Processor’s Obligations Sample Clauses

Processor’s Obligations. Except where expressly permitted by Article 28 (3)(a) GDPR, Processor shall process data subjects’ Data only within the scope of the Agreement and the instructions issued by Controller. Where Processor believes that an instruction would be in breach of applicable law, Processor shall notify Controller of such belief without undue delay. Processor shall be entitled to suspend performance on such instruction until Controller confirms or modifies such instruction. Processor shall, within Processor’s scope of responsibility, organize Processor’s internal organization so it satisfies the specific requirements of data protection. Processor shall implement technical and organizational measures to ensure the adequate protection of Controller’s Data, which measures shall fulfil the requirements of the GDPR and specifically its Article 32. Processor shall implement technical and organizational measures and safeguards that ensure ongoing confidentiality, integrity, availability and resilience of processing systems and services and shall implement a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. Controller is familiar with these technical and organizational measures, and it shall be Controller’s responsibility that such measures ensure a level of security appropriate to the risk. The parties agree to refer to the existing certification of Processor by Kiwa International Cert GmbH in accordance with DIN ISO/IEC 27001:2015 which is considered sufficient evidence for these purposes by Controller and which is available on the website of Processor (xxx.xxxxxxx.xxx). Processor reserves the right to modify the measures and safeguards implemented, provided, however, that that the level of security shall not be less protective than initially agreed upon. Processor shall support Controller, insofar as is agreed upon by the parties, and where possible for Processor, in fulfilling data subjects’ requests and claims, as detailed in chapter III of the GDPR and in fulfilling the obligations enumerated in Articles 33 to 36 GDPR. Processor shall ensure that all employees involved in Contract Processing of Controller’s Data and other such persons as may be involved in Contract Processing within Processor’s scope of responsibility shall only do so within the scope of the instructions. Furthermore, Processor shall ensure that any person entitled to process Data on behalf of Co...

Processor’s Obligations. 4.1. As a Processor, Zivver must comply with its obligations under the Agreement, this Data Processing Agreement and Applicable Law. 4.2. Processor shall (a) act in accordance with the written instructions of Controller; (b) refrain from Processing the Personal Data for its own purposes; and (c) only Process the Personal Data to the extent necessary for the performance of the activities of Processor pursuant to the Agreement; unless a European or Member State law applicable to Processor obliges him to act differently and Processor informs Controller thereof without undue delay in accordance with Article 4.5 (ii). 4.3. If, during the term of this Data Processing Agreement, Processor receives a request from a Data Subject regarding his/her Personal Data pursuant to Chapter III of the GDPR, Processor shall refer the Data Subject to Controller without undue delay. Controller is at all times responsible for answering such requests. Processor shall provide the assistance reasonably required by Controller in order to enable Controller to fulfill its obligations with regard to responsing to requests from Data Subjects to exercise their rights. 4.4. Processor shall provide the assistance required by Controller in its capacity as Processor to enable Controller to perform a Data Protection Impact Assessment and a possible subsequent prior consultation from a Supervisory Authority. 4.5. Processor shall inform Controller without undue delay in the following cases: (i) a European or Member State law applicable to Processor prevents Processor from complying with the written instructions from Controller, unless such legislation prohibits Processor from providing such information; (ii) Processor holds the opinion that an instruction from Controller infringes Applicable Law. 4.6. Upon termination of the Agreement or, if earlier, after the end of the delivery of Processing Activities, Processor shall return all Personal Data to Controller in a common format and/or delete all copies of such Personal Data, at the discretion of Controller, unless a European or Member State law applicable to Processor prohibits Processor to return or delete Personal Data. 4.7. Processor may charge reasonable costs for providing assistance to Controller with complying with its obligations under Applicable Law.

Processor’s Obligations. 2.1. The Processor shall warrant compliance with the applicable laws and regulations, including laws and regulations governing the protection of Personal Data, such as the GDPR. 2.2. The Processor shall furnish the Controller promptly on request with details regarding the measures it has adopted to comply with its obligations under this Data Processing Agreement and the GDPR. 2.3. The Processor’s obligations arising under the terms of this Data Processing Agreement apply also to whomsoever processes Personal Data under the Processor’s instructions.

