COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor ● Ireland’s Data Protection Commissioner. ANNEX II TO THE STANDARD CONTRACTUAL CLAUSES TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Webflow has a SOC 2 certification and is dedicated to the continued validation of its security program. Specifically, Webflow implements the following security measures with respect to the Personal Data:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties consistent with the conditions set forth in Clause 13. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Data importer shall implement and maintain appropriate technical and organisational measures that protect personal data in accordance with the DPSE. Pursuant to Clause 10(b), data importer will provide data exporter assistance with data subject requests in accordance with the DPSE. Supplier Data Processing Agreement (rev. 8.2021) ANNEX III Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protection Act 2018 UK Addendum to the EU Commission Standard Contractual Clauses Date of this Addendum:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE THREE: Transfer processor to processor See Section 7(b)(viii) of this DPA.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer Controller to Processor Identify the competent supervisory authority/ies in accordance with Clause 13
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13: The data exporter's competent supervisory authority will be determined in accordance with the GDPR. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Xxxx uses reasonable technical and organizational measures designed to protect the Service and Customer Content as described in the Security Policy. ANNEX III
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13 (Customer to confirm on a case-by-case basis): … TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor EXPLANATORY NOTE: The technical and organisational measures must be described in specific (and not generic) terms. See also the general comment on the first page of the Appendix, in particular on the need to clearly indicate which measures apply to each transfer/set of transfers. Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons. Please refer to Annex 3 to the DPA into which these Clauses are incorporated. For the purposes of Clause 10, the appropriate technical and organisational measures, taking into account the nature of the processing, by which the assistance in respect of data subject requests shall be provided, as well as the scope and the extent of the assistance required, is: provided via self-service functionality within the Services, which enables Customers’ users to (i) change certain Personal Data, such as name, username, email address and password; and (ii) to download an archive of certain Personal Data. The user can also contact Customer Support in the event that assistance is required in making use of this functionality. ANNEX III LIST OF SUB-PROCESSORS MODULE TWO: Transfer controller to processor EXPLANATORY NOTE:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor The supervisory authority mandated by Clause 13. If no supervisory authority is mandated by Clause 13, then the Irish Data Protection Commission (DPC), and if this is not possible, then as otherwise agreed by the parties con - sistent with the conditions set forth in Clause 13. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISA- TIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA See Exhibit A of the Addendum. ANNEX III Standard Data Protection Clauses to be issued by the Commissioner under S119A(1) Data Protec- tion Xxx 0000 UK Addendum to the EU Commission Standard Contractual Clauses Date of this Addendum:
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor MODULE THREE: Transfer processor to processor Identify the competent supervisory authority/ies in accordance with Clause 13 If the data exporter is established in an EU Member State, then that Member State’s supervisory authority will be responsible for ensuring compliance by the data exporter with GDPR as regards the data transfer and will act as competent supervisory authority in the context of this DPA.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13: Please see clause 8.2.2 of this DPA. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor As the data importer, Xxxx maintains appropriate technical and organizational measures for protection of the security, confidentiality and integrity of Personal Data uploaded to the Services, as applicable to the specific Services purchased by data exporter and any Personal Data limitations and restrictions provided in the Agreement, as described in this Annex.
COMPETENT SUPERVISORY AUTHORITY MODULE TWO. Transfer controller to processor Identify the competent supervisory authority/ies in accordance with Clause 13 The Irish Supervisory Authority - The Data Protection Commission, unless the data exporter notifies the data importer of an alternative competent supervisory authority from time to time in accordance with Section 11 of the DPA. ANNEX II TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA MODULE TWO: Transfer controller to processor Please see Schedule 2 of the DPA, which describes the technical and organizational security measures implemented by ASG.
