{"component": "clause", "props": {"groups": [{"size": 172, "snippet": "Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage.", "snippet_links": [{"key": "persons-entitled", "type": "clause", "offset": [0, 16]}, {"key": "data-processing-systems", "type": "clause", "offset": [24, 47]}, {"key": "access-only", "type": "definition", "offset": [53, 64]}, {"key": "the-personal-data", "type": "definition", "offset": [68, 85]}, {"key": "right-to-access", "type": "clause", "offset": [103, 118]}, {"key": "without-authorization", "type": "clause", "offset": [184, 205]}, {"key": "in-the-course-of", "type": "definition", "offset": [206, 222]}, {"key": "use-and-storage", "type": "clause", "offset": [235, 250]}], "samples": [{"hash": "Xl1jNZTaEC", "uri": "/contracts/Xl1jNZTaEC#data-access-control", "label": "Order Form", "score": 32.2249832153, "published": true}, {"hash": "kEDBpgOHYp8", "uri": "/contracts/kEDBpgOHYp8#data-access-control", "label": "General Terms and Conditions for Cloud Services", "score": 31.873840332, "published": true}, {"hash": "bw3Yq8AwGOO", "uri": "/contracts/bw3Yq8AwGOO#data-access-control", "label": "Personal Data Processing Agreement", "score": 30.5653781891, "published": true}], "hash": "3aaa841b0efb26f54317f229e6d8dc61", "id": 1}, {"size": 29, "snippet": "As part of the SAP Security Policy, Personal Data requires at least the same protection level as \u201cconfidential\u201d information according to the SAP Information Classification standard. \u2022 Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfil their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy. \u2022 All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and/or penetration tests on its IT systems. \u2022 Processes and policies to detect the installation of unapproved software on production systems. \u2022 An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer required.", "snippet_links": [{"key": "security-policy", "type": "definition", "offset": [19, 34]}, {"key": "protection-level", "type": "definition", "offset": [77, 93]}, {"key": "according-to", "type": "definition", "offset": [124, 136]}, {"key": "information-classification", "type": "definition", "offset": [145, 171]}, {"key": "access-to-personal-data", "type": "clause", "offset": [184, 207]}, {"key": "access-to-the-information", "type": "clause", "offset": [259, 284]}, {"key": "in-order-to", "type": "clause", "offset": [303, 314]}, {"key": "grant-processes", "type": "clause", "offset": [380, 395]}, {"key": "customer-data", "type": "definition", "offset": [442, 455]}, {"key": "in-accordance-with", "type": "definition", "offset": [469, 487]}, {"key": "data-centers", "type": "clause", "offset": [558, 570]}, {"key": "secure-server", "type": "definition", "offset": [577, 590]}, {"key": "security-measures", "type": "definition", "offset": [598, 615]}, {"key": "processing-personal-data", "type": "clause", "offset": [642, 666]}, {"key": "security-checks", "type": "clause", "offset": [738, 753]}, {"key": "penetration-tests", "type": "clause", "offset": [761, 778]}, {"key": "it-systems", "type": "clause", "offset": [786, 796]}, {"key": "processes-and-policies", "type": "clause", "offset": [800, 822]}, {"key": "installation-of", "type": "clause", "offset": [837, 852]}, {"key": "production-systems", "type": "clause", "offset": [876, 894]}, {"key": "security-standard", "type": "definition", "offset": [905, 922]}, {"key": "data-carriers", "type": "clause", "offset": [944, 957]}], "samples": [{"hash": "kfbWLu92lcn", "uri": "/contracts/kfbWLu92lcn#data-access-control", "label": "Personal Data Processing Agreement", "score": 29.4950675964, "published": true}, {"hash": "jXHgk7cPWaG", "uri": "/contracts/jXHgk7cPWaG#data-access-control", "label": "Personal Data Processing Agreement", "score": 29.4950675964, "published": true}, {"hash": "iYyrYFe9wYN", "uri": "/contracts/iYyrYFe9wYN#data-access-control", "label": "Personal Data Processing Agreement", "score": 29.4950675964, "published": true}], "hash": "60adb4601bc30603c08ac9d481105508", "id": 2}, {"size": 7, "snippet": "The