Use of sub-processors. 1. The Data Processor must meet the requirements specified in Article 28(2) and (4) of the GDPR in order to engage another processor (“Sub-processor”). 2. The Data Processor shall therefore not engage another Sub-processor for the fulfilment of the Terms without the prior general written authorisation of the Data Controller. 3. The Data Processor has the Data Controller’s general authorisation for the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller of any intended changes con- cerning the addition or replacement of Sub-processors upon giving a minimum of two (2) weeks’ notice and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s). The Data Processor’s notification to the Data Controller of any intended changes concerning the addition or replacement of Sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated in Appendix B. 4. Where the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of the Data Controller, the same data protection obligations as set out in the Terms shall be imposed on that Sub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Terms and the GDPR. 5. The Data Processor is therefore responsible for requiring that the Sub-processors at least comply with the obligations to which the Data Processor is subject pursuant to the Terms and the GDPR. 6. A copy of such a Sub-processor agreement and subsequent amendments must at the Data Control- ler’s request be submitted to the Data Controller, thereby giving the Data Controller the opportunity to ensure that the same data protection obligations as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues that do not affect the legal data protection content of the Sub-processor agreement, is not required to be submitted to the Data Controller. 7. The Data Processor shall agree a third-party beneficiary clause with the Sub-processor where in the event of bankruptcy of the Data Processor, the Data Controller shall be a third-party beneficiary to the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling the Data Controller to instruct the Sub-processor to delete or return the personal data. 8. If a Sub-processor does not fulfil its data protection obligations, the Data Processor remains fully liable towards the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.
Appears in 5 contracts
Samples: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement
Use of sub-processors.
1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR in order General Data Protection Regulation to engage another processor (“Sub-processor”Proces- sor).
2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller Control- ler of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-processors upon giving a minimum of two (2) weeks’ notice other data pro- cessors and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub-pro- cessors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub-processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data protection pro- tection obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPRGeneral Data Protection Regulation.
5. The Data Processor is therefore responsible for requiring that the Sub-processors at least comply with the obligations to which the Data Processor is subject pursuant to the Terms and the GDPR.
67. A copy of such a Subsub-processor agreement and subsequent amendments must shall – at the Data Control- lerController’s request – be submitted to the Data Controller, Controller who will thereby giving have the Data Controller the opportunity op- portunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Pro- cessor and the Sub-Processor. Commercial terms and conditions, such as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues pricing, that do not affect the legal data protection content of the Subsub-processor agreement, is shall not required to be submitted re- quire submission to the Data Controller.
78. The Data Processor shall agree a third-party beneficiary clause in his agreement with the Sub-processor where Processor include the Data Control- ler as a third party in the event of the bankruptcy of the Data Processor, Processor to enable the Data Controller shall be a third-party beneficiary to assume the Data Processor’s rights and invoke these as regards the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data ProcessorPro- cessor, e.g. enabling so that the Data Controller is able to instruct the Sub-processor Processor to delete perform the erasure or return the personal of data.
89. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processorProcessor. This does not affect 8 Transfer of data to third countries or international organisations
1. The Data Processor shall solely be permitted to process personal data on documented instructions from the rights Data Controller, including as regards transfer (assignment, disclo- sure and internal use) of personal data to third countries or international organisations, unless processing is required under EU or Member State law to which the Data Processor is subject; in such a case, the Data Processor shall inform the Data Controller of that legal requirement prior to processing unless that law prohibits such information on important grounds of public interest, cf. Article 28, sub-section 3, paragraph.
2. Without the instructions or approval of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against Controller, the Data Controller and Processor therefore cannot – within the framework of this Data Processing Agreement:
a. disclose personal data to a data controller in a third country or in an international organisation
b. assign the processing of personal data to a sub-processor in a third country
c. have the data processed in another of the Data Processor’s divisions which is lo- cated in a third country
3. The Data Controller’s instructions or approval of the transfer of personal data to a third country, including the Sub- processorif applicable, shall be set out in Appendix C to this Data Processing Agreement.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Use of sub-processors. 1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Processor).
