The Data Processors Obligations. 4.1 The FSP commits itself to process Personal Information only on behalf of the IFRC and pursuant to its instructions as well as the IFRC Data Protection Policy – which the FSP acknowledges to have read and understood – as well as in Clause 6 of the present DPA regarding Security Measures. In particular, the FSP will process Personal Data in such a way as to minimize, by means of suitable preventive Security Measures, the risk of accidental or unlawful destruction, loss, alteration unauthorized disclosure or access, or Processing operations that are either unlawful or inconsistent with the purposes for which the data have been collected.
The Data Processors Obligations. 4.1 The Data Processor undertakes to only process Personal Data to the extent necessary to fulfil its obligations under the Assignment, and only in accordance with documented instructions communicated from time to time provided by the Data Controller. The Data Processor may never process any Personal Data for any other purpose than those instructed by the Data Controller.
The Data Processors Obligations. 4.1 The Data Processor undertakes to secure that all processing of personal data is made in accordance with the purposes of this agreement, the GDPR, the Swedish supplementary data protection act and other applicable laws and regulations and industry standards. The Data Processor undertakes to keep itself informed about the data protection legislation and amendments therein.
The Data Processors Obligations. 3.1 The Data Processor shall implement Appropriate Technical and Organizational Measures to ensure a level of security appropriate to the risk for the rights and freedoms of natural persons and to prevent that the Personal Data processed is: (i) Accidentally or unlawfully destroyed, lost or altered, (ii) Disclosed or made available without authorization, or (iii) Otherwise processed in violation of Data Protection Legislation. 3.2 The Appropriate Technical and Organizational Measures for ensuring the security of the Processing must be determined with due regard for: (i) The current state of the art, (ii) The costs of their implementation, and (iii) The nature, scope, context and zájmu. Dohoda o zpracování osobních údajů se týká výlučně Studijních dat (např CRF, průbežné zprávy atd.) – pouze ty jsou totiž dle definice ve Smlouvě užívány za účelem záznamu veškerých informací požadovaných Protokolem a podléhají oznamování Zadavateli. Zdravotní záznamy jsou z definice Studijních dat vyňaty a byť jsou do zdravotních záznamů doplňovány údaje, které se Studií souvisí a je v zájmu Zadavateli (např. v podobě monitorů) mít ke Zdravotním záznamům přístup, jsou v plné dispozici Zdravotnického zařízení, který je vůči zdravotním záznamům správcem. 2.2 Zpracovatel osobních údajů zajistí, že jakákoli fyzická osoba jednající na základě jeho pravomoci, která má přístup k osobním údajům, je nebude zpracovávat, s výjimkou na pokyn Správce osobních údajů, kromě případů, kdy je to vyžadováno právními předpisy Evropské unie nebo členského státu. 2.3 Pokud Zpracovatel osobních údajů považuje pokyn od Správce za porušení právních předpisů o ochraně údajů, Zpracovatel o tom bude Správce neprodleně písemně informovat. 2.4 Zpracovatel osobních údajů nebude předávat osobní údaje mimo Evropský hospodářský prostor, pokud k tomu Správce osobních údajů neposkytne souhlas. V případě takového přenosu musí Zpxxxxxxxxx xxxxxxxx xxxxx xxxxxx xxxxxx xxxxxxxx xxxxxxxx. 0. POVINNOSTI ZPRACOVATELE OSOBNÍCH ÚDAJŮ 3.1 Zpracovatel osobních údajů zavede vhodná technická a organizační opatření, aby zajistil úroveň zabezpečení odpovídající riziku pro práva a svobody fyzických osob a zabránil tomu, aby zpracovávané osobní údaje byly: (i) Náhodně nebo nezákonně zničeny, ztraceny nebo pozměněny, (ii) Zveřejněny nebo zpřístupněny bez povolení, nebo (iii) Jinak zpracovány v rozporu s právními předpisy o ochraně údajů. 3.2 Příslušná technická a organizační opatření pro zajištění bezpečnosti Zpracování musí bý...
