The Data Processors Obligations. 3.1 The Data Processor may only process the personal data transferred by the Data Controller in accordance with the Data Controllers instructions and is also obliged to comply with the personal data law currently in force. The Data Processor must take the necessary technical and organizational security measures, including additional measures that might be necessary preventing that the per- xxxxx data listed in paragraph 1.2 accidentally or illegally are destroyed, lost or deterio- rated and preventing that the personal data is known to unauthorized persons, exploited or is processed in violation of the Personal Data Legislation. The Data Processor is thus obliged to - introduce log-in and password procedures and set up and maintain a firewall and anti- virus software; - ensure that only employees with employment related purposes have access to the personal data; - ensure that the employees involved in processing personal data have committed them- selves to confidentiality or are subject to statutory professional secrecy; - store data storage media properly so that they are not available to third parties; - ensure that buildings and systems used for data processing are safe and that only high- quality hardware and software are being used, which is continuously being updated; - ensure that samples and waste material are destroyed in accordance with the require- ments for data protection complying further instructions from the Data Controller. In special cases, as determined by the Data Controller, said samples and waste material must be stored or returned; - ensure that employees receive appropriate training, adequate instructions and guide- lines for processing personal data. The Data Processor is committed to ensuring that the employees involved in the processing of personal data are familiar with the safety requirements.
3.2 If the Data Processor processes personal data in another EU/EEA member country, the Data Processor must comply with the legislation on security measures in that member country. As stated in Annex EU Standard Contractual Clauses.
3.3 The Data Processor is required to immediately inform the Data Controller of operational malfunctions, suspected breach of data protection rules or other irregularities relating to the processing of personal data. In case of security breach, the Data Processor must notify the Data Controller immediately and no later than 72 hours after the security breach has been discovered. The Data Processor must, at the...
The Data Processors Obligations. 4.1 As set out above in Clause 3, the Data Processor shall only process the Personal Data to the extent and in such a manner as is necessary for the purposes of the Services and not for any other purpose. All instructions given by the Data Controller to the Data Processor shall be made in writing and shall at all times be in compliance with the Data Protection Legislation. The Data Processor shall act only on such written instructions from the Data Controller unless the Data Processor is required by domestic law to do otherwise (as per Article 29 of the UK GDPR) (in which case, the Data Processor shall inform the Data Controller of the legal requirement in question before processing the Personal Data for that purpose unless prohibited from doing so by law).
4.2 The Data Processor shall not process the Personal Data in any manner which does not comply with the provisions of this Agreement or with the Data Protection Legislation. The Data Processor must inform the Data Controller promptly if, in its opinion, any instructions given by the Data Controller do not comply with the Data Protection Legislation.
4.3 The Data Processor shall promptly comply with any written request from the Data Controller requiring the Data Processor to amend, transfer, delete (or otherwise dispose of), or to otherwise process the Personal Data.
4.4 The Data Processor shall promptly comply with any written request from the Data Controller requiring the Data Processor to stop, mitigate, or remedy any unauthorised processing involving the Personal Data.
4.5 The Data Processor shall provide all reasonable assistance to the Data Controller in complying with its obligations under the Data Protection Legislation including, but not limited to, the protection of Data Subjects’ rights, the security of processing, the notification of Personal Data Breaches, the conduct of data protection impact assessments, and in dealings with the Information Commissioner (including, but not limited to, consultations with the Information Commissioner where a data protection impact assessment indicates that there is a high risk which cannot be mitigated).
4.6 For the purposes of sub-Clause 4.5, “all reasonable assistance” shall take account of the nature of the processing carried out by the Data Processor and the information available to the Data Processor.
4.7 In the event that the Data Processor becomes aware of any changes to the Data Protection Legislation that may, in its reasonable interpretation, adver...
The Data Processors Obligations. 2.1 How the personal data is to be processed.
