Rights and Obligations of the Processor. 5.1. The Processor shall process the Personal Data in accordance with the Agreement, this DPA and the Data Protection Legislation unless required to do so by Union or Member State law to which the Processor is subject. In that case, the Processor shall inform the Controller of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest or otherwise.
5.2. The Processor shall assist the Controller in ensuring compliance with the obligations pursuant to applicable Data Protection Legislation (in particular articles 32 to 36 of the General Data Protection Regulation when it will apply) taking into account the nature of Processing and the information available to the Processor.
5.3. The Processor shall correct, delete or block the access to the Personal Data on the instruction of the Controller.
5.4. The Processor shall make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in article 28 of the General Data Protection Regulation, and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller. The Processor authorizes the Controller to take any reasonable measures to inspect the Processor’s compliance with applicable Data Protection Legislation as well as his compliance with the Controller’s instructions.
5.5. The Processor shall inform the Controller if he concludes that an instruction of the Controller may violate applicable Data Protection Legislation. In this case, the Processor may interrupt the relevant processing until instructions are confirmed or changed by the responsible person of the Controller.
5.6. If the Processor receives a request for information or any correction, deletion, blocking from the Data Subjects, he shall transfer such request to the Controller and shall support the Controller in the handling thereof. The Parties agree that the Processor can be in direct contact with the Data Subjects to provide technical support.
5.7. The Processor shall promptly inform the Controller in the event of substantial disruption of the Services or infringements of relevant Data Protection Legislation, including any breach of privacy or security in relation to the Processing arising from the Processor and or its employees. In view thereof, the Controller commits to subscribe on the Proxyclick platform (xxxx://xxxxxx.xxxxxxxxxx.xxx) to receive status updates.
5....
Rights and Obligations of the Processor. 6.1 The Data Processor shall only process Personal Data in accordance with the Data Controller’s written instruction as specified herein and shall not use Personal Data except to deliver the Offering and the Services as instructed by the Agreement, unless such processing is required by law to which the Data Processor is subject, in which case the Data Processor shall, to the extent permitted by law, inform the Data Controller of that legal requirement prior to carrying out the applicable processing.
6.2 The Data Processor shall immediately inform the Data Controller if, in the Data Processor’s reasonable opinion, an instruction from the Data Controller infringes the Data Privacy Laws.
6.3 The Data Processor shall not transfer Personal Data outside the European Economic Area (“EEA”) without the prior written consent of the Data Controller and not without procuring provision of adequate safeguards (as defined by the European Commission from time to time);
6.4 In the event that the UK ceases to be a member of the European Union or ceases to be considered by the European Commission to be an adequate country pursuant to Article 45 of GDPR, then the parties agree that Darktrace shall apply the EU Model Clauses as set out at xxx.xxxxxxxxx.xxx/xx/xxxxxxxxx/xxxxx-xxxxxxxx-xxxxx-xxxxxxx.xxx to any relevant transfer of data and such EU Model Clauses shall be deemed incorporated from the date of first transfer.
6.5 The Data Processor shall take reasonable steps to ensure the reliability of its agents and employees who have access to any Personal Data.
Rights and Obligations of the Processor. (1) [Purpose of processing] The Processor shall provide the Controller with the services/process the Data for the purposes described in the Framework CDP.
(2) [Lawfulness of processing] The Processor shall process the Data in accordance with the Legal Provisions, the provisions of this Contract, and the instructions of the Controller. If, due to a Legal Provision, the Processor is prevented from processing the Data in accordance with this Contract and the instructions of the Controller, it shall inform the Controller of this before carrying out the processing, unless it is legally forbidden under Union or Member State Law to inform the Controller on important public interest grounds. The Processor shall not use the Data for any other purpose and shall in particular not be permitted to pass on the Data provided to it to third parties. Copies and duplicates must not be created without the prior consent of the Controller. This excludes backups required to assure proper data processing. In the case of maintenance, remote maintenance and/or IT fault analysis, access to the Data of the Controller shall be prevented as far as possible. If Data access is unavoidable, the Processor must limit Data access to the unavoidable minimum.
(3) [Data protection officer] The Processor provides assurance that it has engaged a competent and reliable data protection officer, who is granted the time required to perform his or her duties. The data protection officer performs the duties in accordance with the Legal Provisions; in particular, he/she takes steps to ensure compliance with the legal and agreed regulations regarding data protection. As far as the engagement of a data protection officer is not required by law and the Processor therefore does not have a data protection officer in place the Processor determines a contact person responsible for the matter of data protection. Detailed information on the contact details of the data protection officer / the responsible contact person is provided in § 8 below.
