Documentation and compliance. Audits: The PARTIES shall be able to demonstrate compliance with this DPA. ATOSS shall deal promptly and adequately with inquiries from the CUSTOMER about the pro- cessing of data in accordance with this DPA. ATOSS shall make available to the CUS- TOMER all information necessary to demonstrate compliance with the obligations that are set out in this DPA and stem directly from GDPR. At the CUSTOMER’s request, ATOSS shall also permit and contribute to audits of the processing activities covered by this DPA, at reasonable intervals or if there are indications of non-compliance. In decid- ing on an audit, CUSTOMER may take into account relevant information and certifica- tions held by ATOSS. The CUSTOMER may choose to conduct the audit by itself or mandate an independent auditor. ATOSS may object to the inspection by an independent auditor if the auditor selected by the CUSTOMER is in a competitive relationship with ATOSS or has not been obliged to observe confidentiality. The costs of audits pursuant to § 7 (5) lit. a) shall be borne by the CUSTOMER. Documentation: In particular, proof of documentation of technical and organizational measures can be provided by way of compliance with approved codes of conduct pur- suant to Art. 40 GDPR or suitable certification by means of an IT security or data pro- tection audit. Data protection officer: The contact details of the data protection officer of ATOSS are listed in DPA-Exhibit II - Technical and organizational measures.
Appears in 4 contracts
Samples: Processing Agreement, Processing Agreement, Processing Agreement