2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-other data processors upon giving a minimum of two (2) weeks’ notice and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub-processors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub- processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data protection obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPRGeneral Data Protection Regulation.
57. The Data Processor is shall therefore be responsible – on the basis of a sub-processor agreement – for requiring that the Subsub-processors processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms and the GDPR.
6. A copy of such a Sub-processor agreement and subsequent amendments must at the Data Control- ler’s request be submitted to the Data Controller, thereby giving the Data Controller the opportunity to ensure that the same data protection obligations as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues that do not affect the legal data protection content requirements of the Sub-processor agreement, is not required to be submitted to the General Data Controller.
7. The Protection Regulation and this Data Processor shall agree a third-party beneficiary clause with the Sub-processor where in the event of bankruptcy of the Data Processor, the Data Controller shall be a third-party beneficiary to the Sub-processor agreement Processing Agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling the Data Controller to instruct the Sub-processor to delete or return the personal dataits associated Appendices.
8. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.
Appears in 2 contracts
Samples: Data Processing Agreement, Data Processing Agreement
Use of sub-processors. 1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub‐section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Sub‐ Processor).
2. The Data Processor shall therefore not engage another Sub-processor (Sub‐Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-other data processors upon giving a minimum of two (2) weeks’ notice and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub‐pro‐ cessors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Sub-processorsspecific sub‐processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub‐processor, the Data Processor shall ensure that the Sub‐Processor is subject to the same data protection protec‐ tion obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract con‐ tract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub‐Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPR.
5General Data Protection Regulation. The Data Processor is shall therefore be responsible – on the basis of a sub‐processor agree‐ ment – for requiring that the Sub-processors sub‐processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms requirements of the General Data Protection Regulation and the GDPRthis Data Processing Agreement and its associated Appendices.
67. A copy of such a Sub-processor sub‐processor agreement and subsequent amendments must shall – at the Data Control- lerController’s request – be submitted to the Data Controller, Controller who will thereby giving have the Data Controller the opportunity op‐ portunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Pro‐ cessor and the Sub‐Processor. Commercial terms and conditions, such as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues pricing, that do not affect the legal data protection content of the Sub-processor sub‐processor agreement, is shall not required to be submitted re‐ quire submission to the Data Controller.
78. The Data Processor shall agree a third-party beneficiary clause in his agreement with the Sub-processor where Sub‐Processor include the Data Control‐ ler as a third party in the event of the bankruptcy of the Data Processor, the Data Controller shall be a third-party beneficiary Processor to the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling enable the Data Controller to assume the Data Processor’s rights and invoke these as regards the Sub‐Pro‐ cessor, e.g. so that the Data Controller is able to instruct the Sub-processor Sub‐Processor to delete perform the erasure or return the personal of data.
89. If a Sub-processor the Sub‐Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processorSub‐Processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors.
1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Sub- Processor).
2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller Control- ler of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-processors upon giving a minimum of two (2) weeks’ notice other data pro- cessors and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub- processors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub-processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data protection protec- tion obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPR.
5General Data Protection Regulation. The Data Processor is shall therefore be responsible – on the basis of a sub-processor agree- ment – for requiring that the Subsub-processors processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms requirements of the General Data Protec- tion Regulation and the GDPRthis Data Processing Agreement and its associated Appendices.
67. A copy of such a Subsub-processor agreement and subsequent amendments must shall – at the Data Control- lerController’s request – be submitted to the Data Controller, Controller who will thereby giving the Data Controller have the opportunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Processor and the Sub-Processor. Commercial terms and conditions, such as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues pricing, that do not affect the legal data protection content of the Subsub-processor agreement, is shall not required to be submitted require submission to the Data Controller.
