnish immediately after the verification or inspection to the Processor a copy of the report of such audit. Processor will cooperate with such an audit or inspection. If any audit or inspection shows that Processor does not take and implement appropriate technical and organizational security measures in accordance with the Applicable Data Protection Law, Processor and Controller shall discuss and agree to improve the technical or organizational security measures in good cooperation.
Appears in 1 contract
Samples: Data Processing Agreement
Processor’s Obligations. 5.1 The Processor processes personal data in accordance with the Applicable Data Protection Law.
5.2 The Processor processes personal data only on instructions from the Controller and only in accordance with the instructions as well as any other purposes agreed between the Parties in writing. The processing of personal data shall be performed in accordance with good data processing pro- cessing practices.
5.3 The Processor is obliged to store personal data on behalf of the Controller and in accordance with its instructions throughout the duration of the Customer Agreement, unless the Controller instructs the Processor to store the personal data for a longer period.
5.4 At the expiry Forecast shall delete customer personal data within 90 days of the contract period termination of the Customer Agreement and at the Controller’s optionAgreement, the Processor shall 1) erase or 2) return to the Controller all personal data and remove existing copies. The Processor shall erase personal data from all IT systems within 30 days, when so instructed unless otherwise requested in writing by the Controller and future storage no longer serves a legitimate purposeCustomer to delete sooner.
5.5 The Processor trains and instructs employees in confidential processing of personal data and ensures that processing is done solely in accordance with the purposes of the DPA and the Controller’s instructions. The Processor ensures that their employees have committed themselves them- selves to confidentiality with respect to all personal data and treat personal data accordingly.
5.6 The Processor has the duty to establish, implement and maintain, organisational, administrative and IT technical security measures that prevent personal data from accidentally or illegally being destroyed or lost, deteriorate or be disclosed to unauthorised persons, abused or otherwise processed in violation of the law. The Processor shall give instructions that place responsibility for, and describe processing and erasure of, personal data and operation of IT equipment. At the Controller’s request, the Processor shall provide the Controller with information adequate to check whether the mentioned technical and organisational security measures are implemented.
5.7 The Processor shall, to the extent possible and taking into account the nature of the processing, assist the Controller in complying with the Controller's obligation to respond to Data Subjects’ exercise of their rights in accordance with chapter 3 of the General Data Protection RegulationEU GDPR. The Controller is responsible respon- sible for direct communication with the Data Subjects. The Controller shall put its request for the Processor’s assistance in writing and strive to describe as accurately and limited as possible the activities with which the Controller is requesting the Processor's assistance.
5.8 Upon written request by Controller with a notice period of thirty (30) days to Processor, Controller Control- ler is entitled to audit compliance of this Data Processing Agreement, at most once a year, at its own costs, by accessing the technical and organizational security measures of Processor in accordance with the Applicable Data Protection Law. Such audit shall be carried out by the Controller or an inspection authority composed of independent persons and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the ControllerCon- troller. Controller will furnish immediately after the verification or inspection to the Processor a copy of the report of such audit. Processor will cooperate with such an audit or inspection. If any audit or inspection shows that Processor does not take and implement appropriate technical and organizational security measures in accordance with the Applicable Data Protection Law, Processor and Controller shall discuss and agree to improve the technical or organizational security measures in good cooperation.
Appears in 1 contract
Samples: Data Processing Agreement
Processor’s Obligations. 5.1 4.1 The Processor processes personal data in accordance with applicable Danish data protection legislation, including the Applicable General Data Protection LawRegulation, when it enters into force in Denmark on 25 May 2018.
5.2 4.2 The Processor processes personal data only on instructions instruction from the Controller and only in accordance with the instructions as well as any other purposes agreed between the Parties in writing. The processing of personal data shall be performed in accordance with good data processing practices.
5.3 4.3 The Processor is obliged to store personal data on behalf of the Controller and in accordance with its instructions throughout the duration of the Customer Agreement, unless the Controller instructs the Processor to store the personal data for a longer period.