2.1.1 Processing in accordance with the law The Data Processor is responsible for ensuring that all Processing of Personal data is carried out in accordance with the Data Processor Agreement the Data Processor entered with the Data Controller. The Data Processor Agreement regulates, amongst other things but not exclusively, what Personal data is to be processed by the Data Processor, the object of the Processing, the duration, extent, nature and purpose of the Processing, the type of Personal data and categories of data subjects, the obligations and rights of the Data Controller and the Data Processor, as well as the scope of the protective measures and other IT and security-related obligations. The Data Processor shall provide all data that may be needed for the Sub-Processor to be able to meet its contractual obligations towards the Data Processor.
2.1.2 Provision of information and documentation The Data Processor is responsible for providing the Sub-Processor with documented instructions, which shall describe the scope of the assignment in more detail, insofar as these instructions are consistent with the requirements of GDPR and allowing for flexibility in the execution of the Sub- Processors duties in accordance with the Agreement. The Data Processor guarantees that no part of the Data Processor’s instructions in the Agreement to the Sub-Processor conflict with the Data Processing Agreement the Data Processor entered with the Data Controller. The instructions of the Data Processor shall specify, amongst other things but not exclusively, how the Sub-Processor is to process Personal data, what categories of Personal data are covered by the assignment, and what level of protection shall apply to the Personal data.
The Data Processors Obligations. 2.1. Technical and organizational security measures
The Data Processors Obligations. 3.1 The Data Processor shall implement Appropriate Technical and Organizational Measures to ensure a level of security appropriate to the risk for the rights and freedoms of natural persons and to prevent that the Personal Data processed is: (i) Accidentally or unlawfully destroyed, lost or altered, (ii) Disclosed or made available without authorization, or (iii) Otherwise processed in violation of Data Protection Legislation.
The Data Processors Obligations. 4.1 The Data Processor shall act in accordance with the Shipping Company’s instructions and only to the extent necessary for the Data Processor to fulfil its obligations pursuant to the Main Contract and the Data Processing Agreement.
4.2 The Data Processor shall not be required to answer requests from the Data Subjects regarding access, rectification, blocking or deletion, but shall assist the Shipping Com- pany to comply with the Shipping Company’s obligations pursuant to applicable legal requirements, cf. Clause 3.2 and 3.3 above. This obligation applies only to the Shipping Company’s reasonable requests and only to extent that the Shipping Company cannot fulfil its obligations without the Data Processor’s assistance. The Data Processor is enti- tled to receive reasonable compensation for its efforts under this provision.
4.3 Furthermore, the Data Processor shall:
a) Notify the Shipping Company of requests from the Data Subjects to the extent that these concern the Data Subjects’ individual rights regarding access, rectifi- cation, blocking and deletion.
b) Notify the Shipping Company of possible personal data security breaches with regard to Personal Data, cf. Article 33(2) of the Data Protection Regulation.
c) Notify the Shipping Company of inquiries from the Danish Data Protection Agency to the Data Processor, if the inquiries concern processing activities covered by the Main Contract and the Data Processing Agreement.
d) Notify the Shipping Company if the Data Processor considers that the instruction from the Shipping Company constitutes a breach of the legal requirements appli- cable to the data processing.
The Data Processors Obligations. 4.1 The Data Processor undertakes to only process Personal Data to the extent necessary to fulfil its obligations under the Assignment, and only in accordance with documented instructions communicated from time to time provided by the Data Controller. The Data Processor may never process any Personal Data for any other purpose than those instructed by the Data Controller.
4.2 The Data Processor is entitled to refuse further processing of Personal Data on behalf of the Data Controller if the Data Processor regards that such continued data processing would be in violation of Data Privacy Laws. The change in the Data Processor’s performance of its obligations under the Agreement as such refusal would mean, shall not give the Data Controller the right to claim deficiency in the Data Processor’s performance under the Agreement.
4.3 The Data Processor undertakes to take all actions and to assist the Data Controller in ensuring that the obligations under Articles 32-36 of the General Data Protection Regulation are complied with.
4.4 The Data Processor undertakes to comply with the Data Privacy Laws. The Data Processor also undertakes to cooperate with the Supervisory Authority when it exercises supervision regarding the processing of Personal Data.