78. The Data Processor shall agree a third-party beneficiary clause in his agreement with the Sub-processor where Processor include the Data Con- troller as a third party in the event of the bankruptcy of the Data Processor, Processor to enable the Data Controller shall be a third-party beneficiary to assume the Data Processor’s rights and invoke these as regards the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling so that the Data Controller is able to instruct the Sub-processor Processor to delete per- form the erasure or return the personal of data.
89. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations obliga- tions of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. a. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Processor).
2. b. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has c. In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-other data processors upon giving a minimum of two (2) weeks’ notice and thereby give the Data Controller the opportunity to object to such changes prior to changes.
d. The Data Controller’s requirements for the engage- ment of the concerned Sub-processor(s). The Data Processor’s notification engagement of other sub-processors shall be specified in Appendix B to this Data Processing Agreement.
e. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
4. Where f. When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub-processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data protection obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPR.
5General Data Protection Regulation. The Data Processor is shall therefore be responsible – on the basis of a sub-processor agreement – for requiring that the Subsub-processors processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms requirements of the General Data Protection Regulation and the GDPRthis Data Processing Agreement and its associated Appendices.
6. g. A copy of such a Subsub-processor agreement and subsequent amendments must shall – at the Data Control- lerController’s request – be submitted to the Data Controller, Controller who will thereby giving the Data Controller have the opportunity to ensure that a valid agreement has been entered into between the same data protection obligations as set out in the Terms are imposed on Data Processor and the Sub- processorProcessor. Terms on business-related issues Commercial terms and conditions, such as pricing, that do not affect the legal data protection content of the Subsub-processor agreement, is shall not required to be submitted require submission to the Data Controller.
7. h. The Data Processor shall agree a third-party beneficiary clause in his agreement with the Sub-processor where Processor include the Data Controller as a third party in the event of the bankruptcy of the Data Processor, Processor to enable the Data Controller shall be a third-party beneficiary to assume the Data Processor’s rights and invoke these as regards the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling so that the Data Controller is able to instruct the Sub-processor Processor to delete perform the erasure or return the personal of data.
8. i. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Sub- Processor).
2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller Control- ler of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-processors upon giving a minimum of two (2) weeks’ notice other data pro- cessors and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub-pro- cessors shall be specified in 0 to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the if applicable, shall be specified in 0 to this Data Controller are regulated in Appendix B.Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub-processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data protection pro- tection obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPRGeneral Data Protection Regulation.
5. The Data Processor is therefore responsible for requiring that the Sub-processors at least comply with the obligations to which the Data Processor is subject pursuant to the Terms and the GDPR.
67. A copy of such a Subsub-processor agreement and subsequent amendments must shall – at the Data Control- lerController’s request – be submitted to the Data Controller, Controller who will thereby giving have the Data Controller the opportunity op- portunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Pro- cessor and the Sub-Processor. Commercial terms and conditions, such as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues pricing, that do not affect the legal data protection content of the Subsub-processor agreement, is shall not required to be submitted re- quire submission to the Data Controller.
78. The Data Processor shall agree a third-party beneficiary clause in his agreement with the Sub-processor where Processor include the Data Control- ler as a third party in the event of the bankruptcy of the Data Processor, Processor to enable the Data Controller shall be a third-party beneficiary to assume the Data Processor’s rights and invoke these as regards the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data ProcessorPro- cessor, e.g. enabling so that the Data Controller is able to instruct the Sub-processor Processor to delete perform the erasure or return the personal of data.
89. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processorProcessor. This does not affect 8 Transfer of data to third countries or international organisations
1. The Data Processor shall solely be permitted to process personal data on documented instructions from the rights Data Controller, including as regards transfer (assignment, disclo- sure and internal use) of personal data to third countries or international organisations, unless processing is required under EU or Member State law to which the Data Processor is subject; in such a case, the Data Processor shall inform the Data Controller of that legal requirement prior to processing unless that law prohibits such information on important grounds of public interest, cf. Article 28, sub-section 3, para a.
