GDPR Sample Clauses

GDPR. SAP and Customer agree that it is each party’s responsibility to review and adopt requirements imposed on Controllers and Processors by the General Data Protection Regulation 2016/679 (“GDPR”), in particular with regards to Articles 28 and 32 to 36 of the GDPR, if and to the extent applicable to Personal Data of Customer/Controllers that is processed under the DPA. For illustration purposes, Appendix 3 lists the relevant GDPR requirements and the corresponding sections in this DPA.
GDPR. The Supplier entrusts only such employees with the data processing defined in this agreement who have been bound to confidentiality and have previously been familiarized with the data protection provisions relevant to their work. The Supplier and any person acting under its authority who has access to personal data may only process that data in accordance with the instructions of the Client (which includes the powers granted in this Agreement) unless otherwise required to do so by law. • The implementation and observance of all technical and organizational measures necessary for this Agreement in accordance with Art. 28 Para. 3 Sent. 2 Claus c, Art. 32 GDPR are specified in Appendix 2 of this Agreement. • The Supplier and the Client shall, upon request, cooperate with the supervisory authority in the performance of their duties. • The Client shall be informed immediately of any inspections and measures conducted by the supervisory authority, insofar as they relate to this Agreement or Contract. This also applies insofar as the Supplier is under investigation or is party to an investigation by a competent authority in connection with infringements to any civil or criminal law, administrative rule, or regulation regarding the processing of personal data in connection with the processing of this Agreement or Contract. • Insofar as the Client is subject to an inspection by the supervisory authority, an administrative or summary offence or criminal procedure, a liability claim of an Affected Person or a third party or any other claim in connection with the processing of the Agreement or Contract by the Supplier, the Supplier shall make every effort to support the Client to the best of his ability. • The Supplier shall regularly monitor the internal processes as well as the Technical and organizational measures to ensure that the processing in his area of responsibility is executed in accordance with the requirements of the applicable data protection law and that the rights of the Affected People are protected. • The Client may request documentation to verify the execution of the Technical and organizational measures taken by the Supplier in accordance with section 3 of this Agreement by completing the form at
GDPR. 3. In accordance with Clause 9(2)(a), the data processor shall assist the data controller in notifying the personal data breach to the competent supervisory authority, meaning that the data processor is re- quired to assist in obtaining the information listed below which, pursuant to Article 33(3) GDPR, shall be stated in the data controller’s notification to the competent supervisory authority:
GDPR. Subject matter and duration of the Processing of Partner Personal Data When StreamRail acts as a Processor under this Addendum, the subject matter and duration of the Processing of the Partner Personal Data are set out in the Principal Agreement and this Addendum. The nature and purpose of the Processing of Partner Personal Data When StreamRail acts as a Processor under this Addendum, StreamRail will Process (including, as applicable to the Services and the instructions set forth in this Addendum, collect, record, organise, structure, store, alter, retrieve, use, disclose, combine, erase and destroy) Partner Personal Data for the purpose of providing the Services and any related technical support to Partner in accordance with this Addendum. The types of Partner Personal Data to be Processed When StreamRail acts as a Processor under this Addendum - Device IDs, online unique identifiers, and IP addresses device. The categories of Data Subject to whom the Partner Personal Data relates When StreamRail acts as a Processor under this Addendum - End users of Partner with respect to which StreamRail processes personal data in its provision of the Services. The obligations and rights of Partner The obligations and rights of Partner are set out in the Principal Agreement and this Addendum. SCHEDULE 2: TECHNICAL AND ORGANISATIONAL MEASURES Description of the minimum technical and organisational security measures to be implemented by the data importer in accordance with Appendix 2 of the Standard Contractual Clauses Controller-Processor. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, StreamRail shall in relation to the Partner Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1) of the GDPR. Data importer currently observes the security practices described in this Schedule 2. Notwithstanding any provision to the contrary otherwise agreed to by data exporter, data importer may modify or update these practices at its discretion provided that such modification and update does not result in a material degradation in the protection offered by these practices. SCHEDULE 3: CLAUSES WHERE THE DATA IMPORTER IS A PROCESSOR - STANDARD CONTRACTUAL CLAUSES (...