Security of the Processing. The Processor is ISO 27001 certified. For an outline of Processor’s technical and organizational measures, please refer to Processor’s Information Security Policy.
Security of the Processing. 4.1 We shall implement the technical and organizational measures specified at xxxxx://xxx.xxxxxxx.xxx/terms-and-conditions/. To demonstrate adequate levels of protection, We have also obtained third-party certification and audits of Our information security and data privacy management systems , e.g. DIN ISO/IEC 27001:2015 and ISO/IEC 27701:2019. All available certificates can be found at xxxxx://xxx.xxxxxxx.xxx/trust-center/. We reserve the right to update the measures and safeguards implemented, provided, however, that the level of security shall not materially decrease during Your Subscription Term.
4.2 In assessing the appropriate level of security, We shall take into account the state of the art, the costs of implementation, the nature, scope, context and purposes of Processing and the risks involved for the Data Subjects, as well as the likelihood and likely severity of any breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to the Personal Data ("Personal Data Breach").
4.3 Access to the Personal Data by Our personnel shall be strictly limited to those individuals who need such access to implement, manage and monitor the Services. Any personnel authorized to access the Personal Data have committed themselves to confidentiality obligations similar to the confidentiality terms of the Agreement or are under an appropriate statutory obligation of confidentiality.
Security of the Processing. Factorial shall implement and maintain appropriate technical and organisational measures to protect Client Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure, in accordance with the DPA. Such measures shall be appropriate to the harm that could result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the Client Personal Data and appropriate to the nature of the Client Personal Data to be protected. In this sense, Factorial may update the technical and organisational measures, provided that such modifications do not diminish the general level of security. If Factorial becomes aware of and confirms any accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access to your Client Personal Data ("Security Breach") that we process in the course of providing the Platform we will notify you without undue delay and in any event no later than 48 hours.
Security of the Processing. 4.1 We shall implement the technical and organizational measures specified at xxxxx://xxx.xxxxxxx.xxx/terms-and-conditions/. To demonstrate adequate levels of protection, We have also obtained third-party certification and audits of Our information security and data privacy management systems , e.g. DIN ISO/IEC 27001:2015 and ISO/IEC 27701:2019. All available certificates can be found at xxxxx://xxx.xxxxxxx.xxx/trust-center/. We reserve the right to update the measures and safeguards implemented, provided,
Security of the Processing. 5.3.1 Rencore shall take all measures required pursuant to Article 32 GDPR.
5.3.2 The specific measures to be taken by Rencore are set out in Schedule 2 to this DPA.
5.3.3 The technical and organisational measures are subject to technological progress and refinement. Rencore is therefore entitled to take additional or alternative measures to the measures set out in Schedule 2 to this DPA, as long as this does not result in a decrease in the security level of the technical and organisational measures in place at Rencore. Rencore shall document amendments to the measures and provide this documentation to Customer upon the Customer’s request.
5.3.4 Rencore shall notify Customer without undue delay after becoming aware of a personal data breach relating to personal data which is subject to this DPA.
Security of the Processing. (1) The Processor shall take at least the technical and organisational measures listed in Annex 2 to ensure the security of personal data. This includes the protection of the data against a breach of security which, whether accidental or unlawful, results in the destruction, loss, alteration or unauthorised disclosure of or access to the data (hereinafter referred to as "personal data breach"). In assessing the appropriate level of protection, the parties shall take into account the state of the art, the implementation costs the nature, scope, circumstances and purposes of the processing and the risks to the data subjects.
(2) The Processor shall only grant its personnel access to the personal data that are the subject of the processing to the extent necessary for the performance, management and monitoring of the contract. The Processor shall ensure that the persons authorised to process the personal data received have committed themselves to confidentiality or are subject to an appropriate statutory duty of confidentiality.
Security of the Processing. (1) The level of security shall take into account:
(a) that a large amount of special categories of personal data and other categories of personal data can be subject to processing;
(b) that the identity of the whistleblowers and any other information from which the identity of the whistleblowers may be directly or indirectly deduced is confidential,
(c) that information contained in a report can have a high impact on the rights and freedoms of natural persons.
