The Data Processors Obligations Sample Clauses

The Data Processors Obligations. 3.1 The Data Processor may only process the personal data transferred by the Data Con- troller in accordance with the Data Controllers instructions and is also obliged to comply with the personal data law currently in force. The Data Processor must take the necessary technical and organizational security measures, including additional measures that might be necessary preventing that the personal data listed in paragraph 1.2 accidentally or illegally are destroyed, lost or deteriorated and preventing that the personal data is known to unauthorized persons, exploited or is processed in violation of the Personal Data Legislation. The Data Processor is thus obliged to - introduce log-in and password procedures and set up and maintain a firewall and anti-virus software; - ensure that only employees with employment related purposes have access to the personal data; - ensure that the employees involved in processing personal data have committed themselves to confidentiality or are subject to statutory professional secrecy; - store data storage media properly so that they are not available to third parties; - ensure that buildings and systems used for data processing are safe and that only high-quality hardware and software are being used, which is continuously being updated; - ensure that samples and waste material are destroyed in accordance with the requirements for data protection complying further instructions from the Data Controller. In special cases, as determined by the Data Controller, said samples and waste material must be stored or returned; - ensure that employees receive appropriate training, adequate instructions and guidelines for processing personal data. The Data Processor is committed to en- suring that the employees involved in the processing of personal data are familiar with the safety requirements. 3.2 If the Data Processor processes personal data in another EU/EEA member country, the Data Processor must comply with the legislation on security measures in that member country. 3.3 The Data Processor is required to immediately inform the Data Controller of opera- tional malfunctions, suspected breach of data protection rules or other irregularities relating to the processing of personal data. In case of security breach, the Data Pro- cessor must notify the Data Controller immediately and no later than 72 hours after the security breach has been discovered. The Data Processor must, at the request of the Data Controller, assist the Data Control...
Sample 1
AutoNDA by SimpleDocs
The Data Processors Obligations. 2.1. Technical and organizational security measures
Sample 1
The Data Processors Obligations. 4.1 The FSP commits itself to process Personal Information only on behalf of the ICRC and pursuant to its instructions as well as the ICRC RPDP – which the FSP acknowledges to have read and understood – as well as in Clause 6 of the present DPA regarding Security Measures. In particular, the FSP will process Personal Data in such a way as to minimise, by means of suitable preventive Security Measures, the risk of accidental or unlawful destruction, loss, alteration unauthorised disclosure or access, or Processing operations that are either unlawful or inconsistent with the purposes for which the data have been collected.
Sample 1
The Data Processors Obligations. The Processor must ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Processor shall take full responsibility in the event there is a breach of said confidentiality obligation. The Processor shall implement appropriate technical and organizational measures to prevent that the Personal Data processed is: accidentally or unlawfully destroyed, lost or altered; disclosed or made available without authorization; or otherwise processed in violation of Applicable Law. The Processor must also comply with the special data security requirements of Annex 1. The appropriate technical and organizational security measures must be determined with due regard for: the current state of the art; the cost of their implementation; and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Processor shall upon request provide the Controller with sufficient information to enable the Controller to ensure that the Processor's obligations under this Data Processing Agreement are complied with, including ensuring that the appropriate technical and organizational security measures have been implemented. The relationship of the Parties and the nature of the Study outlined in the Agreement are such that the Controller has no access to the identity of the Study Subjects. Therefore, the Controller needs to rely on the Processor in order to be able, by means of appropriate technical and organizational measures, toto fulfil the obligation imposed to the Controller under Applicable Law. The Processor shall therefore respond to requests from Data Subjects pursuant to Applicable Law (such as, the right of access, the right to rectification, the right to erasure, the right to restrict the processing, the right to data portability and the right to object). The Controller is entitled to appoint at its own cost an independent expert, reasonably acceptable to the Processor, who shall have access to the Processor's data processing facilities and receive the necessary information for the sole purpose of auditing whether the Processor has implemented and maintained said technical and organizational security measures. The expert shall upon the Processor's request sign a non-disclosure agreement provided by the Processor, and treat all information obtained or received from...
