Documentation and compliance. (a) The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses.
Documentation and compliance. (a) The Parties shall be able to demonstrate compliance with these Clauses.
Documentation and compliance. (a) Each Party shall be able to demonstrate compliance with its obligations under these Clauses. In particular, the data importer shall keep appropriate documentation of the processing activities carried out under its responsibility.
Documentation and compliance. (a) The Parties shall be able to demonstrate compliance with this DPA.
Documentation and compliance. The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses. The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter. The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer. The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice. The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request. Use of sub-processors GENERAL WRITTEN AUTHORISATION The data importer has the data exporter’s general authorisation for the engagement of sub-processor(s) from an agreed list. The data importer shall specifically inform the data exporter in writing of any intended changes to that list through the addition or replacement of sub-processors at least thirty Days (30) in advance, thereby giving the data exporter sufficient time to be able to object to such changes prior to the engagement of the sub-processor(s). The data importer shall provide the data exporter with the information necessary to enable the data exporter to exercise its right to object.
Documentation and compliance. The data importer shall promptly and adequately deal with enquiries from the data exporter that relate to the processing under these Clauses. The Parties shall be able to demonstrate compliance with these Clauses. In particular, the data importer shall keep appropriate documentation on the processing activities carried out on behalf of the data exporter. The data importer shall make available to the data exporter all information necessary to demonstrate compliance with the obligations set out in these Clauses and at the data exporter’s request, allow for and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or audit, the data exporter may take into account relevant certifications held by the data importer. The data exporter may choose to conduct the audit by itself or mandate an independent auditor. Audits may include inspections at the premises or physical facilities of the data importer and shall, where appropriate, be carried out with reasonable notice. The Parties shall make the information referred to in paragraphs (b) and (c), including the results of any audits, available to the competent supervisory authority on request.
Documentation and compliance. 2 This includes whether the transfer and further processing involves personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or a person’s sex life or sexual orientation, or data relating to criminal convictions or offences.
Documentation and compliance. Audits: The PARTIES shall be able to demonstrate compliance with this DPA. ATOSS shall deal promptly and adequately with inquiries from the CUSTOMER about the pro- cessing of data in accordance with this DPA. ATOSS shall make available to the CUS- TOMER all information necessary to demonstrate compliance with the obligations that are set out in this DPA and stem directly from GDPR. At the CUSTOMER’s request, ATOSS shall also permit and contribute to audits of the processing activities covered by this DPA, at reasonable intervals or if there are indications of non-compliance. In decid- ing on an audit, CUSTOMER may take into account relevant information and certifica- tions held by ATOSS. The CUSTOMER may choose to conduct the audit by itself or mandate an independent auditor. ATOSS may object to the inspection by an independent auditor if the auditor selected by the CUSTOMER is in a competitive relationship with ATOSS or has not been obliged to observe confidentiality. The costs of audits pursuant to § 7 (5) lit. a) shall be borne by the CUSTOMER. Documentation: In particular, proof of documentation of technical and organizational measures can be provided by way of compliance with approved codes of conduct pur- suant to Art. 40 GDPR or suitable certification by means of an IT security or data pro- tection audit. Data protection officer: The contact details of the data protection officer of ATOSS are listed in DPA-Exhibit II - Technical and organizational measures.
Documentation and compliance. 2 The Agreement on the European Economic Area (EEA Agreement) provides for the extension of the European Union's internal market to the three EEA States Iceland, Liechtenstein and Norway. The Union data protection legislation, including Regulation (EU) 2016/679, is covered by the EEA Agreement and has been incorporated into Annex XI thereto. Therefore, any disclosure by the data importer to a third party located in the EEA does not qualify as an onward transfer for the purpose of these Clauses.
Documentation and compliance. The Parties shall be able to demonstrate compliance with these Clauses. The processor shall deal promptly and adequately with inquiries from the controller about the processing of data in accordance with these Clauses. The processor shall make available to the controller all information necessary to demonstrate compliance with the obligations that are set out in these Clauses and stem directly from Regulation (EU) 2016/679 and/or Regulation (EU) 2018/1725. At the controller’s request, the processor shall also permit and contribute to audits of the processing activities covered by these Clauses, at reasonable intervals or if there are indications of non-compliance. In deciding on a review or an audit, the controller may take into account relevant certifications held by the processor. The controller may choose to conduct the audit by itself or mandate an independent auditor. Audits may also include inspections at the premises or physical facilities of the processor and shall, where appropriate, be carried out with reasonable notice. The Parties shall make the information referred to in this Clause, including the results of any audits, available to the competent supervisory authority/ies on request.
