Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor). 2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification of the data controller. 3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sors. The data processor shall inform the data controller of any intended changes concerning the addi- tion or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B. 4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR. 5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreement, shall not require submission to the data controller. 6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data. 7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 9 contracts
Samples: Data Processor Agreement, Data Processor Agreement, Data Processor Agreement
Use of sub-processors. 1. The data processor Data Processor shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) GDPR , of the General Data Protection Regulation in order to engage another processor (a sub-processorSub- Processor).
2. The data processor Data Processor shall therefore not engage another processor (subSub-processorProcessor) for the fulfilment of the Clauses this Data Processing Agreement without the prior specific or general notification written consent of the data controllerData Controller.
3. The data processor has In the data controller’s event of general authorisation for written consent, the engagement of sub-proces- sors. The data processor Data Processor shall inform the data controller Data Control- ler of any intended planned changes concerning the addi- tion with regard to additions to or replacement of sub-processors at least 14 days in advance, other data pro- cessors and thereby giving give the data controller Data Controller the opportunity to object to such changes prior changes.
4. The Data Controller’s requirements for the Data Processor’s engagement of other sub-pro- cessors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can processors, if applicable, shall be provided specified in Appendix B. The list of sub-processors already authorised by B to this Data Processing Agreement.
6. When the data controller can be found in Appendix B.
4. Where Data Processor has the data processor engages Data Controller’s authorisation to use a sub-processor for carrying out specific processing activities on behalf of processor, the data controller, Data Processor shall ensure that the Sub-Processor is subject to the same data protection pro- tection obligations as set out those specified in this Data Processing Agreement on the Clauses shall be imposed on that sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPRGeneral Data Protection Regulation.
57. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controllerData Controller’s request – be submitted to the data controller, Data Controller who will thereby giving have the data controller the opportunity op- portunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Pro- cessor and the Sub-Processor. Commercial terms and conditions, such as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues pricing, that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require re- quire submission to the data controllerData Controller.
68. The data processor Data Processor shall agree a third-party beneficiary clause in his agreement with the subSub-processor where – Processor include the Data Control- ler as a third party in the event of the bankruptcy of the data processor – Data Processor to enable the data controller shall be a thirdData Controller to assume the Data Processor’s rights and invoke these as regards the Sub-party beneficiary to Pro- cessor, e.g. so that the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller Data Controller is able to instruct the subSub-processor Processor to delete perform the erasure or return the personal of data.
79. If the subSub-processor Processor does not fulfil his data protection obligations, the data processor Data Processor shall remain fully liable to the data controller Data Controller as regards the fulfilment of the obligations of the Sub-Processor. 8 Transfer of data to third countries or international organisations
1. The Data Processor shall solely be permitted to process personal data on documented instructions from the Data Controller, including as regards transfer (assignment, disclo- sure and internal use) of personal data to third countries or international organisations, unless processing is required under EU or Member State law to which the Data Processor is subject; in such a case, the Data Processor shall inform the Data Controller of that legal requirement prior to processing unless that law prohibits such information on important grounds of public interest, cf. Article 28, sub-processorsection 3, para a.
2. This does not affect Without the rights instructions or approval of the Data Controller, the Data Processor therefore cannot – within the framework of this Data Processing Agreement:
a. disclose personal data subjects under to a data controller in a third country or in an international organisation
b. assign the GDPR – processing of personal data to a sub-processor in particular those foreseen in Articles 79 and 82 GDPR – against a third country
c. have the data controller and processed in another of the Data Processor’s divisions which is lo- cated in a third country
3. The Data Controller’s instructions or approval of the transfer of personal data processorto a third country, including the sub-processorif applicable, shall be set out in Appendix C to this Data Processing Agreement.
Appears in 4 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days two (2) weeks in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
43. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
54. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
65. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 3 contracts
Samples: Standard Contractual Clauses, Standard Contractual Clauses, Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 3 contracts
Samples: GDPR Contract Standard Contractual Clauses, GDPR Contract Standard Contractual Clauses, GDPR Contract Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 7 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.*.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 2 contracts
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR and UK GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity oppor- tunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-sub- processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses Clauses, the GDPR and the UK GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses Clauses, the GDPR and the UK GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged en- gaged by the data processor, e.g., e.g. enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR and UK GDPR – in particular those foreseen in Articles 79 and 82 GDPR and UK GDPR – against the data controller and the data processor, including the sub-processorproces- sor.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorization of the data controller.
3. The data processor has the data controller’s general authorisation authorization for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended in- tended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 2 months in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised authorized by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement imple- ment appropriate technical and organisational organizational measures in such a manner that the processing pro- cessing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorssub- processors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-sub- processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR.
5. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
56. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
67. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-sub- processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 2 contracts
Samples: Data Protection Agreement, Data Protection Agreement
Use of sub-processors. 1. 17.1 The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. 17.2 The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification specific written authorisation of the data controller.
3. 17.3 The data processor has shall engage sub-processors solely with the specific prior authorisation of the data controller’s general authorisation for the engagement of sub-proces- sors. The data processor shall inform submit the data controller of any intended changes concerning the addi- tion or replacement of sub-processors at least 14 request for specific authorisation 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s)processor, either by sending an email to the Notification Email Address or via the Admin Console. Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
417.4 The Customer may object to any new sub-processor by terminating the applicable Agreement immediately upon written notice to IRIS Connect, on condition that the Customer provides such notice within 90 days of being informed of the engagement of the Sub-processor as described in Section 19.7 (Termination of this Agreement by the Customer). This termination right is the Customer’s sole and exclusive remedy if the Customer objects to any new Sub-processor.
17.5 Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU law or Member State relevant state law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. .