2. Without the instructions or approval of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against Controller, the Data Controller and Processor therefore cannot – within the framework of this Data Processing Agreement:
a. disclose personal data to a data controller in a third country or in an international organisation
b. assign the processing of personal data to a sub-processor in a third country
c. have the data processed in another of the Data Processor’s divisions which is lo- cated in a third country
3. The Data Controller’s instructions or approval of the transfer of personal data to a third country, including the Sub- processorif applicable, shall be set out in Appendix C to this Data Processing Agreement.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Sub- Processor).
2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-other data processors upon giving a minimum of two (2) weeks’ notice and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub-pro- cessors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub-processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data protection protec- tion obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract con- tract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPR.
5General Data Protection Regulation. The Data Processor is shall therefore be responsible – on the basis of a sub-processor agree- ment – for requiring that the Subsub-processors processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms requirements of the General Data Protection Regulation and the GDPRthis Data Processing Agreement and its associated Appendices.
67. A copy of such a Subsub-processor agreement and subsequent amendments must shall – at the Data Control- lerController’s request – be submitted to the Data Controller, Controller who will thereby giving have the Data Controller the opportunity op- portunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Pro- cessor and the Sub-Processor. Commercial terms and conditions, such as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues pricing, that do not affect the legal data protection content of the Subsub-processor agreement, is shall not required to be submitted re- quire submission to the Data Controller.
78. The Data Processor shall agree a third-party beneficiary clause with If the Sub-processor where in the event of bankruptcy of the Data Processor, the Data Controller shall be a third-party beneficiary to the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling the Data Controller to instruct the Sub-processor to delete or return the personal data.
8. If a Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processorProcessor.
1. This does not affect The Data Processor shall solely be permitted to process personal data on documented in- structions from the rights Data Controller, including as regards transfer (assignment, disclosure and internal use) of personal data to third countries or international organisations, unless processing is required under EU or Member State law to which the Data Processor is sub- ject; in such a case, the Data Processor shall inform the Data Controller of that legal re- quirement prior to processing unless that law prohibits such information on important grounds of public interest, cf. Article 28, sub-section 3, para a.
2. Without the instructions or approval of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against Controller, the Data Controller and Processor therefore cannot – within the framework of this Data Processing Agreement:
a. disclose personal data to a data controller in a third country or in an international organisation
b. assign the processing of personal data to a sub-processor in a third country
c. have the data processed in another of the Data Processor’s divisions which is lo- cated in a third country
3. The Data Controller’s instructions or approval of the transfer of personal data to a third country, including the Sub- processorif applicable, shall be set out in Appendix C to this Data Processing Agreement.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Processor).
2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller Con- troller of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-processors upon giving a minimum of two (2) weeks’ notice other Data Processors and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub-pro- cessors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub-processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data protection pro- tection obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPRGeneral Data Protection Regulation.
57. The Data Processor is shall therefore be responsible – on the basis of a sub-processor agree- ment – for requiring that the Subsub-processors processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms requirements of the General Data Protection Regulation and the GDPRthis Data Processing Agreement and its associated Appendices.
68. A copy of such a Subsub-processor agreement and subsequent amendments must shall – at the Data Control- lerController’s request – be submitted to the Data Controller, Controller who will thereby giving have the Data Controller the opportunity oppor- tunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Processor and the Sub-Processor. Commercial terms and conditions, such as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues pricing, that do not affect the legal data protection content of the Subsub-processor agreement, is shall not required to be submitted require submis- sion to the Data Controller.
79. The Data Processor shall agree a third-party beneficiary clause in his agreement with the Sub-processor where Processor include the Data Control- ler as a third party in the event of the bankruptcy of the Data Processor, Processor to enable the Data Controller shall be a third-party beneficiary to assume the Data Processor’s rights and invoke these as regards the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data ProcessorPro- cessor, e.g. enabling so that the Data Controller is able to instruct the Sub-processor Processor to delete perform the erasure or return the personal of data.
810. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1
9.1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Sub- Processor).
29.2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
39.3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller Con- troller of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-processors upon giving a minimum of two (2) weeks’ notice other Data Processor’s and thereby give the Data Controller the opportunity to object to such changes prior to changes.
