Common use of Processor’s Obligations Clause in Contracts

Processor’s Obligations. In addition to compliance with the provisions of this Agreement, each Party has to comply with statutory obligations set forth in the GDPR. In particular, Processor has to make sure his compliance with the following issues: 2.2.1. Written appointment of a data protection officer, if required by law. The following person has been appointed as Processor’s data protection officer: Xxx Xxxxxxx, with email address xxxxxxx.xxx@xxxxxxxxxxxxx.xxx. Any changes with regard to the appointment of a data protection officer and the latter´s contact details must be communicated to Controller in a timely manner. 2.2.2. Confidentiality pursuant to the GDPR is guaranteed. Processor confirms that any staff has been obliged to maintain confidentiality in written. Such obligation shall be designed to outlast the termination of this Agreement. 2.2.3. Processor undertakes to implement and comply with all technical and organizational measures required for the Order in accordance with the GDPR [see Appendix I for details]. 2.2.4. Concerning the performance of their duties under applicable data protection regulations, Controller and Processor will cooperate upon request of the supervisory authority. 2.2.5. Processor undertakes to control his internal processes as well as the technical and organizational measures on a regular basis in order to ensure that any processing within his responsibility is performed according to the requirements of the applicable rules on data protection and ensure that the protection of the rights of data subjects is guaranteed at any time. 2.2.6. Unless Processor is obliged to data processing by European Union law or by local laws to which Processor is subject (e.g. investigations by law enforcement unitsor authorities), Processor will only process Controller’s personal data in accordance with contractually specified conditions and Controller‘s specific individual instructions. In such a case, Processor shall inform Controller of these legal requirements prior to processing, unless the law prohibits such communication because of an important public interest or further legal reason Processor is obliged to comply with. Processor shall not process data for any other purposes and is not entitled to forward them to third parties. Processor shall inform Controller if he considers an instruction as violating applicable law in a timely manner. Processor may suspend the execution of the instruction only until it has been confirmed or changed by Controller’s authorized personnel/representative where Controller shall bear any risk and cost from the execution of any such instruction turning out to be illegal. 2.2.7. Processor is obliged to provide Controller with information upon Controller’s written request as far as Controller’s data and documents are concerned. 2.2.8. Processor shall keep records of processing activities in accordance with art. 30 para. 2 of the GDPR and makes them available upon Controller’s request. Controller provides Processor with necessary information required for this purpose. Processor moreover supports Controller in preparing the necessary data processing record required under art. 30 para. 1 of the GDPR. 2.2.9. Processor shall assist Controller in complying with any obligation set forth in art. 32 to 36 of the GDPR. 2.2.10. Processor may seek compensation for any supportive action he performs in favor of Controller if such action is not part of the contractual duties of Processor and when such action does not have to be performed as consequence of any misbehavior of Processor in regard of this Agreement. 2.2.11. Processor must inform Controller of any actions and measures of supervisory authorities in a timely manner, as far as such relate to orders subject to this Agreement. This also applies in case that a competent authority initiates any administrative or criminal proceedings against Processor in regard of any data processing activities carried out by Processor. Any additional costs arising at Processor’s as consequence of the aforementioned actions shall be borne by Controller.

