AGREEMENT FOR ACCESS, WHICH MAY RESULT IN PERSONAL DATA PROCESSING

Similar documents
Telekom Austria Group Standard Data Processing Agreement

DATA PROCESSING AGREEMENT

NON-DISCLOSURE AGREEMENT

DATA PROCESSING AGREEMENT. (1) You or your organization or entity as The Data Controller ( The Client or The Data Controller ); and

AnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users

OTrack Data Processing Terms

Data Processing Agreement

Appendix 1 Data Processing Agreement

Purchasing Terms and Conditions

Data Processing Addendum

SUPPLIER DATA PROCESSING AGREEMENT

DocuSign Envelope ID: D3C1EE91-4BC9-4BA9-B2CF-C0DE318DB461

FUJITSU Cloud Service K5: Data Protection Addendum

Annex 1: Standard Contractual Clauses (processors)

DATA PROCESSING AGREEMENT. between [Customer] (the "Controller") and LINK Mobility (the "Processor")

Data processing agreement

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

TERMS & CONDITIONS OF SERVICE

KAISER FOUNDATION HOSPITALS ON BEHALF OF KAISER FOUNDATION HEALTH PLAN OF THE MID-ATLANTIC STATES, INC.

Working document 01/2014 on Draft Ad hoc contractual clauses EU data processor to non-eu sub-processor"

DATA PROCESSING ADDENDUM. 1.1 The User and When I Work, Inc. ("WIW") have entered into the Terms of Service, for the provision of the Service.

Processor Agreement SURF Model Agreement

March 2016 INVESTOR TERMS OF SERVICE

Serco Limited Purchase Order Terms and Conditions (the "PO Terms")

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Directorate C: Fundamental rights and Union citizenship Unit C.3: Data protection

Data Processing Agreement

Customer Data Annual Privacy Agreement

2.3 a definition of the GWR Record Title you will attempt to break and related guidelines which you will need to comply with ( Guidelines ).

EU STANDARD CONTRACTUAL CLAUSES (PROCESSORS)

Data Protection Transfer Agreement. Reference Number: CORP_142-a01 Policy

YOUR RIGHT TO USE ANY LBRF GRAPHIC MATERIAL IS SUBJECT TO YOUR FULL PAYMENT OF THE LICENSE AND THE RESTRICTIONS SET FORTH IN THIS AGREEMENT.

EU GDPR - DATA PROCESSING ADDENDUM INSTRUCTIONS FOR CDNETWORKS CUSTOMERS

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

Model Data Processing Agreement (GDPR)

PERSONAL DATA PROCESSING AGREEMENT

DATA PROCESSING ADDENDUM

16 March Purpose & Introduction

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE

EUROPEAN COMMISSION DIRECTORATE-GENERAL JUSTICE. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Terms and Conditions Belfius via SWIFT

Last revised: 6 April 2018 By using the Agile Manager Website, you are agreeing to these Terms of Use.

HIPAA BUSINESS ASSOCIATE AGREEMENT. ( BUSINESS ASSOCIATE ) and is effective as of ( Effective Date ). RECITALS

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

Exhibit MC - Standard Contractual Clauses (processors)

DACS Website Licence Terms and Conditions November 2014

Trócaire General Terms and Conditions for Procurement

RETS DATA ACCESS AGREEMENT

EasyVote grants you the following rights provided that you comply with all terms and conditions of this Agreement:

DACS DIGITAL PLATFORM LICENCE TERMS AND CONDITIONS 2016

UOB BUSINESS APPLICATION TERMS AND CONDITIONS

The Scottish Further and Higher Education Funding Council. Standard Terms and Conditions of Contract for professional services.

DATABASE AND TRADEMARK LICENSE AGREEMENT

SERVICE PROVIDER SECURITY AGREEMENT. Clemson University ( Clemson ) and. Vendor Name Here. ( Service Provider )

In this agreement, the following words and phrases shall have the following meanings unless the context otherwise requires:

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

DACS NEWSPAPER/MAGAZINE LICENCE TERMS AND CONDITIONS

IMPORTANT PLEASE READ CAREFULLY PORTFOLIO END USER AGREEMENT

Agreement for the Supply of Legal Services by a Barrister at Three New Square

General Conditions of CERN Contracts

Model Business Associate Agreement

INDEPENDENT CONTRACTOR AGREEMENT

Terms and Conditions of Service

Ordinance No. 26. of 23 April 2009 on Financial Institutions. Chapter One General Provisions. Subject. Requirement for Registration. Ordinance No.