9.4. When the engage- ment of the concerned Sub-processor(s). The Data Processor’s notification to Processor has the Data Controller of any intended changes concerning the addition or replacement of Subs authorisation to use a sub-processorsprocessor, as well as the list of Sub-processors authorised by the Data Controller are regulated in Appendix B.
4. Where the Data Processor engages a shall ensure that the Sub-processor for carrying out specific processing activities on behalf of the Data Controller, Processor is subject to the same data protection pro- tection obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPR.
5. General Data Protection Regulation. The Data Processor is shall therefore be responsible on the basis of a sub-processor agree- ment for requiring that the Subsub-processors processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms requirements of the General Data Protection Regulation and the GDPRthis Data Processing Agreement.
69.5. A copy of such a Subsub-processor agreement and subsequent amendments must shall at the Data Control- ler’s Controller s request be submitted to the Data Controller, Controller who will thereby giving the Data Controller have the opportunity to ensure that a valid agreement has been entered into between the same data protection obligations Data Processor and the Sub-Processor. Commercial terms and conditions, such as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues pricing, that do not affect the legal data protection content of the Subsub-processor agreement, is shall not required to be submitted require submission to the Data Controller.
79.6. The Data Processor shall agree a third-party beneficiary clause in his agreement with the Sub-processor where Processor include the Data Con- troller as a third party in the event of the bankruptcy of the Data Processor, Processor to enable the Data Controller shall be a third-party beneficiary to assume the Data Processor s rights and invoke these as regards the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling so that the Data Controller is able to instruct the Sub-processor Processor to delete perform the erasure or return the personal of data.
89.7. The Data Controller hereby grants the Data Processor a general permission to enter xxxx- dard contracts with sub-Data Processors outside the EU/EEA on behalf of the Data Con- troller.
9.8. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The Data Processor must data processor shall meet the requirements specified in Article 28(2) and (4) of the GDPR in order to engage another processor (“Suba sub-processor”).
2. The Data Processor data processor shall therefore not engage another Subprocessor (sub-processor processor) for the fulfilment of the Terms Clauses without the prior general written authorisation of the Data Controllerdata controller.
3. The Data Processor data processor has the Data Controllerdata controller’s general authorisation for the engagement of Subsub-pro- cessorsprocessors. The Data Processor data processor shall inform in writing the Data Controller data controller of any intended changes con- cerning concerning the addition or replacement of Subsub-processors upon at least 7 days in advance, thereby giving a minimum of two (2) weeks’ notice and thereby give the Data Controller data controller the opportunity to object to such changes prior to the engage- ment engagement of the concerned Subsub-processor(s). The Data Processor’s notification to the Data Controller of any intended changes concerning the addition or replacement of Sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated in Appendix B.*.
4. Where the Data Processor data processor engages a Subsub-processor for carrying out specific processing activities on behalf of the Data Controllerdata controller, the same data protection obligations as set out in the Terms Clauses shall be imposed on that Subsub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the Terms Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. The Data Processor is therefore responsible for requiring that the Sub-processors at least comply with the obligations to which the Data Processor is subject pursuant to the Terms and the GDPR.
6. A copy of such a Subsub-processor agreement and subsequent amendments must shall – at the Data Control- lerdata controller’s request – be submitted to the Data Controllerdata controller, thereby giving the Data Controller data controller the opportunity to ensure that the same data protection obligations as set out in the Terms Clauses are imposed on the Sub- sub-processor. Terms Clauses on business-business related issues that do not affect the legal data protection content of the Subsub-processor agreement, is shall not required to be submitted require submission to the Data Controllerdata controller.
76. The Data Processor data processor shall agree a third-party beneficiary clause with the Subsub-processor where – in the event of bankruptcy of the Data Processor, data processor – the Data Controller data controller shall be a third-party beneficiary to the Subsub-processor agreement and shall have the right to enforce the agreement against the Subsub-proces- sor processor engaged by the Data Processor, e.g. enabling the Data Controller to instruct the Sub-processor to delete or return the personal data.
8. If a Sub-processor does not fulfil its data protection obligations, the Data Processor remains fully liable towards the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.,
Appears in 1 contract
Samples: Data Processor Agreement
Use of sub-processors. 1. The Data Processor must data processor shall meet the requirements specified in Article 28(2) and (4) of the GDPR in order to engage another processor (“Suba sub-processor”).
2. The Data Processor data processor shall therefore not engage another Subprocessor (sub-processor processor) for the fulfilment of the Terms Clauses without the prior general specific written authorisation approval of the Data Controllerdata controller.
3. The Data Processor has data processor may only engage sub-processors with the Data Controllerdata controller’s general authorisation for the engagement of Sub-pro- cessorsprior specific written approval. The Data Processor data processor shall inform apply in writing for a specific ap- proval at least 90 days ahead of the Data Controller employment of any intended changes con- cerning the addition or replacement sub-processor in question. The list of Subsub-processors upon giving a minimum of two (2) weeks’ notice and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s). The Data Processor’s notification to the Data Controller of any intended changes concerning the addition or replacement of Sub-processors, as well as the list of Sub-processors authorised already approved by the Data Controller are regulated data controller can be found in Appendix B.
4. Where the Data Processor data processor engages a Subsub-processor for carrying out specific processing pro- cessing activities on behalf of the Data Controllerdata controller, the same data protection obligations as set out in the Terms Clauses shall be imposed on that Subsub-processor by way of a contract or other legal act under EU or Member State law, in particular providing sufficient guarantees to implement for the sub-processor’s implementation of appropriate technical and organisational or- ganisational measures in such a manner that the processing will meet the requirements require- ments of the Terms Clauses and the GDPR. The data processor shall therefore be responsible for requiring that the sub-processor at least complies with the obligations to which the data processor is subject pursuant to the Clauses and the GDPR.
5. The Data Processor is therefore responsible for requiring that the Sub-processors at least comply with the obligations to which the Data Processor is subject pursuant to the Terms and the GDPR.
6. A copy of such a Subsub-processor agreement and subsequent amendments must shall – at the Data Control- lerdata controller’s request – be submitted to the Data Controllerdata controller, thereby giving the Data Controller data controller the opportunity to ensure that the same data protection obligations as set out in the Terms Clauses are imposed on the Sub- sub-processor. Terms Clauses on business-business related issues that do not affect the legal data protection content of the Subsub-processor agreementagree- ment, is shall not required to be submitted to the Data Controllerdata controller.
76. The Data Processor data processor shall agree to a third-party beneficiary clause with the Subsub-processor pro- cessor where – in the event of bankruptcy of the Data Processor, data processor – the Data Controller data controller shall be a third-party beneficiary to the Subsub-processor agreement and shall have the right to enforce the agreement against the Subsub-proces- sor processor engaged by the Data Processordata pro- cessor, e.g. enabling the Data Controller to instruct the Sub-processor to delete or return the personal data.
8. If a Sub-processor does not fulfil its data protection obligations, the Data Processor remains fully liable towards the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.e.
Appears in 1 contract
Samples: Standard Contractual Clauses
Use of sub-processors. 1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”processo Processor).
2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-other data processors upon giving a minimum of two (2) weeks’ notice and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub-processors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub-processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data da protection obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act document under EU law or Member State lawthe national law of the Mem States, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the th processing will meet meets the requirements of the Terms and the GDPRGeneral Data Protection Regulation.
57. The Data Processor is shall therefore be responsible – on the basis of a sub-processor agreement – for requiring that the Subsub-processors processor at least comply with the obligations to which t the Data Processor is subject pursuant to the Terms and the GDPR.
6. A copy of such a Sub-processor agreement and subsequent amendments must at the Data Control- ler’s request be submitted to the Data Controller, thereby giving the Data Controller the opportunity to ensure that the same data protection obligations as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues that do not affect the legal data protection content requirements of the Sub-processor agreement, is not required to be submitted to the General Data Controller.