17.6 The data processor shall therefore be responsible for requiring that that:
17.6.1 the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. 17.6.2 the sub-processor only accesses and uses Customer Data to the extent required to perform the obligations subcontracted to it
17.7 A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. 17.8 The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 2 contracts
Samples: Organisation Administrator & Data Processing Agreement, Organisation Administrator & Data Processing Agreement
Use of sub-processors. 1
7.1 The Data Processor has the Data Controller’s general consent for the engagement of sub- processors. The Data Processor shall, however, inform the Data Controller of any planned changes with regard to additions to or replacement of other data processors. The Data Controller shall on commencement of this Data Processing Agreement approve the engagement of sub-processors. More information about the Sub-Processors used by the Data Processor, including the complete list, can be found on the Legal section of the Website (xxxxx://xxx.xxxxxxxxxxxxx.xxx/index.php/contractpedia-legal/data-sub-processors/) where the document is also available as a downloadable PDF file. As our business grows, the sub- processors we engage may also change. If we start engaging new sub-processors or stop engaging others, the list of approved sub-processors will be updated accordingly.
7.2 The Data Controller shall on the commencement of this Data Processing Agreement specifically approve the use of the sub-processors for the processing described for that party. The Data Processor shall not be entitled – without the Data Controller’s explicit written consent – to engage a sub-processor for ‘different’ processing than the one that has been agreed or have another sub-processor perform the described processing.
7.3 The Data Processor shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) GDPR , of the General Data Protection Regulation in order to engage another processor (a subSub-processorProcessor).
2. 7.4 The data processor Data Processor shall therefore not engage another processor (subSub-processorProcessor) for the fulfilment of this Data Processing Agreement without first informing the Clauses without the prior general notification of the data controllerData Controller.
3. The data processor 7.5 When the Data Processor has the data controllerData Controller’s general authorisation for the engagement of sub-proces- sors. The data processor shall inform the data controller of any intended changes concerning the addi- tion or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages use a sub-processor for carrying out specific processing activities on behalf of processor, the data controller, Data Processor shall ensure that the Sub-Processor is subject to the same data protection obligations as set out those specified in this Data Processing Agreement on the Clauses shall be imposed on that sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Clauses and the GDPRGeneral Data Protection Regulation. The data processor Data Processor shall therefore be responsible – on the basis of a sub-processor agreement – for requiring that the sub-processor at least complies comply with the obligations to which the data processor Data Processor is subject pursuant to the Clauses requirements of the General Data Protection Regulation and the GDPRthis Data Processing Agreement and its associated Appendices.
5. 7.6 A copy of such a sub-processor agreement and subsequent amendments shall – at the data controllerData Controller’s request – be submitted to the data controller, Data Controller who will thereby giving the data controller have the opportunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Processor and the Sub-Processor. Commercial terms and conditions, such as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues pricing, that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controllerData Controller.
6. 7.7 The data processor Data Processor shall agree a third-party beneficiary clause in his agreement with the subSub-processor where – Processor include the Data Controller as a third party in the event of the bankruptcy of the data processor – Data Processor to enable the data controller shall be a third-party beneficiary Data Controller to assume the sub-processor agreement Data Processor’s rights and shall have invoke these as regards the right to enforce Sub- Processor, e.g. so that the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller Data Controller is able to instruct the subSub-processor Processor to delete perform the erasure or return the personal of data.
7. 7.8 If the subSub-processor Processor does not fulfil his data protection obligations, the data processor Data Processor shall remain fully liable to the data controller Data Controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processorSub- Processor.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Use of sub-processors. 1. 7.1 The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. 7.2 The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. 7.3 The data processor has the data controller’s general authorisation for the engagement of sub-proces- sors. The data processor shall inform in writing the data controller of any intended changes concerning concer- ning the addi- tion addition or replacement of sub-processors at least 14 days two (2) weeks in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned con- cerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. 7.4 Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational organisa- tional measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies com- plies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. 7.5 A copy of such a sub-processor agreement and subsequent amendments shall – at the data controllercontrol- ler’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-sub- processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. 7.6 The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor proces- sor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 2 contracts
Samples: Reporting Employee Share Scheme, Employee Share Scheme Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.where
Appears in 2 contracts
Samples: Standard Contractual Clauses, Standard Contractual Clauses
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform the data controller in writing of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods The data processor will notify the data controller via the data processor’s platform.
3. If the data controller does not approve of prior notice for specific a new sub-processing services can be provided processor, then the data controller may terminate its agreement with the data processor by providing, before the end of the relevant notice period, written notice of termination. The data controller may also include an explanation of the grounds for non-approval together with the termination notice, in Appendix B. order to permit the data processor to re-evaluate any such a new sub-processor based on the applicable concerns.
4. The list of sub-processors already authorised authorized by the data controller can be found in Appendix B.
45. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same similar data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational organizational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
56. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil fulfill his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment fulfillment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform the data controller in writing of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods Data processor will notify the data controller via the account setting of prior notice for specific the data controller on the data processor’s platform.
3. If the data controller does not approve of a new sub-processing services can be provided processor, then the data controller may terminate its agreement with the data processor by providing, before the end of the relevant notice period, written notice of termination. The data controller may also include an explanation of the grounds for non-approval together with the termination notice, in Appendix B. order to permit the data processor to re-evaluate any such new sub-processor based on the applicable concerns.
4. The list of sub-processors already authorised by the data controller can be found in Appendix B.
45. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same similar data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
56. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Use of sub-processors. 1. The data processor shall Data Processor must meet the requirements specified in Article 28(2) and (4) of the GDPR in order to engage another processor (a sub“Sub-processor”).
2. The data processor Data Processor shall therefore not engage another Sub-processor (sub-processor) for the fulfilment of the Clauses Terms without the prior general notification written authorisation of the data controllerData Controller.
3. The data processor Data Processor has the data controllerData Controller’s general authorisation for the engagement of sub-proces- sorsSub- processors. The data processor Data Processor shall inform in writing the data controller Data Controller of any intended changes concerning the addi- tion addition or replacement of subSub-processors at least 14 days in advance, thereby giving the data controller Data Con- troller the opportunity to object to such changes prior to the engagement of the concerned sub-Sub- processor(s). Longer time periods of prior notice for specific subSub-processing services can be provided pro- vided in Appendix B. The list of subSub-processors already authorised by the data Data controller can be found appears in Appendix B.