DocuSign Envelope ID: 93578C7C-0B BEE9-0536AB6EDE32

CAPTION FINANCIAL SUMMARY

LEADR NEW ZEALAND INC. MEDIATION AGREEMENT

ASSETMARK TRUST COMPANY TOTALCASH MANAGER TM ACCESS AUTHORIZATION AGREEMENT

SSLI \6.0 v1.0

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight

Agreement for the Supply of Legal Services by a Barrister in a Commercial Case

PeachCourt Document Access User Agreement Terms of Use

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE

TM2/TM3 Online Terms and Conditions

CONDITIONS DELEGATED REPORTING EMIR CLIENT REPORTING SERVICE AGREEMENT

Freight Investor Solutions DMCC Terms of Business

Remote Support Terms of Service Agreement Version 1.0 / Revised March 29, 2013

UNIVERSITY OF ULSTER THIRD PARTY PROCESSING AGREEMENT

GENERAL TERMS AND CONDITIONS FOR THE SUPPLY OF GOODS AND SERVICES

Digia Commerce Oy Ab SOFTWARE END USER LICENSE AGREEMENT

ARTICLE 29 DATA PROTECTION WORKING PARTY

SOFTWARE SUBLICENSE AGREEMENT

ADDENDUM TO STANDARD CONTRACT BETWEEN Community Coordinated Care for Children, Inc. (4C) AND (CONTRACTOR)

Site Access Agreement. (hereinafter referred to as the

Trial Period Terms and Conditions Product Supply Agreement

Conditions of Contract for Purchase of Goods and Services

Attachment 1. Commission Decision C(2010)593 Standard Contractual Clauses (processors)

Pax8 Master Service Agreement

The Act on Processing of Personal Data

Information leaflet about processing of personal data for Newsletter Recipients (hereinafter Data Subject)

SOFTWARE LICENSE TERMS AND CONDITIONS

TEAMING AGREEMENT 1.0 PROPOSAL ACTIVITIES

Accenture Purchase Order Terms and Conditions. Accenture shall mean Accenture Japan Ltd or an Affiliate Company as defined below.

BINDING CORPORATE RULES PRIVACY policy. Telekom Albania. Çaste që na lidhin.

HARVARD PILGRIM HEALTH CARE, INC. PRIVACY AND SECURITY AGREEMENT

CONTRACT STATE OF SOUTH CAROLINA COUNTY OF GEORGETOWN

Subscriber Agreement for (a) the e-id Account and (b) the Certificates within the National Electronic Identity Card

HIPAA DATA USE AGREEMENT

GlobalSign Certificate Centre (GCC) Terms of Service Non US Version

AmCham EU Proposed Amendments on the General Data Protection Regulation

2.2 References to Blossom, Blossom Educational, Platform, we and us are references to BLOSSOM EDUCATIONAL LTD.

Transcription:

AGREEMENT FOR ACCESS, WHICH MAY RESULT IN PERSONAL DATA PROCESSING Between K MEDIA TECH Ltd, a company established and existing in accordance with the laws of the Republic of Bulgaria, with seat and registered office at ap. 12, fl. 2, entr. B, bl. 68, Manastirski Livadi Residential District, Sofia, UIC 202249002 ( Personal Data Processor ), referred to hereinafter as the Parties, and you or the entity you represent ( Controller ). WHEREAS: (1) This agreement is part of the Terms of Service ( Main Agreement ), Privacy Policy and other relevant policies (2) The performance of the Main Agreement DOES NOT require and suggest that the Personal Data Processor to process personal data, provided by the Controller ( Controller s Personal Data ), any and all responsibility for and with respect to the processing of personal data, collected and processed for the purposes of the operation of the website, stored on K MEDIA TECH Ltd s servers shall be borne by the Personal Data Controller and/or the persons, with whom he has signed contracts for the processing of the personal data of his clients; (3) The provisions of this contract shall apply solely in the cases, where for technical reasons or at Controller s express 1 P a g e

request K MEDIA TECH Ltd exercises access, through his employees, to the personal data, processed by the Personal Data Controller as the Parties hereby would like to settle their relations with respect to the access and/or if necessary the processing of Controller s Personal Data in accordance with the requirements of art. 28(3) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Regulation ); (4) The relations between the Parties hereunder shall also be governed by Directive 2000/31/EU of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market ('Directive on electronic commerce'), exempting from responsibility the persons, offering storage/hosting services, for any unlawful activities of their clients article 14 and 15 of the Directive. (5) In the performance of his obligations and duties, arising from or related to the Main Agreement, the Personal Data Processor shall not in any way rely on the services of any third parties or persons and he shall not assign any part of his obligations and duties to any subcontractors or third parties or persons. (6) The Employees of the Processor of Controller s Personal Data have undertaken in writing, pursuant to the applicable 2 P a g e

