Obligations of the Processor Sample Clauses

Obligations of the Processor. 3.1 The Processor undertakes to carry out Data Processing exclusively on the basis of documented instructions from the Controller. If the Processor considers an instruction of the Controller to be unlawful, the Processor shall be entitled to suspend the implementation of the relevant instruction until it is confirmed or amended by the Controller. 3.2 The Processor shall be obliged to treat confidentially any personal data of which it becomes aware in connection with the Data Processing. The Processor shall impose a confidentiality obligation on all persons authorized by it to process the data, unless they are already subject to a statutory duty of confidentiality. The obligation of confidentiality and non-disclosure shall continue to apply after termination of this DPA. 3.3 The Processor shall take all necessary technical and organizational measures within the meaning of Art. 32 of the GDPR. These technical and organizational measures are data security measures to ensure a level of protection appropriate to the risk with regard to confidentiality, integrity, availability and the resilience of the systems. They shall take into account the state of the art, the costs of implementation and the nature, scope and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons. The technical and organizational measures taken by the Processor are available at ▇▇▇▇▇://▇▇▇▇.▇▇/en/legal in the current version. 3.4 The Processor shall, where possible, support the Controller with appropriate technical and organizational measures to enable the Controller to comply with the data subject rights under Chapter III of the GDPR within the legal time limits and shall provide the Controller with the necessary information to do so upon the Controller's request, provided that the Processor has such information. If a subject submits a request to the Processor to exercise the data subject rights, the Processor shall be obliged to forward the request to the Controller if the request relates to Data Processing by the Controller. 3.5 The Processor shall support the Controller in the performance of the obligations incumbent upon the Controller pursuant to Art. 32 to 36 of the GDPR, which shall include, but not be limited to, the implementation of security measures, the notification of data protection breaches and, where applicable, the preparation of a data protection impact assessment. 3.6 The Processor shall delete...

Obligations of the Processor. 6.1 The Processor shall: 6.1.1 process the Personal Data only on documented instructions from the Controller; 6.1.2 ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; 6.1.3 take all measures required pursuant to Article 32 of the GDPR, namely to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk to the rights and freedoms of natural persons including, as a minimum, the measures set out in Schedule 2 of this Agreement; 6.1.4 respect the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another Processor, namely that the Processor may not engage another Processor (Sub-Processor) without the prior authorisation of the Controller. Those Sub-Processors that are authorised by the Controller at the date of this agreement are listed in Schedule 3. In cases where another Processor is engaged, the Sub-Processor must be subject to the same contractual terms as described in this Agreement; 6.1.5 assist the Controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR; 6.1.6 assist the Controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, relating to security of Processing, Personal Data Breaches and data protection impact assessments; 6.1.7 at the choice of the Controller, delete or return all the Personal Data to the Controller after the end of the provision of services relating to Processing, and delete existing copies unless applicable law requires storage of the Personal Data; 6.1.8 make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in Article 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by the Controller or another auditor mandated by the Controller;

Obligations of the Processor. 1. The Processor shall, and shall ensure that each of its employees, approved Subprocessors and any other individual acting under its authority who has access to the Data: a. process Data in accordance with the terms of this Agreement, Appendix GDPR or any other written instructions of the Controller, and only to the extent and in the manner necessary to provide Services, and for no other purpose(s). In the event Applicable Data Protection Law requires Processor to process in a manner not expressly authorized by this Agreement or the Controller’s written instructions, the Processor shall promptly inform the Controller of the applicable legal requirement before processing, unless prohibited from doing so on important public interest grounds, consistent with Applicable Data Protection Law; b. keep the Data confidential and ensure that any person authorized to process the Data for or on behalf of the Processor (including but not limited to any Processor employees and staff and approved Subprocessors) has agreed to keep the Data confidential, or is otherwise under a statutory obligation to protect the confidentiality of the Data; and c. upon reasonable request from the Controller, provide an up-to-date copy of the Data in the format requested by the Controller. 2. In carrying out its obligations under the Agreement and this Appendix GDPR, Processor agrees to comply with all applicable state, federal and laws of other countries or jurisdictions (including, but not limited to, Applicable Data Protection Law), as well as industry best practices, governing the collection, access, use, disclosure, safeguarding and destruction of Data. 3. In accordance with Applicable Data Protection Law, and taking into consideration the state of the art, costs of implementation and the nature, scope, context and purposes of processing the Data pursuant to this Agreement, as well as the risks to the rights and freedoms of natural persons and the risks to processing the Data, the Processor represents and warrants that it has implemented appropriate technical and organizational security measures appropriate to such risks, including, as appropriate: (i) the pseudonymisation and encryption of the Data; (ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