5.4 4.4 At the expiry of the contract period of the Customer Agreement and at the Controller’s option, the Processor shall 1) erase or 2) return to the Controller all personal data and remove existing copies. The Processor shall erase personal data from all IT systems within 30 days, when so instructed by the Controller and future storage no longer serves a legitimate purpose.
5.5 4.5 The Processor trains and instructs employees in confidential processing of personal data and ensures that processing is done solely in accordance with the purposes of the DPA and the Controller’s instructions. The Processor ensures that their employees have committed themselves to confidentiality with respect to all personal data and treat personal data accordingly.
5.6 4.6 The Processor has the duty to establish, implement and maintain, organisational, administrative and IT technical security measures that prevent personal data from accidentally or illegally being destroyed or lost, deteriorate or be disclosed to unauthorised persons, abused or otherwise processed in violation of the law. The Processor shall give instructions that place responsibility for, and describe processing and erasure of, personal data and operation of IT equipment. At the Controller’s request, the Processor shall provide the Controller with information adequate to check whether the mentioned technical and organisational security measures are implemented.
5.7 4.7 The Processor shall, to the extent possible and taking into account the nature of the processingpossible, assist the Controller in complying with the Controller's obligation to respond to Data Subjects’ exercise of a their rights in accordance with chapter 3 of the General Data Protection Regulation. The Controller is responsible for direct communication with the Data Subjects. The Controller shall put its request for the Processor’s assistance in writing and strive to describe as accurately and limited as possible the activities with which the Controller is requesting the Processor's assistance.
5.8 Upon written request by Controller with a notice period of thirty (30) days to Processor, Controller is entitled to audit compliance of this Data Processing Agreement, at most once a year, at its own costs, by accessing the technical and organizational security measures of Processor in accordance with the Applicable Data Protection Law. Such audit shall be carried out by the Controller or an inspection authority composed of independent persons and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the Controller. Controller will furnish immediately after the verification or inspection to the Processor a copy of the report of such audit. Processor will cooperate with such an audit or inspection. If any audit or inspection shows that Processor does not take and implement appropriate technical and organizational security measures in accordance with the Applicable Data Protection Law, Processor and Controller shall discuss and agree to improve the technical or organizational security measures in good cooperation.
Appears in 1 contract
Samples: Data Processing Agreement
Processor’s Obligations. 5.1 4.1 The Processor processes personal data in accordance with applicable Danish data protection legislation, including the Applicable General Data Protection LawRegulation, when it enters into force in Denmark on 25 May 2018.
5.2 4.2 The Processor processes personal data only on instructions instruction from the Controller and only in accordance with the instructions as well as any other purposes agreed between the Parties in writing. The processing of personal data shall be performed in accordance with good data processing practices.
5.3 4.3 The Processor is obliged to store personal data on behalf of the Controller and in accordance with its instructions throughout the duration of the Customer Agreement, unless the Controller instructs the Processor to store the personal data for a longer period.
5.4 4.4 At the expiry of the contract period of the Customer Agreement and at the Controller’s option, the Processor shall 1) erase or 2) return to the Controller all personal data and remove existing copies. The Processor shall erase personal data from all IT systems within 30 days, when so instructed by the Controller and future storage no longer serves a legitimate purpose.
5.5 4.5 The Processor trains and instructs employees in confidential processing of personal data and ensures that processing is done solely in accordance with the purposes of the DPA and the Controller’s instructions. The Processor ensures that their employees have committed themselves to confidentiality with respect to all personal data and treat personal data accordingly.
5.6 4.6 The Processor has the duty to establish, implement and maintain, organisational, administrative and IT technical security measures that prevent personal data from accidentally or illegally being destroyed or lost, deteriorate or be disclosed to unauthorised persons, abused or otherwise processed in violation of the law. The Processor shall give instructions that place responsibility for, and describe processing and erasure of, personal data and operation of IT equipment. At the Controller’s request, the Processor shall provide the Controller with information adequate to check whether the mentioned technical and organisational security measures are implemented.
