Processing location. Processing of the personal data under the Clauses cannot be performed at other locations than the following without the data controller’s prior written authorisation: Notisum’s internet services are hosted in Microsoft azure and are therefore located on Microsoft serv- ers within the EU. Data is located at the datacentre Microsoft EU West in the Netherlands and some of the data is replicated at the datacentre Microsoft EU North in Ireland. Microsoft Azure uses sub-processors the list can be found at xxxxx://xxx.xx/Xxxxxx_Xxxx_Xxxxxxxxxx- tor_List, who provides technologies to power or provide ancillary services to certain Microsoft Online Services, or who provides contract staff. If the data controller does not in the Clauses or subsequently provide documented instructions pertain- ing to the transfer of personal data to a third country, the data processor shall not be entitled within the framework of the Clauses to perform such transfer. NAME ADDRESS DESCRIPTION OF PROCESSING LEGAL BASIS FOR THE PROCESSING Karnov Group Den- mark Microsoft West Europe (Netherlands) and Microsoft North Europe (Ireland) E-mail handling and data storage. Karnov Group Denmark uses Microsoft Azure as a sub-processor. Data is stored on servers in- side the EU and will generally not be transferred outside of the EU. Standard Con- tractual Clauses (SCC) and supple- mentary measures. The data processor shall, at the request of the data controller, submit a management statement de- claring the data processor's compliance with the data protection regulation, data protection provisions of other EU or national law and these Clauses. The data controller may request additional information in the form of a written inspection with a ques- tionnaire or using another method. In addition, the data controller or a representative of the data controller has access to carry out inspec- tions, including physical inspections, on the premises from which the data processor performs the pro- cessing of personal data, including physical premises and systems used for or in connection with the processing. Such inspections may be carried out when the data controller deems it necessary. In addition to the planned inspection, the data controller may carry out an inspection at the data pro- cessor when the data controller deems it necessary e.g., in connection with handling breaches of per- sonal data. Inspection visits can be made by relevant employees. In addition, the data controller or a representative o...
