Common use of Requirement for the Supplier Clause in Contracts

Requirement for the Supplier. 3.1 The Supplier must process personal data in compliance with applicable Danish data protection regulations including the General Data Protection Regulation. 3.2 The Supplier must ensure that the persons authorized to process personal data have committed themselves to confidentiality or are bound by an appropriate statutory professional secrecy. 3.3 The Supplier must take all measures required pursuant to article 32 of the General Data Protection Regulation including implementing appropriate technical and organizational security measures to protect the processed personal data against (i) accidental or unlawful destruction, loss or alteration, (ii) unauthorized disclosure or access, or (iii) processing in breach of the legislation including the General Data Protection Regulation. 3.4 The Supplier must also comply with the legal standards on security measures, which bind the Supplier directly, including the standards on security measures in the country in which the Supplier is established or in the country in which the data processing takes place. 3.5 The appropriate technical and organizational security measures must be defined in consideration of (i) the current technical level, (ii) the implementation costs, (iii) the character, the extent, the context and the purpose of the processing as well as the risks of varying probability and seriousness related to the rights and freedoms of natural persons. 3.6 The Supplier must in ensuring the above-mentioned security measures as a minimum implement the technical and organizational measures specified in Appendix 3 of the Agreement. 3.7 At the request of the Customer, the Supplier must make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in the Data Processing Agreement and allow for and contribute to audits in accordance with the Data Processing Agreement including inspections conducted by the Customer or another auditor mandated by the Customer. 3.8 Each year, the Supplier must, at his own expense, obtain a declaration from an independent expert concerning the Supplier’s fulfillment of the requirements for the security measures stated in the Agreement. The declaration must be uploaded on the Supplier’s website xxx.xxxxxx.xx once each year. By written notification to the Customer, the Supplier is entitled to change the website on which the declaration must be uploaded. 3.9 In addition, the Customer is entitled to appoint an independent expert at his own expense who must have access to those parts of the physical facilities of the Supplier in which the processing of personal data takes place and receive necessary information for analyzing whether the Supplier has taken the technical and organizational security measures mentioned. The independent expert of the Customer cannot get access to information on the general cost structure of the Supplier or to information concerning other Customers of the supplier. At the request of the Supplier, the expert must sign an undertaking of secrecy and in any event treat any information gathered or received from the Supplier confidentially and only share information with the Customer. The Customer is not entitled to pass on information or to use the information for any other purposes than for the assessment of whether the Supplier has implemented the necessary technical and organizational security measures. 3.10 The Supplier must, without undue delay after becoming aware of this information, inform the Customer in writing about (i) any request of an authority for disclosure of personal data covered by the Agreement unless it is prohibited to inform the Customer pursuant to the EU law or the legislation of a state to which the Supplier is subject, (ii) Any suspicion or observation of (a) security breaches leading to accidental or lawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, preserved or in any other way processed by the Supplier according to this Agreement, or (b) any other non-compliance with the obligations of the Supplier according to paragraph 3.3 and 3.4, or (iii) any request for access to personal data received directly from the data subject or from a third party. 3.11 The Supplier must, taking into account the nature of the processing, assist the Customer by appropriate technical and organizational measures, for the fulfillment of the Customer’s obligation to respond to requests for exercising the data subjects’ rights laid down in chapter III of the General Data Protection Regulation , including e.g. Requests for access, rectification, blocking and erasure. 3.12 The Supplier must assist the Customer in ensuring compliance with the Customer’s obligations pursuant to articles 32-36 of the General Data Protection Regulation, taking into account the nature of processing and the information available to the Supplier, as well as other obligations to which the Customer is subject, pursuant to Union or Member State law under which the assistance of the Supplier is required to the extent that the assistance of the Supplier is necessary for the Customer to comply with such obligations. This includes in particular, upon request, the provision of all necessary information to the Customer of an incident covered by clause 3.10 (ii), as well as all necessary information for the use of an impact assessment under article 35-36 of the General Data Protection Regulation, to the extent the Supplier has access to such information. 3.13 The physical location of servers, service centers etc. which form part of the data processing is stated in Appendix 1. The Supplier is obliged to warn the Customer before changing the physical location. This does not require a formal amendment of Appendix 1. A prior written notice is sufficient. 3.14 The Customer pays the Supplier separately for the time and material spent on the handling of enquiries and tasks according to paragraph 3.7, 3.9, 3.10 (i) and (iii), 3.11, 3.12, 6.4 and 6.5 of the Agreement. The cost of the services follows the prices listed on the Supplier’s website xxx.xxxxxx.xx or any other website selected by the Supplier.

