Obligations of the Provider. 3.1 The Provider may process personal data of data subjects only within the scope of the assignment and the documented instructions of the Customer. In the event that the Provider is obliged to process data differently as a result of national or European law, it shall inform the Customer before start of the processing, unless that law prohibits such information on important grounds of public interest. 3.2 The Provider shall set up the internal organisation of his area of responsibility in such a manner that it meets the specific requirements of data protection. The Provider shall take the technical and organisational measures described in Appendix 1 so as to ensure an adequate protection of the Customers personal data. The purpose of these measures is to ensure long-term confidentiality, integrity, availability and resilience of the systems and services in connection with the processing of personal data under commission. The Customer is informed of these technical and organisational measures. It is the Customer´s responsibility to ensure that these measures provide an adequate level of protection regarding the risks of personal data processing. 3.3 The Provider reserves the right to change the technical and organisational measures taken, but must guarantee that the level of protection agreed in the contract is not reduced. 3.4 To the best of his ability and within the scope of the services or under the contract, the Provider shall assist the Customer in dealing with requests and claims of data subjects according to chapter III of the GDPR and in respecting its obligations specified in Articles 32 to 36 GDPR. For these services, the Provider is entitled to adequate financial compensation. 3.5 The Provider warrants that its employees involved in the processing of the Customers personal data and other individuals working for the Provider are prohibited from processing such personal data outside the scope of the Customers instructions. The Provider further ensures that the individuals authorised to process personal data have signed an agreement of confidentiality or are subject to an adequate confidentiality clause. This obligation of confidentiality and secrecy shall remain in effect even beyond completion of an assignment. 3.6 The Provider shall inform the Customer without delay as soon as it becomes aware of any violation of the protection of the Customers personal data. The Provider shall take the necessary measures to safeguard personal data and to alleviate possible disadvantageous consequences for the data subject and shall consult with the Customer in that respect without delay. 3.7 The Provider is obliged to appoint a competent and reliable Data Protection Officer according to Art. 37 GDPR to the extent and as long as the statutory prerequisites for such an obligatory appointment are in force. The Customer shall be informed of the contact data of this individual for the purpose of making direct contact. If the Provider is not obliged to appoint a Data Protection Officer, it shall give the Customer the name of the contact for any questions in relation to data protection that may arise in connection with the Agreement. Contact information is available at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇/lp/privacy-statement.html. 3.8 The Provider shall ensure that its obligations according to Art. 32 (1) lit. d) GDPR are complied with and put in place a process for regular examination of the effectiveness of the technical and organisational measures to ensure the safety of processing. 3.9 The Customer is responsible for correction and erasure of personal data. The same is valid for the restriction of the processing of personal data under commission (blocking). 3.10 The personal data shall be erased at the date of completion of the respective Contract. It is up to the Customer to prepare backup copies of its personal data and to move such personal data before the end of the contract. The Provider is not obliged to hand over personal data to which the Customer has direct access. 3.11 The Provider undertakes to maintain a record of data processing activities according to Art. 30 (2)
Appears in 1 contract
Obligations of the Provider. 3.1 The Provider may process 3.1. To the extent that DSL shall be considered a processor of Controller’s customer personal data, the following clauses apply:
3.2. Any additional processing of personal data shall only be in accordance with instruction from Controller, unless an exception applies as defined in the GDPR. DSL shall promptly inform Controller if it believes that an instruction of data subjects only within the scope of the assignment and the documented instructions of the CustomerController violates applicable laws. In such cases, DSL reserves the event that the Provider is obliged right to process data differently as a result of national or European law, it shall inform the Customer before start of the processing, unless that law prohibits such information on important grounds of public interestrefuse Controller’s instructions.
3.2 The Provider 3.3. DSL shall set up the internal organisation of his area of responsibility in such a manner that it meets the specific requirements of data protection. The Provider shall take the implement technical and organisational measures described in Appendix 1 so as to protect Controller’s customer data and to ensure an adequate protection of the Customers personal data. The purpose of these measures is to ensure long-term confidentiality, integrity, availability and resilience capacity of the systems and services services. DSL shall be obliged, in connection accordance with the processing of personal data under commission. The Customer is informed of these technical and organisational measures. It is the Customer´s responsibility GDPR, to ensure that these measures provide an adequate level of protection regarding the risks of personal data processing.