Processor’s Obligations. 5.1 The Processor processes personal data in accordance with the Applicable Data Protection Law. 5.2 The Processor processes personal data only on instructions from the Controller and only in accordance with the instructions as well as any other purposes agreed between the Parties in writing. The processing of personal data shall be performed in accordance with good data processing practices. 5.3 The Processor is obliged to store personal data on behalf of the Controller and in accordance with its instructions throughout the duration of the Customer Agreement, unless the Controller instructs the Processor to store the personal data for a longer period. 5.4 At the expiry of the contract period of the Customer Agreement and at the Controller’s option, the Processor shall 1) erase or 2) return to the Controller all personal data and remove existing copies. The Processor shall erase personal data from all IT systems within 30 days, when so instructed by the Controller and future storage no longer serves a legitimate purpose. 5.5 The Processor trains and instructs employees in confidential processing of personal data and ensures that processing is done solely in accordance with the purposes of the DPA and the Controller’s instructions. The Processor ensures that their employees have committed themselves to confidentiality with respect to all personal data and treat personal data accordingly. 5.6 The Processor has the duty to establish, implement and maintain, organisational, administrative and IT technical security measures that prevent personal data from accidentally or illegally being destroyed or lost, deteriorate or be disclosed to unauthorised persons, abused or otherwise processed in violation of the law. The Processor shall give instructions that place responsibility for, and describe processing and erasure of, personal data and operation of IT equipment. At the Controller’s request, the Processor shall provide the Controller with information adequate to check whether the mentioned technical and organisational security measures are implemented. 5.7 The Processor shall, to the extent possible and taking into account the nature of the processing, assist the Controller in complying with the Controller's obligation to respond to Data Subjects’ exercise of their rights in accordance with chapter 3 of the General Data Protection Regulation. The Controller is responsible for direct communication with the Data Subjects. The Controller shall put its request for t...

Processor’s Obligations. 2.1. The Processor shall warrant compliance with the applicable laws and regulations, including laws and regulations governing the protection of personal data, such as the AVG. 2.2. The Processor shall furnish the Controller promptly on request with details regarding the measures it has adopted to comply with its obligations under this Data Processing Agreement and the AVG. 2.3. The Processor’s obligations arising under the terms of this Data Processing Agreement apply also to whomsoever processes personal data under the Processor’s instructions.

Processor’s Obligations. PROCESSOR shall create CUSTOMER files and debit said files for the amount of the applicable transaction. All file information submitted by CUSTOMER on a given day shall constitute a “batch.” PROCESSOR shall transmit the batch to the ODFI for processing and shall credit its account for the aggregate amount of the batch transaction information until final settlement occurs.

Processor’s Obligations. 4.1 Technical and organisational security measures 4.1.1 The Processor is responsible for implementing necessary (a) technical and (b) organisational measures to ensure an appropriate security level. The measures must be implemented with due regard to the current state of the art, costs of implementation and the nature, scope, context and purposes of the processing and the risk of varying likelihood and severity to the rights and freedoms of natural persons. The Processor shall take the category of personal data described in appendix 1 into consideration in the determination of such measures. 4.1.2 The Processor shall implement the suitable technical and organisational measures in such a manner that the processing by the Processor of personal data meets the requirements of the personal data regulation in force from time to time.

Processor’s Obligations. 4.1 The Processor may collect, process or use Personal Data only within the scope of this DPA. 4.2 The Processor confirms that it shall process Personal Data on behalf of the Controller in accordance with the documented instructions of the Controller. 4.3 The Processor shall promptly inform the Controller, if in the Processor’s opinion, any of the instructions regarding the processing of Personal Data provided by the Controller, breach Data Protection Law. 4.4 The Processor shall ensure that all employees, agents, officers and contractors involved in the handling of Personal Data: (i) are aware of the confidential nature of the Personal Data and are contractually bound to keep the Personal Data confidential; (ii) have received appropriate training on their responsibilities as a data processor; and (iii) are bound by the terms of this DPA. 4.5 The Processor shall implement appropriate technical and organisational measures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. 4.6 The Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security, account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed. 4.7 The technical and organisational measures detailed in Exhibit B shall at all times be adhered to as a minimum security standard. The Controller accepts and agrees that the technical and organisational measures are subject to development and review and that the Processor may use alternative suitable measures to those detail...

