Scope and Responsibility. (1) The Processor processes Personal Data on behalf of the Controller and performs services on behalf of the Controller in accordance with the Contract. This includes activities that are specified in the Contract, this DPA and in the specifications. Within the scope of this contract, the Controller is solely responsible for compliance with the statutory provisions of the data protection laws, in particular for the legality of the data transfer to the Processor and for the lawfulness of the data processing, (2) When providing services, the Processor collects, uses or otherwise process Personal Data within the meaning of the Data Protection Laws and Regulations for which the Controller is responsible as provided under the said Data Protection Laws. (3) This DPA regulates the data protection obligations of the Parties when processing Personal Data of the Controller, under the Contract and shall ensure that such processing will only take place on behalf of and under the instructions of the Controller and in accordance with the Data Protection Laws, including but not limited to Article 28 of the GDPR. (4) The instructions are initially determined by the Contract and can then be amended, supplemented, or replaced by the Controller in written form or in an electronic format (text form) to the body designated by the Processor by individual instructions. Instructions that are not provided for in the contract are treated as an application for a change in performance. Verbal instructions must be confirmed immediately in writing or in text form.
Appears in 3 contracts
Sources: Data Processing Agreement, Data Processing Agreement, Data Processing Agreement