7. The Protection Regulation and this Data Processor shall agree a third-party beneficiary clause with the Sub-processor where in the event of bankruptcy of the Data Processor, the Data Controller shall be a third-party beneficiary to the Sub-processor agreement Processing Agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling the Data Controller to instruct the Sub-processor to delete or return the personal dataits associated Appendices.
8. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of obligati the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors.
1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR in order General Data Protection Regulation to engage another processor (“Sub-processor”Processor).
2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller of any intended planned changes con- cerning the addition regarding additions to or replacement of Sub-other data processors upon giving a minimum of two (2) weeks’ notice and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub-pro- cessors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub-processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data protection protec- tion obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract con- tract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub-Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPR.
5General Data Protection Regulation. The Data Processor is shall therefore be responsible – based on a sub-processor agreement – for requiring that the Subsub-processors processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms requirements of the General Data Protection Regula- tion and the GDPRthis Data Processing Agreement and its associated Appendices.
67. A copy of such a Subsub-processor agreement and subsequent amendments must shall – at the Data Control- lerController’s request – be submitted to the Data Controller, Controller who will thereby giving have the Data Controller the opportunity op- portunity to ensure that a valid agreement has been entered between the same data protection obligations Data Processor and the Sub-Processor. Commercial terms and conditions, such as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues pricing, that do not affect the legal data protection content of the Subsub-processor agreement, is shall not required to be submitted require sub- mission to the Data Controller.
78. The Data Processor shall agree a third-party beneficiary clause in his agreement with the Sub-processor where Processor include the Data Control- ler as a third party in the event of the bankruptcy of the Data Processor, Processor to enable the Data Controller shall be a third-party beneficiary to assume the Data Processor’s rights and invoke these as regards the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data ProcessorPro- cessor, e.g. enabling so that the Data Controller is able to instruct the Sub-processor Processor to delete perform the erasure or return the personal of data.
89. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards about the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Sub- Processor, including the Sub- processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Processor).
2. The Data Processor shall therefore not engage another Sub-processor for the fulfilment of the Terms without the prior general written authorisation of the Data Controller.
3. The Data Processor has the Data Controller’s general authorisation consent for the engagement of Sub-pro- cessorsProcessors. The Data Processor shall shall, if the Data Controller has in advance explic- itly requested the Data Processor to do so, inform in writing the Data Controller of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-processors upon giving a minimum of two (2) weeks’ notice Processors, and thereby give the Data Controller the opportunity to object to such changes changes. Such notification shall be submitted to the Data Controller a minimum of 1 month prior to the engage- ment of the concerned Sub-processor(s)Processors or amendments coming into force. If the Data Controller should object to the changes, the Data Controller shall notify the Data Processor of this within 7 days of receipt of the notification. The Data Processor’s notification Controller shall only object if the Data Controller has reasonable and specific grounds for such refusal and must in that case document those grounds in writing to the Data Controller Processor.
3. The Data Processor has made available a list of any intended changes concerning the addition or replacement of currently used Sub-processorsProcessors in the FAQ section of the Data Processor's website. By agreeing to this Data Processing Agreement, as well as the list of Sub-processors authorised by the Data Controller are regulated in Appendix B.
4. Where agrees to the Data Processor engages a Sub-processor for carrying out specific processing activities Processor's use of the Sub- Processors specified in this list on behalf the date of the Data Controller's signature of this Data Processing Agreement.
4. When the Data Processor has the Data Controller’s authorisation to use a Sub- Processor, the Data Processor shall ensure that the Sub-Processor is subject to the same data protection obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act agreement under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub- Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPR.
5General Data Protection Regulation. The Data Processor is shall therefore be responsible – on the basis of a Sub-Processor agreement – for requiring that the Sub-processors Processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms requirements of the General Data Protection Regulation and the GDPRthis Data Processing Agreement.
