Processor Agreement. (1) Contractor and client are both obligated to undertake to act back and forth in accourdance with the legislation on the protection of personal data. (2) Contractor has no control over personal data that the client has made available. Without necessity, with the nature of the assignment given by the customer, explicit permission from the client or legal obligation, the contractor will not provide the data to third parties or process them for other purposes than for the agreed purposes. (3) Contractor will take appropriate technical and organizational measures to protect the client's personal data against loss or any form of unlawful processing. (4) Protection Authority will first give the controller a binding instruction before the Data Protection Authority can impose an administrative fine. The controller will inform the Contractor immediately of this binding instruction. Contractor will do everything that can reasonably be expected of him to make compliance possible. If the Contractor does not do what can be reasonably demanded of it, resulting in a fine, or if the Data Protection Authority imposes a fine immediately because there is intent or gross negligent negligence on the part of the Contractor, then the applicable limitation of liability as mentioned in article 11 applies. (5) Contractor is responsible for damage in the context of personal data due to acts or omissions of the subprocessor where the liability limitation from article 11 applies. Contractor is not liable in case of force majeure on the part of the subprocessor. (6) Contractor can engage third parties (sub-processors) to carry out certain activities. If the Contractor engages Third Parties, the Contractor will impose these Third Parties (in writing) on all obligations arising from the agreement with the Client. (7) Contractor will only process the Personal Data within the European Economic Area.
Appears in 2 contracts