4. Where the data processor Data Processor engages a subSub-processor for carrying out specific processing activities activi- ties on behalf of the data controllerData Controller, the same data protection obligations as set out in the Clauses Terms shall be imposed on that subSub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses Terms and the GDPR. The data processor shall Data Processor is therefore be responsible for requiring that the subSub-processor processors at least complies comply with the obligations to which the data processor Data Processor is subject pursuant to the Clauses Terms and the GDPR.
5. A copy of such a subSub-processor agreement and subsequent amendments shall – must at the data controllerData Con- troller’s request – be submitted to the data controllerData Controller, thereby giving the data controller Data Controller the opportunity oppor- tunity to ensure that the same data protection obligations as set out in the Clauses Terms are imposed on the subSub-processor. Clauses Terms on business business-related issues that do not affect the legal data protection content of the subSub-pro- cessor processor agreement, shall is not require submission required to be submitted to the data controllerData Controller.
6. The data processor Data Processor shall agree a third-party beneficiary clause with the subSub-processor where – in the event of bankruptcy of the data processor – Data Processor. the data controller Data Controller shall be a third-party beneficiary benefi- ciary to the subSub-processor agreement and shall have the right to enforce the agreement against the subSub-processor engaged by the data processorData Processor, e.g., e.g. enabling the data controller Data Controller to instruct the subSub-processor to delete or return the personal data.
7. If the suba Sub-processor does not fulfil his its data protection obligations, the data processor shall remain Data Processor remains fully liable to towards the data controller Data Controller as regards the fulfilment of the obligations of the subSub-processorproces- sor. This does not affect the rights of the data subjects Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller Data Controller and the data processorData Processor, including the subSub-processor.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 2 contracts
Samples: Standard Contractual Clauses, Standard Contractual Clauses
Use of sub-processors. 1. 7.1 The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. 7.2 The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. 7.3 The data processor has the data controller’s 's general authorisation for the engagement of sub-proces- sorssub- processors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). The data controller has the right to object to the use of a sub-proces- sor without cause. The data processor must inform the data controller in writing of the discontinued use of a sub-processor. Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. 7.4 Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational or- ganisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. 7.5 A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s con- troller's request – be submitted to the data controller, thereby giving the data controller the opportunity oppor- tunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. 7.6 If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-sub- processor.
Appears in 2 contracts
Samples: Standard Contractual Clauses, Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform the data controller in writing of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods The data processor will notify the data controller via the data processor’s platform.
3. If the data controller does not approve of prior notice for specific a new sub-processing services can be provided processor, then the data controller may terminate its agreement with the data processor by providing, before the end of the relevant notice period, written notice of termination. The data controller may also include an explanation of the grounds for non-approval together with the termination notice, in Appendix B. order to permit the data processor to re-evaluate any such new sub-processor based on the applicable concerns.
4. The list of sub-processors already authorised by the data controller can be found in Appendix B.
45. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same similar data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
56. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 1 month in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage enga- ge another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion ad- dition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf be- half of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor proces- sor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1
6.1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
26.2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment ful- filment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advancead- xxxxx, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
46.3. Where the data processor engages a sub-processor for carrying out specific processing activities activ- ities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate appropri- ate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
56.4. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
66.5. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement agree- ment against the sub-processor engaged by the data processor, e.g., e.g. enabling the data controller con- troller to instruct the sub-processor to delete or return the personal data.
76.6. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular par- ticular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification authorisation of the data controllercon- troller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days one month in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall Data Processor must meet the requirements specified in Article 28(2) and (4) of the GDPR in order to engage another processor (a sub“Sub-processor”).
2. The data processor shall Data Processor can therefore not engage another Sub-processor (sub-processor) for the fulfilment of the Clauses Terms without the prior general notification written authorisation of the data controllerData Controller.
3. The data processor has Data Controller gives the data controller’s Data Processor its general prior authorisation for the engagement of subSub-proces- sorsprocessors. The data processor shall inform Data Processors’ notification to the data controller Data Controller of any intended changes concerning the addi- tion addition or replacement of subSub-processors at least 14 days in advanceprocessors, thereby giving as well as the data controller the opportunity Data Control- lers’ right to object to such changes the prior to the engagement of the concerned subSub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided ) are regulated in Appendix B. B.
4. The list of subSub-processors already engaged by the Data Processor and authorised by the data controller Data Controller can be found in Appendix B.
45. Where the data processor Data Processor engages a subSub-processor for carrying out specific processing activities activi- ties on behalf of the data controllerData Controller, the same data protection obligations as set out in the Clauses Terms shall be imposed on that subSub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses Terms and the GDPR. The data processor shall Data Processor is therefore be responsible for requiring that the subits Sub-processor processors at least complies comply with the obligations to which the data processor Data Processor is subject pursuant to the Clauses Terms and the GDPR.
56. A copy of such a subSub-processor agreement and subsequent amendments shall must – at the data controllerData Controller’s request – be submitted to the data controllerData Controller, thereby giving the data controller Data Controller the opportunity to ensure that the same data protection obligations as set out in the Clauses Terms are imposed im- posed on the subSub-processor. Clauses Terms on business related issues that do not affect the legal data protection content of the subSub-pro- cessor processor agreement, shall is not require submission required to be submitted to the data controllerData Controller.
67. The data processor shall agree a third-party beneficiary clause with the sub-processor where Controller should – in the event of bankruptcy of the data processor Data Processor – have the data controller shall opportunity to be a third-party Party beneficiary subject to the subSub-processor agreement agreement, and shall have the right to enforce the agreement against the subSub-processor engaged by the data processorData Processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. a. The data processor Data Processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another data processor (a sub-Sub processor).
2. b. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification of the data controller.