The Data Processors Obligations. The Data Processor shall implement Appropriate Technical and Organizational Measures in accordance with Art. 32 of the GDPR. The Data Processor shall upon request provide the Data Controller with sufficient information to enable the Data Controller to ensure that the Data Processor's obligations under this Agreement are complied with, including ensuring that the Appropriate Technical and Organizational Measures for ensuring the security of the Processing have been implemented. Taking into account the nature of the Processing, the Data Processor shall assist the Data Controller, by means of Appropriate Technical and Organizational Measures, insofar as this is possible, in fulfilling its obligation to respond to requests from Data Subjects pursuant to laws and regulations in the area of privacy and data protection (such as, the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the right to data portability and the right to object). The Data Controller is entitled to appoint, at its own cost, an auditor experienced in the field of data protection or IT security, who shall have access to the Data Processor's data Processing facilities and receive the necessary information for the sole purpose of auditing whether the Data Processor has implemented and maintained said účelu, než je účel stanovený touto Smlouvou, ani k jiným účelům, než které jsou uvedeny v pokynech. Zpracovatel údajů nebude předávat Osobní údaje do třetí země nebo mezinárodní organizaci kromě případů, kdy je tovyžadováno podle právních předpisů Evropské unie nebo členského státu, které se na Zpracovatele údajů vztahují. V takovém případě Zpracovatel údajů před zpracováním písemně informuje Správce údajů o tomto zákonném požadavku, pokud daný zákon nezakazuje sdělit tyto informace z důležitých důvodů veřejného zájmu. Zpracovatel údajů nepředá Osobní údaje mimo Evropský hospodářský prostor, pokud k tomu Správce údajů neposkytne souhlas. V případě takového předání musí Zpracovatel údajů přijmout vhodná ochranná opatření. Pokud Zpracovatel údajů považuje určitý pokyn od Správce údajů za porušení Právních předpisů v oblasti ochrany údajů, musí o tom Zpracovatel údajů neprodleně písemně informovat Správce údajů. 6.2
The Data Processors Obligations. The Processor must ensure that persons authorized to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. The Processor shall take full responsibility in the event there is a breach of said confidentiality obligation. The Processor shall implement appropriate technical and organizational measures to prevent that the Personal Data processed is: accidentally or unlawfully destroyed, lost or altered; disclosed or made available without authorization; or otherwise processed in violation of Applicable Law. The Processor must also comply with the special data security requirements of Annex 1. The appropriate technical and organizational security measures must be determined with due regard for: the current state of the art; the cost of their implementation; and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Processor shall upon request provide the Controller with sufficient information to enable the Controller to ensure that the Processor's obligations under this Data Processing Agreement are complied with, including ensuring that the appropriate technical and organizational security measures have been implemented. The relationship of the Parties and the nature of the Study outlined in the Agreement are such that the Controller has no access to the identity of the Study Subjects. Therefore, the Controller needs to rely on the Processor in order to be able, by means of appropriate technical and organizational measures, toto fulfil the obligation imposed to the Controller under Applicable Law. The Processor shall therefore respond to requests from Data Subjects pursuant to Applicable Law (such as, the right of access, the right to rectification, the right to erasure, the right to restrict the processing, the right to data portability and the right to object). The Controller is entitled to appoint at its own cost an independent expert, reasonably acceptable to the Processor, who shall have access to the Processor's data processing facilities and receive the necessary information for the sole purpose of auditing whether the Processor has implemented and maintained said technical and organizational security measures. The expert shall upon the Processor's request sign a non-disclosure agreement provided by the Processor, and treat all information obtained or received from...
The Data Processors Obligations. 2.1 How the personal data is to be processed.
The Data Processors Obligations. 2.1. Technical and organizational security measures The Data Processor must, considering the current technical level, the implementation costs and the nature, extent, composition and purpose of the treatment in question, and the risks of variable possibilities and seriousness of the rights and freedoms for individuals, implement appropriate technical and organizational measures to ensure an appropriate level of security. The Data Processor warrants to the Data Controller that the Data Processor will always implement the appropriate technical and organizational measures in such a way that the Data Processor's processing of personal data complies with the requirements of the applicable personal data protection regulations.
The Data Processors Obligations. 3.1 The Data Processor may only process the personal data transferred by the Data Con- troller in accordance with the Data Controllers instructions and is also obliged to comply with the personal data law currently in force. The Data Processor must take the necessary technical and organizational security measures, including additional measures that might be necessary preventing that the personal data listed in paragraph 1.2 accidentally or illegally are destroyed, lost or deteriorated and preventing that the personal data is known to unauthorized persons, exploited or is processed in violation of the Personal Data Legislation. The Data Processor is thus obliged to - introduce log-in and password procedures and set up and maintain a firewall and anti-virus software; - ensure that only employees with employment related purposes have access to the personal data; - ensure that the employees involved in processing personal data have committed themselves to confidentiality or are subject to statutory professional secrecy; - store data storage media properly so that they are not available to third parties; - ensure that buildings and systems used for data processing are safe and that only high-quality hardware and software are being used, which is continuously being updated; - ensure that samples and waste material are destroyed in accordance with the requirements for data protection complying further instructions from the Data Controller. In special cases, as determined by the Data Controller, said samples and waste material must be stored or returned; - ensure that employees receive appropriate training, adequate instructions and guidelines for processing personal data. The Data Processor is committed to en- suring that the employees involved in the processing of personal data are familiar with the safety requirements.
The Data Processors Obligations. When processing personal data on behalf of the Controller, The Data Processor shall follow the routines and instructions stipulated by the Controller at any given time. The Data Processor is obliged to give the Controller access to his written technical and organizational security measures and to provide assistance so that the Controller can fulfill his responsibilities pursuant to the Act and the Regulations. Unless otherwise agreed or pursuant to statutory regulations, The Data Processor is entitled to access all personal data being processed on behalf of the Controller and the systems used for this purpose. The Data Processor shall provide the necessary assistance for this. The Data Processor must observe professional secrecy in regard to the documentation and personal data to which he has access in accordance with this Agreement. This provision also applies after the Agreement has been discontinued.
