Obligations of the Processor. 3.1 The Processor undertakes to carry out Data Processing exclusively on the basis of documented instructions from the Controller. If the Processor considers an instruction of the Controller to be unlawful, the Processor shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the Controller.
3.2 The Processor shall be obliged to treat confidentially any personal data of which it becomes aware in connection with the Data Processing. The Processor shall impose a confidentiality obligation on all persons authorized by it to process the data, unless they are already subject to a statutory duty of confidentiality. The obligation of confidentiality and non-disclosure shall continue to apply after termination of this DPA.
3.3 The Processor shall take all necessary technical and organizational measures within the meaning of Art. 32 of the GDPR. These technical and organizational measures are data security measures to ensure a level of protection appropriate to the risk with regard to confidentiality, integrity, availability and the resilience of the systems. They shall take into account the state of the art, the costs of implementation and the nature, scope and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. The technical and organizational measures taken by the Processor are available at xxxxx://xxxx.xx/en/legal in the current version.
3.4 The Processor shall, where possible, support the Controller with appropriate technical and organizational measures to enable the Controller to comply with the data subject rights under Chapter III of the GDPR within the legal time limits and shall provide the Controller with the necessary information to do so upon the Controller's request, provided that the Processor has such information. If a subject submits a request to the Processor to exercise the data subject rights, the Processor shall be obliged to forward the request to the Controller if the request relates to Data Processing by the Controller.
3.5 The Processor shall support the Controller in the performance of the obligations incumbent upon the Controller pursuant to Art. 32 to 36 of the GDPR, which shall include, but not be limited to, the implementation of security measures, the notification of data protection breaches and, where applicable, the preparation of a data protection impact assessment.
3.6 The Processor shall delete...
Obligations of the Processor. (1) The processor is obliged to maintain strict confidentiality during processing and shall process personal data only as contractually agreed or as instructed by the controller, unless the processor is required by law to carry out a specific processing activity. If such obligations exist for the processor, the processor shall notify the controller thereof prior to processing, unless such notification is prohibited by law. Furthermore, the processor shall not use the data provided for processing for any other purpose, in particular for his own purposes.
(2) The processor assures that the persons employed by him for processing have been made familiar with the relevant provisions of data protection and this Agreement prior to commencement of processing. Appropriate training and awareness-raising measures shall be repeated at regular intervals. The processor shall ensure that persons assigned to data processing activities are instructed and monitored appropriately on an ongoing basis with regard to the fulfilment of data protection requirements as well as the provisions resulting from this Agreement, such as the controller’s authority to issue directives and purpose limitation.
(3) Persons who may gain knowledge of the data processed on behalf of the controller must commit in writing to maintain confidentiality, unless they are already legally subject to a relevant confidentiality obligation.
(4) The processor confirms that he is aware of the relevant general data protection regulations. He shall comply with the principles of proper data processing and ensure proper data processing by means of ongoing monitoring and regular checks.
(5) In connection with the commissioned data processing, the processor shall assist the controller in drawing up and updating the record of data processing activities and in carrying out the data protection impact assessment. All necessary information and documentation shall be provided and forwarded to the controller upon request.
(6) If the controller is subject to an inspection by supervisory authorities or other bodies, or if data subjects claim rights against him, the processor is obliged to support the controller to the extent necessary, as far as the data processing activities carried out by the processor are concerned.
(7) The processor shall inform the controller of inspections carried out by or on behalf of supervisory authorities for data protection without delay.
(8) The processor shall not provide information to third ...
Obligations of the Processor. 1. The Processor shall, and shall ensure that each of its employees, approved Subprocessors and any other individual acting under its authority who has access to the Data:
a. process Data in accordance with the terms of this Agreement, Appendix GDPR or any other written instructions of the Controller, and only to the extent and in the manner necessary to provide Services, and for no other purpose(s). In the event Applicable Data Protection Law requires Processor to process in a manner not expressly authorized by this Agreement or the Controller’s written instructions, the Processor shall promptly inform the Controller of the applicable legal requirement before processing, unless prohibited from doing so on important public interest grounds, consistent with Applicable Data Protection Law;
b. keep the Data confidential and ensure that any person authorized to process the Data for or on behalf of the Processor (including but not limited to any Processor employees and staff and approved Subprocessors) has agreed to keep the Data confidential, or is otherwise under a statutory obligation to protect the confidentiality of the Data; and
c. upon reasonable request from the Controller, provide an up-to-date copy of the Data in the format requested by the Controller.
