Obligations of Processor. (a) The Processor shall use commercially reasonable efforts that persons authorized by the Processor to process the personal data on behalf of the Controller, in particular the Processor's employees as well as employees of any Subprocessors, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality and that such persons who have access to the personal data, process such personal data in compliance with this DPA.
Obligations of Processor. Processor must process personal data only in accordance with prior arrangements and the instructions of Controller, unless required to otherwise process the data by European Union or Member State law to which Processor is subject (such as investigations by law enforcement or national security agencies); in such a case, Processor must inform the Controller of these legal requirements prior to processing the data, unless the relevant law prohibits such information on important grounds of public interest (Article 28 (3) sentence 2 (a) GDPR). Processor may not use the personal data provided for processing for any other purpose, particularly for its own purposes. Copies or duplicates of the personal data must not be created without Controller’s knowledge. Processor guarantees performance of all the agreed measures for commissioned processing of personal data. Processor guarantees that the data processed for Controller will be strictly separated from other data. Processor must carry out, at a minimum, the following controls on all data processing performed on Controller’s behalf: Data availability control through, at a minimum, daily data backups Processor must cooperate to the extent necessary and adequately assist Controller as much as possible in fulfilling the rights of the data subjects per Art. 12 to 22 GDPR, preparing directories of processing activities and conducting the required data protection impact assessments (Article 28 (3) sentence 2 (e) and (f) GDPR). Processor must forward all information required for these purposes immediately to the following parties at the Controller: The authorized instruction giver named in section 4 Processor must notify Controller immediately if, in its opinion, an instruction given by Controller violates legal provisions (Article 28 (3) sentence 3 GDPR). Processor has the right to suspend the execution of the relevant instruction until it has been confirmed or changed by Controller after verification. Processor must correct, delete or limit the processing of personal data under the contractual relationship if Controller instructs Processor to do so and doing so does not go against the legitimate interests of Processor. Processor may only share information about personal data under the contractual relationship with third parties or the data subject after prior instruction or approval by Controller. Processor hereby agrees that Controller is entitled, generally by appointment, to check compliance with the provisions on da...
Obligations of Processor. The Processor shall:
Obligations of Processor. 5.1 Processor shall ensure that all persons authorized by Processor to process personal data on behalf of Controller, particularly personnel of Processor or any Subprocessor, have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Obligations of Processor. 5.1 Basically, Processor shall, unless otherwise permitted by law or otherwise (e.g. data subject’s consent), collect, process or use data only as commissioned by Controller and in compliance with the Instructions of Controller but, in particular, not for its own purposes. Processor will correct, delete, rectify or block the data processed on behalf of Controller only as instructed by Controller. If a data subject contacts Processor with a request for correction or deletion of its data, Processor shall forward the request to Controller.
Obligations of Processor. Processor shall collect, process and use Personal Data only within the scope of Controller’s Instructions. If the Processor thinks that an instruction of the Controller infringes the BDSG or other data protection provisions, it shall point this out to the principal without delay. Within Processor’s area of responsibility, Processor shall structure Processor’s internal corporate organisation to ensure compliance with the specific requirements of the protection of Personal Data. Processor shall take the appropriate technical and organisational measures to adequately protect Controller’s Personal Data against misuse and loss in accordance with the requirements of the German Federal Data Protection Act (§ 9 BDSG) or a corresponding provision of the otherwise applicable national data protection law. Such measures hereunder shall include, but not be limited to,
Obligations of Processor. 3.1 Processor shall process Personal Data only within the scope of Controller’s Instructions, Art. 28 III 2, lit. a) GDPR. If the Processor believes that an Instruction of the Controller infringes the Data Protection Law, it shall immediately inform the Controller without delay, Art 28 III 3 GDPR.
Obligations of Processor. MentorcliQ shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Controller’s documented instructions for the following purposes: (a) Processing in accordance with the Agreement and applicable Order Form(s) of Statement(s) of Work; (b) Processing initiated by Data Subjects in their use of the Services; and (c) Processing to comply with other documented reasonable instructions provided by Controller (e.g., via email) where such instructions are consistent with the terms of the Agreement and otherwise lawful. Processor shall take the appropriate technical and organizational measures to adequately protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data, described under Appendix 2 to the Standard Contractual Clauses. Processor will facilitate Controller’s compliance with the Controller’s obligation to implement security measures with respect to Personal Data (including if applicable Controller’s obligations pursuant to Articles 32 to 34 (inclusive) of the GDPR), by implementing and maintaining the security measures described under Appendix 2, complying with the terms relation to Personal Data Breaches below; and providing the Controller with information in relation to the Processing in accordance with Section 5 (Audits). Processor shall ensure that any personnel whom Processor authorizes to process Personal Data on its behalf is subject to confidentiality obligations with respect to that Personal Data. The undertaking to confidentiality shall continue after the termination of the Agreement. Processor will notify the Controller as soon as practicable after it becomes aware of any of any Personal Data Breach affecting any Personal Data. At the Controller’s request, Processor will promptly provide the Controller with all reasonable assistance necessary to enable the Controller to notify relevant Personal Data Breaches to competent authorities and/or affected Data Subjects, if Controller is required to do so under the Data Protection Law. MentorcliQ shall, to the extent legally permitted, promptly notify Controller if MentorcliQ, receives a request from a Data Subject to exercise the Data Subject's right of access, right to rectification, restriction of Processing, erasure (“right to be forgotten”), data portability, object to the Processing, or its right not to be subject to an automated individual decision ma...
Obligations of Processor. 3.1 PROCESSOR shall perform Transaction Processing on behalf of CUSTOMER.
Obligations of Processor. D1.3.1. Processor is obliged to comply with the conditions set for the processing of personal data on the basis of applicable laws and regulations, in particular the GDPR and the GDPR Implementation Act.