3.3 The Provider reserves the right to change implement a procedure for regularly reviewing the technical and organisational measures takendesigned to ensure the security of the processing.
3.4. DSL reserves the right to alter the agreed security measures, but must guarantee provided that any such amendment ensures that the agreed level of protection agreed in the contract is shall not reducedbe materially diminished.
3.4 To the best 3.5. DSL agrees to reasonably assist Controller in respect of his ability and within the scope of the services or under the contract, the Provider shall assist the Customer in dealing with any requests and claims of data subjects according to chapter III of in accordance with the GDPR and in respecting its obligations specified in Articles 32 to 36 GDPR. For these services, the Provider is entitled to adequate financial compensation.
3.5 The Provider warrants 3.6. DSL shall ensure that its employees employees, subcontractors and affiliates who may be involved in the processing of the Customers personal Controller’s data and other individuals working for the Provider are prohibited from processing such personal data outside the scope of the Customers instructions. The Provider further ensures that the individuals authorised to process personal data have signed an agreement of confidentiality or are subject to an adequate confidentiality clause. This obligation of confidentiality and secrecy shall remain act in effect even beyond completion of an assignmentaccordance with this Agreement.
3.6 The Provider 3.7. DSL shall inform the Customer without delay as soon as it Controller promptly if DSL becomes aware of any violation of the protection of the Customers breaches which affect Controller’s personal data.
3.8. The Provider shall take the necessary measures to safeguard DSL shall, once notified in writing, inform Controller of any request for disclosure of personal data and to alleviate possible disadvantageous consequences for the data subject and shall consult with the Customer in that respect without delayby authorities, unless expressly prohibited under applicable laws.
3.7 The Provider is obliged to appoint a competent and reliable 3.9. Controller may contact the Data Protection Officer according by sending an email to Art. 37 GDPR to the extent and as long as the statutory prerequisites for such an obligatory appointment are in force. The Customer shall be informed of the contact data of this individual for the purpose of making direct contact. If the Provider is not obliged to appoint a Data Protection Officer, it shall give the Customer the name of the contact for any questions in relation to data protection that may arise in connection with the Agreement. Contact information is available at ▇▇▇▇▇://▇▇@▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇/lp/privacy-statement.html▇ .
3.8 The Provider 3.10. At termination of services and written request from the Controller, all customer data, personal or otherwise, shall ensure that its obligations according to Artbe deleted within an appropriate time, in accordance with applicable laws.
3.11. 32 (1) lit. d) GDPR are complied with and put in place In the event of a process for regular examination claim against Controller regarding any of the effectiveness of rights defined under the technical and organisational measures to ensure the safety of processing.
3.9 The Customer is responsible for correction and erasure of personal data. The same is valid for the restriction of the processing of personal data under commission (blocking).
3.10 The personal data GDPR, DSL shall be erased at the date of completion of the respective Contract. It is up provide reasonable assistance to the Customer Controller to prepare backup copies of its personal data and to move avert any such personal data before the end of the contract. The Provider is not obliged to hand over personal data to which the Customer has direct accessclaim.
3.11 The Provider undertakes to maintain a record of data processing activities according to Art. 30 (2)
Appears in 1 contract
Sources: Data Processing Agreement
Obligations of the Provider. 3.1 The Provider provider may process personal data of data subjects only within the scope of the assignment order and the documented instructions of the Customercustomer, unless there is an exceptional case in the sense of Article 28 (3) a) DS-GVO. In the event that the Provider is obliged to process data differently as a result of national or European law, it The provider shall inform the Customer before start customer without delay if it believes that an instruction violates applicable law. The provider may suspend the implementation of the processing, unless that law prohibits such information on important grounds of public interestinstruction until it has been confirmed or amended by the customer.
3.2 The Provider provider shall set up design the internal organisation of organization within his area of responsibility in such a manner way that it meets the specific special requirements of data protection. He will take technical and organizational measures for the appropriate pro- tection of the customer's data that meet the requirements of the basic data protection regulation (Art. 32 DS-GVO). The Provider provider shall take the technical and organisational organizational measures described in Appendix 1 so as to ensure an adequate protection of the Customers personal data. The purpose of these measures is to ensure long-term confidentiality, integrity, availability and resilience of the systems and services in connection with the processing of personal data under commissionin the long term. The Customer customer is informed aware of these technical and organisational measures. It organizational measures and is the Customer´s responsibility to ensure responsible for ensuring that these measures they provide an adequate level of protection regarding for the risks of personal the data processing.