Sample 1
The Data Processors Obligations. 4.1. As set out above in Clause 3, the Data Processor shall only process the Personal Data to the extent and in such a manner as is necessary for the purposes of the Services and not for any other purpose. All instructions given by the Data Controller to the Data Processor shall be made in writing and shall at all times be in compliance with the Data Protection Legislation. The Data Processor shall act only on such written instructions from the Data Controller unless the Data Processor is required by domestic law to do otherwise (as per Article 29 of the UK GDPR) (in which case, the Data Processor shall inform the Data Controller of the legal requirement in question before processing the Personal Data for that purpose unless prohibited from doing so by law). 4.2. The Data Processor shall not process the Personal Data in any manner which does not comply with the provisions of this Agreement or with the Data Protection Legislation. 4.3. The Data Processor shall promptly comply with any written request from the Data Controller requiring the Data Processor to amend, transfer, delete (or otherwise dispose of), or to otherwise process the Personal Data. 4.4. The Data Processor shall promptly comply with any written request from the Data Controller requiring the Data Processor to stop, mitigate, or remedy any unauthorised processing involving the Personal Data. 4.5. The Data Processor shall provide all reasonable assistance at the Data Controller’s cost to the Data Controller in complying with its obligations under the Data Protection Legislation including, but not limited to, the protection of Data Subjects’ rights, the security of processing, the notification of Personal Data Breaches, the conduct of data protection impact assessments, and in dealings with the Information Commissioner (including, but not limited to, consultations with the Information Commissioner where a data protection impact assessment indicates that there is a high risk which cannot be mitigated). 4.6. For the purposes of sub-Clause 4.5, “all reasonable assistance” shall take account of the nature of the processing carried out by the Data Processor and the information available to the Data Processor. 4.7. In the event that the Data Processor becomes aware of any changes to the Data Protection Legislation that may, in its reasonable interpretation, adversely impact its performance of the Services and the processing of the Personal Data under this Agreement, the Data Processor shall inform the...
Sample 1
The Data Processors Obligations. 3.1 The Data Processor shall implement Appropriate Technical and Organizational Measures to ensure a level of security appropriate to the risk for the rights and freedoms of natural persons and to prevent that the Personal Data processed is: (i) Accidentally or unlawfully destroyed, lost or altered, (ii) Disclosed or made available without authorization, or (iii) Otherwise processed in violation of Data Protection Legislation.
Sample 1
The Data Processors Obligations. When processing personal data on behalf of the Controller, The Data Processor shall follow the routines and instructions stipulated by the Controller at any given time. The Data Processor is obliged to give the Controller access to his written technical and organizational security measures and to provide assistance so that the Controller can fulfill his responsibilities pursuant to the Act and the Regulations. Unless otherwise agreed or pursuant to statutory regulations, The Data Processor is entitled to access all personal data being processed on behalf of the Controller and the systems used for this purpose. The Data Processor shall provide the necessary assistance for this. The Data Processor must observe professional secrecy in regard to the documentation and personal data to which he has access in accordance with this Agreement. This provision also applies after the Agreement has been discontinued.
