COMPETENT SUPERVISORY AUTHORITY MODULE TWO Sample Clauses
The 'Competent Supervisory Authority Module Two' clause designates which regulatory authority is responsible for overseeing and enforcing compliance with data protection obligations under the agreement. In practice, this clause identifies the specific data protection authority relevant to the parties, often based on the location of the data exporter or the main establishment of the data controller within the European Economic Area. By clearly assigning supervisory responsibility, the clause ensures that any disputes, investigations, or enforcement actions are directed to the appropriate authority, thereby providing legal certainty and streamlining regulatory oversight.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE TWO: Transfer controller to processor
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE TWO: Transfer controller to processor Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018 UK Addendum to the EU Commission Standard Contractual Clauses Date of this Addendum:
1. The Clauses are dated as of the same date as the Addendum.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE TWO: Transfer controller to processor
1. Data Center Security
a. Webflow infrastructure is managed via Amazon Web Services’ ISO 27001 certified data centers, and hosted in multiple regions and availability zones.
b. All database servers are isolated inside virtual private networks, and accessible only by key personnel via multi-factor authentication.
c. All access to production environments is logged, and access can be immediately revoked.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor LIST OF SUB-PROCESSORS MODULE TWO: Transfer controller to processor
1). The controller has authorised the use of the following sub-processors:
1. Name: Address: Contact person’s name, position and contact details: Description of processing (including a clear delimitation of responsibilities in case several sub-processors are authorised): 2. …
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE THREE: Transfer processor to processor See Section 7(b)(viii) of this DPA.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Competent supervisory authority/ies in accordance with Clause 13: Commission nationale de l'informatique et des libertés (CNIL)
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Irish Data Protection Commissioner TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Upflex Security Plan
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE THREE: Transfer processor to processor The member state of the Customer. MODULE TWO: Transfer controller to processor MODULE THREE: Transfer processor to processor Measures of encryption of personal data Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident Measures for user identification and authorisation Measures for the protection of data during transmission Measures for the protection of data during storage Measures for ensuring physical security of locations at which personal data are processed Measures for ensuring events logging Measures for ensuring system configuration Measures for security management & assurance Penetration Testing Measures for ensuring data minimisation & limited data retention Measures for allowing data portability and ensuring erasure Additional Safeguards - Measures and assurances regarding U.S. government surveillance
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Standard Contractual Clauses
(a) Subject to Section 8.2 of this DPA, where the transfer of Customer Personal Data to Company is a Restricted Transfer and GDPR or the Swiss DPA require that appropriate safeguards are put in place, the transfer shall be governed by the EU SCCs as follows:
(i) Module Two (Transfer Controller to Processor) will apply;
(ii) in Clause 7 (Docking Clause), the optional docking clause will apply;
(iii) in Clause 9 (Use of Subprocessors), Option 2 will apply, and the time period for prior notice of subprocessor changes shall be as set out in Clause 3.2 of this DPA;
(iv) in Clause 11 (Redress), the optional language to permit data subjects to lodge complaints with an independent dispute resolution body will not apply;
(v) in Clause 17 (Governing Law), Option 1 will apply, and the EU SCCs will be governed by Dutch law;
(vi) in Clause 18(b) (Choice of forum and jurisdiction), disputes shall be resolved before the courts of Amsterdam, the Netherlands; and
(b) where the transfer of Customer Personal Data to Company is a Restricted Transfer and UK GDPR requires that appropriate safeguards are put in place, the UK SCCs will apply in accordance with paragraph (a) above.