goal of data access control is that employees and authorised third parties can access data only within the framework of their access authorisation. In addition, it should be ensured that Personal Data cannot be read, copied, altered or removed (deleted) without authorisation when it is being handled. This applies to both to data stored in DP systems as well as for that which is on machine-readable data media or on paper.", "snippet_links": [{"key": "authorised-third-parties", "type": "definition", "offset": [54, 78]}, {"key": "access-data", "type": "definition", "offset": [83, 94]}, {"key": "the-framework", "type": "clause", "offset": [107, 120]}, {"key": "access-authorisation", "type": "clause", "offset": [130, 150]}, {"key": "in-addition", "type": "clause", "offset": [152, 163]}, {"key": "personal-data", "type": "clause", "offset": [191, 204]}, {"key": "applies-to", "type": "clause", "offset": [311, 321]}, {"key": "data-media", "type": "definition", "offset": [405, 415]}], "samples": [{"hash": "jRLTQvTfXvE", "uri": "/contracts/jRLTQvTfXvE#data-access-control", "label": "Data Privacy & Security", "score": 33.1686134338, "published": true}, {"hash": "e9MCEu56hgA", "uri": "/contracts/e9MCEu56hgA#data-access-control", "label": "Data Privacy & Security", "score": 33.1686134338, "published": true}, {"hash": "kqB3pCA9Fg5", "uri": "/contracts/kqB3pCA9Fg5#data-access-control", "label": "Data Protection Agreement", "score": 31.1698665619, "published": true}], "hash": "c6d746abded6cc1b9491c71227be1444", "id": 6}, {"size": 5, "snippet": "It must be ensured that persons authorised to use a data processing system can only access the data according to designated access permissions.", "snippet_links": [{"key": "data-processing-system", "type": "definition", "offset": [52, 74]}, {"key": "the-data", "type": "clause", "offset": [91, 99]}, {"key": "according-to", "type": "definition", "offset": [100, 112]}, {"key": "access-permissions", "type": "clause", "offset": [124, 142]}], "samples": [{"hash": "7XoaNj1SLmL", "uri": "/contracts/7XoaNj1SLmL#data-access-control", "label": "Data Processing Addendum", "score": 33.4642486572, "published": true}, {"hash": "5l0azKYi3U7", "uri": "/contracts/5l0azKYi3U7#data-access-control", "label": "Data Processing Addendum", "score": 33.2588233948, "published": true}, {"hash": "9VXGphKDWju", "uri": "/contracts/9VXGphKDWju#data-access-control", "label": "Data Processing Addendum", "score": 32.4540672302, "published": true}], "hash": "a0887379bf50a5bf1506560a6f0402c0", "id": 9}, {"size": 5, "snippet": "Authorizations for \u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587\u2587.\u2587\u2587\u2587 IT systems and applications are set up exclusively by administra- tors. Authorizations are always granted according to the need-to-know principle. Accordingly, only those persons are granted access rights to data, databases or applications who maintain and service these data, applications or databases or are involved in their development. The prerequisite is a corresponding request for authorization for an employee by a supervisor. There is a role-based authorization concept with the option of differentiated assignment of access rights, which ensures that employees receive access rights to applications and data depending on their respective area of responsibility and, if necessary, on a project basis. Employees are generally prohibited from installing unauthorized software on IT systems. All server and client systems are regularly updated with security updates.", "snippet_links": [{"key": "for-\u2587", "type": "clause", "offset": [15, 20]}, {"key": "it-systems", "type": "clause", "offset": [34, 44]}, {"key": "according-to", "type": "definition", "offset": [140, 152]}, {"key": "rights-to-data", "type": "clause", "offset": [232, 246]}, {"key": "request-for-authorization", "type": "definition", "offset": [411, 436]}, {"key": "employee-by", "type": "definition", "offset": [444, 455]}, {"key": "the-option", "type": "clause", "offset": [519, 529]}, {"key": "assignment-of", "type": "definition", "offset": [548, 