Processor’s Obligations. In addition to compliance with the provisions of this Agreement, each Party has to comply with statutory obligations set forth in the GDPR. In particular, Processor has to make sure his compliance with the following issues: 2.2.1. Written appointment of a data protection officer, if required by law. The following person has been appointed as Processor’s data protection officer: Xxx Xxxxxxx, ,with email address xxxxxxx.xxx@xxxxxxxxxxxxx.xxxxxxxx@xxxxxxxxxxxxxx.xxx. Any changes with regard to the appointment of a data protection officer and the latter´s latter's contact details must be communicated to Controller in a timely manner. 2.2.2. Confidentiality pursuant to the GDPR is guaranteed. Processor confirms that any staff has been obliged to maintain confidentiality in written. Such obligation shall be designed to outlast the termination of this Agreement. 2.2.3. Processor undertakes to implement and comply with all technical and organizational measures required for the Order in accordance with the GDPR [see Appendix I for details]. 2.2.4. Concerning the performance of their duties under applicable data protection regulations, Controller and Processor will cooperate upon request of the supervisory authority. 2.2.5. Processor undertakes to control his internal processes as well as the technical and organizational measures on a regular basis in order to ensure that any processing within his responsibility is performed according to the requirements of the applicable rules on data protection and ensure that the protection of the rights of data subjects is guaranteed at any time. 2.2.6. Unless Processor is obliged to data processing by European Union law or by local laws to which Processor is subject (e.g. investigations by law enforcement unitsor units or authorities), Processor will only process Controller’s personal data in accordance with contractually specified conditions and Controller‘s specific individual instructions. In such a case, Processor shall inform Controller of these legal requirements prior to processing, unless the law prohibits such communication because of an important public interest or further legal reason Processor is obliged to comply with. Processor shall not process data for any other purposes and is not entitled to forward them to third parties. Processor shall inform Controller if he considers an instruction as violating applicable law in a timely manner. Processor may suspend the execution of the instruction only until it has been confirmed or changed by Controller’s authorized personnel/representative where Controller shall bear any risk and cost from the execution of any such instruction turning out to be illegal. 2.2.7. Processor is obliged to provide Controller with information upon Controller’s written request as far as Controller’s data and documents are concerned. 2.2.8. Processor shall keep records of processing activities in accordance with art. 30 para. 2 para.2 of the GDPR and makes them available upon Controller’s request. Controller provides Processor with necessary information required for this purpose. Processor moreover supports Controller in preparing the necessary data processing record required under art. 30 para. 1 of the GDPR. 2.2.9. Processor shall assist Controller in complying with any obligation set forth in art. 32 to 36 of the GDPR. 2.2.10. Processor may seek compensation for any supportive action he performs in favor of Controller if such action is not part of the contractual duties of Processor and when such action does not have to be performed as consequence of any misbehavior of Processor in regard of this Agreement. 2.2.11. Processor must inform Controller of any actions and measures of supervisory authorities in a timely manner, as far as such relate to orders subject to this Agreement. This also applies in case that a competent authority initiates any administrative or criminal proceedings against Processor in regard of any data processing activities carried out by Processor. Any additional costs arising at Processor’s as consequence of the aforementioned actions shall be borne by Controller.

Processor’s Obligations. In addition to compliance with the provisions of this Agreement, each Party has to comply with statutory obligations set forth in the GDPR. In particular, Processor has to make sure his compliance with the following issues: 2.2.1. Written appointment of a data protection officer, if required by law. The following person has been appointed as Processor’s data protection officer: Xxx Xxxxxxx, with email address xxxxxxx.xxx@xxxxxxxxxxxxx.xxx. Any changes with regard to the appointment of a data protection officer and the latter´s contact details must be communicated to Controller in a timely manner. 2.2.2. Confidentiality pursuant to the GDPR is guaranteed. Processor confirms that any staff has been obliged to maintain confidentiality in written. Such obligation shall be designed to outlast the termination of this Agreement. 2.2.3. Processor undertakes to implement and comply with all technical and organizational measures required for the Order in accordance with the GDPR [see Appendix I for details]. 2.2.4. Concerning the performance of their duties under applicable data protection regulations, Controller and Processor will cooperate upon request of the supervisory authority. 2.2.5. Processor undertakes to control his internal processes as well as the technical and organizational measures on a regular basis in order to ensure that any processing within his responsibility is performed according to the requirements of the applicable rules on data protection and ensure that the protection of the rights of data subjects is guaranteed at any time. 2.2.6. Unless Processor is obliged to data processing by European Union law or by local laws to which Processor is subject (e.g. investigations by law enforcement unitsor units or authorities), Processor will only process Controller’s personal data in accordance with contractually specified conditions and Controller‘s specific individual instructions. In such a case, Processor shall inform Controller of these legal requirements prior to processing, unless the law prohibits such communication because of an important public interest or further legal reason Processor is obliged to comply with. Processor shall not process data for any other purposes and is not entitled to forward them to third parties. Processor shall inform Controller if he considers an instruction as violating applicable law in a timely manner. Processor may suspend the execution of the instruction only until it has been confirmed or changed by Controller’s authorized personnel/representative where Controller shall bear any risk and cost from the execution of any such instruction turning out to be illegal. 2.2.7. Processor is obliged to provide Controller with information upon Controller’s written request as far as Controller’s data and documents are concerned. 2.2.8. Processor shall keep records of processing activities in accordance with art. 30 para. 2 of the GDPR and makes them available upon Controller’s request. Controller provides Processor with necessary information required for this purpose. Processor moreover supports Controller in preparing the necessary data processing record required under art. 30 para. 1 of the GDPR. 2.2.9. Processor shall assist Controller in complying with any obligation set forth in art. 32 to 36 of the GDPR. 2.2.10. Processor may seek compensation for any supportive action he performs in favor of Controller if such action is not part of the contractual duties of Processor and when such action does not have to be performed as consequence of any misbehavior of Processor in regard of this Agreement. 2.2.11. Processor must inform Controller of any actions and measures of supervisory authorities in a timely manner, as far as such relate to orders subject to this Agreement. This also applies in case that a competent authority initiates any administrative or criminal proceedings against Processor in regard of any data processing activities carried out by Processor. Any additional costs arising at Processor’s as consequence of the aforementioned actions shall be borne by Controller.