3. The data processor Data Processor has the data controllerData Controller’s general authorisation for the engagement of sub-proces- sorsSub processors. The data processor Data Processor shall inform in writing the data controller Data Controller of any intended changes concerning the addi- tion addition or replacement of sub-Sub processors at least 14 30 days in advance, thereby giving the data controller Data Controller the opportunity to object to such changes prior to the engagement of the concerned sub-Sub processor(s). Longer time periods The Data Controller may only object to the use of prior notice for a Sub processor if specific sub-processing services can be provided data protection issues related to the intended use of the Sub processor may constitute a violation of the Data Controller’s obligations under applicable EU or Member State data protection provisions. The Data Processor must notify the Data Controller in Appendix B. The list writing upon termination of sub-processors already authorised by the data controller can be found in Appendix B.use of a Sub processor.
4. c. Where the data processor Data Processor engages a sub-Sub processor for carrying out specific processing activities on behalf of the data controllerData Controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-Sub processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor Data Processor shall therefore be responsible for requiring that the sub-Sub processor at least complies with the obligations to which the data processor Data Processor is subject pursuant to the Clauses and the GDPR. In connection hereto, the Data Processer may forward these Clauses, except any business- related information, to any Sub processors that is engaged by the Data Processor.
5d. In case the Data Controller accepts or instructs the Data Processor to engage a specific Sub processor and if said Sub processor’s privacy terms are predetermined the Data Processor shall in good faith aim to impose on that Sub processor the same data protection obligations as set forth in these Clauses. If the Data Processor, despite its negotiations with the Sub processor, cannot impose the same data protection obligations as set forth in these Clauses, the Data Controller acknowledges and accepts that the Clauses under these circumstances, do not impose further data protection obligations on the Data Processor than those set out in the agreement between the Data Processor and Sub processor.
e. A copy of such a sub-Sub processor data processing agreement and subsequent amendments shall – at the data controllerData Controller’s request – be submitted to the data controllerData Controller, thereby giving the data controller Data Controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-Sub processor, cf. however Clause 6(d). Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor Sub processor data processing agreement, shall not require submission to the data controllerData Controller.
6. f. The data processor Data Processor shall agree a third-third party beneficiary clause with the sub-Sub processor where – in the event of bankruptcy of the data processor Data Processor – the data controller Data Controller shall be a third-third party beneficiary to the sub-Sub processor agreement and shall have the right to enforce the agreement against the sub-Sub processor engaged by the data processorData Processor, e.g., e.
g. enabling the data controller Data Controller to instruct the sub-Sub processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Master Service Agreement
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior to a general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 1 month in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-sub- processors at least 14 days 4 weeks in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-sub- processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
43. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-sub- processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
54. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor sub- processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
75. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 16.1. The data processor shall meet the requirements specified in Article 28(2) and (4) in the GDPR in order to engage another processor (a sub-processor).
26.2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
36.3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement replace- ment of sub-processors at least 14 days 6 weeks in advance in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-sub- processors already authorised by the data controller can be found in Appendix B.
46.4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-sub- processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
56.5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
66.6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses this DBA without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorspro- cessors. The data processor shall inform in writing the data controller of any intended changes concerning con- cerning the addi- tion addition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned con- cerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.on data processor’s website.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses this DBA shall be imposed on that sub-processor by way of a contract or other legal act under EU or EEA Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational organ- isational measures in such a manner that the processing will meet the requirements of the Clauses this DBA and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses this DBA and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controllercontrol- ler’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses this DBA are imposed on the sub-sub- processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub- processor.
7. Services obtained by the data processor that are ancillary or peripheral to the data processor’s ser- vices provided to the data controller shall not be considered as sub-processorprocessing in the meaning of this Clause 7. These include, for instance, telecommunications services, maintenance and user service, cleaning services, auditors, lawyers, the disposal of data storage media, enterprise resource plan- ning and accounting services (NetSuite and Visma Netvisor) and backoffice/administration systems. The data processor is, however, obligated to conclude appropriate contractual agreements with such third-party ancillary service providers and to ensure the protection and security of data processed on behalf of the data controller.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 4 weeks in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses DPA without the prior general notification written authorization of the data controller.
3. The data processor has the data controller’s general authorisation authorization for the engagement engage- ment of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller control- ler of any intended changes concerning the addi- tion addition or replacement of sub-processors proces- sors at least 14 thirty (30) days in advance, thereby giving the data controller the opportunity oppor- tunity to object to such changes prior to the engagement of the concerned sub-processor(spro- cessor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised authorized by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses DPA shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees guar- antees to implement appropriate technical and organisational organizational measures in such a manner that the processing will meet the requirements of the Clauses DPA and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses DPA and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses DPA are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-sub- processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-sub- processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-sub- processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. 6.1 The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. 6.2 The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorization of the data controller.
3. 6.3 The data processor has the data controller’s general authorisation authorization for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised authorized by the data controller can be found in Appendix B.
4. 6.4 Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-sub- processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational organizational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. .
6.5 The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. 6.6 A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. 6.7 The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. 6.8 If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processor Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses The DPA without the prior general notification written authorisation of the data controller.
3. a. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days four weeks in advance, thereby giving the data controller the opportunity to object to such changes and terminate the agreement with the data processor prior to the engagement of the concerned sub-processor(s), provided that the controller has substantial and documented reasons for such objection. Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.of
43. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses DPA shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses DPA and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses DPA and the GDPR.
54. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses DPA are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
65. The data processor shall agree to a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processor Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-sub- processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 1 month in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-sub- processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
43. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or EEA Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-sub- processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
54. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-sub- processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
65. The data processor shall agree a third-party beneficiary clause with the sub-sub- processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorization of the data controller.
3. The data processor has the data controller’s general authorisation authorization for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended in- tended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 2 months in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised authorized by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement imple- ment appropriate technical and organisational organizational measures in such a manner that the processing pro- cessing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 work days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 1 month in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The data processor Data Processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a subSub-processorProcessor).
2. The data processor Data Processor shall therefore not engage another processor (subwith Sub-processor) Processors for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor Data Processor has the data controller’s general authorisation for the engagement of subSub-proces- sorsProcessors. The data processor Data Processor shall inform in writing the data controller Data Controller of any intended changes concerning the addi- tion addition or replacement of subSub-processors Processors at least 14 days 1 month in advance, thereby giving the data controller Data Controller the opportunity to object to such changes prior to the engagement of the concerned subSub-processor(sProcessor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors Sub- Processors already authorised by the data controller Data Controller can be found in Appendix B.