(2) The Data Processor shall hereafter be entitled and under obligation to make decisions about the technical and organizational security measures that are to be applied to create the necessary (and agreed) level of data security.
(3) The Data Processor shall however – in any event and at a minimum – implement the following measures. The Data Processor undertakes to ensure the following technical measures:
(a) that personal data is stored in an encrypted state, in accordance with best practice for data that may contain confidential information. It is at least encrypted to Advanced Encryption Standard (AES) 256 or an equivalent encryption standard;
(b) that communication between the Whistleblower System and the end- users is secured via Secure Sockets Layer (SSL) or takes place via a similarly secured connection that meets applicable requirements;
(c) that personal data stored in the Whistleblower System is segregated, so that the personal data and information contained in the reports and the System cannot be accessed by unauthorized persons;
(d) that access to the Whistleblower System is controlled, and subject to validation in the form of e.g., multi-factor authentication (MFA), and that access identifiers and login times are recorded and stored for up to 30 (thirty) days;
(e) that necessary security measures are in place to prevent and limit the execution of malware or similar code, including through ongoing timely updating of software, hardware and communication systems, code validation, and continuous testing of the hardness and resistance of the Whistleblower System through penetration testing;
(f) that the Data Controller can see if the content of the Whistleblower System has been changed, and in that case, by whom;
(g) that the end-users who have used the Whistleblower System have the opportunity to correct or add information in the System themselves, and that the end-users have the opportunity to withdraw their report;
(h) that the Data Controller can extract the necessary data from the solu...
Security of the Processing. 3.1 In an annex to this DPA (hereinafter referred to as “XXX annex”), the Contractual Partners shall agree on technical and organizational measures to adequately protect the data pursuant to Article 32 of the GDPR (hereinafter referred to as “XXX”), taking into account the state of the art; the costs of implementation; the nature, scope, circumstances and purposes of the processing; and the varying likelihood and severity of threats to the rights and freedoms of natural persons.
3.2 The Processor reserves the right to modify the XXX, but the overall level of protection must not fall below the contractually agreed level. New versions of the XXX annex shall be communicated to the Controller in text form at the Controller’s request.
3.3 The Processor has appointed in writing a data protection officer who performs their activities in accordance with Articles 38 and 39 of the GDPR. The contact details of the data protection officer can be found in the Controller’s privacy policies, which are publicly available. The Controller must be immediately notified of any change of data protection officer.
Security of the Processing. 4.1. We shall implement the technical and organizational measures specified at xxxxx://xxxxx.xxx/technicalorganizational-measures_maesn-3/. We reserve the right to update the measures and safeguards implemented, provided, however, that the level of security shall not materially decrease during Your Subscription Term.
4.2. In assessing the appropriate level of security, We shall take into account the state of the art, the costs of implementation, the nature, scope, context and purposes of Processing and the risks involved for the Data Subjects, as well as the likelihood and likely severity of any breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to the Personal Data ("Personal Data Breach").
4.3. Access to the Personal Data by Our personnel shall be strictly limited to those individuals who need such access to implement, manage and monitor the Services. Any personnel authorized to access the Personal Data have committed themselves to confidentiality obligations similar to the confidentiality terms of the Agreement or are under an appropriate statutory obligation of confidentiality.
Security of the Processing. 5.1 The Beyuna Independent Sales Representative takes the technical and organisational security measures as described in Appendix 2.
5.2 The parties acknowledge that guaranteeing an appropriate level of security can constantly force additional security measures to be taken. Beyuna Independent Sales Representative guarantees a risk-adjusted security level.
5.3 If and insofar as Beyuna expressly requests doing so in writing, the Beyuna Independent Sales Representative will take additional measures with a view to securing the Personal Data.
5.4 The Beyuna Independent Sales Representative does not Processes Personal Data outside of the European Union, unless he has received explicit written permission from Beyuna and subject to deviating legal obligations.
5.5 The Beyuna Independent Sales Representative informs Beyuna without unreasonable delay as soon as he becomes aware of unlawful Processing of Personal Data or infringements of security measures as referred to in the first and second paragraph.