Data processing agreement

Similar documents
FUJITSU Cloud Service K5: Data Protection Addendum

Telekom Austria Group Standard Data Processing Agreement

AGREEMENT FOR ACCESS, WHICH MAY RESULT IN PERSONAL DATA PROCESSING

Data Processing Agreement

SUPPLIER DATA PROCESSING AGREEMENT

Purchasing Terms and Conditions

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

5. Customer software customisations, consulting, integration and services are available only when ordered separately.

DATA PROCESSING AGREEMENT

Appendix 1 Data Processing Agreement

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

Data Processing Addendum

PERSONAL DATA PROCESSING AGREEMENT

NON-DISCLOSURE AGREEMENT

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

QUALITY ASSURANCE AGREEMENT Production of packaging and/or services for the pharmaceutical industry

CONSULTANCY SERVICES AGREEMENT

Annex 1: Standard Contractual Clauses (processors)

OTrack Data Processing Terms

Data Protection Bill [HL]

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

Eurex Liquidity Provider Agreement (LPA) v.1.1

Terms of Business

ARTICLE 29 DATA PROTECTION WORKING PARTY

Model Data Processing Agreement (GDPR)

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight

DATA PROCESSING ADDENDUM

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

Attachment 1. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Template Commission pursuant to Section 11 BDSG

Request for Proposal. Physical Security Professional Review. ASIS Chapter Calgary / Southern Alberta

March 2016 INVESTOR TERMS OF SERVICE

General Terms and Conditions for SaaS ( SaaS Terms ) of Deutsche Post Adress GmbH & Co. KG, Am Anger 33, Gütersloh, Germany

Article 1. Federal Data Protection Act (BDSG)

General Terms and Conditions for the Provision of Services and Work of FAG Aerospace GmbH & Co. KG

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

General Terms and Conditions Day Ahead. of innogy Gas Storage NWE GmbH, Flamingoweg 1, Dortmund (hereinafter, "igsnwe")

Assumption of TOBT Responsibility and Usage Agreement HAM CSA

Data Processing Agreement

Exhibit MC - Standard Contractual Clauses (processors)

Data Protection Bill [HL]

Comments. made by the Conference of the German Data Protection Commissioners of the Federation and of the Länder. of 11 June 2012

Zab Zab Application Privacy Policy Terms and Conditions

Data Processing Addendum

AnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users

SOFTWARE SUBLICENSE AGREEMENT

THE GDPR AND DFIR THE IMPACT OF THE EU GENERAL DATA PROTECTION REGULATION ON DIGITAL FORENSICS AND INCIDENT RESPONSE

Remote Support Terms of Service Agreement Version 1.0 / Revised March 29, 2013

Access to Personal Information Procedure

TERMS OF SERVICE FOR SUPPORT NETWORK COMMUNITY HEART AND STROKE REGISTRY SITE Last Updated: December 2016

DATA PROCESSING ADDENDUM. 1.1 The User and When I Work, Inc. ("WIW") have entered into the Terms of Service, for the provision of the Service.

Between. address (which you used when signing the Main Contract with Shore) - the "Principal" - and

General Conditions of Purchase of BASF SE and its Affiliated Companies. Companies Located in Germany for Standard Software

SERVICES TERMS AND CONDITIONS

CONDITIONS DELEGATED REPORTING EMIR CLIENT REPORTING SERVICE AGREEMENT

Customer Data Annual Privacy Agreement

1. Processing of personal data legal basis, purpose and scope Legal basis fulfillment of statutory legal requirements

END USER LICENSE AGREEMENT FOR FOUNDRY PRODUCTS VIA ATHERA

REGULATION (EU) 2016/679 General Data Protection Regulation

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Sample Licensing Agreement

General Terms and Conditions of Purchase MAN General Procurement Division for Building Management Services (Facility Management) (Version: June 2018)

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

INDEPENDENT SALES ASSOCIATE AGREEMENT

Introduction Agreement

GENERAL TERMS AND CONDITIONS FOR THE SUPPLY OF GOODS AND SERVICES

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

Participant Agreement

AGREEMENT Agreement for the Provision of Serial Subscription Services. Made and executed this day of, 2013 by and between

