Security of the Processing Clause Samples

Security of the Processing. 4.1 We shall implement the technical and organizational measures specified at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇.▇▇▇/terms-and-conditions/. To demonstrate adequate levels of protection, We have also obtained third-party certification and audits of Our information security and data privacy management systems , e.g. DIN ISO/IEC 27001:2015 and ISO/IEC 27701:2019. All available certificates can be found at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇.▇▇▇/trust-center/. We reserve the right to update the measures and safeguards implemented, provided, however, that the level of security shall not materially decrease during Your Subscription Term. 4.2 In assessing the appropriate level of security, We shall take into account the state of the art, the costs of implementation, the nature, scope, context and purposes of Processing and the risks involved for the Data Subjects, as well as the likelihood and likely severity of any breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to the Personal Data ("Personal Data Breach"). 4.3 Access to the Personal Data by Our personnel shall be strictly limited to those individuals who need such access to implement, manage and monitor the Services. Any personnel authorized to access the Personal Data have committed themselves to confidentiality obligations similar to the confidentiality terms of the Agreement or are under an appropriate statutory obligation of confidentiality.

Security of the Processing. Factorial shall implement and maintain appropriate technical and organisational measures to protect Client Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure, in accordance with the DPA. Such measures shall be appropriate to the harm that could result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the Client Personal Data and appropriate to the nature of the Client Personal Data to be protected. In this sense, Factorial may update the technical and organisational measures, provided that such modifications do not diminish the general level of security. If Factorial becomes aware of and confirms any accidental, unauthorised or unlawful destruction, loss, alteration, disclosure or access to your Client Personal Data ("Security Breach") that we process in the course of providing the Platform we will notify you without undue delay and in any event no later than 48 hours.

Security of the Processing. 4.1 We shall implement the technical and organizational measures specified at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇.▇▇▇/terms-and-conditions/. To demonstrate adequate levels of protection, We have also obtained third-party certification and audits of Our information security and data privacy management systems , e.g. DIN ISO/IEC 27001:2015 and hacerlo. Ud. también podrá dar instrucciones posteriores a lo largo de la duración del tratamiento de sus Datos Personales, siempre que dichas instrucciones estén dentro del alcance del Contrato y ▇▇▇▇ documentadas.

Security of the Processing. (1) The level of security shall take into account: (a) that a large amount of personal data POTENTIALLY can be subject to processing; (b) that, if the scanning session is chosen, a large amount of special and other categories of personal data POTENTIALLY can be subject to processing, and such data can have a high impact on the rights and freedoms of natural persons; (c) but it is EXPECTED that most processing activities will involve no personal data or mostly general personal data, which is why a ‘medium’ level of security must be established. (2) The Data Processor shall hereafter be entitled and under obligation to make decisions about the technical and organizational security measures that are to be applied to create the necessary (and agreed) level of data security. (3) The Data Processor shall however – in any event and at a minimum – implement the following measures. The Data Processor undertakes to ensure the following technical measures: (a) that personal data stored in the Data Processor’s files is stored and transferred in an encrypted state, with encryption-at-rest and encryption-at-transit; (b) that personal data stored in the Solution is segregated, so that the personal data and information contained in the Solution cannot be accessed by unauthorized persons; (c) that access to the Solution is controlled, and subject to access control; (d) that necessary security measures are in place to prevent and limit the execution of malware or similar code, including through ongoing updating of software, hardware and communication systems, and code validation; (e) that the Data Controller can see if the content of the Solution has been changed, and in that case, by whom; (f) that the end-users who have used the Solution have the opportunity to correct or add information to the platform themselves; (g) that the Data Controller can extract the necessary data from the solution if the Data Controller wishes to stop using the Solution. Data can be extracted in a machine-readable format by the Data Controller themselves so that the Data Controller’s and Processor’s access to special categories of personal data or confidential information is minimized. The Data Processor undertakes to ensure the following organizational measures: (a) that encrypted personal data and the encryption keys are stored separately; (b) that the personal data can be recovered following technical or physical incidents, and to have procedures in place in the form of disaster recovery and...

Security of the Processing. Within its competence under the Contract and this Agreement, the Processor is obliged, for itself and the Persons Authorized to Process Personal Data, to implement the Security Measures provided for by the Applicable Legislation, assisting the Controller in ensuring compliance therewith. The Processor, taking into account the state of the art and costs of implementation, as well as the nature, object, context and purposes of the Processing, as well as the risk of varying likelihood and severity to the rights and freedoms of natural persons, shall ensure that the Security Measures implemented are adequate to guarantee a level of security appropriate to the risk, in particular against destruction, loss, alteration, unauthorized disclosure of or access, whether accidental or unlawful, to Personal Data transmitted, stored or otherwise processed, as well as against Processing operations that are not permitted or do not comply with the purposes established by the Controller. To this end, the Processor shall apply, where applicable, the following Security Measures: a. pseudonymisation and encryption of Personal Data; b. the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the systems and services used in the Processing; c. the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident. The Processor also undertakes to prepare and keep up-to-date all the Security Measures provided for in the Contract and/or its annexes, if any, as well as any further measures that the Parties may subsequently and formally establish in writing.

Security of the Processing. Factorial shall implement and maintain appropriate technical and organisational measures to protect Client Personal Data against unauthorised or unlawful processing and against accidental

Security of the Processing. 5.1 The Beyuna Independent Sales Representative takes the technical and organisational security measures as described in Appendix 2. 5.2 The parties acknowledge that guaranteeing an appropriate level of security can constantly force additional security measures to be taken. ▇▇▇▇▇▇ Independent Sales Representative guarantees a risk-adjusted security level. 5.3 If and insofar as ▇▇▇▇▇▇ expressly requests doing so in writing, the Beyuna Independent Sales Representative will take additional measures with a view to securing the Personal Data. 5.4 To the extent that the Beyuna Independent Sales Representative processes any Personal Data protected by EU Data Protection Law under the Agreement and/or that originates from the EEA, in a country that has not been designated by the European Commission of Swiss Federal Data Protection Authority (as applicable) as providing an adequate level of protection for Personal Data, the parties acknowledge that the Beyuna Independent Sales Representative shall be deemed to provide adequate protection (within the meaning of EU Data Protection Law) for any such Personal Data by virtue of having self-certified its compliance with Privacy Shield. The Beyuna Independent Sales Representative agrees to protect such Personal Data in accordance with the requirements of the Privacy Shield Principles. If the Beyuna Independent Sales Representative is unable to comply with this requirement, the Beyuna Independent Sales Representative shall inform ▇▇▇▇▇▇. 5.5 The Beyuna Independent Sales Representative informs ▇▇▇▇▇▇ without unreasonable delay as soon as he becomes aware of unlawful Processing of Personal Data or infringements of security measures as referred to in the first and second paragraph.

Security of the Processing. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the Processing as well as the risks of varying likelihood and severity to the rights and freedoms of natural persons, Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter-alia as appropriate: (i) the pseudonymisation and encryption of the Processed Personal Data (as appropriate); (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (iii) the ability to restore the availability and access to the Processed Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the Processing. Processor is responsible for the sufficiency of the security, privacy, and confidentiality safeguards of all personnel with respect to the Processed Personal Data and liable for any failure by such personnel to meet the terms of this DPA. Processor takes reasonable steps to confirm that personnel are protecting the security, privacy and confidentiality of the Processed Personal Data consistent with the requirements of this DPA. The current security measures adopted by Processor are listed in Appendix 1, which forms an integral part of this DPA. Controller confirms that, considering the Controller’s use of Processor’s Services, it deems that such measures currently meet the requirements of the GDPR and ensure the adequate protection of the rights of the data subject. Processor shall notify Controller of any Personal Data Breach by Processor or its Sub- processors affecting the Processed Personal Data without undue delay and in any event not later than forty-eight (48) hours of becoming aware of a Personal Data Breach unless Processor is able to show that the Personal Data Breach is unlikely to result in a risk to the rights and freedoms of natural persons. Processor shall also provide Controller with full and ongoing assistance in relation to each Party’s obligations under the Data Protection Laws in accordance with any timescales reasonably required by the Controller and the Supervisory Authority concerned, when applicable.

Security of the Processing. 6.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Velsera and each Velsera Affiliate shall in relation to the Controller Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. 6.2. In assessing the appropriate level of security, Velsera and each Velsera Affiliate shall take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach 6.3. Velsera and each Velsera Affiliate shall, in relation to the Processing of Controller’s Personal Data, implement the Technical and Organizational Security Measures set out in Annex III of this DPA.