Processor’s Obligations. In addition to compliance with the provisions of this Agreement, each Party has to comply with statutory obligations set forth in the GDPR. In particular, Processor has to make sure his compliance with the following issues: 2.2.1. Written appointment of a data protection officer, if required by law. The following person has been appointed as Processor’s data protection officer: Xxx Xxxxxxx, with email address xxxxxxx.xxx@xxxxxxxxxxxxx.xxx. Any changes with regard to the appointment of a data protection officer and the latter´s contact details must be communicated to Controller in a timely manner. 2.2.2. Confidentiality pursuant to the GDPR is guaranteed. Processor confirms that any staff has been obliged to maintain confidentiality in written. Such obligation shall be designed to outlast the termination of this Agreement. 2.2.3. Processor undertakes to implement and comply with all technical and organizational measures required for the Order in accordance with the GDPR [see Appendix I for details]. 2.2.4. Concerning the performance of their duties under applicable data protection regulations, Controller and Processor will cooperate upon request of the supervisory authority. 2.2.5. Processor undertakes to control his internal processes as well as the technical and organizational measures on a regular basis in order to ensure that any processing within his responsibility is performed according to the requirements of the applicable rules on data protection and ensure that the protection of the rights of data subjects is guaranteed at any time. 2.2.6. Unless Processor is obliged to data processing by European Union law or by local laws to which Processor is subject (e.g. investigations by law enforcement unitsor authorities), Processor will only process Controller’s personal data in accordance with contractually specified conditions and Controller‘s specific individual instructions. In such a case, Processor shall inform Controller of these legal requirements prior to processing, unless the law prohibits such communication because of an important public interest or further legal reason Processor is obliged to comply with. Processor shall not process data for any other purposes and is not entitled to forward them to third parties. Processor shall inform Controller if he considers an instruction as violating applicable law in a timely manner. Processor may suspend the execution of the instruction only until it has been confirmed or changed by Controller’s author...

Processor’s Obligations. 9.1. The Processor shall: a) Process User’s Data only on documented instructions from the User; b) Ensure that persons authorized to Process User’s Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Processor shall regularly train those persons to whom it grants access to User’s Data on IT security and privacy law compliance. The undertaking to data secrecy shall continue after the termination of this Agreement; c) Implement appropriate technical and organizational security measures to ensure a level of security appropriate to User’s Data; d) Ensure that any natural person acting under the authority of the Processor who has access to the Personal Data does not process them except on instructions from the User; e) Assist the User in compliance with User’s obligations under Art. 32 to 36 of the GDPR; f) Make available to the User all information necessary to demonstrate compliance with Processor’s obligations under the Agreement, the Data Protection Law, and allow for and contribute to audits, including inspections, conducted by the User or another auditor mandated by the User; g) Appoint a data protection officer if it is legally obliged to do so or, if it is not obliged to do so, a contact person for data protection issues; h) Provide the User, upon request in writing, with the name and contact details of its data protection officer or the contact person for data protection issues; i) Monitor the Processing by way of regular reviews concerning the performance of and compliance with this Agreement, the Terms, and the applicable Data Protection Law; j) At User’s written request, reasonably support the User in dealing with requests from individual Data Subjects and/or a supervisory authority with respect to the Processing of Personal Data hereunder; k) Assist the User with the implementation of appropriate technical and organizational measures in order to respond to applications by the Data Subjects for the exercise of their rights (in particular, Art. 13 to 23 of the GDPR); l) Provide at minimum the information set out in Art. 33(3) of the GDPR in the case of a Personal Data breach; m) Communicate information to the Data Subjects after a Personal Data breach, in particular pursuant to Art. 34 of the GDPR; and n) Conduct prior (i.e. before the start of the processing) data protection impact assessments pursuant to Art. 35 of the GDPR and, if necessary, consult with a supervisory authority...