EU STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

Working document 01/2014 on Draft Ad hoc contractual clauses EU data processor to non-eu sub-processor"

Quality Assurance Agreement

.VERSICHERUNG. Eligibility Requirements Dispute Resolution Policy (ERDRP) for.versicherung Domain Names

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

License Agreement Invenso

TERMS AND CONDITION OF SUPPLIER REGISTRATION

Rules for alternative dispute resolution procedures

BINDING CORPORATE RULES PRIVACY policy. Telekom Albania. Çaste që na lidhin.

Terms and Conditions GDPR Ready Data

LAB-on-line License Terms and Service Agreement

INTERFACE TERMS & CONDITIONS

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

END-USER SOFTWARE LICENSE AGREEMENT FOR TEKLA SOFTWARE

The Parties to the contract are komro GmbH (hereinafter referred to as komro ), Am Innreit 2, Rosenheim, and the respective User.

Regulations of the Board of Directors of Abengoa, S.A. Chapter One. General Provisions

PeachCourt Document Access User Agreement Terms of Use

YOOCHOOSE GmbH Terms and Conditions Subject Matter

1) ICC ADR proceedings are flexible and party-controlled to the greatest extent possible.

GENERAL CONDITIONS OF THE CONTRACT (Applicable to purchase orders)

OBJECTS AND REASONS. Arrangement of Sections PART II PRELIMINARY MONEY LAUNDERING

Terms and Conditions Belfius via SWIFT

LFMI MEDIA SERVICES LIMITED T/A RUE POINT MEDIA

PRIVACY POLICY STATEMENT ON THE PROCESSING OF PERSONAL AND SENSITIVE DATA OF THE CUSTOMERS WITHIN THE MEANING OF ARTICLE 13 AND FF. OF REGULATION (EU)

General Conditions of Contract for the Public Accounting Professions (AAB 2018)

[JURISDICTION] S AMENDMENTS TO AIA DOCUMENT A201, GENERAL CONDITIONS OF THE CONTRACT FOR CONSTRUCTION EDITION

SAMPLE SPEAKER CONTRACT (MODIFY AS APPROPROPRIATE - DELETE PROVISIONS THAT DO NOT APPLY)

Conditions for Processing Banking Transactions via the Corporate Banking Portal and HBCI/FinTS Service

THIS DELEGATED REPORTING SERVICE AGREEMENT (the Agreement )

Agreement for Supply of Services (short form)

Transcription:

Data processing agreement between....(client) (data controller) and Key-Systems GmbH (contractor) (data processor) PREAMBLE The processing is based on the agreement between the parties for the provision of various services by the contractor (main agreement). I. Subject of the agreement 1. The contractor collects/processes/uses personal data on behalf of the client. 2. Subject of the service The purpose of the service is to process data by collecting, recording, organizing, sorting, storing, adapting or modifying, reading, querying, using, disclosing through transmission, dissemination or any other form of provision, matching or linking, restriction, erasure or destruction of data exclusively in connection with the services listed in the main agreement (here: registration and administration of domain names and - if applicable - the provision of hosting services). The data will not be processed for other purposes. The contractual services will be executed exclusively in member states of the EU or in one of the contracting states of the agreement on the European Economic Area on the part of the data processor. A transfer of the services or of partial work to a third country may occur only if the special requirements of Art. 44 et seq. GDPR are met and this is absolutely required for the provision of the services. Changes of the processing object and procedural changes are to be mutually agreed. 3. Duration of the contracting The agreement begins with the date of signature by both parties and ends with the effective date of the termination of the main agreement. This agreement shall not become effective prior to May 25, 2018. 4. Scope, nature and purpose of collection, processing or use of data: 4.1. Type of processing The contractor processes personal data of the client s customers, or of client s employees.

