Common use of Controller Responsibility Clause in Contracts

Controller Responsibility. 3.1. Within the scope of the Agreement and in its use of the Subscription Services, Customer shall be solely responsible for complying with all of its obligation as set out in the Data Protection Laws, including ensuring compliance with the principles relating to the Processing of Personal Data as laid down in Article 5 of the GDPR and in particular regarding the disclosure and transfer of Personal Data to Findmyshift. For the avoidance of doubt, Customer’s Instructions for the Processing of Personal Data shall comply with Data Protection Laws. 3.2. The Customer is solely responsible for determining the purposes of the Processing and is responsible for establishing the documented instructions according to which Findmyshift has the right to process Personal Data during the term of the DPA. This DPA is to be considered as a complete Instruction by Customer to Findmyshift in relation to the Processing of Personal Data under the Agreement and the DPA. Any additional Instructions outside the scope of the DPA shall require prior written agreement between the Parties. Other Instructions may be specified in the Agreement and may, from time to time thereafter, be amended, amplified or replaced by Customer in separate Instructions. 3.3. Customer shall inform Findmyshift without undue delay and comprehensively about any errors or irregularities related to provisions on the Processing of Personal Data or related to the Customer Data communicated to Findmyshift. 3.4. If necessary, the Customer introduces Technical and Organisational Measures, and will continue to introduce them, to protect Personal Data from accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. These measures must ensure an adequate level of protection, taking into account the state of the art, the costs of the implementation of the measures and risks associated with the Processing. If Findmyshift is required to take such Technical and Organisational Measures, the Customer must check and approve these Technical and Organisational Measures before Processing starts (see clause 4.2).

Controller Responsibility. 3.1. Within the scope of the Agreement and in its use of the Subscription Services, Customer shall be solely responsible for complying with all of its obligation as set out in the Data Protection Laws, including ensuring compliance with the principles relating to the Processing of Personal Data as laid down in Article 5 of the GDPR and in particular regarding the disclosure and transfer of Personal Data to Findmyshift. For the avoidance of doubt, Customer▇▇▇▇▇▇▇▇’s Instructions for the Processing of Personal Data shall comply with Data Protection Laws. 3.2. The Customer is solely responsible for determining the purposes of the Processing and is responsible for establishing the documented instructions according to which Findmyshift has the right to process Personal Data during the term of the DPA. This DPA is to be considered as a complete Instruction by Customer to Findmyshift in relation to the Processing of Personal Data under the Agreement and the DPA. Any additional Instructions outside the scope of the DPA shall require prior written agreement between the Parties. Other Instructions may be specified in the Agreement and may, from time to time thereafter, be amended, amplified or replaced by Customer in separate Instructions. 3.3. Customer shall inform Findmyshift without undue delay and comprehensively about any errors or irregularities related to provisions on the Processing of Personal Data or related to the Customer Data communicated to Findmyshift. 3.4. If necessary, the Customer introduces Technical and Organisational Measures, and will continue to introduce them, to protect Personal Data from accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access. These measures must ensure an adequate level of protection, taking into account the state of the art, the costs of the implementation of the measures and risks associated with the Processing. If Findmyshift is required to take such Technical and Organisational Measures, the Customer must check and approve these Technical and Organisational Measures before Processing starts (see clause 4.2).