Obligations of the Processor. 5.1. The Processor undertakes to: 5.1.1. Process the Processed Data for the sole purpose of performing the Services, subject to the limits and in the manner provided for by the Agreement between Controller and Processor for the provision of such Services, this DPA and the Data Protection Law, and in strict compliance with the written instructions given by the Controller, and shall immediately inform in writing the Controller should it deem that any of the aforesaid instructions is in breach of the Data Protection Law or, in general, of any applicable law; 5.1.2. Process exclusively the Processed Data that is strictly necessary for correctly and fully performing the Service or meeting the obligations provided for by Data Protection Law or other applicable law; 5.1.3. Process the Processed Data lawfully, fairly and in full compliance with the principles applicable to data processing, with the requirements laid down by the Data Protection Law and the information on the processing of the Processed Data provided to the relevant data subjects by the Controller; 5.1.4. Assist and cooperate, within a reasonable manner, with the Controller whenever required under the processing of the Processed Data, namely if it suspects of any data breach that could undermine the availability, integrity, privacy and/or security of the Processed Data; 5.1.5. Inform the Controller of any restriction required to the processing of any Processed Data, regardless if required by a Data Subject or instructed by a relevant data protection supervisory authority, unless if prohibited by law; 5.1.6. Keep the Controller up to date about the Processed Data or any other relevant information, namely about any notification or request for information from a relevant data supervisory authority; 5.1.7. Cooperate with and assist the Controller in the response to any notifications from a supervisory authority in connection with the Processed Data, including, without limitation, the provision of supporting documentation to be submitted to the relevant supervisory authority as evidence that the Processor is legally bound by the terms of this DPA; 5.1.8. Provide to the Controller, upon request, all the information in its possession or control referring to the processing of the Processed Data under this DPA, namely for the latter to assess whether such processing is carried out in accordance with this DPA. 5.1.9. Disclose the information reasonably required by the Controller for the performance of privacy...

Obligations of the Processor. 6.1 The Processor undertakes to only perform the Processing in accordance with this Agreement and the Instructions and to comply with the Data Protection Legislation. The Processor also undertakes to stay informed of currently applicable laws and regulations in this area. 6.2 The Processor shall take measures to protect the Personal Data against all kinds of Processing that is not in compliance with this Agreement, the Instructions and the Data Protection Legislation. 6.3 The Processor undertakes to ensure that all natural persons who work under its supervision comply with this Agreement and the Instructions, and that these natural persons are informed about relevant legislation. 6.4 At the request of the Controller, the Processor shall assist the former in ensuring compliance with the obligations pursuant to Articles 32–36 of GDPR, and shall respond to requests regarding the exercise of Data Subjects’ rights pursuant to Chapter III of GDPR, taking into consideration the type of Processing and the information available to the Processor. 6.5 In the event that the Processor finds the Instructions to be unclear, in violation of the Data Protection Legislation or non-existent, and the Processor is of the opinion that new or supplementary Instructions are necessary in order to fulfil its undertakings, the Processor shall inform the Controller of this without delay, temporarily suspend the Processing and await new Instructions. 6.6 In the event the Controller provided the Processor with new or amended Instructions, the Processor shall inform the Controller, without undue delay after receiving them, whether the implementation of the new Instructions will entail any changed costs for the Processor.

Obligations of the Processor. The Processor agrees to: 4.1 Process the personal data only on documented instructions from the Controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by Union or Member State law to which the Processor is subject; in such a case, the processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest. 4.2 Take into account the nature of the processing, and to assist the Controller through appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the Regulation. In addition, the Processor shall: 4.2.1 Promptly notify the Controller if it receives a request from a Data Subject under any Data Protection Legislation in respect of Controller Personal Data; and 4.2.2 Ensure that the Processor does not respond to that request except on the documented instructions of Controller or as required by Data Protection Legislation to which the Processor is subject, in which case the Processor shall, to the extent permitted by Data Protection Legislation, inform the Controller of that legal requirement before the Processor responds to the request. 4.3 Take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, and the Processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. 4.4 Take account in assessing the appropriate level of security the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. 4.5 Have in place appropriate technical and organisational security measures, reviewed and approved by the Controller, to protect the personal data provided or made available by the Controller to the Processor in the context of this agreement, as required under the Data Protection Legislation. Further details, including the minimum standard of security protection, are set out in Appendix 1 of this agreement. 4.6 For the avoidance of doubt, nothing...