4.2. Type of personal data Personal data required for the execution of the service: - personal master data - communication data (traffic data) - contractual master data - if required by the main agreement: billing and payment data - if required by registrar regulations: proof of identity. 4.3. Circle of persons involved Customers and employees of the client. II. Rights and obligations of the client 1. The client is solely responsible for the assessment of the lawfulness of the data collection/processing/use as well as for the protection of the rights of the persons involved. 2. The client issues all orders or partial orders in writing or in a documented electronic format. 3. The client is entitled to give the contractor written instructions regarding the processing of personal data provided by client. 4. Prior to the start of data processing and then in - regular intervals the client is entitled to verify the compliance of the contractor with any agreed - technical and organizational measures and with the obligations arising from this contract. The client can also use third parties to carry out this verification. The client undertakes to remunerate all expenses incurred by the contractor as a result of making this verification possible. 5. The client informs the contractor immediately if he detects any errors or irregularities in the examination of the services. 6. The client is obliged to treat with confidentiality all knowledge acquired about business secrets and data security measures of the contractor resulting from the contractual relationship. This obligation remains valid even after termination of this contract. III. Obligations of the contractor 1. The contractor shall only process personal data in accordance with the agreements, legal requirements and instructions of the client in accordance with th GDPR, unless he is required to process it under the laws of the European Union or of the member state the processor is subject to (for example investigations of law enforcement and state protection authorities). In this case, the processor must notify the controller of such legal requirements prior to processing, unless such communication is prohibited due to important public interests under applicable law (Art. 28 (3) sentence 2 (a) GDPR). 2. The contractor shall correct, delete and block personal data under the contractual relationship or restrict its processing if the client so requests in the agreement or instructs him so unless this contradicts the legitimate interests of the contractor. When an affected person directly contacts the contractor in this regard, the contractor will immediately forward this request to the client. The contractor may act upon such a request if the client does not respond to requests by affected data subjects within reasonable time.

3. The contractor does not use the personal data provided for data processing for any other, especially not for own purposes. Copies or duplicates are not created without the knowledge of the client. The contractor assures the contractual processing of all agreed measures in the area of orderbased processing of personal data. He assures that the processed data is strictly separated from other data. 4. The contractor will immediately inform the client if, in his opinion, an instruction issued by the client violates statutory provisions. The contractor shall be entitled to suspend the execution of the relevant instruction until it has been confirmed or changed by the person responsible at the client. 5. The contractor agrees that the client by appointment is entitled to control compliance with this agreement to the extent required under Art. 28 GDPR either directly or through third parties commissioned by the client. The contractor undertakes to provide the client with the necessary information and to prove the implementation of the technical and organizational measures. 6. After completion of the contractual obligations, the contractor shall delete all data, documents and processing or utilization results, which were obtained in connection with the contractual relationship unless doing so is not possible due to legal or factual grounds. 7. Data protection officer of the contractor is Mr. Volker Greimann Changes of the data protection officer shall be notified to the client without undue delay. 8. The contractor confirms to be familiar with the data protection regulations of the GDPR that are relevant for the processing of personal data and that is in compliance with his respective obligations. 9. The contractor undertakes to maintain confidentiality when processing personal data provided by the client. This obligation shall survive the termination of the agreement. 10. The contractor warrants that the employees involved in the provision of the services are familiar with the requirements of data protection relevant to their work and that they are bound to maintain confidentiality for the duration of their employment as well as after termination of the employment relationship. The contractor monitors compliance with the data protection regulations. 11. The contractor may only provide information to third parties or the data subject about personal data obtained in the course of the service with prior instruction or written consent of the client, or when as this information is provided on the basis of legal requirements. IV. Subcontractors 1. The use of subcontractors for the processing of data such as registries, registrars and data escrow providers is permitted due to the special nature of the process of administrating and registering domain names and requires no further consent, provided the use of these subcontractors is required to execute orders under the main agreement. The approval required under Art. 28 (2) and (9) GDPR is hereby granted. 2. Name and address as well as the intended activity of the subcontractor are included in the applicable contract appendices and/or the information page for the specific TLDs. The contractor shall ensure that he has carefully selected the subcontractor with special consideration of the suitability of the technical and organizational measures taken by the subcontractor in accordance with Art. 32 GDPR.