561]}, {"key": "area-of-responsibility", "type": "definition", "offset": [683, 705]}, {"key": "generally-prohibited", "type": "clause", "offset": [759, 779]}, {"key": "unauthorized-software", "type": "clause", "offset": [796, 817]}, {"key": "client-systems", "type": "definition", "offset": [848, 862]}, {"key": "security-updates", "type": "definition", "offset": [890, 906]}], "samples": [{"hash": "8GQRKAP8zwc", "uri": "/contracts/8GQRKAP8zwc#data-access-control", "label": "Data Processing Agreement", "score": 33.3301200867, "published": true}, {"hash": "9DixehkB9GN", "uri": "/contracts/9DixehkB9GN#data-access-control", "label": "Data Processing Agreement", "score": 32.924987793, "published": true}, {"hash": "cDjcpBUeBMp", "uri": "/contracts/cDjcpBUeBMp#data-access-control", "label": "Data Processing Agreement", "score": 32.7662200928, "published": true}], "hash": "76cf795f2f562810acae64137f008695", "id": 10}, {"size": 8, "snippet": "Persons entitled to use data processing systems gain access only to the Personal Data that they have a right to access, and Personal Data must not be read, copied, modified or removed without authorization in the course of processing, use and storage./ Kendali Akses Data. Orang-orang yang berhak untuk menggunakan sistem pemrosesan data memperoleh akses hanya ke Data Pribadi yang berhak mereka akses, dan Data Pribadi tidak dapat dibaca, disalin, dimodifikasi, atau dihapus tanpa pengesahan selama pemrosesan, penggunaan, dan penyimpanan. Measures:/ Tindakan: \u2022 As part of the SAP Security Policy, Personal Data requires at least the same protection level as \u201cconfidential\u201d information according to the SAP Information Classification standard./ Sebagai bagian dari Kebijakan Keamanan SAP, Data Pribadi mensyaratkan setidaknya tingkat perlindungan yang sama sebagaimana informasi \u201crahasia\u201d sesuai dengan standar Klasifikasi Informasi SAP. \u2022 Access to Personal Data is granted on a need-to-know basis. Personnel have access to the information that they require in order to fulfill their duty. SAP uses authorization concepts that document grant processes and assigned roles per account (user ID). All Customer Data is protected in accordance with the SAP Security Policy./ Akses ke Data Pribadi diberikan seperlunya saja (need-to-know basis). Personel memiliki akses ke informasi yang mereka butuhkan untuk memenuhi tugas mereka. SAP menggunakan konsep pengesahan yang mendokumentasikan proses pemberian dan peran yang ditetapkan per akun (ID pengguna). Seluruh Data Pelanggan dilindungi sesuai dengan Kebijakan Keamanan SAP. \u2022 All production servers are operated in the Data Centers or in secure server rooms. Security measures that protect applications processing Personal Data are regularly checked. To this end, SAP conducts internal and external security checks and penetration tests on its IT systems./ Semua server produksi dioperasikan pada Pusat Data atau dalam ruang server yang aman. Tindakan keamanan yang melindungi aplikasi yang memproses Data Pribadi diperiksa secara berkala. Untuk mencapai tujuan ini, SAP menjalankan pemeriksaan keamanan internal dan eksternal serta uji penetrasi pada sistem TI-nya. \u2022 SAP does not allow the installation of software that has not been approved by SAP./ SAP tidak mengizinkan instalasi perangkat lunak yang belum disetujui oleh SAP. \u2022 An SAP security standard governs how data and data carriers are deleted or destroyed once they are no longer required./ Standar keamanan SAP mengatur cara data dan pembawa data dihapus atau dimusnahkan setelah hal tersebut tidak lagi diperlukan.", "snippet_links": [{"key": "persons-entitled", "type": "clause", "offset": [0, 16]}, {"key": "data-processing-systems", "type": "clause", "offset": [24, 47]}, {"key": "access-only", "type": "definition", "offset": [53, 64]}, {"key": "the-personal-data", "type": "definition", "offset": [68, 85]}, {"key": "right-to-access", "type": "clause", "offset": [103, 118]}, {"key": "without-authorization", "type": "clause", "offset": [184, 