2. In carrying out its obligations under the Agreement and this Appendix GDPR, Processor agrees to comply with all applicable state, federal and laws of other countries or jurisdictions (including, but not limited to, Applicable Data Protection Law), as well as industry best practices, governing the collection, access, use, disclosure, safeguarding and destruction of Data.
3. In accordance with Applicable Data Protection Law, and taking into consideration the state of the art, costs of implementation and the nature, scope, context and purposes of processing the Data pursuant to this Agreement, as well as the risks to the rights and freedoms of natural persons and the risks to processing the Data, the Processor represents and warrants that it has implemented appropriate technical and organizational security measures appropriate to such risks, including, as appropriate: (i) the pseudonymisation and encryption of the Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
Obligations of the Processor. 6.1 The Processor shall:
6.1.1 process the Personal Data only on documented instructions from the Controller;
6.1.2 ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
6.1.3 take all measures required pursuant to Article 32 of the GDPR, namely to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to the rights and freedoms of natural persons including, as a minimum, the measures set out in Schedule 2 of this Agreement;
6.1.4 respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another Processor, namely that the Processor may not engage another Processor (Sub-Processor) without the prior authorisation of the Controller. Those Sub-Processors that are authorised by the Controller at the date of this agreement are listed in Schedule 3. In cases where another Processor is engaged, the Sub-Processor must be subject to the same contractual terms as described in this Agreement;
6.1.5 assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR;
6.1.6 assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, relating to security of Processing, Personal Data Breaches and data protection impact assessments;
6.1.7 at the choice of the Controller, delete or return all the Personal Data to the Controller after the end of the provision of services relating to Processing, and delete existing copies unless applicable law requires storage of the Personal Data;
6.1.8 make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller;
Obligations of the Processor. 6.1 The Processor undertakes to only perform the Processing in accordance with this Agreement and the Instructions and to comply with the Data Protection Legislation. The Processor also undertakes to stay informed of currently applicable laws and regulations in this area.
6.2 The Processor shall take measures to protect the Personal Data against all kinds of Processing that is not in compliance with this Agreement, the Instructions and the Data Protection Legislation.
6.3 The Processor undertakes to ensure that all natural persons who work under its supervision comply with this Agreement and the Instructions, and that these natural persons are informed about relevant legislation.
6.4 At the request of the Controller, the Processor shall assist the former in ensuring compliance with the obligations pursuant to Articles 32–36 of GDPR, and shall respond to requests regarding the exercise of Data Subjects’ rights pursuant to Chapter III of GDPR, taking into consideration the type of Processing and the information available to the Processor.
6.5 In the event that the Processor finds the Instructions to be unclear, in violation of the Data Protection Legislation or non-existent, and the Processor is of the opinion that new or supplementary Instructions are necessary in order to fulfil its undertakings, the Processor shall inform the Controller of this without delay, temporarily suspend the Processing and await new Instructions.
6.6 In the event the Controller provided the Processor with new or amended Instructions, the Processor shall inform the Controller, without undue delay after receiving them, whether the implementation of the new Instructions will entail any changed costs for the Processor.