3.3 to be processed. The Provider measures established by the provider are documented in a data protection declaration and are updated continuously. The provider reserves the right to change the technical and organisational security measures taken, but although it must guarantee be ensured that any security measures correspond to the state of the art and do not fall below the contractually agreed level of protection agreed in the contract is not reducedprotection.
3.4 To 3.3 If agreed, the best of his ability and provider shall support the customer within the scope of its possibilities in fulfilling the services or under the contract, the Provider shall assist the Customer in dealing with requests and claims of data subjects according to chapter affected persons in accordance with Chapter III of the GDPR DS-GVO and in respecting its complying with the obligations specified set out in Articles 32 33 to 36 GDPR. For these services, the Provider is entitled to adequate financial compensationDS-GVO.
3.5 3.4 The Provider warrants guarantees that its the employees involved in processing the processing of the Customers personal Customer's data and other individuals persons working for the Provider are prohibited from processing such personal the data outside the scope of the Customers instructionsinstruction. The Furthermore, the Provider further ensures shall ensure that the individuals authorised persons authorized to process the personal data have signed an agreement of undertaken to maintain confidentiality or are subject to an adequate confidentiality clauseappropriate statutory duty of confidentiality. This The confidentiality/discretion obligation shall continue to apply even after termination of confidentiality and secrecy shall remain in effect even beyond completion of an assignmentthe order.
3.6 3.5 The Provider provider shall inform the Customer without delay as soon as it customer immediately if he/she becomes aware of any violation violations of the protection of personal data of the Customers personal datacustomer. The Provider shall take the necessary measures to safeguard personal secure the data and to alleviate reduce the possible disadvantageous adverse consequences for of the data subject persons concerned and shall consult with the Customer in that respect without delay.
3.7 3.6 The Provider is obliged to appoint provider has appointed a competent and reliable Data Protection Officer according to Art. 37 GDPR to the extent and as long as the statutory prerequisites for such an obligatory appointment are in force. The Customer shall be informed of the contact data of this individual for the purpose of making direct contact. If the Provider is not obliged to appoint a Data Protection Officer, it shall give the Customer the name of the contact for any questions in relation to data protection that may arise in connection with officer if there is a legal obligation to do so. This can be reached by the Agreement. Contact information is available at customer via the following contact details: ▇▇▇▇▇://▇ ▇▇▇.▇▇▇▇, external data protection officer comdatis it-consulting, ▇▇▇▇▇▇▇▇ ▇▇▇ ▇, ▇▇▇▇▇ Ahaus e-mail: ▇▇▇▇▇▇▇▇▇▇▇@▇▇▇▇▇▇▇.▇▇ Phone: ▇/lp/privacy▇▇▇▇-statement.html.▇▇▇▇▇▇▇ or ▇▇▇▇-▇▇▇▇▇▇▇
3.8 3.7 The Provider shall ensure that provider guarantees to comply with its obligations according to under Art. 32 (1) Para. 1 lit. d) GDPR are complied with and put in place DS-GVO to implement a process for regular examination of procedure to regularly check the effectiveness of the technical and organisational measures to ensure the safety security of processingthe pro- cessing.
3.8 The Provider corrects or deletes the contractual data if the Customer instructs him to do so and this is covered by the scope of instructions. If a data protection-compliant deletion or a corresponding restriction of data processing is not possible, the Provider shall undertake the data protection-compliant destruction of data carriers and other materials on the basis of an individual order by the Customer or return these data carriers to the Customer, unless already agreed in the contract. In special cases, to be determined by the customer, a storage or handover will take place. Remuneration and protective measures for this are to be agreed separately, if not already agreed in the contract.
3.9 The Customer is responsible for correction and erasure of personal data. The same is valid for the restriction of the processing of personal Data, data under commission (blocking).
3.10 The personal data shall carriers as well as all other materials must either be erased surrendered or deleted at the date of completion of the respective Contract. It is up to the Customer to prepare backup copies of its personal data and to move such personal data before customer's request after the end of the contractorder. The Provider In the case of test and reject materials, an individual order is not obliged necessary. If additional costs are incurred due to hand over personal data deviating specifications for the surrender or deletion of the data, these shall be borne by the customer.