205]}, {"key": "in-the-course-of", "type": "definition", "offset": [206, 222]}, {"key": "data-pribadi", "type": "definition", "offset": [364, 376]}, {"key": "security-policy", "type": "definition", "offset": [583, 598]}, {"key": "protection-level", "type": "definition", "offset": [641, 657]}, {"key": "according-to", "type": "definition", "offset": [688, 700]}, {"key": "information-classification", "type": "definition", "offset": [709, 735]}, {"key": "access-to-personal-data", "type": "clause", "offset": [942, 965]}, {"key": "access-to-the-information", "type": "clause", "offset": [1017, 1042]}, {"key": "in-order-to", "type": "clause", "offset": [1061, 1072]}, {"key": "grant-processes", "type": "clause", "offset": [1139, 1154]}, {"key": "customer-data", "type": "definition", "offset": [1201, 1214]}, {"key": "in-accordance-with", "type": "definition", "offset": [1228, 1246]}, {"key": "data-centers", "type": "clause", "offset": [1671, 1683]}, {"key": "secure-server", "type": "definition", "offset": [1690, 1703]}, {"key": "security-measures", "type": "definition", "offset": [1711, 1728]}, {"key": "processing-personal-data", "type": "clause", "offset": [1755, 1779]}, {"key": "security-checks", "type": "clause", "offset": [1851, 1866]}, {"key": "penetration-tests", "type": "clause", "offset": [1871, 1888]}, {"key": "installation-of-software", "type": "clause", "offset": [2244, 2268]}, {"key": "approved-by", "type": "clause", "offset": [2287, 2298]}, {"key": "security-standard", "type": "definition", "offset": [2393, 2410]}, {"key": "data-carriers", "type": "clause", "offset": [2432, 2445]}], "samples": [{"hash": "db2oLeSFPd", "uri": "/contracts/db2oLeSFPd#data-access-control", "label": "Personal Data Processing Agreement", "score": 30.5306529999, "published": true}, {"hash": "bAfFwCXTPny", "uri": "/contracts/bAfFwCXTPny#data-access-control", "label": "Personal Data Processing Agreement", "score": 30.4950675964, "published": true}, {"hash": "awnzLlwZ4v1", "uri": "/contracts/awnzLlwZ4v1#data-access-control", "label": "Personal Data Processing Agreement", "score": 28.4201431274, "published": true}], "hash": "bec47c51d7afc5634d2287b8d99e9938", "id": 5}, {"size": 9, "snippet": "Provider applies the controls set out below regarding the access and use of Personal Data:", "snippet_links": [{"key": "set-out", "type": "definition", "offset": [30, 37]}, {"key": "use-of-personal-data", "type": "clause", "offset": [69, 89]}], "samples": [{"hash": "980sCCbmd22", "uri": "/contracts/980sCCbmd22#data-access-control", "label": "Data Processing Addendum", "score": 35.1543273926, "published": true}, {"hash": "798endcyO8f", "uri": "/contracts/798endcyO8f#data-access-control", "label": "Data Processing Addendum", "score": 34.8432273865, "published": true}, {"hash": "aqGF0K9zD0Q", "uri": "/contracts/aqGF0K9zD0Q#data-access-control", "label": "Data Processing Addendum", "score": 34.7935943604, "published": true}], "hash": "969f546bad6862e94703b001932e388b", "id": 3}, {"size": 8, "snippet": "Technical and organisational measures regarding the on-demand structure of the authorisation concept, data access rights and monitoring and recording of the same: Access to data necessary for the performance of the particular task is ensured within the systems and applications by a corresponding role and authorisation concept. In accordance to the \u201cleast privilege\u201d and \"need-to-know\" principles, each role has only those rights which are necessary for the fulfilment of the task to be performed by the individual person. To maintain data access control, state of the art encryption technology is applied to the Personal Data itself where deemed appropriate to protect sensitive data based on risk.", "snippet_links": [{"key": "technical-and-organisational-measures", "type": "clause", "offset": [0, 37]}, {"key": "structure-of-the", "type": "clause", "offset": [62, 78]}, {"key": "access-rights", "type": "clause", "offset": [107, 120]}, {"key": "monitoring-and-recording", "type": "clause", "offset": [125, 