Common use of The Obligations of the Parties Clause in Contracts

The Obligations of the Parties. 1. When processing the personal data, the Processor is obliged to apply any technical and organizational means ensuring the protection of the processed data, and the Processor should in particular protect the data against any unauthorized access, loss, damage, or destruction. In order to fulfill the obligation referred to in the preceding sentence, the Processor is obliged to keep documentation describing the method of data processing, including in particular a register of the categories of personal data processing. 2. The Processor is not authorized to transfer personal data to third parties, with the exception of persons cooperating with or working for the Processor. For the avoidance of doubt, the Parties agree that, on behalf of the Processor, the entrusted personal data may only be processed by persons who have previously obtained a written authorization from them. The Processor is obliged to enter each authorization, or its withdrawal, into the "Records of persons authorized to process personal data" kept by them. 3. The Processor is obliged to collect from its employees or associates, with the help of whom they will implement the subject of this Agreement, as well as of the Services Agreement, the statements on the obligation to keep the entrusted personal data confidential. The Processor undertakes to present the statements referred to in the preceding sentence at each request of the Entrusting Entity. 4. The Processor is obliged to train their employees or associates in the methods of securing the processed data referred to in this Agreement. 5. In the event of a breach of the protection of the entrusted personal data, the Processor is obliged to report it immediately, not later than within 24 hours from receiving such information, to the Entrusting Entity, taking into account the provisions of art. 33 of the GDPR.

The Obligations of the Parties. 1. When processing the personal data, the Processor is obliged to apply any technical and organizational means ensuring necessary to ensure the protection of the processed data, and the Processor should in particular protect the data against any unauthorized access, loss, damage, or destruction. In order to fulfill the obligation referred to in the preceding sentence, the Processor is obliged to keep maintain documentation describing the method of data processing, including in particular a register of the categories of personal data processing. 2. The Processor is not authorized to transfer personal data to third parties, with the exception of persons cooperating with or working for the Processor. For the avoidance of doubt, the Parties agree that, on behalf of the Processor, the entrusted personal data may only be processed by persons who have previously obtained a written authorization from themthe Processor. The Processor is obliged to enter each authorization, or its withdrawal, into the "Records of persons authorized to process personal data" document kept by them. 3. The Processor is obliged to collect from its employees each employee or associatesassociate, with the help of whom they will implement the subject of this Agreement, as well as of the Services Agreement, the statements on the obligation a statement that obligates them to keep the entrusted personal data confidential. The Processor undertakes to must present the statements referred to in the preceding sentence at each request of if requested by the Entrusting Entity. 4. The Processor is obliged to train their employees or associates in the methods of securing the processed data referred to in this Agreement. 5. In the event of a breach of the protection of the entrusted personal data, the Processor is obliged to report it immediately, not no later than within 24 hours from after receiving such information, to the Entrusting Entity, taking into account the provisions of art. 33 of the GDPR.