Common use of The Data Processors Obligations Clause in Contracts

The Data Processors Obligations. 3.1 The Data Processor may only process the personal data transferred by the Data Con- troller in accordance with the Data Controllers instructions and is also obliged to comply with the personal data law currently in force. The Data Processor must take the necessary technical and organizational security measures, including additional measures that might be necessary preventing that the personal data listed in paragraph 1.2 accidentally or illegally are destroyed, lost or deteriorated and preventing that the personal data is known to unauthorized persons, exploited or is processed in violation of the Personal Data Legislation. The Data Processor is thus obliged to - introduce log-in and password procedures and set up and maintain a firewall and anti-virus software; - ensure that only employees with employment related purposes have access to the personal data; - ensure that the employees involved in processing personal data have committed themselves to confidentiality or are subject to statutory professional secrecy; - store data storage media properly so that they are not available to third parties; - ensure that buildings and systems used for data processing are safe and that only high-quality hardware and software are being used, which is continuously being updated; - ensure that samples and waste material are destroyed in accordance with the requirements for data protection complying further instructions from the Data Controller. In special cases, as determined by the Data Controller, said samples and waste material must be stored or returned; - ensure that employees receive appropriate training, adequate instructions and guidelines for processing personal data. The Data Processor is committed to en- suring that the employees involved in the processing of personal data are familiar with the safety requirements. 3.2 If the Data Processor processes personal data in another EU/EEA member country, the Data Processor must comply with the legislation on security measures in that member country. 3.3 The Data Processor is required to immediately inform the Data Controller of opera- tional malfunctions, suspected breach of data protection rules or other irregularities relating to the processing of personal data. In case of security breach, the Data Pro- cessor must notify the Data Controller immediately and no later than 72 hours after the security breach has been discovered. The Data Processor must, at the request of the Data Controller, assist the Data Controller regarding the security breach, includ- ing any notification to the Data Protection Authority and/or registered persons. 3.4 At the Data Controllers request, the Data Processor must provide the Data Controller with sufficient information to ensure that the Data Processor has taken the necessary technical and organizational security measures. 3.5 If the Data Processor or another data processor who has received information, re- ceives a request for access to registered personal data from a registered or his/her agent, or a registrant objects to the processing of his/hers registered personal data, the Data Processor must immediately send such request and/or objection to the Data Controller for further process by the Data Controller unless the Data Processor is entitled to handle such inquiries himself/herself. The Data Processor must at the re- quest of the Data Controller assist the Data Controller in relation to answering the request and/or the objection.

The Data Processors Obligations. 3.1 The Data Processor may only process the personal data transferred by the Data Con- troller Controller in accordance with the Data Controllers instructions and is also obliged to comply with the personal data law currently in force. The Data Processor must take the necessary technical and organizational security measures, including additional measures that might be necessary preventing that the personal per- ▇▇▇▇▇ data listed in paragraph 1.2 accidentally or illegally are destroyed, lost or deteriorated deterio- rated and preventing that the personal data is known to unauthorized persons, exploited or is processed in violation of the Personal Data Legislation. The Data Processor is thus obliged to - introduce log-in and password procedures and set up and maintain a firewall and anti-anti- virus software; - ensure that only employees with employment related purposes have access to the personal data; - ensure that the employees involved in processing personal data have committed themselves them- selves to confidentiality or are subject to statutory professional secrecy; - store data storage media properly so that they are not available to third parties; - ensure that buildings and systems used for data processing are safe and that only high-high- quality hardware and software are being used, which is continuously being updated; - ensure that samples and waste material are destroyed in accordance with the requirements require- ments for data protection complying further instructions from the Data Controller. In special cases, as determined by the Data Controller, said samples and waste material must be stored or returned; - ensure that employees receive appropriate training, adequate instructions and guidelines guide- lines for processing personal data. The Data Processor is committed to en- suring ensuring that the employees involved in the processing of personal data are familiar with the safety requirements. 3.2 If the Data Processor processes personal data in another EU/EEA member country, the Data Processor must comply with the legislation on security measures in that member country. As stated in Annex EU Standard Contractual Clauses. 3.3 The Data Processor is required to immediately inform the Data Controller of opera- tional operational malfunctions, suspected breach of data protection rules or other irregularities relating to the processing of personal data. In case of security breach, the Data Pro- cessor Processor must notify the Data Controller immediately and no later than 72 hours after the security breach has been discovered. The Data Processor must, at the request of the Data Controller, assist the Data Controller regarding the security breach, includ- ing including any notification to the Data Protection Protec- tion Authority and/or registered persons. 3.4 At the Data Controllers request, the Data Processor must provide the Data Controller with sufficient information to ensure that the Data Processor has taken the necessary technical and organizational security measures. 3.5 If the Data Processor or another data processor who has received information, re- ceives receives a request for access to registered personal data from a registered or his/her agent, or a registrant objects to the processing of his/hers registered personal data, the Data Processor must immediately send such request and/or objection to the Data Controller for further process by the Data Controller unless the Data Processor is entitled to handle such inquiries himself/herself. The Data Processor must at the re- quest request of the Data Controller assist the Data Controller in relation to answering the request and/or the objection.