149]}, {"key": "necessary-for", "type": "definition", "offset": [178, 191]}, {"key": "the-performance", "type": "clause", "offset": [192, 207]}, {"key": "the-systems", "type": "clause", "offset": [249, 260]}, {"key": "in-accordance", "type": "definition", "offset": [329, 342]}, {"key": "least-privilege", "type": "definition", "offset": [351, 366]}, {"key": "performed-by", "type": "clause", "offset": [488, 500]}, {"key": "individual-person", "type": "clause", "offset": [505, 522]}, {"key": "to-maintain", "type": "clause", "offset": [524, 535]}, {"key": "state-of-the-art", "type": "clause", "offset": [557, 573]}, {"key": "encryption-technology", "type": "clause", "offset": [574, 595]}, {"key": "the-personal-data", "type": "definition", "offset": [610, 627]}, {"key": "sensitive-data", "type": "clause", "offset": [671, 685]}, {"key": "based-on", "type": "definition", "offset": [686, 694]}], "samples": [{"hash": "lQsAONKdQki", "uri": "/contracts/lQsAONKdQki#data-access-control", "label": "Data Processing Agreement", "score": 33.1816062927, "published": true}, {"hash": "4iup3ygvpPe", "uri": "/contracts/4iup3ygvpPe#data-access-control", "label": "Data Processing Agreement", "score": 31.8454494476, "published": true}, {"hash": "2RE7ZfyLPEO", "uri": "/contracts/2RE7ZfyLPEO#data-access-control", "label": "Data Processing Agreement", "score": 29.535112381, "published": true}], "hash": "587e2aaf02e2927c6f79dc4549e17953", "id": 4}, {"size": 7, "snippet": "The following measures are implemented to control that persons entitled to use data processing systems gain access only to the Personal Data when they have a right to access, and Personal Data is not read, copied, modified or removed without authorization in the course of processing, use and storage.\na) User and administrator access to the data center facilities, servers, networking equipment, and host software is based on a role-based access rights model. A unique ID is assigned to ensure proper user-authentication management for users and administrators on all system components.\nb) The concept of least privilege is employed, allowing only the necessary access for users to accomplish their job function. When user accounts are created, user accounts are created to have minimal access. Access above these least privileges requires appropriate authorization.\nc) IT access privileges are reviewed on a regular basis by appropriate personnel.\nd) Time stamped logging of access to and modification of Personal Data is p\ne) An incident response plan is in place to address the following at time of incident: \u2022 Roles, responsibilities, and communication and contact strategies in the event of a compromise. \u2022 Specific incident response procedures. \u2022 Coverage and responses of all critical system components", "snippet_links": [{"key": "to-control", "type": "definition", "offset": [39, 49]}, {"key": "persons-entitled", "type": "clause", "offset": [55, 71]}, {"key": "data-processing-systems", "type": "clause", "offset": [79, 102]}, {"key": "access-only", "type": "definition", "offset": [108, 119]}, {"key": "the-personal-data", "type": "definition", "offset": [123, 140]}, {"key": "right-to-access", "type": "clause", "offset": [158, 173]}, {"key": "without-authorization", "type": "clause", "offset": [234, 255]}, {"key": "in-the-course-of", "type": "definition", "offset": [256, 272]}, {"key": "use-and-storage", "type": "clause", "offset": [285, 300]}, {"key": "data-center-facilities", "type": "clause", "offset": [342, 364]}, {"key": "host-software", "type": "definition", "offset": [401, 414]}, {"key": "based-on", "type": "definition", "offset": [418, 426]}, {"key": "access-rights", "type": "clause", "offset": [440, 453]}, {"key": "to-ensure", "type": "clause", "offset": [485, 494]}, {"key": "users-and-administrators", "type": "clause", "offset": [537, 561]}, {"key": "system-components", "type": "clause", "offset": [569, 586]}, {"key": "the-concept", "type": "clause", "offset": [591, 602]}, {"key": "least-privilege", "type": "definition", "offset": [606, 621]}, {"key": "user-accounts", "type": "definition", "offset": [719, 