Dpa Processing Agreement

4. The data exporter keeps a list of sub-processing agreements concluded under the clauses and communicated by the data importer in accordance with point 5, point j), and updated at least once a year. The list is subject to the data protection regulator of the data exporter. Monitoring measures, if and by whom data have been introduced, modified or deleted (erased) and by whom, via logging and reporting functions. Data processing agreements are designed to protect your business and its users from misuse of personal data that could result in damage or prosecution. A data processing agreement is just as necessary for small businesses as it is for large companies. 5.3 The processor may appoint new subcontractors and notify in writing at least seven (7) days in advance, in writing, of the appointment of a new subprocessor (for example. B as part of a change in the privacy policy), either by general reference or specific to this subprocessor (for example. B by name or type of service), including relevant details of the processing to be performed by the new subcontractor. If the subcontractor informs the subcontractor in writing of objections (for reasonable reasons) to the proposed appointment within seven (7) days of such notification, the subcontractor may designate the proposed sub-responsible for the handling of the manager`s personal data only when appropriate measures have been taken to address the objections raised by the person in charge of the treatment and an appropriate written explanation of the actions taken has been presented to the person in charge. If such measures are not sufficient to mitigate the supplier`s legitimate objections, the processor or subcontractor may terminate the Other Party with immediate effect, with immediate effect, as long as it refers to services requiring the use of the proposed subprocessing, without making the termination liable. “data importer”, the subcontractor who agrees to obtain personal data from the data exporter that will be processed after the transfer in accordance with its instructions and the provisions of the clauses on its behalf, and which is not subject to the system of a third country and which provides adequate protection within the meaning of Article 25, paragraph 1, of Directive 95/46/EC; The processing manager must ensure that the scope of the subcontractor`s CCA does not exceed the original legal basis for data processing. In other words, the outsourcing company should be able to use the data for purposes defined in the agreement.

It is the controller`s responsibility to check how the processor uses the data it transmits to them. 8.1 To the extent that the client is not able to independently access relevant personal data within the Services, DigitalOcean (at the customer`s expense) will provide appropriate cooperation, given the nature of the treatment, to assist the client with appropriate technical and organizational measures, where possible, to respond to requests from individuals or data protection authorities in relation to the processing of personal data under the agreement. In the event that such a request is addressed directly to DigitalOcean, DigitalOcean will not respond directly to this communication without the customer`s prior consent, except under a legal obligation to do so. If DigitalOcean is required to respond to such a request, DigitalOcean will immediately notify the Customer and provide a copy of the request, unless that request is prohibited by law.

Comments are closed.