Common use of Rights and obligations of the Data Processor Clause in Contracts

Rights and obligations of the Data Processor. 3.1 The Data Processor undertakes to comply with the obligations imposed under the Data Protection Legislation as well as good data processing practice in the Processing of Personal Data. 3.2 The Data Processor shall be obligated to Process the Personal Data saved in the Software in accordance with the documented, lawful and reasonable instructions issued by the Data Controller. It is stated for the sake of clarity that the Data Controller shall always be deemed to have instructed the Data Processor to carry out the processing actions under the Supply Agreement. In the case of a discrepancy between the Data Controller’s instruction and a legal obligation stipulated for under the Data Protection Legislation, the Data Processor shall be obligated to primarily comply with the legal requirement stipulated for under the Data Protection Legislation, in which case the Data Processor shall inform the Data Controller of this legal requirement, provided such informing is not prohibited under the Data Protection Legislation. 3.3 The Data Processor shall ensure that persons entitled to Process Personal Data on behalf of the Data Processor have undertaken confidentiality obligations or are subject to an appropriate statutory confidentiality obligation, surviving the termination of the Supply Agreement. 3.4 The Data Processor shall ensure that Personal Data is not disclosed to third parties without the prior written consent of the Data Controller, unless the Data Processor is obligated to disclose the information on the basis of mandatory legislation or an authority order. 3.5 To the extent possible and taking into account the nature of the Processing, the Data Processor undertakes to assist the Data Controller by means of appropriate technical and organisational measures to fulfil the Data Controller’s obligation to respond to the data subjects’ requests concerning the exercise of their rights under the Data Protection Legislation. 3.6 The Data Processor agrees, taking into account the nature of the Processing and the information available to the Data Processor, to assist the Data Controller to ensure that the obligations imposed upon same under the Data Protection Legislation are complied with. It is stated for the sake of clarity that the Data Processor shall be obligated to assist the Data Controller only in the scope imposed by the obligations of the Data Protection Legislation or other mandatory legislation. 3.7 The Data Processor shall maintain the requisite records of processing activities and shall make available to the Data Controller all information necessary for the Data Processor in order to evidence compliance with the obligations imposed upon the Data Processor in accordance with the Data Protection Legislation. 3.8 Unless otherwise agreed, the Data Processor shall have the right to charge the costs incurred from the actions described under clauses 3.5 and 3.6 above from the Data Controller.

Rights and obligations of the Data Processor. 3.1 The Data Processor undertakes to comply with the obligations imposed under the Data Protection Legislation as well as good data processing practice in shall 1. perform the Processing of Personal Data. 3.2 The Data Processor shall be obligated to Process the Personal Data saved in the Software in accordance with only on and as per the documented, lawful legitimate and reasonable instructions issued by the Data Controller. It is stated for the sake of clarity that from the Data Controller shall always be deemed unless required to have instructed the Data Processor to carry out the processing actions under the Supply Agreement. In the case of a discrepancy between the Data Controller’s instruction and a legal obligation stipulated for under the Data Protection Legislation, the Data Processor shall be obligated to primarily comply with the legal requirement stipulated for under the Data Protection Legislationdo otherwise by Laws, in which latter case the Data Processor shall inform the Data Controller of this such deviating legal requirementrequirement (provided the Laws do not prohibit such notification). For the avoidance of doubt, provided such informing is not prohibited the Data Controller shall at all times be deemed to have instructed the Data Processor to provide the Service as defined and agreed under the Data Protection Legislation.Main Agreement; 3.3 The Data Processor shall 2. ensure that persons entitled authorised to Process Personal Data on behalf of perform the Data Processor Processing hereunder have undertaken committed themselves to confidentiality obligations or are subject to under an appropriate statutory obligation of confidentiality obligation, surviving as further stated under this DPA; 3. take all security measures required to be taken by data processors under the termination of Laws as further stated under this DPA; 4. respect the Supply Agreement.conditions referred to under Laws for engaging any Sub-Processor as further stated under this DPA; 3.4 The Data Processor shall ensure that Personal Data 5. insofar as this is not disclosed to third parties without the prior written consent of the Data Controller, unless the Data Processor is obligated to disclose the information on the basis of mandatory legislation or an authority order. 3.5 To the extent possible and taking into account the nature of the Processing, the Data Processor undertakes to assist the Data Controller by means of appropriate technical and organisational measures to fulfil for the fulfilment of the Data Controller’s 's obligation to respond to requests for exercising the data subjects’ requests concerning the exercise of their subject's rights laid down in under the Laws; 6. assist the Data Protection Legislation. 3.6 The Controller in ensuring compliance with its legal obligations, such as, data security, data breach notification, data protection assessment and prior consulting obligations, as required of the Data Processor agreesby the Laws, taking into account the nature of the Processing and the information available to the Data Processor, to assist the Data Controller to ensure that the obligations imposed upon same under the Data Protection Legislation are complied with; 7. It is stated for the sake of clarity that the Data Processor shall be obligated to assist the Data Controller only in the scope imposed by the obligations of the Data Protection Legislation or other mandatory legislation. 3.7 The Data Processor shall maintain the requisite necessary records of processing activities and shall make available to the Data Controller all information necessary for the Data Processor in order to evidence demonstrate compliance with the obligations imposed upon of the Data Processor Processor, as laid down in accordance with the Laws, and allow for and contribute to audits, including inspections, conducted by the Data Protection Legislation.Controller or any auditor mandated by the Data Controller as further agreed under this DPA; and 3.8 8. at the Data Controller's instructions, delete or return to the Data Controller all the Personal Data after the end of the provision of the Services relating to Processing, and delete existing copies unless applicable laws require storage of the Personal Data. Deletion and return methods may be further agreed between the Parties; Unless otherwise agreed, the Data Processor shall have the right to charge the invoice any costs incurred resulting from the actions described above assistance under clauses 3.5 and 3.6 5-6 above from in accordance with the Data ControllerProcessor's prevailing price list.