Appears in 3 contracts

Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement

AutoNDA by SimpleDocs

Requirement for the Supplier. 3.1 The Supplier must process personal data in compliance with applicable Danish data protection regulations including the General Data Protection Regulation. 3.2 The Supplier must ensure that the persons authorized to process personal data have committed themselves to confidentiality or are bound by an appropriate statutory professional secrecy. 3.3 The Supplier must take all measures required pursuant to article 32 of the General Data Protection Regulation including implementing appropriate technical and organizational security measures to protect the processed personal data against (i) accidental or unlawful destruction, loss or alteration, (ii) unauthorized disclosure or access, or (iii) processing in breach of the legislation including the General Data Protection Regulation. 3.4 The Supplier must also comply with the legal standards on security measures, which bind the Supplier directly, including the standards on security measures in the country in which the Supplier is established or in the country in which the data processing takes placetakesplace. 3.5 The appropriate technical and organizational security measures must be defined in consideration of (i) the current technical level, (ii) the implementation costs, (iii) the character, the extent, the context and the purpose of the processing as well as the risks of varying probability and seriousness related to the rights and freedoms of natural persons. 3.6 The Supplier must in ensuring the above-mentioned security measures as a minimum implement the technical and organizational measures specified in Appendix 3 of the Agreement. 3.7 At the request of the Customer, the Supplier must make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in the Data Processing Agreement and allow for and contribute to audits in accordance with the Data Processing Agreement including inspections conducted by the Customer or another auditor mandated by the Customer. 3.8 Each year, the Supplier must, at his own expense, obtain a declaration from an independent expert concerning the Supplier’s fulfillment of the requirements for the security measures stated in the Agreement. The declaration must be uploaded on the Supplier’s website xxx.xxxxxx.xx once each year. By written notification to the Customer, the Supplier is entitled to change the website on which the declaration must be uploaded. 3.9 In addition, the Customer is entitled to appoint an independent expert at his own expense who must have access to those parts of the physical facilities of the Supplier in which the processing of personal data takes place and receive necessary information for analyzing whether the Supplier has taken the technical and organizational security measures mentioned. The independent expert of the Customer cannot get access to information on the general cost structure of the Supplier or to information concerning other Customers of the supplier. At the request of the Supplier, the expert must sign an undertaking of secrecy and in any event treat any information gathered or received from the Supplier confidentially and only share information with the Customer. The Customer is not entitled to pass on information or to use the information for any other purposes than for the assessment of whether the Supplier has implemented the necessary technical and organizational security measures. 3.10 The Supplier must, without undue delay after becoming aware of this information, inform the Customer in writing about (i) any request of an authority for disclosure of personal data covered by the Agreement unless it is prohibited to inform the Customer pursuant to the EU law or the legislation of a state to which the Supplier is subject, (ii) Any suspicion or observation of (a) security breaches leading to accidental or lawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, preserved or in any other way processed by the Supplier according to this Agreement, or (b) any other non-compliance with the obligations of the Supplier according to paragraph 3.3 and 3.4, or (iii) any request for access to personal data received directly from the data subject or from a third party. 3.11 The Supplier must, taking into account the nature of the processing, assist the Customer by appropriate technical and organizational measures, for the fulfillment of the Customer’s obligation to respond to requests for exercising the data subjects’ rights laid down in chapter III of the General Data Protection Regulation Regulation, including e.g. Requests for access, rectification, blocking and erasure. 3.12 The Supplier must assist the Customer in ensuring compliance with the Customer’s obligations pursuant to articles 32-36 of the General Data Protection Regulation, taking into account the nature of processing and the information available to the Supplier, as well as other obligations to which the Customer is subject, pursuant to Union or Member State law under which the assistance of the Supplier is required to the extent that the assistance of the Supplier is necessary for the Customer to comply with such obligations. This includes in particular, upon request, the provision of all necessary information to the Customer of an incident covered by clause 3.10 (ii), as well as all necessary information for the use of an impact assessment under article 35-36 of the General Data Protection Regulation, to the extent the Supplier has access to such information. 3.13 The physical location of servers, service centers etc. which form part of the data processing is stated in Appendix 1. The Supplier is obliged to warn the Customer before changing the physical location. This does not require a formal amendment of Appendix 1. A prior written notice is sufficient. 3.14 The Customer pays the Supplier separately for the time and material spent on the handling of enquiries and tasks according to paragraph 3.7, 3.9, 3.10 (i) and (iii), 3.11, 3.12, 6.4 and 6.5 of the Agreement. The cost of the services follows the prices listed on the Supplier’s website xxx.xxxxxx.xx or any other website selected by the Supplier.