4. Where the data processor Data Processor engages a subSub-processor Processor for carrying out specific processing activities on behalf of the data controllerData Controller, the same data protection obligations as set out in the Clauses shall be imposed on that subSub-processor Processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor Data Processor shall therefore be responsible for requiring that the subSub-processor Processor at least complies with the obligations to which the data processor Data Processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a subSub-processor Processor agreement and subsequent amendments shall – at the data controllerData Controller’s request – be submitted to the data controllerData Controller, thereby giving the data controller Data Controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the subSub-processorProcessor. Clauses on business related issues that do not affect the legal data protection content of the subSub-pro- cessor Processor agreement, shall not require submission to the data controllerData Controller.
6. The data processor Data Processor shall agree a third-party beneficiary clause with the subSub-processor Processor where – in the event of bankruptcy of the data processor Data Processor – the data controller Data Controller shall be a third-party beneficiary to the subSub-processor Processor agreement and shall have the right to enforce the agreement against the subSub-processor Processor engaged by the data processorData Processor, e.g., e.g. enabling the data controller Data Controller to instruct the subSub-processor Processor to delete or return the personal data.
7. If the subSub-processor Processor does not fulfil his data protection obligations, the data processor Data Processor shall remain fully liable to the data controller Data Controller as regards the fulfilment of the obligations of the subSub-processorProcessor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller Data Controller and the data processorData Processor, including the subSub-processorProcessor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).. [CHOICE 2] general written authorisation [CHOICE 1] specific written authorisa-
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification tion] / of the data controller.
3. [OPTION 1 SPECIFIC PRIOR AUTHORISATION] The data processor shall engage sub-processors solely with the specific prior authorisation of the data controller. The data processor shall submit the request for specific authorisation at least 30 days prior to the engagement of the concerned sub-processor. The list of sub-processors al- ready authorised by the data controller can be found in Appendix B. [OPTION 2 GENERAL WRITTEN AUTHORISATION] The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning con- cerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice no- xxxx for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification specific written authorisation of the data controller.
3. The data processor has shall engage sub-processors solely with the specific prior authorisation of the data controller’s general authorisation for the engagement of sub-proces- sors. The data processor shall inform submit the data controller of any intended changes concerning the addi- tion or replacement of sub-processors request for specific authorisation at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s)processor. Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. ASSEMBLY VOTING APS RINGAGER 4C, 0.XX 2605 BRØNDBY TEL: +00 00000000 – @: XXXX@XXXX.XX – CVR: 25600665 The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall meet Data Processor must comply with the requirements conditions specified in Article 28(228 (2) and (4) GDPR in order to engage of the General Data Protection Regulation on using another processor Data Processor (a sub-processor).
2. The data processor shall therefore Thus, the Data Processor may not engage use another processor Data Processor (sub-processor) for to fulfil the fulfilment of the Clauses Data Processing Agreement without the prior specific or general notification written approval of the data controllerData Controller.
3. The data processor has In the data controller’s case of general authorisation for written approval, the engagement of sub-proces- sors. The data processor shall inform Data Processor must notify the data controller Data Controller of any intended planned changes concerning regarding the addi- tion addition or replacement of sub-processors at least 14 days in advanceother Data Processors, thereby giving allowing the data controller the opportunity Data Controller to object to such changes prior to changes.
4. The Data Controller's terms and conditions for the engagement Data Processor's use of the concerned any sub-processor(s)proces- sors are specified in Bilag B of this Agreement.
5. Longer time periods The Data Controller's approval of prior notice for specific sub-processing services can be provided processors, if any, is stated in Appendix B. The list Bilag B of sub-processors already authorised by this Agreement.
6. When the data controller can be found in Appendix B.
4. Where Data Processor has the data processor engages Data Controller's consent to use a sub-processor for carrying out specific processing activities on behalf of processor, the data controller, Data Processor undertakes to impose the same data protection obligations as set out those speci- fied in the Clauses shall be imposed on that this Data Processing Agreement through a sub-processor by way of a contract agreement or other legal act under document pursuant to EU law or the national law of Member State lawStates, in particular specifically providing sufficient the necessary guarantees to that the sub-processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which require- ments of the data processor is subject pursuant to the Clauses and the GDPR.
5General Data Protection Regulation. A copy of such By entering into a sub-processing agreement, the Data Processor is thus responsible for, at minimum, imposing on any sub-data processor agreement and subsequent amendments shall – at the data controller’s request – be submitted obligations that the Data Processor it- self is subject to according to the data controllerprotection rules and this Data Processing Agreement and appendices.
7. The sub-processing agreement and any subsequent changes thereto are sent, at the re- quest of the Data Controller, as a copy to the Data Controller, who thereby giving has the data controller oppor- tunity to make sure that a valid agreement has been entered into between the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on Data Pro- cessor and the sub-processor. Clauses on business related issues Any commercial terms, such as prices, that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall must not require submission be sent to the data controllerData Controller.
68. The data processor shall agree a third-party beneficiary clause Data Processor, in its agreement with the sub-processor where – processor, must include the Data Con- troller as a beneficiary third party in the event of bankruptcy case of the data processor – Data Processor's bankruptcy, so that the data controller shall be a third-party beneficiary Data Controller can enter the Data Processor's rights and apply them to the sub-processor agreement and shall have pro- cessor, so that, for example, the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to Data Controller can instruct the sub-processor to delete or return the personal datainformation.
79. If the sub-processor does not fulfil his its data protection obligations, the data processor shall remain remains fully liable to the data controller as regards Data Controller for the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor's obligations.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor Data Processor shall meet the requirements specified in Article 28(2) 28, sub- section 2 and (4) GDPR , of the General Data Protection Regulation in order to engage another processor (a subSub-processorProcessor).
2. The data processor Data Processor shall therefore not engage another processor (subSub-processorProcessor) for the fulfilment of the Clauses this Data Processing Agreement without the prior specific or general notification written consent of the data controllerData Controller.
3. The data processor has In the data controller’s event of general authorisation for written consent, the engagement of sub-proces- sors. The data processor Data Processor shall inform the data controller Data Controller of any intended planned changes concerning the addi- tion with regard to additions to or replacement of sub-other data processors at least 14 days in advance, and thereby giving give the data controller Data Controller the opportunity to object to such changes prior changes.
4. The Data Controller’s requirements for the Data Processor’s engagement of other sub-processors shall be specified in Appendix B to this Data Processing Agree- ment.
5. The Data Controller’s consent to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can processors, if ap- plicable, shall be provided specified in Appendix B. The list of subB to this Data Processing Agreement.
6. When the Data Processor has the Data Controller’s authorisation to use a sub- processor, the Data Processor shall ensure that the Sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, Processor is subject to the same data protection obligations as set out those specified in this Data Processing Agreement on the Clauses shall be imposed on that sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements require- ments of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPRGeneral Data Protection Regulation.
57. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controllerData Controller’s request – be submitted to the data controller, Data Controller who will thereby giving the data controller have the opportunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Processor and the Sub-Processor. Commercial terms and conditions, such as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues pricing, that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controllerData Controller.
68. The data processor Data Processor shall agree a third-party beneficiary clause in his agreement with the subSub-processor where – Processor include the Data Controller as a third party in the event of the bankruptcy of the data processor – Data Processor to enable the data controller shall be a thirdData Controller to assume the Data Processor’s rights and invoke these as regards the Sub-party beneficiary to Processor, e.g. so that the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller Data Controller is able to instruct the subSub-processor Processor to delete perform the erasure or return the personal of data.
79. If the subSub-processor Processor does not fulfil his data protection obligations, the data processor Data Processor shall remain fully liable to the data controller Data Controller as regards the fulfilment fulfil- ment of the obligations of the Sub-Processor. 8 Transfer of data to third countries or international organisations
1. The Data Processor shall solely be permitted to process personal data on docu- mented instructions from the Data Controller, including as regards transfer (as- signment, disclosure and internal use) of personal data to third countries or in- ternational organisations, unless processing is required under EU or Member State law to which the Data Processor is subject; in such a case, the Data Proces- sor shall inform the Data Controller of that legal requirement prior to pro- cessing unless that law prohibits such information on important grounds of public interest, cf. Article 28, sub-processorsection 3, para a.
2. This does not affect Without the rights instructions or approval of the Data Controller, the Data Processor therefore cannot – within the framework of this Data Processing Agreement:
a. disclose personal data subjects under to a data controller in a third country or in an inter- national organisation
b. assign the GDPR – processing of personal data to a sub-processor in particular those foreseen in Articles 79 and 82 GDPR – against a third country
c. have the data controller and processed in another of the Data Processor’s divisions which is located in a third country
3. The Data Controller’s instructions or approval of the transfer of personal data processorto a third country, including the sub-processorif applicable, shall be set out in Appendix C to this Data Processing Agreement.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 2 months in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another an- other processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 2 months in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already al- ready authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-sub- processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing pro- cessing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. 7.1 The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. 7.2 The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. 7.3 The data processor has the data controller’s general authorisation for the engagement of to engage sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 90 days in advance, thereby giving the data controller the opportunity op- portunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. 7.4 Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures mea- sures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. 7.5 A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processorpro- cessor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. 7.6 The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. 1.21 The data Contractor shall not allow any Sub-processor shall meet to Process any Personal Data unless the requirements specified Contractor has:
1.21.1 notified the Board in Article 28(2) writing of the intended Sub-processor and (4) GDPR the Processing activity that the Contractor wishes the Sub-processor to undertake on the Contractor’s behalf;
1.21.2 obtained the prior written consent of the Board in order respect of the use of such Sub-processor in connection with the Processing undertaken pursuant to engage another processor (this Agreement [and/or the Services Agreement] [Delete as appropriate];
1.21.3 entered into a subbinding written agreement with the Sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sors. The data processor shall inform the data controller of any intended changes concerning the addi- tion or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying which agreement sets out specific processing activities on behalf of the data controller, the same enforceable data protection obligations on the same terms as set out in this Agreement such that they apply to the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State lawSub- processor, in particular providing such binding written agreement must provide:
1.21.3.1 sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing Sub-processor will adopt Protective Measures such that the Processing undertaken by the Sub-processor will meet the requirements of the Clauses and Data Protection Legislation; and
1.21.3.2 details of the GDPR. The data processor Processing that is to be undertaken by the Sub-processor, which Processing shall therefore be responsible for requiring only involve activity that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on Schedule; and
1.21.4 provide the sub-processor. Clauses on business related issues that do not affect Board with such other information regarding the legal data protection content of Sub- processor as the sub-pro- cessor agreement, shall not Board may reasonably require submission from time to the data controllertime.
6. 1.22 The data processor Contractor shall agree cease using a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the subSub-processor to delete undertake any Processing of Personal Data pursuant to or return in connection with this Agreement [and/or the personal dataServices Agreement] [Delete as appropriate] immediately upon receipt of a written request from the Board requesting that such Sub-processor ceases Processing the Personal Data, in circumstances where the Board has reasonable grounds for concern about the Sub-processor’s ability to carry out the Processing in accordance with the Data Protection Legislation.
7. If the sub-processor does not fulfil his data protection obligations, the data processor 1.23 The Contractor shall remain fully liable to the data controller as regards the fulfilment for all acts or omissions of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-any Sub- processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 17.1. The data processor shall meet the requirements specified specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
27.2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment fulfilment of the Clauses this data processing agreement without the prior general notification written authorisation of the data controller.
37.3. The data processor has the data controller’s 's general authorisation for the engagement of sub-proces- sorssub- processors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 40 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods If the data controller should object to the changes, the data controller shall notify the data processor of prior notice this within 20 days of receipt of the notification. The data controller shall only object if the data controller has reasonable and specific grounds for specific sub-processing services can be provided in Appendix B. such refusal. The list of sub-processors already authorised by the data controller can be found is referred to in Appendix B.