Obligations of the Processor. The Processor shall make sure that all processing of Personal Data is conducted in accordance with relevant provisions of any applicable Data Protection Legislation. The Processor specifically undertakes that it shall process Personal Data only in accordance with the Agreement and in accordance with the Controller’s instructions (including the instructions attached hereto in Schedule 1). The Processor shall immediately notify the Controller if, in its opinion, any instructions implies a breach of Data Protection Legislation. However, the Processor shall not be obliged to verify whether any instruction given by the Controller complies with Data Protection Legislation. The Processor shall ensure that its personnel engaged in the processing of Personal Data are informed of the confidential nature of the Personal Data, have received appropriate training on their responsibilities and are subject to obligations of confidentiality during the persons’ engagement with the Controller. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to protect the Personal Data that is Processed on behalf of the Controller. A description of the Processor’s security principles and measures is listed in schedule 2 of this DPA. Taking into account the nature of the processing, the Processor shall assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller’s obligation to respond to requests for exercising the Data Subject’s rights laid down in Chapter III of the GDPR. The Processor shall notify the Controller without undue delay, and no later than 24 hours, after becoming aware of a personal data breach. Taking into account the nature of processing and the information available to the Processor, the Processor shall provide reasonable assistance to the Controller as may be necessary to satisfy any notification obligations required under Articles 33 or 34 of the GDPR related to any Personal Data Breach. The Processor shall, at the choice of the Controller, delete or return all the Personal Data to the Controller after the end of the provision of services relating to Processing, and deletes existin...
Obligations of the Processor. 5.1. The Processor undertakes to:
5.1.1. Process the Processed Data for the sole purpose of performing the Services, subject to the limits and in the manner provided for by the Agreement between Controller and Processor for the provision of such Services, this DPA and the Data Protection Law, and in strict compliance with the written instructions given by the Controller, and shall immediately inform in writing the Controller should it deem that any of the aforesaid instructions is in breach of the Data Protection Law or, in general, of any applicable law;
5.1.2. Process exclusively the Processed Data that is strictly necessary for correctly and fully performing the Service or meeting the obligations provided for by Data Protection Law or other applicable law;
5.1.3. Process the Processed Data lawfully, fairly and in full compliance with the principles applicable to data processing, with the requirements laid down by the Data Protection Law and the information on the processing of the Processed Data provided to the relevant data subjects by the Controller;
5.1.4. Assist and cooperate, within a reasonable manner, with the Controller whenever required under the processing of the Processed Data, namely if it suspects of any data breach that could undermine the availability, integrity, privacy and/or security of the Processed Data;
5.1.5. Inform the Controller of any restriction required to the processing of any Processed Data, regardless if required by a Data Subject or instructed by a relevant data protection supervisory authority, unless if prohibited by law;
5.1.6. Keep the Controller up to date about the Processed Data or any other relevant information, namely about any notification or request for information from a relevant data supervisory authority;
5.1.7. Cooperate with and assist the Controller in the response to any notifications from a supervisory authority in connection with the Processed Data, including, without limitation, the provision of supporting documentation to be submitted to the relevant supervisory authority as evidence that the Processor is legally bound by the terms of this DPA;
5.1.8. Provide to the Controller, upon request, all the information in its possession or control referring to the processing of the Processed Data under this DPA, namely for the latter to assess whether such processing is carried out in accordance with this DPA.
5.1.9. Disclose the information reasonably required by the Controller for the performance of privacy...
Obligations of the Processor. The Processor will
3.1. With regard to the processing referred to in article 2 (Processing Objectives), the Processor will ensure compliance with the applicable laws and regulations, including in all cases the laws and regulation in the area of data protection such as the General Data Protection Regulation. Processing will only take place in order to use (various) applications offered by Processor for the performance of the Agreement, and those purposes that are determined with further consent.
3.2. Processor follows all the instructions of the Reponsible within a reasonable period. Instructions are generally given in writing, unless the urgency or other specific circumstances require a different (for example oral or electronic) form. Non-written instructions must be confirmed in writing by the Responsible immediately. Insofar as the execution of an instruction leads to costs for the Processor, the Responsible will first inform the Client of these costs. Only after the Responsible has confirmed that the costs for the execution of an instruction are for his account, the Processor will carry out that instruction.
3.3. Notify the information immediately if the Processor can not comply with instructions from the Responsible for any reason;
3.4. The processor takes all technical and organizational security measures that are required from it under the GDPR and in particular pursuant to Article 32 of the GDPR.
3.5. The Processor shall ensure that persons, not limited to employees, who participate in the Processing activities are bound by a confidentiality obligation with respect to the Personal Data.
3.6. Ensure that persons who have access to the Personal Data will Process Personal Data in accordance with the purposes of the Processing.
3.7. Assisting the Responsible with appropriate Technical and Organizational Measures, to the extent feasible, for compliance with the Responsible Party's obligation to respond to requests for the exercise of the data subjects' rights concerning information described in Article 8 of this Agreement of this Appendix.
3.8. Handle all questions from Responsible with regard to its Processing of the Personal Data to be processed (for example by enabling the Responsible to respond in a timely manner to complaints or requests from Parties) and comply with the advice of the Supervisory Authority regarding the Processing of the data transmitted ;
3.9. Assist the Responsible with a Data Protection Impact Assessment as required by Article 35...
Obligations of the Processor. (1) The Processor confirms that it is aware of the relevant data protection regulations. The Processor will organize its internal procedures in such a way that it meets the special requirements of data protection.
(2) The Processor provides adequate guarantees that appropriate technical and organizational measures are in place to ensure that the processing complies with the data protection rules and the rights of the data subject.
(3) The Processor warrants that it will familiarize the personnel involved in the performance of the work with the applicable data protection provisions and that persons authorized to process the personal data are bound by confidentiality or are subject to an appropriate statutory confidentiality obligation. It monitors compliance with data protection regulations.
(4) The Processor may access personal data of the Controller for purposes of data processing on behalf only if this is indispensable for processing the data.
(5) If required by law, the Processor will appoint a data protection officer. The contact details of the data protection officer will be communicated to the Controller to enable direct contact.
(6) The Processor may process the personal data provided to it exclusively in the territory of the Federal Republic of Germany or in a member state of the European Union. Processing personal data in a third country requires the Controller's prior approval and may only be done when the special legal requirements are complied with.
(7) The Processor shall support the Controller with appropriate technical and organizational measures to enable the Controller to fulfil its existing obligations towards the data subject, e.g. information and disclosure to the data subject, correction or deletion of data, restriction of processing or the right to data transferability and objection. The Processor shall appoint a contact person who will assist the Controller in complying with legal information and disclosure obligations arising in connection with data processing on behalf and shall inform the Controller of the contact details without delay. Insofar as the Controller is subject to special legal obligations to provide information in the event of unlawful knowledge of data, the Processor shall support the Controller in this. The Processor may only provide information to the data subject or third parties after being instructed accordingly by the Controller. If a person concerned asserts his or her rights under data protection law directly...
Obligations of the Processor. (1) The Processor confirms that he is aware of the relevant data protection regulations. The Processor’s internal operating procedures shall comply with the specific requirements of an effective data protec- tion management.
(2) The Processor warrants and undertakes that all employees involved in the data processing proce- dures are familiar with the relevant data protection regulations. The Processor assures that those employees are bound to maintain confidentiality, and are subject to an adequate legal obligation of secrecy. The Processor shall monitor compliance with the applicable data protection regulations.
(3) The Processor may only access the Controller’s personal data if it is necessary for the purposes of carrying out the data processing.
(4) The Processor has appointed a Data Protection Officer. The Processor’s Data Protection Officer’s contact details are to be shared with the Controller for the purposes of making direct contact.
(5) The Processor supports the Controller to ensure that the Controller can fulfill his obligations to re- spond to requests for exercising the data subject's rights, e.g. the right of information of the data subject, the rectification and erasure of data, the restriction of processing, data portability and the right to object. The Processor will nominate a contact person who will support the Controller in the fulfillment of legal obligations to grant information in connect with the data processing, and will share this person’s contact details with the Controller. Insofar as adjustments of IT systems, other changes or services are required within the scope of this support, which go beyond the scope owed by the contracts of the parties, the parties shall agree on the implementation and their commercial frame- work conditions. Information may only be given to data subjects or to third parties with the prior instruction of the Controller. If a data subject exercises their data protection law rights upon the Pro- cessor, the Processor shall forward this request to the Controller.