65. A copy of such a Sub-processor agreement and subsequent amendments must at the Data Control- ler’s request be submitted to the Data Controller, thereby giving the Data Controller the opportunity to ensure that the same data protection obligations as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues that do not affect the legal data protection content of If the Sub-processor agreement, is not required to be submitted to the Data Controller.
7. The Data Processor shall agree a third-party beneficiary clause with the Sub-processor where in the event of bankruptcy of the Data Processor, the Data Controller shall be a third-party beneficiary to the Sub-processor agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling the Data Controller to instruct the Sub-processor to delete or return the personal data.
8. If a Sub-processor does not fulfil its his data protection obligations, the Data Processor remains fully shall remain liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.
Appears in 1 contract
Samples: Data Processing Agreement
Use of sub-processors. 1. The Data Processor must shall meet the requirements specified in Article 28(2) 28, sub-section 2 and (4) , of the GDPR General Data Protection Regulation in order to engage another processor (“Sub-processor”Processor).
2. The Data Processor shall therefore not engage another processor (Sub-processor Processor) for the fulfilment of the Terms this Data Processing Agreement without the prior specific or general written authorisation consent of the Data Controller.
3. The Data Processor has In the Data Controller’s event of general authorisation for written consent, the engagement of Sub-pro- cessors. The Data Processor shall inform in writing the Data Controller of any intended planned changes con- cerning the addition with regard to additions to or replacement of Sub-other data processors upon giving a minimum of two (2) weeks’ notice and thereby give the Data Controller the opportunity to object to such changes prior to the engage- ment of the concerned Sub-processor(s)changes.
4. The Data Controller’s requirements for the Data Processor’s notification engagement of other sub-processors shall be specified in Appendix B to this Data Processing Agreement.
5. The Data Controller’s consent to the Data Controller engagement of any intended changes concerning the addition or replacement of Subspecific sub-processors, as well as the list of Sub-processors authorised by the Data Controller are regulated if applicable, shall be specified in Appendix B.B to this Data Processing Agreement.
46. Where When the Data Processor engages a Sub-processor for carrying out specific processing activities on behalf of has the Data Controller’s authorisation to use a sub-processor, the Data Processor shall ensure that the Sub- Processor is subject to the same data protection obligations as set out those specified in this Data Processing Agreement on the Terms shall be imposed on that Sub-processor by way basis of a contract or other legal act document under EU law or the national law of the Member State lawStates, in particular providing sufficient the necessary guarantees to that the Sub- Processor will implement the appropriate technical and organisational measures in such a manner way that the processing will meet meets the requirements of the Terms and the GDPRGeneral Data Protection Regulation.
57. The Data Processor is shall therefore be responsible – on the basis of a sub-processor agreement – for requiring that the Subsub-processors processor at least comply with the obligations to which the Data Processor is subject pursuant to the Terms and the GDPR.
6. A copy of such a Sub-processor agreement and subsequent amendments must at the Data Control- ler’s request be submitted to the Data Controller, thereby giving the Data Controller the opportunity to ensure that the same data protection obligations as set out in the Terms are imposed on the Sub- processor. Terms on business-related issues that do not affect the legal data protection content requirements of the Sub-processor agreement, is not required to be submitted to the General Data Controller.
7. The Protection Regulation and this Data Processor shall agree a third-party beneficiary clause with the Sub-processor where in the event of bankruptcy of the Data Processor, the Data Controller shall be a third-party beneficiary to the Sub-processor agreement Processing Agreement and shall have the right to enforce the agreement against the Sub-proces- sor engaged by the Data Processor, e.g. enabling the Data Controller to instruct the Sub-processor to delete or return the personal dataits associated Appendices.
8. If a the Sub-processor Processor does not fulfil its his data protection obligations, the Data Processor remains shall remain fully liable towards to the Data Controller as regards the fulfilment of the obligations of the Sub-processor. This does not affect the rights of the Data Subjects under the GDPR – in particular those foreseen in Articles 79 and 82 GDPR – against the Data Controller and the Data Processor, including the Sub- processor.
Appears in 1 contract
Samples: Data Processing Agreement