47.4. Where the data processor engages a sub-processor for carrying out specific specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses this data processing agreement shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses this data processing agreement and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses this data processing agreement and the GDPR.
57.5. A copy of such a sub-processor agreement and subsequent amendments shall – - at the data controller’s 's request – - be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are this data processing agreement is imposed on the sub-processor. Clauses on business related issues that do not affect affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
77.6. If the sub-processor does not fulfil fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment fulfilment of the obligations of the sub-processor. This does not affect affect the rights of the data subjects under the GDPR – - in particular those foreseen in Articles 79 and 82 GDPR – - against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 thirty (30) days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall shall, where possible, agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior to a general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 1 month in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses Main Agreement without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix Specification B. The list of sub-processors already authorised by the data controller can be found in Appendix Specification B.
43. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses Appendix shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses Appendix and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and Article 28 of the GDPR.
54. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in Article 28 of the Clauses GDPR are imposed on the sub-processor. Clauses Specification on business related issues that do not affect the legal data protection content of the sub-pro- cessor sub- processor agreement, shall not require submission to the data controller.
65. The data processor shall if possible, agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
76. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorssub- processors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: General Terms and Conditions
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 fourteen (14) days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided pro- vided in Appendix B. The list of sub-processors already authorised by the data controller con- troller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing pro- cessing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor agreementprocessor agree- ment, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 16.1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
26.2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
46.3. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
56.4. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
66.5. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in wherein the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., e.g. enabling the data controller con- troller to instruct the sub-processor to delete or return the personal data.
76.6. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The data sub-processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (will consent to the sub-processor) for ’s use of additional sub-processors, provided that the fulfilment of provisions set out in the Clauses without are complied with. The data processor can check at any time to see the prior general notification of sub-processor’s additional sub-processors by visiting the sub-processor’s website at xxx.xxxxxxxxx.xx/xxxxxxxxxx. Any changes to the additional sub-processors will be reported to the data controllerprocessor by e-mail.
3. The data processor has Where the data controller’s general authorisation for the engagement of sub-proces- sors. The data processor shall inform the data controller of any intended changes concerning the addi- tion or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a an additional sub-processor for carrying out specific processing activities on behalf of the data controllersub-processor, the same data protection obligations as set out in the Clauses shall be imposed on that additional sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data sub-processor shall therefore be responsible for requiring that the additional sub-processor at least complies with the obligations to which the data sub-processor is subject pursuant to the Clauses and the GDPR.
54. A copy of such a If the data processor wishes to give direct instruction to the additional sub-processor agreement processors, they should not do so until it has been discussed with and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on via the sub-processor. Clauses on business related issues that do not affect If the legal data protection content of processor gives direct instructions to the sub-pro- cessor agreementprocessors, shall not require submission to then the data controller.
6. The data processor shall agree a third-party beneficiary clause with must inform the sub-processor where – in of such instructions and relevant background information either beforehand or at the event of bankruptcy of time the instructions are given. When the data processor – gives direct instructions to the data controller shall be a thirdadditional sub-party beneficiary to processors, a) the sub-processor agreement will be exempt from all responsibilities and shall have any consequences of such instructions will be the right to enforce the agreement against the sub-processor engaged by sole responsibility of the data processor, e.g., enabling b) the data controller to instruct processor will be responsible for covering all costs that the instructions may cause the sub-processor to delete or return the personal data.
7. If incur and the sub-processor does not fulfil his data protection obligations, will also have the right to charge the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of its standard hourly rate for time spent on all work that such instructions would entail for the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.processor and
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another an- other processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 2 months in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already al- ready authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-sub- processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing pro- cessing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor Data Processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor Data Processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controllerData Controller.
3. The data processor Data Processor has the data controllerData Controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor Data Processor shall inform in writing the data controller Data Controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 60 days in advance, thereby giving the data controller Data Controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller Data Controller can be found in Appendix B.
4. Where the data processor Data Processor engages a sub-processor for carrying out specific processing activities on behalf of the data controllerData Controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor Data Processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor Data Processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – - at the data controllerData Controller’s request – - be submitted to the data controllerData Controller, thereby giving the data controller Data Controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controllerData Controller.
6. The data processor Data Processor shall agree a third-party beneficiary clause with the sub-processor where – - in the event of bankruptcy of the data processor – Data Processor - the data controller Data Controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processorData Processor, e.g., enabling the data controller Data Controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor Data Processor shall remain fully liable to the data controller Data Controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – - in particular particular, those foreseen in Articles 79 and 82 GDPR – - against the data controller Data Controller and the data processorData Processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors.
1. The data processor shall Data Processor must meet the requirements specified in Article 28(2) and (4) of the GDPR in order to engage another processor (a sub“Sub-processor”).
2. The data processor shall Data Processor can therefore not engage another Sub-processor (sub-processor) for the fulfilment of the Clauses Terms without the prior general notification written authorization of the data controllerData Controller.
3. The data processor has Data Controller gives the data controller’s Data Processor its general authorisation prior authorization for the engagement of subSub-proces- sorsprocessors. The data processor shall inform Data Processors’ notification to the data controller Data Controller of any intended changes concerning the addi- tion addition or replacement of subSub-processors at least 14 days in advanceprocessors, thereby giving as well as the data controller the opportunity Data Controllers’ right to object to such changes the prior to the engagement of the concerned subSub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided ) are regulated in Appendix B. B.
4. The list of subSub-processors already authorised engaged by the data controller Data Processor and authorized by the Data Controller can be found in Appendix B.
45. Where the data processor Data Processor engages a subSub-processor for carrying out specific processing activities on behalf of the data controllerData Controller, the same data protection obligations as set out in the Clauses Terms shall be imposed on that subSub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational organizational measures in such a manner that the processing will meet the requirements of the Clauses Terms and the GDPR. The data processor shall Data Processor is therefore be responsible for requiring that the subits Sub-processor processors at least complies comply with the obligations to which the data processor Data Processor is subject pursuant to the Clauses Terms and the GDPR.. The Data Processor shall only select Sub-processors that provide sufficient guarantees to implement appropriate technical and organisational measures in such a manner so that the processing will meet the requirements of this Agreement, Data Protection Regulations and ensure the protection of the rights of the Data Subject
56. A copy of such a subSub-processor agreement and subsequent amendments shall must – at the data controllerData Controller’s request – be submitted to the data controllerData Controller, thereby giving the data controller Data Controller the opportunity to ensure that the same data protection obligations as set out in the Clauses Terms are imposed im- posed on the subSub-processor. Clauses Terms on business related issues that do not affect the legal data protection content of the subSub-pro- cessor processor agreement, shall is not require submission required to be submitted to the data controllerData Controller.
67. The data processor shall agree a third-party beneficiary clause with the sub-processor where Controller should – in the event of bankruptcy of the data processor Data Processor – have the data controller shall opportunity to be a third-party Party beneficiary subject to the subSub-processor agreement agreement, and shall have the right to enforce the agreement against the subSub-processor engaged by the data processorData Processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 16.1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
26.2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment ful- filment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 30 days in advancead- xxxxx, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
46.3. Where the data processor engages a sub-processor for carrying out specific processing activities activ- ities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate appropri- ate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
56.4. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
66.5. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement agree- ment against the sub-processor engaged by the data processor, e.g., e.g. enabling the data controller con- troller to instruct the sub-processor to delete or return the personal data.
76.6. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular par- ticular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors.
1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
43. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
54. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
65. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.,
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) of the GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment fulfil- ment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorssub- processors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 2 weeks in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement engage- ment of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-sub- processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member Mem- ber State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controllercon- troller’s request – be submitted to the data controller, thereby giving the data controller the opportunity op- portunity to ensure that the same data protection obligations as set out in the Clauses are imposed im- posed on the sub-processor. Clauses on business business-related issues that do not affect the legal data protection content of the sub-pro- cessor agreement, processor agreement shall not require submission to the data controllercon- troller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his its data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular particular, those foreseen in Articles 79 and 82 of the GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 14.3.1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
24.3.2. The This clause provides the data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification of the data controller.
3. The data processor has with the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of all sub-processors and any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days 72 hours in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by mutual consent between the data controller can be found in Appendix B.parties.
44.3.3. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection standard contractual clauses and obligations as set out in the Clauses this Agreement shall be imposed on that sub-processor by way of a contract or other legal act under EU XXXX, XXX00 or Member State lawother relevant legislation, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses this Agreement and the GDPRlaw. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses this Agreement and the GDPRlaw.
54.3.4. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses this Agreement are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
64.3.5. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.e.
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment of the Clauses this DBA without the prior general notification written authorisation of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement ofPage 6 of 15 sub-proces- sorsprocessors. The data processor shall inform in writing the data controller of any intended changes concerning the addi- tion addition or replacement of sub-processors at least 14 days in advance, thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised by the data controller can be found in Appendix B.on data processor’s website.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses this DBA shall be imposed on that sub-processor by way of a contract or other legal act under EU or EEA Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Clauses this DBA and the GDPR. The data processor shall therefore be responsible for requiring that the sub-sub- processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses this DBA and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses this DBA are imposed on the sub-processor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub- processor.
7. Services obtained by the data processor that are ancillary or peripheral to the data processor’s services provided to the data controller shall not be considered as sub-processorprocessing in the meaning of this Clause 7. These include, for instance, telecommunications services, maintenance and user ser- vice, cleaning services, auditors, lawyers, the disposal of data storage media, enterprise resource planning and accounting services (NetSuite and Visma Netvisor) and backoffice/administration systems. The data processor is, however, obligated to conclude appropriate contractual agreements with such third-party ancillary service providers and to ensure the protection and security of data processed on behalf of the data controller.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The data processor shall meet the requirements specified in Article 28(2) and (4) GDPR in order to engage en- gage another processor (a sub-processor).
2. The data processor shall therefore not engage another processor (sub-processor) for the fulfilment fulfillment of the Clauses without the prior general notification written authorization of the data controller.
3. The data processor has the data controller’s general authorisation for the engagement of sub-proces- sors. The data processor shall inform - in writing - the data controller of any intended changes concerning concer- ning the addi- tion addition or replacement of sub-processors at least 14 days - with the given notice, described in advanceappendix B, section B.2 - , thereby giving the data controller the opportunity to object to such changes prior to the engagement of the concerned sub-processor(s). Longer time periods of prior notice for specific sub-processing services can be provided in Appendix B. The list of sub-processors already authorised authorized by the data controller can be found in Appendix B.
4. Where the data processor engages a sub-processor for carrying out specific processing activities on behalf of the data controller, the same data protection obligations as set out in the Clauses shall be imposed on that sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures me- asures in such a manner that the processing will meet the requirements of the Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies compli- es with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. A copy of such a sub-processor agreement and subsequent amendments shall – at the data controller’s request – be submitted to the data controller, thereby giving the data controller the opportunity to ensure that the same data protection obligations as set out in the Clauses are imposed on the sub-processorpro- cessor. Clauses on business related issues that do not affect the legal data protection content of the sub-pro- cessor processor agreement, shall not require submission to the data controller.
6. The data processor shall agree a third-party beneficiary clause with the sub-processor where – in the event of bankruptcy of the data processor – the data controller shall be a third-party beneficiary to the sub-processor agreement and shall have the right to enforce the agreement against the sub-processor engaged by the data processor, e.g., enabling the data controller to instruct the sub-processor to delete or return the personal data.
7. If the sub-processor does not fulfil his data protection obligations, the data processor shall remain fully liable to the data controller as regards the fulfilment of the obligations of the sub-processor. This does not affect the rights of the data subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the data controller and the data processor, including the sub-processor.
Appears in 1 contract
Samples: Data Processing Agreement