5.7 4.7 The Processor shall, to the extent possible and taking into account the nature of the processingpossible, assist the Controller in complying with the Controller's obligation to respond to Data Subjects’ exercise of a their rights in accordance with chapter 3 of the General Data Protection Regulation. The Controller is responsible for direct communication with the Data Subjects. The Controller shall put its request for the Processor’s assistance in writing and strive to describe as accurately and limited as possible the activities with which the Controller is requesting the Processor's assistance.
5.8 4.8 Upon written request by Controller with a notice period of thirty (30) days to Processor, Controller is entitled to audit compliance of this Data Processing Agreement, at most once a year, at its own costs, by accessing the technical and organizational security measures of Processor in accordance with the Applicable Data Protection Law. Such audit shall be carried out by the Controller or an inspection authority composed of independent persons and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the Controller. Controller will furnish immediately after the verification or inspection to the Processor a copy of the report of such audit. Processor will cooperate with such an audit or inspection. If any audit or inspection shows that Processor does not take and implement appropriate technical and organizational security measures in accordance with the Applicable Data Protection Law, Processor and Controller shall discuss and agree to improve the technical or organizational security measures in good cooperation.
Appears in 1 contract
Samples: Data Processing Agreement
Processor’s Obligations. 5.1 4.1 The Processor processes personal data in accordance with applicable Danish data protection legislation, including the Applicable General Data Protection LawRegulation, when it enters into force in Denmark on 25 May 2018.
5.2 4.2 The Processor processes personal data only on instructions instruction from the Controller and only in accordance with the instructions as well as any other purposes agreed between the Parties in writing. The processing of personal data shall be performed in accordance with good data processing practices.
5.3 4.3 The Processor is obliged to store personal data on behalf of the Controller and in accordance with its instructions throughout the duration of the Customer Agreement, unless the Controller instructs the Processor to store the personal data for a longer period.
5.4 4.4 At the expiry of the contract period of the Customer Agreement and at the Controller’s option, the Processor shall 1) erase or 2) return to the Controller all personal data and remove existing copies. The Processor shall erase personal data from all IT systems within 30 days, when so instructed by the Controller and future storage no longer serves a legitimate purpose.
5.5 4.5 The Processor trains and instructs employees in confidential processing of personal data and ensures that processing is done solely in accordance with the purposes of the DPA and the Controller’s instructions. The Processor ensures that their employees have committed themselves to confidentiality with respect to all personal data and treat personal data accordingly.
5.6 4.6 The Processor has the duty to establish, implement and maintain, organisational, administrative and IT technical security measures that prevent personal data from accidentally or illegally being destroyed or lost, deteriorate or be disclosed to unauthorised persons, abused or otherwise processed in violation of the law. The Processor shall give instructions that place responsibility for, and describe processing and erasure of, personal data and operation of IT equipment. At the Controller’s request, the Processor shall provide the Controller with information adequate to check whether the mentioned technical and organisational security measures are implemented.
5.7 4.7 The Processor shall, to the extent possible and taking into account the nature of the processingpossible, assist the Controller in complying with the Controller's obligation to respond to Data Subjects’ exercise of a their rights in accordance with chapter 3 of the General Data Protection Regulation. The Controller is responsible for direct communication with the Data Subjects. The Controller shall put its request for the Processor’s assistance in writing and strive to describe as accurately and limited as possible the activities with which the Controller is requesting the Processor's assistance.
5.8 4.8 Upon written request by Controller with a notice period of thirty (30) days to Processor, Controller is entitled to audit compliance of this Data Processing Agreement, at most once a year, at its own costs, by accessing the technical and organizational security measures of Processor in accordance with the Applicable Data Protection Law. Such audit shall be carried out by the Controller or an inspection authority composed of independent persons and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the Controller. Controller will furnish immediately after the verification or inspection to the Processor a copy of the report of such audit. Processor will cooperate with such an audit or inspection. If any audit or inspection shows that Processor does not take and implement appropriate technical and organizational security measures in accordance with the Applicable Data Protection Law, Processor and Controller shall discuss and agree to improve the technical or organizational security measures in good cooperation.
Appears in 1 contract
Samples: Data Processing Agreement