Sample 1
AutoNDA by SimpleDocs
The Data Processors Obligations. 4.1 The FSP commits itself to process Personal Information only on behalf of the IFRC and pursuant to its instructions as well as the IFRC Data Protection Policy – which the FSP acknowledges to have read and understood – as well as in Clause 6 of the present DPA regarding Security Measures. In particular, the FSP will process Personal Data in such a way as to minimize, by means of suitable preventive Security Measures, the risk of accidental or unlawful destruction, loss, alteration unauthorized disclosure or access, or Processing operations that are either unlawful or inconsistent with the purposes for which the data have been collected. 4.2 The FSP shall notify the IFRC within 24 hours after becoming aware of a Personal Data Breach. 4.3 The FSP shall cooperate with the IFRC to enable the latter to guarantee to every Data Subject or his/her authorized agents the possibility to exercise the rights granted to him/her by the IFRC Data Protection Policy. The FSP acknowledges that Data Subject rights shall be exercised only through the IFRC. Therefore, the FSP undertakes to immediately notify to the IFRC about any request that Data Subjects, or their delegates, may address directly to the FSP, and will not respond to any such request or take any other related action. 4.4 The FSP must promptly inform the IFRC about every inquiry, action, investigation, inspection by judicial/administrative authorities affecting directly or indirectly the Personal Data the FSP processes on behalf of the IFRC. Should such notification be prohibited, the FSP shall notify the relevant authorities of the fact that the investigation affects information covered by the privileges and immunities of an International Organization [and that, to the extent that the FSP is processing Personal Data on behalf of an International Organization, the FSP’s employees in charge of the Processing are agents of the International Organization and therefore, are covered by immunity. On this basis, the FSP must notify the IFRC nonetheless]. 4.5 [Must confirm the provisions of any applicable status agreement and update this clause as necessary] Should judicial/administrative authorities ask, whether informally or by legal process, the FSP to disclose the Personal Data entrusted by the IFRC to the FSP, the FSP shall oppose such disclosure on the basis of IFRC’s privileges and immunities that cover all the FSP’s assets, documents, Personal Data and possessions, regardless of the fact that they are held by a...
Sample 1
The Data Processors Obligations. 4.1 The Data Processor undertakes to only process Personal Data to the extent necessary to fulfil its obligations under the Assignment, and only in accordance with documented instructions communicated from time to time provided by the Data Controller. The Data Processor may never process any Personal Data for any other purpose than those instructed by the Data Controller. 4.2 The Data Processor is entitled to refuse further processing of Personal Data on behalf of the Data Controller if the Data Processor regards that such continued data processing would be in violation of Data Privacy Laws. The change in the Data Processor’s performance of its obligations under the Agreement as such refusal would mean, shall not give the Data Controller the right to claim deficiency in the Data Processor’s performance under the Agreement. 4.3 The Data Processor undertakes to take all actions and to assist the Data Controller in ensuring that the obligations under Articles 32-36 of the General Data Protection Regulation are complied with. 4.4 The Data Processor undertakes to comply with the Data Privacy Laws. The Data Processor also undertakes to cooperate with the Supervisory Authority when it exercises supervision regarding the processing of Personal Data.
Sample 1
The Data Processors Obligations. 2.1 How the personal data is to be processed. 2.1.1 Processing in accordance with the law The Data Processor is responsible for ensuring that all Processing of Personal data is carried out in accordance with the Data Processor Agreement the Data Processor entered with the Data Controller. The Data Processor Agreement regulates, amongst other things but not exclusively, what Personal data is to be processed by the Data Processor, the object of the Processing, the duration, extent, nature and purpose of the Processing, the type of Personal data and categories of data subjects, the obligations and rights of the Data Controller and the Data Processor, as well as the scope of the protective measures and other IT and security-related obligations. The Data Processor shall provide all data that may be needed for the Sub-Processor to be able to meet its contractual obligations towards the Data Processor. 2.1.2 Provision of information and documentation The Data Processor is responsible for providing the Sub-Processor with documented instructions, which shall describe the scope of the assignment in more detail, insofar as these instructions are consistent with the requirements of GDPR and allowing for flexibility in the execution of the Sub- Processors duties in accordance with the Agreement. The Data Processor guarantees that no part of the Data Processor’s instructions in the Agreement to the Sub-Processor conflict with the Data Processing Agreement the Data Processor entered with the Data Controller. The instructions of the Data Processor shall specify, amongst other things but not exclusively, how the Sub-Processor is to process Personal data, what categories of Personal data are covered by the assignment, and what level of protection shall apply to the Personal data.
Sample 1
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!