Processing of Controller Personal Data. 3.1 When acting as a Data Processor in relation to Personal Data provided by the Customer acting as a Data Controller, TagoIO shall: 3.1.1 not Process the Personal Data or disclose Personal Data other than in accordance with this DPA unless required by EU or Member State law to which TagoIO is subject, in which case, TagoIO shall to the extent permitted by such law inform the Customer of that legal requirement before the relevant Processing of that Personal Data; 3.1.2 implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and shall take all measures required pursuant to Article 32 GDPR in relation to the Processing of Personal Data, taking account of the risks that are presented by Processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise Processed; 3.1.3 provide controls that can be used by the Customer to retrieve or delete Personal Data to assist in connection with obligations relating to requests from Data Subjects to exercise their rights unders applicable Data Protection Laws (“Data Subject Requests''). And when needed, assist the Customer in the Customer's obligation to respond to these communications, provided that the Customer shall reimburse TagoIO in full for all costs reasonably and properly incurred by TagoIO performing its obligations under this clause
Appears in 2 contracts
Sources: Data Processing Agreement, Data Processing Agreement