Common use of Processor Requirements Clause in Contracts

Processor Requirements. SPECIMEN The following processor requirements apply where you are acting as a processor of any Data and set out the scope of processing. In processing Data, you must: 9.11.1 at all times process the Data lawfully and fully in compliance with the GDPR to the extent such legislation applies to You as a processor; and 9.11.2 process the Data in order to meet your obligations under any written requirements set out in any agreements from time to time that we have with you and otherwise solely in accordance with our written instructions from time to time and for no other purpose; 9.11.3 treat all Data as confidential information which should not be disclosed to any third party save in the circumstances set out in any agreement from time to time that we have with you; 9.11.4 not appoint or engage another processor without our prior written consent and where consent is given, shall ensure that you have a written agreement with the sub-processor that imposes on the sub- processor in a legally binding manner the obligations set out in this Section 4 applicable to you; 9.11.5 take all measures required pursuant to Art. 32 of the GDPR (Security of processing); 9.11.6 taking into account the nature of the processing, assist us by appropriate technical and organisational measures insofar as this is possible, for the fulfilment of our obligation to respond to requests for exercising the data subjects’ rights of the GDPR; 9.11.7 assist us in ensuring compliance with the obligations pursuant to Art. 32 to 36 of the GDPR taking into account the nature of processing and the information available to you; 9.11.8 you must not transfer Data outside the EEA save with our prior written consent and then subject to the execution of a European Model Agreement between Us and the transferee of Data; 9.11.9 at our choice, delete or return all Data to us in the event that you do not become a controller of Data; and maintain a record of your processing activities undertaken on our behalf in accordance with Art. 30 of the GDPR (Records of processing activities) and make available to us all information necessary to demonstrate compliance with the obligations laid down in Art. 28 of the GDPR and allow for and contribute to audits, including inspections, conducted by us or on our behalf.