Appears in 3 contracts

Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement

AutoNDA by SimpleDocs

Requirement for the Supplier. 3.1 The Supplier must process personal data in compliance with applicable Danish data protection regulations including the General Data Protection Regulation. 3.2 The Supplier must ensure that the persons authorized to process personal data have committed themselves to confidentiality or are bound by an appropriate statutory professional secrecy. 3.3 The Supplier must take all measures required pursuant to article 32 of the General Data Protection Regulation including implementing appropriate technical and organizational security measures to protect the processed personal data against (i) accidental or unlawful destruction, loss or alteration, (ii) unauthorized disclosure or access, or (iii) processing in breach of the legislation including the General Data Protection Regulation. 3.4 The Supplier must also comply with the legal standards on security measures, which bind the Supplier directly, including the standards on security measures in the country in which the Supplier is established or in the country in which the data processing takes placetakesplace. 3.5 The appropriate technical and organizational security measures must be defined in consideration of (i) the current technical level, (ii) the implementation costs, (iii) the character, the extent, the context and the purpose of the processing as well as the risks of varying probability and seriousness related to the rights and freedoms of natural persons. 3.6 The Supplier must in ensuring the above-mentioned security measures as a minimum implement the technical and organizational measures specified in Appendix 3 of the Agreement. 3.7 At the request of the Customer, the Supplier must make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in the Data Processing Agreement and allow for and contribute to audits in accordance with the Data Processing Agreement including inspections conducted by the Customer or another auditor mandated by the Customer. 3.8 Each year, the Supplier must, at his own expense, obtain a declaration from an independent expert concerning the Supplier’s fulfillment of the requirements for the security measures stated in the Agreement. The declaration must be uploaded on the Supplier’s website xxx.xxxxxx.xx once each year. By written notification to the Customer, the Supplier is entitled to change the website on which the declaration must be uploaded. 3.9 In addition, the Customer is entitled to appoint an independent expert at his own expense who must have access to those parts of the physical facilities of the Supplier in which the processing of personal data takes place and receive necessary information for analyzing whether the Supplier has taken the technical and organizational security measures mentioned. The independent expert of the Customer cannot get access to information on the general cost structure of the Supplier or to information concerning other Customers of the supplier. At the request of the Supplier, the expert must sign an undertaking of secrecy and in any event treat any information gathered or received from the Supplier confidentially and only share information with the Customer. The Customer is not entitled to pass on information or to use the information for any other purposes than for the assessment of whether the Supplier has implemented the necessary technical and organizational security measures. 3.10 The Supplier must, without undue delay and, where feasible no later than 24 hours after becoming aware of this information, inform the Customer in writing about (i) any request of an authority for disclosure of personal data covered by the Agreement unless it is prohibited to inform the Customer pursuant to the EU law or the legislation of a state to which the Supplier is subject, (ii) Any suspicion or observation of (a) security breaches leading to accidental or lawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, preserved or in any other way processed by the Supplier according to this Agreement, or (b) any other non-compliance with the obligations of the Supplier according to paragraph 3.3 and 3.4, or (iii) any request for access to personal data received directly from the data subject or from a third party. 3.11 The Supplier must, taking into account the nature of the processing, assist the Customer by appropriate technical and organizational measures, for the fulfillment of the Customer’s obligation to respond to requests for exercising the data subjects’ rights laid down in chapter III of the General Data Protection Regulation Regulation, including e.g. Requests for access, rectification, blocking and erasure. 3.12 The Supplier must assist the Customer in ensuring compliance with the Customer’s obligations pursuant to articles 32-36 of the General Data Protection Regulation, taking into account the nature of processing and the information available to the Supplier, as well as other obligations to which the Customer is subject, pursuant to Union or Member State law under which the assistance of the Supplier is required to the extent that the assistance of the Supplier is necessary for the Customer to comply with such obligations. This includes in particular, upon request, the provision of all necessary information to the Customer of an incident covered by clause 3.10 (ii), as well as all necessary information for the use of an impact assessment under article 35-36 of the General Data Protection Regulation, to the extent the Supplier has access to such information. 3.13 The physical location of servers, service centers etc. which form part of the data processing is stated in Appendix 1. The Supplier is obliged to warn the Customer before changing the physical location. This does not require a formal amendment of Appendix 1. A prior written notice is sufficient. 3.14 The Customer pays the Supplier separately for the time and material spent on the handling of enquiries and tasks according to paragraph 3.7, 3.9, 3.10 (i) and (iii), 3.11, 3.12, 6.4 and 6.5 of the Agreement. The cost of the services follows the prices listed on the Supplier’s website xxx.xxxxxx.xx or any other website selected by the Supplier.

Appears in 3 contracts

Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!