Obligations of the data exporter. The data exporter agrees and warrants: a that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; b that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; c that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 of Schedule 2; d that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; e that it will ensure compliance with the security measures; f that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; g to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; h to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; i that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and j that it will ensure compliance with Clause 4(a) to (i).
Appears in 3 contracts
Samples: www.tyntec.com, www.tyntec.com, www.tyntec.com
Obligations of the data exporter. The data exporter agrees warrants and warrantsundertakes that: a that the processing, including the transfer itself, of the The personal data has have been collected, processed and will continue to be carried out transferred in accordance with the laws applicable to the data exporter. It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses. It will provide the data importer, when so requested, with copies of relevant provisions data protection laws or references to them (where relevant, and not including legal advice) of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where country in which the data exporter is established) . It will respond to enquiries from data subjects and does not violate the relevant provisions of that State; b that it has instructed and throughout the duration authority concerning processing of the personal data processing services will instruct by the data importer to process importer, unless the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; c parties have agreed that the data importer will provide sufficient guarantees so respond, in respect which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time. It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required. OBLIGATIONS OF THE DATA IMPORTER The data importer warrants and undertakes that: It will have in place appropriate technical and organisational security measures specified in Appendix 2 of Schedule 2; d that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure which provide a level of security appropriate to the risks presented risk represented by the processing and the nature of the data to be protected having regard protected. It will have in place procedures so that any third party it authorises to have access to the state personal data, including processors, will respect and maintain the confidentiality and security of the art personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorised or required by law or regulation to have access to the personal data. It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and the cost of their implementation; e that it will ensure compliance inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws. It will process the personal data for purposes described in Annex A and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses. It will identify to the data exporter a contact point within its organisation authorised to respond to enquiries concerning processing of the personal data and will cooperate in good faith with the security measures; f that, if the transfer involves special categories of datadata exporter, the data subject has been informed and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I (e). At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III.(which may include insurance coverage). Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be informed beforesubject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion. It will process the personal data, at its option, in accordance with: the data protection laws of the country in which the data exporter is established, or as soon as possible after, the transfer that its data could be transmitted relevant provisions of any Commission decision pursuant to a third country not providing adequate protection within the meaning Article 25(6) of Directive 95/46/EC; g to forward any notification received from , where the data importer complies with the relevant provisions of such an authorisation or any sub-processor pursuant decision and is based in a country to Clause 5(bwhich such an authorisation or decision pertains, but is not covered by such authorisation or decision for the purposes of the transfer(s) and Clause 8.3 to of the personal data, or the data protection supervisory authority if processing principles set forth in Annex A. Data importer to indicate which option it selects: The Data Importer selects option (h)(i) Initials of data importer: It will not disclose or transfer the personal data to a third-party data controller located outside the United Kingdom or European Economic Area (EEA) unless it notifies the data exporter decides to continue about the transfer or to lift and the suspension; h to make available to third-party data controller processes the personal data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clausesa Commission decision finding that a third country provides adequate protection, unless the Clauses or the contract contain commercial informationthird-party data controller becomes a signatory to these clauses, in which case it may remove such commercial information; i that, or another data transfer agreement approved by a competent authority in the event EU, or data subjects have been given the opportunity to object, after having been informed of sub-processingthe purposes of the transfer, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level categories of protection for the personal data recipients and the rights fact that the countries to which data is exported may have different data protection standards, or with regard to onward transfers of sensitive data, data subject as subjects have given their unambiguous consent to the data importer under the Clauses; and j that it will ensure compliance with Clause 4(a) to (i)onward transfer.
Appears in 2 contracts
Samples: Idl Solutions Licence Agreement, Idl Solutions Licence Agreement
Obligations of the data exporter. The data exporter agrees and warrants: a that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; b that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; c that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 of Schedule 2as required under the GDPR; d that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; e that it will ensure compliance with the security measures; f that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; g to forward any notification received from the data importer or any sub-processor subprocessor pursuant to Clause 5(b) and Clause 8.3 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; h to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; i that, in the event of sub-processingsubprocessing, the processing activity is carried out in accordance with Clause 11 by a sub-processor subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and j that it will ensure compliance with Clause 4(a) to (i). Clause 5 Obligations of the data importer The data importer agrees and warrants: to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it which do not go beyond what is necessary in a democratic society are, inter alia, internationally recognised sanctions, tax-reporting requirements or anti-money-laundering reporting requirements. agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; that it has implemented the technical and organisational security measures as required under the GDPR before processing the personal data transferred; that it will promptly notify the data exporter about: any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation, any accidental or unauthorised access, and any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so; to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred; at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority; to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, plus a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter; that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent; that the processing services by the subprocessor will be carried out in accordance with Clause 11; to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter.
Appears in 1 contract
Samples: Data Processing Addendum GDPR
Obligations of the data exporter. The data exporter agrees and warrants: a that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; b that it has instructed and throughout the duration of the personal data data-processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; c that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 of Schedule 2Annex B to this contract; d that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; e that it will ensure compliance with the security measures; f that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; g to forward any notification received from the data importer or any sub-processor pursuant to Clause clause 5(b) and Clause clause 8.3 to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; h to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, Annex B and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; i that, in the event of sub-processing, the processing activity is carried out in accordance with Clause clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject subjects as the data importer under the Clauses; and j that it will ensure compliance with Clause clause 4(a) to (iclause 4(i).
Appears in 1 contract
Samples: Personal Data Processing Agreement
Obligations of the data exporter. The data exporter agrees and warrants: a that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; b that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; c that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 of Schedule 2to this contract; d that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; e that it will ensure compliance with the security measures; f that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; g [If these Clauses are not governed by the law of a Member State, the words "within the meaning of Directive 95/46/EC" are deleted.] to forward any notification received from the data importer or any sub-processor subprocessor pursuant to Clause 5(b) and Clause 8.3 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; h to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; i that, in the event of sub-processingsubprocessing, the processing activity is carried out in accordance with Clause 11 by a sub-processor subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and j that it will ensure compliance with Clause 4(a) to (i).. Clause 5 Obligations of the data importer The data importer agrees and warrants: to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred; that it will promptly notify the data exporter about: any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation, any accidental or unauthorised access, and any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so; to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred; at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority; to make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter; that, in the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent; that the processing services by the subprocessor will be carried out in accordance with Clause 11; to send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter. Clause 6
Appears in 1 contract
Samples: www.a4id.org
Obligations of the data exporter. The data exporter agrees and warrants: a that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; b that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; c that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 of Schedule 2to this contract; d that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; e that it will ensure compliance with the security measures; f that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; g to forward any notification received from the data importer or any sub-processor subprocessor pursuant to Clause 5(b) and Clause 8.3 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; h to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; i that, in the event of sub-processingsubprocessing, the processing activity is carried out in accordance with Clause 11 by a sub-processor subprocessor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and j that it will ensure compliance with Clause 4(a) to (i).. Clause 5
Appears in 1 contract
Samples: Data Processor Agreement
Obligations of the data exporter. The data exporter agrees and warrantswarrants that: a that the processing, including the transfer itself, of the personal data Personal Data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; b that it has instructed and throughout the duration of the personal data Personal Data processing services will instruct the data importer to process the personal data Personal Data transferred only on the data exporter's ’s behalf and in accordance with the applicable data protection law and the Clauses; c that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 of Schedule 2to this contract; d that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; e that it will ensure compliance with the security measures; f that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; g to it will forward any notification received from the data importer or any sub-processor subprocessor pursuant to Clause 5(b) and Clause 8.3 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; h to it will make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; i that, in the event of sub-processingsubprocessing, the processing activity is carried out in accordance with Clause 11 by a sub-processor subprocessor providing at least the same level of protection for the personal data Personal Data and the rights of data subject as the data importer under the Clauses; and j that it will ensure compliance with Clause 4(a) to (i).. Clause 5 Obligations of the data importer The data importer agrees and warrants the following: It will process the Personal Data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; It has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; It has implemented the technical and organizational security measures specified in Appendix 2 before processing the Personal Data transferred; It will promptly notify the data exporter about: any legally binding request for disclosure of the Personal Data by a law enforcement authority, unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation, any accidental or unauthorized access, and any request received directly from the data subjects without responding to that request, unless it has been otherwise authorized to do so; It will deal promptly and properly with all inquiries from the data exporter relating to its processing of the Personal Data subject to the transfer and abide by the advice of the supervisory authority with regard to the processing of the data transferred; At the request of the data exporter, it will submit its data processing facilities for audit of the processing activities covered by the Clauses, which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority; It will make available to the data subject upon request a copy of the Clauses, or any existing contract for subprocessing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter; In the event of subprocessing, it has previously informed the data exporter and obtained its prior written consent; The processing services by the subprocessor will be carried out in accordance with Clause 11; It will send promptly a copy of any subprocessor agreement it concludes under the Clauses to the data exporter. Clause 6
Appears in 1 contract
Samples: Master Service Agreement Terms
Obligations of the data exporter. The data exporter agrees and warrants: a that the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law (and, where applicable, has been notified to the relevant authorities of the Member State where the data exporter is established) and does not violate the relevant provisions of that State; b that it has instructed and throughout the duration of the personal data processing services will instruct the data importer to process the personal data transferred only on the data exporter's behalf and in accordance with the applicable data protection law and the Clauses; c that the data importer will provide sufficient guarantees in respect of the technical and organisational security measures specified in Appendix 2 of Schedule 2to this contract; d that after assessment of the requirements of the applicable data protection law, the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state of the art and the cost of their implementation; e that it will ensure compliance with the security measures; f that, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection within the meaning of Directive 95/46/EC; g to forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8.3 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension; h to make available to the data subjects upon request a copy of the Clauses, with the exception of Appendix 2, and a summary description of the security measures, as well as a copy of any contract for sub-processing subprocessing services which has to be made in accordance with the Clauses, unless the Clauses or the contract contain commercial information, in which case it may remove such commercial information; i that, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub-processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer under the Clauses; and j that it will ensure compliance with Clause 4(a) to (i). Clause 5 Obligations of the data importer1 The data importer agrees and warrants: to process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; that it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; that it has implemented the technical and organisational security measures specified in Appendix 2 before processing the personal data transferred; (d) that it will promptly notify the data exporter about: any legally binding request for disclosure of the personal data by a law enforcement authority unless otherwise prohibited, such as a prohibition under criminal law to preserve the confidentiality of a law enforcement investigation, any accidental or unauthorised access, and any request received directly from the data subjects without responding to that request, unless it has been otherwise authorised to do so; to deal promptly and properly with all inquiries from the data exporter relating to its processing of the personal data subject to the transfer and to abide by the advice of the supervisory authority with regard to the processing of the data transferred; at the request of the data exporter to submit its data processing facilities for audit of the processing activities covered by the Clauses which shall be carried out by the data exporter or an inspection body composed of independent members and in possession of the required professional qualifications bound by a duty of confidentiality, selected by the data exporter, where applicable, in agreement with the supervisory authority; to make available to the data subject upon request a copy of the Clauses, or any existing contract for sub-processing, unless the Clauses or contract contain commercial information, in which case it may remove such commercial information, with the exception of Appendix 2 which shall be replaced by a summary description of the security measures in those cases where the data subject is unable to obtain a copy from the data exporter; that, in the event of sub-processing, it has previously informed the data exporter and obtained its prior written consent; that the processing services by the sub-processor will be carried out in accordance with Clause 11; to send promptly a copy of any sub-processor agreement it concludes under the Clauses to the data exporter.
Appears in 1 contract
Samples: Processing Agreement