The Data Processors Obligations. 4.1 The Data Processor undertakes to secure that all processing of personal data is made in accordance with the purposes of this agreement, the GDPR, the Swedish supplementary data protection act and other applicable laws and regulations and industry standards. The Data Processor undertakes to keep itself informed about the data protection legislation and amendments therein.
4.2 The Data Processor, and the person/s working for the Data Processor, may only process personal data in accordance with the instructions which from time to time are provided by the Data Controller, including with regard to transfers of personal data to a third country or an international organization, unless required to do so by Union or Member State law to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
4.3 Instruction for the Data Processor’s processing of the personal data is attached as Appendix 1 to this agreement. The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction is vague, erroneous, illegal or is missing and await new instructions.
4.4 In case a registered person, the Data Protection Authority (Sw. Datainspektionen) or another third-party requests information from the Data Processor, which concerns the processing of personal data according to this agreement, the Data Processor shall refer the request to the Data Controller. The Data Processor may thus not submit personal data or other information on the processing of personal data without the express approval of the Data Controller.
4.5 The Data Processor shall support the Data Controller in providing information which has been requested by the Data Protection Authority or by a registered person in order for the Data Controller to be able to fulfil its obligation to answer a request regarding the performance of the data subject’s rights in accordance with chapter III of the GDPR.
4.6 The Data Processor shall without delay inform the Data Controller about possible contacts from the Data Protection Authority, which concern or may be of importance for the processing of personal data. The Data Processor is not entitled to represent the Data Controller or act on behalf of the Data Controller towards the Data Protection Authority or other third party.
4.7 The Data Processor shall assist the Data Contr...
The Data Processors Obligations. 4.1 The FSP commits itself to process Personal Information only on behalf of the ICRC and pursuant to its instructions as well as the ICRC RPDP – which the FSP acknowledges to have read and understood – as well as in Clause 6 of the present DPA regarding Security Measures. In particular, the FSP will process Personal Data in such a way as to minimise, by means of suitable preventive Security Measures, the risk of accidental or unlawful destruction, loss, alteration unauthorised disclosure or access, or Processing operations that are either unlawful or inconsistent with the purposes for which the data have been collected.
The Data Processors Obligations. 4.1 The FSP commits itself to process Personal Information only on behalf of the IFRC and pursuant to its instructions as well as the IFRC Data Protection Policy – which the FSP acknowledges to have read and understood – as well as in Clause 6 of the present DPA regarding Security Measures. In particular, the FSP will process Personal Data in such a way as to minimize, by means of suitable preventive Security Measures, the risk of accidental or unlawful destruction, loss, alteration unauthorized disclosure or access, or Processing operations that are either unlawful or inconsistent with the purposes for which the data have been collected.
4.2 The FSP shall notify the IFRC within 24 hours after becoming aware of a Personal Data Breach.
4.3 The FSP shall cooperate with the IFRC to enable the latter to guarantee to every Data Subject or his/her authorized agents the possibility to exercise the rights granted to him/her by the IFRC Data Protection Policy. The FSP acknowledges that Data Subject rights shall be exercised only through the IFRC. Therefore, the FSP undertakes to immediately notify to the IFRC about any request that Data Subjects, or their delegates, may address directly to the FSP, and will not respond to any such request or take any other related action.
4.4 The FSP must promptly inform the IFRC about every inquiry, action, investigation, inspection by judicial/administrative authorities affecting directly or indirectly the Personal Data the FSP processes on behalf of the IFRC. Should such notification be prohibited, the FSP shall notify the relevant authorities of the fact that the investigation affects information covered by the privileges and immunities of an International Organization [and that, to the extent that the FSP is processing Personal Data on behalf of an International Organization, the FSP’s employees in charge of the Processing are agents of the International Organization and therefore, are covered by immunity. On this basis, the FSP must notify the IFRC nonetheless].
4.5 [Must confirm the provisions of any applicable status agreement and update this clause as necessary] Should judicial/administrative authorities ask, whether informally or by legal process, the FSP to disclose the Personal Data entrusted by the IFRC to the FSP, the FSP shall oppose such disclosure on the basis of IFRC’s privileges and immunities that cover all the FSP’s assets, documents, Personal Data and possessions, regardless of the fact that they are held by a...