(4) [Territorial restrictions] The data processing may generally take place in a Member State of the European Union/European Economic Area. The location of processing is (add the location). Changes regarding the processing location and/or the inclusion of further processing locations require the prior agreement of the Controller (in writing or by e-mail). Data processing in third countries (i.e. countries that are not member states of the European Union/European Economic...
Rights and Obligations of the Processor. 1.8.1. The Processor shall process Personal Data only for the specified purposes and keep Personal Data collected for different purposes separately.
1.8.2. The Processor shall process only such Personal Data whose scope and content correspond to the specified purpose and are necessary for its achievement.
1.8.3. The Processor shall ensure that Personal Data are processed only by means corresponding to their purpose.
1.8.4. The Processor is entitled to carry out only the following processing activities with Personal Data:
a. collection, gathering, recording, organization, structuring, storage, retrieval, consultation, alignment or combination, restriction, erasure.
1.8.5. The Processor shall carry out the processing of Personal Data in accordance with legal regulations.
1.8.6. The Processor shall process Personal Data only on the basis of written instructions from the Controller, including with regard to transfers of Personal Data to a third country or an international organization.
1.8.7. The Processor shall take measures under the provisions of Article 32 et seq. of the GDPR, i.e. taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing of Personal Data as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
1.8.8. The Processor may engage another processor (hereinafter the “Sub-processor”) for carrying out the processing of Personal Data on the basis of a general written consent given to the Processor by the Controller by means of this Agreement. The list of Sub-processors as of the date of conclusion of this Agreement is annexed to this Agreement as its integral part. The Processor shall inform the Controller in writing (including via email) of the engagement of another Sub-processor prior to the engagement, if the authorization was carried out on the basis of a general written authorization, and shall identify this Sub-processor. To the extent GDPR applies to the processing of Personal Data under this Agreement, the Controller may reasonably object to such engagement. In case Controller does not send any objection to Processor in writing within ten (10) days from receiving the information, it will be deemed to have agreed to the new Sub-processor. If Controller objects, the Parties agree to negotiate to find a solution t...
Rights and Obligations of the Processor. 3.1 Purpose limitation and authority to issue instructions
Rights and Obligations of the Processor. 3.1 The processor processes data from data subjects within the framework of the contractual relationship only in accordance with the GTC, the PS and the present agreement; unless there is a legally regulated exceptional case.
3.2 The processor ensures that personal data are processed in accordance with data protection regulations, and implements suitable technical and organisational measures to ensure confidentiality, availability and integrity. The processor regularly checks the effectiveness of the technical and organisational measures taken and adjusts them if necessary.
3.3 The processor processes the personal data as long as the contractual relationship between the controller and the processor exists.
3.4 As soon as the processor becomes aware of a breach of data protection, they will take appropriate measures to reduce possible adverse consequences for the persons concerned. The processor informs the controller immediately if their data are affected. In addition, the processor fully complies with the applicable legal provisions with regard to the reporting of data protection breaches.
Rights and Obligations of the Processor. 3.1 The processor processes data from data subjects within the framework of the contractual relationship only in accordance with the GTC, the PS and the present agreement; unless there is a legally regulated exceptional case.
3.2 The processor ensures that personal data are processed in accordance with data protection regulations, and implements suitable technical and organisational measures to ensure confidentiality, availability and integrity. The processor regularly checks the effectiveness of the technical and organisational measures taken and adjusts them if necessary.
3.3 The processor processes the personal data as long as the contractual relationship between the controller and the processor exists. The processor deletes the contractual data if the controller instructs this and the controller cannot do this themselves. Excluded from this are data that are required for further processing due to legal regulations or for compelling internal purposes.
3.4 As soon as the processor becomes aware of a breach of data protection, they will take appropriate measures to reduce possible adverse consequences for the persons concerned. The processor informs the controller immediately if their data are affected. In addition, the processor fully complies with the applicable legal provisions with regard to the reporting of data protection breaches.
