Common use of Controller Responsibilities Clause in Contracts

Controller Responsibilities. Data Protection Impact Assessment: The Customer as Controller is responsible for performing risk and impact assessments with respect to Personal Data it submits to InterVision pursuant to Articles 35 and 36 of the GDPR. Accordingly, the Customer is responsible for determining the appropriate technical and administrative controls required to mitigate risks identified and comply with applicable Data Protection Laws. Compliance with Data Protection Law: Within the scope of this DPA, the Agreement and its use of the services, Customer as Controller shall be solely responsible for complying with the statutory requirements related to data protection and privacy, particularly regarding the disclosure and transfer of Personal Data to InterVision for the Processing of Personal Data. The Customer’s instructions to InterVision for the Processing of Personal Data shall comply with the applicable Data Protection Law. Processing Instructions: Additional instructions outside the scope of this DPA will require prior written agreement between the parties as additional charges may apply. Instructions shall initially be specified in the Agreement and may thereafter be amended, amplified, or replaced by the Customer as a Change or addendum to the original Agreement. Customer is responsible that all of its instructions are lawful and the Processing of Personal Data in accordance with such instructions will not violate applicable Data Protection Laws. Information Security: The Customer as Controller is responsible for validating the integrity, completeness, and accuracy of Personal Data it submits to InterVision. Transfers of data outside of InterVision’s hosted environment may require unencrypted communications. The content of communications (including sender and recipient addresses) sent through email or messaging services may not be encrypted. Controller determines the suitability of communication and transfer protocols for Personal Data it submits to InterVision. Controller opts to use unencrypted file transfer protocols or email to transmit Personal Data to InterVision as Processor, the Customer as Controller is solely responsible for its decision. a. The Customer is responsible for the security policies, procedures, and configuration settings for its operating systems and applications environments housed on InterVision’s hosted platforms, including but not limited to, password configuration settings, auditing settings, operating server settings, and application settings. b. The Customer is responsible for the encryption of Personal Data stored within its operating system and application environments housed on InterVision’s hosted platforms. c. The Customer is responsible for reviewing and updating authorized contact lists provided to InterVision on a regular basis to ensure lists are complete and accurate and unauthorized parties are promptly removed. d. The Customer is responsible for managing access of its users of Personal Data Processing systems managed by InterVision and promptly notifying InterVision of user terminations. e. The Customer is responsible for vetting and approving change requests made to Personal Data Processing systems managed by InterVision. f. The Customer is responsible for requesting Processing of Personal Data from Data Subjects residing within the United States. Supervisory Authorities: The Customer is responsible for communication, consultation, and reporting with Supervisory Authorities as required under Data Protection Law. Retrieval of Personal Data: Personal Data owned by the Customer will be deleted by InterVision upon termination of the Agreement. The Customer is responsible for communicating, in writing, alternative directives regarding the retention, archive, or transfer of Personal Data. As with other changes to Data Processing Instructions, additional instructions for the disposition of Customer’s data are outside the scope of this DPA will require prior written agreement between the parties as additional charges may apply.