3.10 In the event of a claim against the customer by a person affected with regard to which any claims under Art. 82 DS-GVO, the Customer has direct accessprovider undertakes to support the customer in defending the claim within the scope of his possibilities.
3.11 The Provider undertakes to maintain a record provision of the contractually agreed data processing activities according takes place exclusively in a member state of the European Union or in another state that is a party to Artthe Agreement on the European Economic Area. 30 (2)Any relocation to a third country requires the prior consent of the customer.
Appears in 1 contract
Obligations of the Provider. 3.1 3.1. The Provider may process personal processes the data of data subjects only within the scope context of the assignment contractual relationship in accordance with the GTC, the Privacy Policy and the documented instructions of the Customer. In the event that the Provider is obliged to process data differently as a result of national or European law, it shall inform the Customer before start of the processingthis OPC, unless that law prohibits such information on important grounds of public interestthere is an exceptional case regulated by law.
3.2 3.2. The Provider shall set up design the internal organisation of his organization within its area of responsibility in such a manner way that it meets the specific requirements of special data protectionprotection requirements. The Provider shall take the appropriate technical and organisational organizational measures described to protect the Client’s data in Appendix 1 so as to ensure an adequate protection of accordance with the Customers personal datarespective legal requirements. The purpose of In particular, these measures is to shall continuously ensure long-term the confidentiality, integrity, availability and resilience of the systems and services in connection with the processing of personal data under commissionprocessing. The Customer Client is informed aware of these technical and organisational measures. It organizational measures and is the Customer´s responsibility to ensure responsible for ensuring that these measures they provide an adequate level of protection regarding for the risks of personal related to the data processingto be processed.
3.3 3.3. The measures taken by the Provider reserves the right to change the are specified in Annex B. The technical and organisational organizational measures takenare subject to technical progress and further development. In this respect, but must guarantee that the Provider is permitted to implement alternative adequate measures at any time. In doing so, the security level of protection contractually agreed upon in the contract is not reducedGTC must be maintained.
3.4 3.4. To the best of his ability and extent agreed, the Provider shall support the Client within the scope of its possibilities in fulfilling the services or under the contract, the Provider shall assist the Customer in dealing with requests and claims of data subjects according to chapter III of the GDPR under data protection law and in respecting its complying with the obligations specified in Articles 32 to 36 GDPRunder data protection law. For these servicesIn accordance with the GTC, the Provider is entitled to adequate financial compensationdemand an expense allowance for this support.
3.5 3.5. The Provider warrants that its employees involved in the processing of the Customers personal Client’s data and other individuals third parties working for the Provider are prohibited from processing such personal shall process the data outside exclusively within the scope context of the Customers instructions. The Provider further ensures that contractual relationship in accordance with the individuals authorised GTC, the Privacy Policy and this OPC and are obliged to process personal data have signed an agreement of confidentiality or are subject to an adequate confidentiality clause. This obligation of confidentiality and secrecy shall remain in effect even beyond completion of an assignmentmaintain confidentiality.
3.6 The 3.6. If the Provider shall inform the Customer without delay as soon as it becomes aware of any violation of the protection of the Customers personal data, it shall take reasonable measures to secure the data and to mitigate any possible adverse consequences for the data subjects. In addition, the Provider shall fully comply with the applicable legal provisions regarding the notification of data protection violations.
3.7. The Provider shall take fully comply with the necessary measures to safeguard personal applicable data and to alleviate possible disadvantageous consequences for the data subject protection provisions and shall consult with the Customer in that respect without delay.
3.7 The Provider is obliged to appoint a competent and reliable Data Protection Officer according to Art. 37 GDPR to the extent and as long as the statutory prerequisites for such an obligatory appointment are in force. The Customer shall be informed of the contact data of this individual for the purpose of making direct contact. If the Provider is not obliged to appoint a Data Protection Officer, it shall give the Customer the name of the contact for any questions in relation to data protection that may arise in connection with the Agreement. Contact information is available at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇.▇▇/lp/privacy-statement.html.
3.8 The Provider shall ensure that its obligations according to Art. 32 (1) lit. d) GDPR are complied with and put in place a process for regular examination of regularly review the effectiveness of the technical and organisational organizational measures to ensure the safety security of the processing.