Rights and Obligations of the Processor. 5.1 PureCyber will only process the Personal Data to the extent, and in such a manner, as is necessary for the Purpose in accordance with the Customer’s written instructions. PureCyber will not process the Personal Data for any other purpose or in a way that does not comply with this agreement or the Data Protection Legislation. PureCyber must promptly notify Customer if, in its opinion, Customer’s instruction would not comply with the Data Protection Legislation.
5.2 PureCyber must promptly comply with any Customer request or instruction requiring PureCyber to amend, transfer, delete or otherwise process the Personal Data, or to stop, mitigate or remedy any unauthorised processing.
5.3 PureCyber will maintain the confidentiality of all Personal Data and will not disclose Personal Data to third parties unless Customer specifically authorises the disclosure, or as required by law.
5.4 PureCyber will reasonably assist Customer with meeting Customer’s compliance obligations under the Data Protection Legislation, taking into account the nature of PureCyber’s processing and the information available to PureCyber, including in relation to Data Subject rights, data protection impact assessments and reporting to and consulting with the Information Commissioner’s Office under the Data Protection Legislation.
5.5 PureCyber (or any subcontractor) shall not transfer or otherwise process Personal Data outside the UK without obtaining Customer’s prior written consent.
Rights and Obligations of the Processor. 6.1 The Data Processor shall only process Personal Data in accordance with the Data Controller’s written instruction as specified herein and shall not use Personal Data except to deliver the Offering and the Services as instructed by the Agreement, unless such processing is required by law to which the Data Processor is subject, in which case the Data Processor shall, to the extent permitted by law, inform the Data Controller of that legal requirement prior to carrying out the applicable processing.
6.2 The Data Processor shall immediately inform the Data Processor if, in the Data Processor’s reasonable opinion, an instruction from the Data Controller infringes the Data Privacy Laws.
6.3 If Personal data originates in the European Union, the Data Processor shall not transfer Personal Data outside the European Economic Area (“EEA”) without the prior written consent of the Data Controller and not without procuring provision of adequate safeguards (as defined by the European Commission from time to time);
6.4 In the event that the UK ceases to be a member of the European Union or ceases to be considered by the European Commission to be an adequate country pursuant to Article 45 of GDPR, then the parties agree that Darktrace will apply the EU Model Clauses to any relevant transfer of data and the EU Model Clauses will be deemed incorporated from the date of first transfer. Any processing of Personal Data under the EU Model Clauses will reflect the subject matter, purpose and scope of Personal Data processed under this DPA (for the purpose of Appendix 1 of the EU Model Clauses) and be subject to the technical and organisational measures detailed herein (for the purpose of Appendix 2 of the EU Model Clauses).
6.5 The Data Processor shall take reasonable steps to ensure the reliability of its agents and employees who have access to any Personal Data.
Rights and Obligations of the Processor. The Processor declares that it has at its disposal appropriate technical means and organizational measures to an extent that will enable the processing of Personal Data to meet the requirements of the Regulation and ensure the protection of the rights of the Data Subject. Under this Agreement, the Processor undertakes to accept and continually adhere to and monitor all measures necessary to ensure the protection of Personal Data, in particular from unauthorized or incidental access to the Personal Data, Personal Data alteration, destruction or loss, unauthorized transfer, or any other unauthorized processing of such data, as well as any other misuse of Personal Data. A list of these measures is provided in Annex No. 1 (Technical and Organizational Security of Personal Data) to this Agreement. The Processor will not engage any other processor in data processing without the Controller’s previous written consent. The Processor processes Personal Data only according to documented instructions from the Controller. The processor will follow the instructions of the Controller in the field of Personal Data transfer to third countries or international organizations, unless such processing is already required by the law of the European Union or an EU Member State applicable to the Controller; in such case, the Processor will inform the Controller of this legal requirement prior to processing, unless the legal regulations prohibit such information for important reasons of public interest. If the Controller’s instructions are in conflict with the relevant provisions of the Regulation or other legal regulations, the Processor must notify the Controller thereof and not to proceed with such instructions. If the Processor violates this obligation, the Processor is liable to the Controller for any damage that arises. The Processor agrees to immediately inform the Controller if the Processor receives a request for the exercise of the rights of a Data Subject. The Processor also agrees to provide the Controller with required cooperation when processing the request for the exercise of the rights of a Data Subject. The Processor must not combine any Personal Data processed under this Agreement with any other Personal Data acquired or processed for any other purpose. The Processor is required to respect the data subject’s right to the protection of their private and personal life and to the protection against unauthorized interference with the private and personal lives of the ...
