Use of Processors. The Parties agree that all processing agreements shall be in writing and that processors shall be required to comply with the terms of the Agreement and this Amendment. Each Party shall be responsible for any noncompliance by a processor which it has engaged, which noncompliance will constitute a breach as if committed directly by that Party. 12.
Use of Processors. Pfizer and Institution agree that all processing agreements will be in writing and that processors will be required to comply with the terms of the Agreement. For purposes of this Agreement, CRO is a processor of Pfizer. Institution and Pfizer will be responsible for any noncompliance by a processor which it has engaged, which noncompliance will constitute a breach as if committed directly by that Party. 12.
Use of Processors. A Party shall notify the other Party in writing or text form of its intention to appoint a new Processor. If a notified party notifies the appointing party in writing within thirty (30) days of receipt of such notice of reasoned objection to the proposed appointment, the parties shall negotiate in good faith a mutually acceptable alternative solution. If such alternative is not agreed within two (2) months of the objection, either party shall have the right to terminate the Services to the extent that they require the use of the proposed Processor. ANYBILL has taken the following technical and organizational measures
1. Is a security concept in accordance with Art. 32 GDPR in place? yes (please provide) no Recognition of international standards: Certification in accordance with ISO 27001 Certification in accordance with IDW PS 330 Certification in accordance with IDW RS FAIT 1 other:
2. If physical access control measures have been taken to prevent unauthorized persons from physically accessing systems, data processing facilities or -processes? yes no Measures: Access control systems, readers (magnetic/chip card) Key management/documentation of the key issue Securing doors (electric door opening, combination locks, etc.) Erection of fences Security doors/windows Window and door panels Office for internal security, gatekeeper Alarm system or burglar alarm system Video surveillance Special security for server rooms Employee or authorization cards Restricted access areas Registration and accompaniment of visitors
3. Have logical access control measures been implemented to prevent unauthorized access to data processing systems? yes no Measures: Personal and individual login for the use of systems or company networks and additional access IDs if required Password assignment (definition of password requirements in terms of complexity and update intervals) Single sign-on Separate system login for certain applications Automatic closing of programs after a certain time without user activity (also password-protected screen saver or automatic setup of work breaks) Electronic documentation of all passwords and encryption of this documentation to protect against unauthorized access Personalized chip cards etc. Security training and ensuring employee awareness (including training on phishing and social engineering)
4. Have data access control measures been taken to ensure that only authorized persons have access to the data included in their access rights and that these...
Use of Processors. Where one or more Contracting Parties wish to use, for one of the processing activities in Annex A, a third party as a processor (within the meaning of article 4 GDPR) to carry out a processing of personal data on their behalf, they shall consult with the other Contracting Parties being controllers of said processing activity and enter into a processor agreement with the third party in accordance with article 28(3) GDPR and other applicable Data Protection Laws and, if such third party is in a country without an adequate level of data protection, they shall also enter into an agreement reflecting the "Standard Contractual Clauses (processors)" pursuant to the Decision 2010|87|EU (C(2010)593) of the European Commission without the Illustrative Indemnification Clause, or any clauses superseding them under the GDPR, as the case may be (the EU Model Clauses). Individual interpreters and court reporters (but not legal entities) and the Arbitral Tribunal's secretary, if any, are not be considered processors but instead acting instead under the control of the relevant processor (article 29 GDPR). Hence, the provisions of Section 3.6 shall apply to them. The Contracting Parties agree that Matter Data and other personal data related to the processing activities for which they are a controller may be stored with a Cloud or hosting service provider by a Contracting Party with no further consultation of the other Contracting Parties, provided that this occurs otherwise in compliance the above provisions of this Section 4. Data Protection Governance Data Subject and Supervisory Requests Each Contracting Party who, as a controller of a processing activity defined in Annex A, receives a data subject request (including requests for access, correction, deletion or objection) or a request from data protection supervisory shall (a) without delay inform all other Contracting Parties who are also controllers of the processing activity at issue pursuant to Annex A, and (b) in good faith agree with them on how to respond to it, it being agreed that this shall not prevent a Contracting Party from complying the GDPR and other the Data Protection Laws applicable to it. Each Contracting Party who is a controller of the processing activity at issue shall provide the other Contracting Parties who are also controllers of such processing activity any reasonably requested support allowing them to properly respond to such request pursuant to the GDPR and other Data Protection Laws applica...
Use of Processors. The Parties and Sponsor agree that all processing agreements shall be in writing and that processors shall be required to comply with the terms of the Agreement as well as this Appendix. Each Party and Sponsor shall be responsible for any noncompliance by a processor that it has engaged, which noncompliance will constitute a breach as if committed directly by that Party or Sponsor.
Use of Processors. The Parties and Pfizer agree that all processing agreements shall be in writing and that processors shall be required to comply with the terms of the Agreement and this Amendment. Each Party and Pfizer shall be responsible for any noncompliance by a processor which it has engaged/employed, which noncompliance will constitute a breach as if committed directly by that Party or Pfizer.
Use of Processors. (a) The data importer has the controller’s general authorisation for the engagement of Processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub- processors in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the Processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.
(b) Where the data importer engages a Processor to carry out specific processing activities (on behalf of the data exporter), it shall do so by way of a written contract that provides for, in substance, the same data protection obligations as those binding the data importer under these Clauses, including in terms of third-party beneficiary rights for data subjects. The Parties agree that, by complying with this Clause, the data importer fulfils its obligations under Clause 8.8. The data importer shall ensure that the Processor complies with the obligations to which the data importer is subject pursuant to these Clauses.
(c) The data importer shall provide, at the data exporter’s request, a copy of such a sub- processor agreement and any subsequent amendments to the data exporter. To the extent necessary to protect business secrets or other confidential information, including personal data, the data importer may redact the text of the agreement prior to sharing a copy.
(d) The data importer shall remain fully responsible to the data exporter for the performance of the Processor’s obligations under its contract with the data importer. The data importer shall notify the data exporter of any failure by the sub- processor to fulfil its obligations under that contract.
(e) The data importer shall agree a third-party beneficiary clause with the Processor whereby - in the event the data importer has factually disappeared, ceased to exist in law or has become insolvent - the data exporter shall have the right to terminate the Processor contract and to instruct the Processor to erase or return the personal data.
Use of Processors. 10.1. The Parties acknowledge that each Party as a Controller may appoint Processor(s) to process Personal Data on its behalf.
10.2. In accordance with Clause 4, the Sponsor Body and Delivery Authority shall flow down the relevant provisions of this DSA.
Use of Processors. 22.1 The Parties acknowledge that each Party as a Controller may appoint Processor(s) to process Personal Data on its behalf.
22.2 In accordance with paragraph 28, the Delivery Authority shall flow down the relevant provisions of this Schedule to any Data Processor.
Use of Processors. Each party agrees that it shall only appoint a Processor in relation to Controller Personal Data if it considers, after making reasonable enquiries, that the Processor shall provide the level of protection of Controller Personal Data required by the GDPR and this DPA.