732]}, {"key": "access-privileges", "type": "clause", "offset": [874, 891]}, {"key": "on-a-regular-basis", "type": "definition", "offset": [905, 923]}, {"key": "appropriate-personnel", "type": "clause", "offset": [927, 948]}, {"key": "modification-of", "type": "clause", "offset": [991, 1006]}, {"key": "incident-response-plan", "type": "definition", "offset": [1032, 1054]}, {"key": "in-place", "type": "clause", "offset": [1058, 1066]}, {"key": "time-of-incident", "type": "clause", "offset": [1095, 1111]}, {"key": "and-communication", "type": "clause", "offset": [1140, 1157]}, {"key": "in-the-event-of-a", "type": "clause", "offset": [1181, 1198]}, {"key": "incident-response-procedures", "type": "clause", "offset": [1222, 1250]}, {"key": "critical-system", "type": "definition", "offset": [1284, 1299]}], "samples": [{"hash": "8d23VioVS6Y", "uri": "/contracts/8d23VioVS6Y#data-access-control", "label": "Data Processing Agreement", "score": 23.8432579041, "published": true}, {"hash": "2fnhrjGmzeU", "uri": "/contracts/2fnhrjGmzeU#data-access-control", "label": "Data Processing Agreement", "score": 23.8432579041, "published": true}], "hash": "ec6d2e1bd903f9000a10ee918f643294", "id": 7}, {"size": 6, "snippet": "The Processor takes measures to procure that the persons authorized to use a Personal Data Processing system can only access Personal Data within the scope of their access authorization. Measures are taken preventing that Personal Data can be read, copied, altered or removed without authorization during the Processing, use and after storage of the same. During the entire contractual term, the Controller has the possibility of accessing, extracting and erasing its data stored in the BuildingMinds Platform or request the Processor to do so. \u2022 Only authorized employees, according to their respective role and necessity, may be given access to Personal Data. By these means, the Processor procures that employees involved in the processing of the Controller's Personal Data only process the same upon the instructions of the Controller. In addition, these persons are obliged to maintain confidentiality and security of Personal Data, also following the end of their employment. \u2022 All authorized persons require a special personal authorization. This authentication requires a password and a second authentication factor. The authenticated user can only access Personal Data in accordance with the assigned role. \u2022 The access of employees who have left the company is blocked upon the effective date of their departure. \u2022 Access can only be granted by administrators. The number of administrators is limited to the level necessary for the operation of the Personal Data Processing systems. \u2022 Compliance with password guidelines is ensured by the system technology and all logins are recorded in the system. \u2022 Authentication mechanisms based on passwords must be renewed regularly.", "snippet_links": [{"key": "the-processor", "type": "definition", "offset": [0, 13]}, {"key": "measures-to", "type": "clause", "offset": [20, 31]}, {"key": "the-persons", "type": "clause", "offset": [45, 56]}, {"key": "personal-data-processing", "type": "clause", "offset": [77, 101]}, {"key": "scope-of", "type": "clause", "offset": [150, 158]}, {"key": "access-authorization", "type": "clause", "offset": [165, 185]}, {"key": "without-authorization", "type": "clause", "offset": [276, 297]}, {"key": "the-processing", "type": "clause", "offset": [305, 319]}, {"key": "contractual-term", "type": "definition", "offset": [374, 390]}, {"key": "its-data", "type": "definition", "offset": [464, 472]}, {"key": "authorized-employees", "type": "clause", "offset": [552, 572]}, {"key": "according-to", "type": "definition", "offset": [574, 586]}, {"key": "access-to-personal-data", "type": "clause", "offset": [637, 660]}, {"key": "instructions-of-the-controller", "type": "clause", "offset": [808, 838]}, {"key": "in-addition", "type": "clause", "offset": [840, 851]}, {"key": "security-of-personal-data", "type": "clause", "offset": [911, 936]}, {"key": "following-the", "type": "definition", "offset": [943, 956]}, {"key": "authorized-persons", "type": "clause", "offset": [988, 1006]}, {"key": "authenticated-user", "type": "definition", "offset": [1129, 1147]}, {"key": "in-accordance-with", "type": "definition", "offset": [1178, 1196]}, {"key": "assigned-role", "type": "definition", "offset": [1201, 1214]}, {"key": "employees-who", "type": "clause", "offset": [1232, 1245]}, {"key": "the-company", "type": "definition", "offset": [1256, 1267]}, {"key": "date-of", "type": "clause", "offset": [1298, 1305]}, {"key": "granted-by", "type": "definition", "offset": [1344, 1354]}, {"key": "number-of", "type": "clause", "offset": [1375, 1384]}, {"key": "necessary-for", "type": "definition", "offset": [1424, 1437]}, {"key": "data-processing-systems", "type": "clause", "offset": [1468, 1491]}, {"key": "compliance-with", "type": "clause", "offset": [1495, 1510]}, {"key": "system-technology", "type": "definition", "offset": [1549, 1566]}, {"key": "based-on", "type": "definition", "offset": [1638, 1646]}], "samples": [{"hash": "9IH16kxzRvt", "uri": "/contracts/9IH16kxzRvt#data-access-control", "label": "Data Processing Agreement", "score": 33.5140266418, "published": true}, {"hash": "eDQjfetJTtA", "uri": "/contracts/eDQjfetJTtA#data-access-control", "label": "Data Processing Agreement", "score": 30.1911563873, "published": true}, {"hash": "chTLbHpKqer", "uri": "/contracts/chTLbHpKqer#data-access-control", "label": "Data Processing Agreement", "score": 29.4240512848, "published": true}], "hash": "e82a069dab0605f121d1761b79867a79", "id": 8}], "next_curs": "ClwSVmoVc35sYXdpbnNpZGVyY29udHJhY3RzcjgLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IhxkYXRhLWFjY2Vzcy1jb250cm9sIzAwMDAwMDBhDKIBAmVuGAAgAA==", "clause": {"size": 335, "parents": [["definitions", "Definitions"], ["technical-and-organizational-measures", "TECHNICAL AND ORGANIZATIONAL MEASURES"], ["data-integrity-control", "Data Integrity Control"], ["miscellaneous", "Miscellaneous"], ["confidentiality", "Confidentiality"]], "children": [["", ""], ["fire-detection-and-suppression", "Fire Detection and Suppression"], ["corporate-segregation", "Corporate Segregation"], ["preventative-maintenance", "Preventative maintenance"], ["storage-device-decommissioning", "Storage Device Decommissioning"]], "title": "Data Access Control", "id": "data-access-control", "related": [["system-access-control", "System Access Control", "System Access Control"], ["data-access", "Data Access", "Data Access"], ["access-control", "Access Control", "Access Control"], ["physical-access-control", "Physical Access Control", "Physical Access Control"], ["data-access-services", "Data Access Services", "Data Access Services"]], "related_snippets": [], "updated": "2025-07-23T06:00:56+00:00", "also_ask": ["What minimum access restrictions should be mandated to protect sensitive data?", "How can audit rights be structured to ensure effective oversight without overburdening operations?", "What are the most common loopholes in data access clauses that could expose parties to risk?", "How do data access control standards in this clause compare to industry best practices and relevant regulations?", "What evidentiary requirements are needed to enforce data access violations in court?"], "drafting_tip": "Specify authorized users, delineate permitted data uses, and set access procedures to prevent unauthorized disclosure and ensure compliance with privacy laws.", "explanation": "The Data Access Control clause defines the rules and limitations regarding who can access, use, or modify data within the scope of an agreement. Typically, it specifies which parties or individuals are authorized to view or handle certain types of data, outlines any required security measures, and may set procedures for requesting or revoking access. This clause is essential for protecting sensitive information, ensuring compliance with privacy regulations, and preventing unauthorized data breaches or misuse."}, "json": true, "cursor": ""}}