3.9 The Customer is responsible for correction and erasure of personal data. The same is valid for the restriction of the processing of personal data under commission (blocking).
3.10 The personal data shall be erased at the date of completion of the respective Contract. It is up to the Customer to prepare backup copies of its personal data and to move such personal data before the end of the contract3.8. The Provider is not obliged to hand over shall process and store personal data to which for as long as the Customer has direct access.
3.11 contractual relationship between the Provider and the Client exists. The Provider undertakes shall rectify or erase the contractual data if the Client instructs it to maintain a record do so and if this is covered by the scope of the instructions. This provision shall not apply to data that is required for further processing activities according due to Artlegal regulations or for compelling internal purposes. 30 (2)The release of the data and the corresponding remuneration is regulated in the GTC.
Appears in 1 contract
Sources: Order Processing Contract
Obligations of the Provider. 3.1 3.1. The Provider may process personal data of data subjects only within the scope of the assignment and the documented instructions of the Customer. In the event that the Provider is obliged to process data differently as a result of national nation- al or European law, it shall inform the Customer before start of the processing, unless that law prohibits such information on important grounds of public interest.. BOSCH und die Bildmarke sind registrierte ▇▇▇▇▇▇ der ▇▇▇▇▇▇ ▇▇▇▇▇ ▇▇▇▇, Deutschland
3.2 3.2. The Provider shall set up the internal organisation of his area of responsibility in such a manner that it meets the specific requirements of data protection. The Provider shall take the technical and organisational measures described in Appendix 1 so as to ensure an adequate protection of the Customers personal data. The purpose of these measures is to ensure long-term confidentiality, integrity, availability and resilience of the systems and services in connection with the processing of personal data under commission. The Customer is informed of these technical and organisational measures. It is the Customer´s responsibility to ensure that these measures provide an adequate level of protection regarding the risks of personal data processing.
3.3 3.3. The Provider reserves the right to change the technical and organisational measures taken, but must guarantee that the level of protection agreed in the contract is not reduced.
3.4 3.4. To the best of his ability and within the scope of the services or under the contract, the Provider shall assist the Customer in dealing with requests and claims of data subjects according to chapter III of the GDPR and in respecting its obligations specified in Articles 32 to 36 GDPR. For these services, the Provider is entitled to adequate financial compensation.
3.5 3.5. The Provider warrants that its employees involved in the processing of the Customers personal data and other individuals working for the Provider are prohibited from processing such personal data outside the scope of the Customers instructions. The Provider further ensures that the individuals authorised to process personal data have signed an agreement of confidentiality or are subject to an adequate confidentiality clause. This obligation of confidentiality and secrecy shall remain in effect even beyond completion of an assignment.
3.6 3.6. The Provider shall inform the Customer without delay as soon as it becomes aware of any violation of the protection of the Customers personal data. The Provider shall take the necessary measures to safeguard personal data and to alleviate possible disadvantageous consequences for the data subject and shall consult with the Customer in that respect without delay.
3.7 3.7. The Provider is obliged to appoint a competent and reliable Data Protection Officer according to Art. 37 GDPR to the extent and as long as the statutory prerequisites for such an obligatory appointment are in force. The Customer shall be informed of the contact data of this individual for the purpose of making direct contact. If the Provider is not obliged to appoint a Data Protection Officer, it shall give the Customer the name of the contact for any questions in relation to data protection that may arise in connection with the Agreement. Contact information is available at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇- ▇▇.▇▇/lp▇/privacy▇▇/▇▇▇▇▇▇▇-statement.html▇▇▇▇▇▇▇▇▇.▇▇▇▇.
3.8 3.8. The Provider shall ensure that its obligations according to Art. 32 (1) lit. d) GDPR are complied with and put in place a process for regular examination of the effectiveness of the technical and organisational measures to ensure the safety of processing.
3.9 3.9. The Customer is responsible for correction and erasure of personal data. The same is valid for the restriction of the processing of personal data under commission (blocking).
3.10 3.10. The personal data shall be erased at the date of completion of the respective Contract. It is up to the Customer to prepare backup copies of its personal data and to move such personal data before the end of the contract. The Provider is not obliged to hand over personal data to which the Customer has direct access.
3.11 3.11. The Provider undertakes to maintain a record of data processing activities according to Art. 30 (2)) GDPR.
Appears in 1 contract
Sources: Data Processing Agreement