3. Subcontractors in third countries may only be commissioned if the special conditions of Art. 44 et seq. GDPR are met (for example adequacy decisions by the Euroean Commission, model data protection clauses, approved codes of conduct) or if their commissioning is absolutely necessary for the provision of the service by the contractor. 4. The contractor must ensure that the agreed regulations between the client and the contractor apply to subcontractors to the greatest extent possible and will regularly review compliance with the obligations of the subcontractor(s). 5. In the agreement with the subcontractor the responsibilities of the parties shall be so secific to allow a clear distinction. If multiple subcontractors are used this also applies to the responsibilities between these subcontractors. 6. The subcontractors currently engaged in the processing of personal data for the contractor are listed in the respective service description or result from the service. The client agrees to their commissioning. 7. The processor shall provide advance information to the controller of any change with regard to the use of new or the replacement of existing subcontractors to allow the client the opportunity to object to such changes (Art. 28 II, 2 GDPR). V. Technical and organizational measures 1. The contractor shall ensure an appropriate level of protection for any data processing in accordance with the risks towards the rights and freedoms of data subjectes affected by the processing. This shall at a minimum take into account the protection objectives of confidentiality, availability and integrity of the systems and services, as well as their resilience in terms of the nature, extent, circumstances and purpose of the processing so as to permanently reduce such risks by means of appropriate technical and organizational corrective measures. 2. The data protection concept utilized by the contractor has selected its technical and organizational measures by taking into account the protection objectives in accordance with the state of the art of the IT systems and processing processes. 3. The contractor shall comply with the principles of proper data processing. He shall ensure the contractually agreed and legally required data security measures. 4. The technical and organizational measures may be modified to keep pace with technical and organizational developments over the course of the contractual relationship. The contractor shall establish procedures for the periodic review and evaluation of the effectiveness of the measures to ensure the safety of the processing. Significant changes will be communicated to the client in documented form. 5. The contractor shall immediately notify the client of any disruptions, violations against data protection regulations or the stipulations made under this agreement by the contractor or persons under his employ, as well as about the suspicion of data breaches or irregularities in the processing of personal data. This applies in particular with regard to any notification and notification obligations of the client in accordance with Art. 33 and 34 GDPR. The contractor agrees to adequately support the client in his duties according to Art. 33 and 34 GDPR. VI. Liability 1. For the compensation of damages suffered by a data subject within the scope of the contractual

relationship due to violations of data protection requirements or incorrect data processing responsibility towards the data subject rests with the client. The client may only take recourse for such third party damages permissible if the contractor has violated this agreement with intent or in a grossly negligent manner. 2. For all other intents and purposes the existing liability terms for the respective services as agreed in the main agreement apply. VII. Special right of termination 1. In the case of serious violations of the terms of this agreement, in particular against compliance with applicable data protection regulations, the client entitled to a special right of immediate termination. Further sanctions, in particular contractual penalties, are excluded. 2. In particular a serious breach shall be presumed if the contractor has not materially fulfilled or has not fulfilled at all the obligations specified under this agreement. 3. In the case of insignificant violations the client shall set a reasonable deadline for the contractor to remedy the situation. If the remedy does not occur in time, the client is entitled to extraordinary termination as described in this section. VIII. Miscellaneous 1. Both parties are obliged to treat in confidence all knowledge of business secrets and data security measures of the respective other party obtained over the course of the contractual relationship. This obligation shall survive the termination of this agreement. In case of doubt as to whether certain information is subject to this obligation it must be treated as confidential until written approval by the other party. 2. The written form is required for side agreements. 3. Terms used in this contract are to be understood according to their definitions in the EU General Data Protection Regulation. 4. This agreement exists in German and English. As the English version is a mere translation for convenience of the parties, the terms shall be interpreted as intended in the original German version. IX. Effectiveness of the agreements Should individual terms or clauses of the agreement be invalid or unenforceable, this does not affect the validity of the agreement otherwise. The invalid or unenforceable provision shall be replaced by a valid and enforceable provision that comes closest to the economic purpose pursued by the parties with the invalid or unenforceable provision..... (Signature of contracting authority).... (Signature contractor)

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback