of GDPR. 9.2 The Processor must at least once (1) per year review the security of the Processing through a self-monitoring in order to ensure that the Processing complies with the Agreement. The result of this self-monitoring shall be made available to the Controller upon request
of GDPR. 1.2 Each of the Supplier and Customer shall, at all times, comply with its obligations under all Data Protection Legislation and all applicable Supplier Policies in connection with this Agreement.
of GDPR. <Enter type, e.g. data concerning health, racial or ethnic origin, or trade union membership> ☐ Other information subject to a special need for protection: <Enter type, e.g. national identity number, financial details, performance assessments in employment relationships, etc.> ☒ Other personal data: Name, addresses (billing and shipping), company information (name and organisation number), phone number and email. Categories of data subjects The processing concerns the following categories of data subjects: Customers of Smartbells AS which are farmers located in Norway and in Sweden and StalkIT which are waste handling and industrial equipment companies located in countries from the European Union (Norway, Denmark, Sweden, Finland, the UK, Spain and Germany) Duration of processing Processing of personal data by the Data Processor under the Main Agreement may commence when the Data Processing Agreement has entered into force. The processing has the following duration (select one option): ☒ The processing is not limited in time and lasts until the expiry of the Main Agreement. ☐ The processing is limited in time and applies until <state date or criterion for termination, such as the conclusion of a project. Note that the processing may not normally be concluded before the Main Agreement expires >. On expiry (of the Main Agreement or the processing), personal data must be returned and erased in accordance with section 12 of the Data Processing Agreement and the instructions in Appendix C. APPENDIX B – Conditions for the Data Processor’s use of and changes in any Subprocessors The Data Controller’s approval of the use of Subprocessors When entering into the Data Processing Agreement, the Data Controller approves the use of the Subprocessors listed in section . Note that parent and sister companies and subsidiaries of the Data Processor are also considered to be Subprocessors if they contribute to the delivery of services and process personal data. The following is agreed concerning changes in the use of Subprocessors: ☒ The Data Processor may use a Subprocessor from the same Group (parent or sister company or subsidiary) that is established in a country within the EEA. The Data Processor must inform the Data Controller in advance of the use of any such Subprocessor. (This option can be combined with one of the other options.) ☐ The Data Processor may make changes to the use of Subprocessors provided that the Data Controller is notified and is given the opportun...
of GDPR. 6.6 In the event the Customer objects to a new Sub-processor and such objection is not found unreasonable, XXXXxx.xxx will use reasonable efforts to ● make available to the Customer a change in the Offerings and/or the Services or ● recommend a commercially reasonable change to the Customer’s configuration or use of the Offerings and/or the Services to avoid Processing of Personal Data by the objected new Sub-processor without unreasonably burdening the Customer.
of GDPR. 5. The parties agree that this Agreement constitute a different legal act referred to in article 28 section 3 of the GDPR and, together with the provisions of Synerise
of GDPR. ☒ Other information subject to a special need for protection: It may be necessary to process national identity number or financial details in certain cases. ☒ Other personal data: Name, vehicle registration number, photos showing time of toll booth passage, etc.
of GDPR. 11.1.4 Supplier is obligated to take appropriate technical and organisational measures necessary in order to protect the personal data processed in accordance with applicable data protection legislation and to inform STV about which technical and organisational measures that will be taken and any planned changes thereto.
of GDPR. <Enter type, e.g. data concerning health, racial or ethnic origin, or trade union membership> ☐ Other information subject to a special need for protection: <Enter type, e.g. national identity number, financial details, performance assessments in employment relationships, etc.> ☐ Other personal data: <Enter type, e.g. name and contact details, education, communication preferences, etc.> Categories of data subjects The processing concerns the following categories of data subjects: <Describe who the processing of personal data concerns, for example: “Residents of Oslo Municipality”, “Users of the after-school scheme” or “Employees and consultants at DFØ”. If data concerning a particularly vulnerable or exposed group, such as children or disabled people, is processed, this should be stated separately.> Duration of processing Processing of personal data by the Data Processor under the Main Agreement may commence when the Data Processing Agreement has entered into force. The processing has the following duration (select one option): ☐ The processing is not limited in time and lasts until the expiry of the Main Agreement. ☐ The processing is limited in time and applies until <state date or criterion for termination, such as the conclusion of a project. Note that the processing may not normally be concluded before the Main Agreement expires >. On expiry (of the Main Agreement or the processing), personal data must be returned and erased in accordance with section 12 of the Data Processing Agreement and the instructions in Appendix C. Conditions for the Data Processor’s use of and changes in any Subprocessors The Data Controller’s approval of the use of Subprocessors When entering into the Data Processing Agreement, the Data Controller approves the use of the Subprocessors listed in section B.2. Note that parent and sister companies and subsidiaries of the Data Processor are also considered to be Subprocessors if they contribute to the delivery of services and process personal data. The following is agreed concerning changes in the use of Subprocessors: ☐ The Data Processor may use a Subprocessor from the same Group (parent or sister company or subsidiary) that is established in a country within the EEA. The Data Processor must inform the Data Controller in advance of the use of any such Subprocessor. (This option can be combined with one of the other options.) ☐ The Data Processor may make changes to the use of Subprocessors provided that the Data Controller is no...