Obligations of the Processor. (1) The Processor may process data of affected persons only within the framework of the order and the written instructions of the Controller. The Processor informs the Controller immediately if he believes that a directive violates applicable laws. The Processor may suspend the implementation of the instructions until they have been confirmed or modified by the Controller. (2) If the Processor receives an official order to publish data of the Controller, he shall - insofar as legally permissible - inform the Controller immediately and refer the authority to the latter. Similarly, processing the data for the processor's own purposes requires a written order. (3) The Processor will, in his area of responsibility, design the in-house organization in such a way that it meets the special requirements of data protection. Technical and organizational measures shall be taken to adequately protect the data of the Controller, which meet the requirements of the General Data Protection Regulation (Art. 32 of the GDPR). The Processor shall take technical and organizational measures to ensure the confidentiality, integrity, availability and resilience of the systems and services related to the processing on a permanent basis. (4) The Controller shall be made aware of these technical and organizational measures in writing and shall be held responsible for ensuring that they provide an adequate level of protection for the risks of the data to be processed. (5) The Processor shall support the Controller as far as possible in fulfilling the inquiries and claims of data subjects in accordance with Chapter III of the GDPR (right to information, information, correction and deletion, data portability, objection and automated decision - making in individual cases) as well as to the compliance with the obligations set out in Articles 32 to 36 of the GDPR (data security measures, notification of data breaches to the supervisory authority, notification of the data subject of a data breach, data protection impact assessment, prior consultation). (6) The Processor warrants that the employees involved in the processing of the data of the Processor and other persons working for the Processor shall be prohibited from processing the data out of scope of instructions passed on to them. Furthermore, the Processor guarantees that the persons authorized to process the personal data have committed themselves to confidentiality or are subject to an appropriate legal secrecy obligation. The obl...

Obligations of the Processor. The Processor will 3.1. With regard to the processing referred to in article 2 (Processing Objectives), the Processor will ensure compliance with the applicable laws and regulations, including in all cases the laws and regulation in the area of data protection such as the General Data Protection Regulation. Processing will only take place in order to use (various) applications offered by Processor for the performance of the Agreement, and those purposes that are determined with further consent. 3.2. Processor follows all the instructions of the Reponsible within a reasonable period. Instructions are generally given in writing, unless the urgency or other specific circumstances require a different (for example oral or electronic) form. Non-written instructions must be confirmed in writing by the Responsible immediately. Insofar as the execution of an instruction leads to costs for the Processor, the Responsible will first inform the Client of these costs. Only after the Responsible has confirmed that the costs for the execution of an instruction are for his account, the Processor will carry out that instruction. 3.3. Notify the information immediately if the Processor can not comply with instructions from the Responsible for any reason; 3.4. The processor takes all technical and organizational security measures that are required from it under the GDPR and in particular pursuant to Article 32 of the GDPR. 3.5. The Processor shall ensure that persons, not limited to employees, who participate in the Processing activities are bound by a confidentiality obligation with respect to the Personal Data. 3.6. Ensure that persons who have access to the Personal Data will Process Personal Data in accordance with the purposes of the Processing. 3.7. Assisting the Responsible with appropriate Technical and Organizational Measures, to the extent feasible, for compliance with the Responsible Party's obligation to respond to requests for the exercise of the data subjects' rights concerning information described in Article 8 of this Agreement of this Appendix. 3.8. Handle all questions from Responsible with regard to its Processing of the Personal Data to be processed (for example by enabling the Responsible to respond in a timely manner to complaints or requests from Parties) and comply with the advice of the Supervisory Authority regarding the Processing of the data transmitted ; 3.9. Assist the Responsible with a Data Protection Impact Assessment as required by Article 35...

Obligations of the Processor. 2.1 With regard to the processing as referred to in Article 1, the Processor will ensure compliance with the conditions set by the Wbp and the GDPR with regard to the processing of personal data by the Processor based on its role. 2.2 The Processor will inform the Controller, at the latter's request and within a reasonable term, of the measures that it has taken in order to meet its obligations pursuant to this Processing Agreement. 2.3 The Processor's obligations arising from this Processing Agreement also apply to any party processing personal data under the authority of the Processor. 2.4 Under no circumstances will the processing of data by the Processor cause the Processor's databases to be expanded with data taken from the data sets provided by the Controller, unless it concerns the data in an aggregated, non-traceable form. In such case, the Processor is allowed to use these data for its own other purposes. 2.5 The Processor will notify the Controller without delay if it feels that an instruction provided by the Controller violates the legislation referred to in paragraph 1.