legislation, in case of access to Controller s Personal Data not to process, use or distribute them in any manner whatsoever, apart from the purposes, for which the access to such data is required; (7) The Processor of Controller s Personal Data has taken special measures for safeguarding the personal data processed by the Controller, having implemented in his operations, the necessary technical measures and equipment, required for the maximum limitation of the persons, premises and equipment, which may be used to access Controller s data. By virtue of art. 28(3) of the Regulation, THE PARTIES AGREED AS FOLLOWS: Article 1. Processing of Controller s Personal Data (1) The Personal Data Processor shall strictly comply with any and all applicable legal provisions in processing Controller s Personal Data, accessed at Controller s request. (2) The Personal Data Processor shall only process Controller s Personal Data on Controller s documented instructions, unless required to perform the processing by virtue of the relevant applicable law. In this case the Personal Data Processor shall notify the Controller regarding such legal obligation, as far and to the extent this is permitted by the applicable law, before commencing the processing of the respective Controller s Personal Data. 3 P a g e

(3) The Personal Data Processor is prohibited from using or in any other way processing Controller s Personal Data for purposes, different from the provision of Controller s services, set out in the Main Agreement and only in the period, agreed in the Main Agreement. The Personal Data Processor shall always act in accordance with the documented instructions off the Controller. (4) Schedule No. 1 to this Personal Data Processing Contract contains information regarding the processing of Controller s Personal Data. The Controller shall be entitled to unilaterally and by means of a written notice to the Personal Data Processor, make reasonable amendments from time to time, to Schedule No. 1, if the Controller reasonably believes such amendments to be necessary in order to ensure his compliance with the applicable personal data protection law. (5) The Personal Data Processor may not disclose or provide Controller s Personal Data to any third parties. Article 2. Personal Data Processor Employees (1) The Processor shall take all reasonable measures to ensure the reliability of all his employees, agents and co-contractors, as well as the employees, agents and co-contractors personal data processors he has selected, who may have access to Controller s personal data. (2) In any case, the Personal Data Processor shall limit any access to Controller s Personal Data only to those persons, 4 P a g e

who need to know and/or have access to the respective Controller s Personal Data, as far and to the extent this is necessary for the purposes of the Main Agreement, as well as for the compliance with the obligations and responsibilities of the applicable law, within the context of the obligations of the respective person to the Personal Data Processor and the other personal data processors, ensuring that any and all such persons are bound by a contractual or regulatory confidentiality requirement. Article 3. Security of Controller s Personal Data (1) Taking into consideration the achievements of the technical progress, the current best practices in the industry and stateof-the-art of the technologies, the cost for their implementation and the nature, scope, context and objectives of the processing of Controller s personal data, as well as any and all risks to the rights and freedoms of the data subjects and in particular, the risk of breaching the security of Controller s personal data, the Personal Data Processor must introduce, with respect to Controller s personal data suitable technical and organizational measures, ensuring proper level of security. In particular, the Personal Data Processor shall introduce suitable technical and organizational measures, which will ensure the protection of Controller s personal data against accidental or unlawful destruction, accidental loss (including deletion), change (including damage), unauthorized disclosure, use or access, as well as against any and all other 5 P a g e

forms of unlawful processing. In particular, the Personal Data Processor shall introduce controlled access and any personal data, downloaded on portable devices or transferred by electronic means, shall always be encrypted and there shall be a process in place for the ongoing testing and evaluation of the efficiency of the technical and organizational measures, in order to ensure the security of the processing. (2) The Parties agree that the introduction of the following technical measures, shall be considered suitable and appropriate: (а) ensuring ongoing confidentiality, integrity, accessibility and flexibility of the processing systems, used by the Personal Data Processor; Article 4. Obligations of the Personal Data Processor regarding the Controller (1) Taking into consideration the nature of the processing of Controller s personal data, the Processor agrees to support the Controller in the implementation of suitable technical and organizational measures, as far as possible, for the fulfilment of Controller obligations to respond to any requests by data subjects, who wish to exercise their rights in accordance with the personal data protection laws, applicable to the Controller. The Parties agree that the implementation of the following technical measures shall be considered suitable, taking into consideration the nature of processing: 6 P a g e

(a) data mapping, enabling the exercising off the rights of the data subjects to be forgotten, should such a request be submitted; (2) The Processor agrees to notify the Controller immediately and always within 72 hours, if the Personal Data Processor has received a request from a data subject, requesting to exercise his/her right, related to Controller s Personal Data in accordance with the applicable law. (3) The Personal Data Processor shall ensure that none of his employees shall respond to any requests, as per para. 2, unless he/she has obtained the documented instructions of the Controller or in accordance with his/her obligations, according to the law, applicable to the Personal Data Processor or the respective employee. If the response to the request is required by the applicable law, the Personal Data Processor or the Subcontractor shall, as far and to the extent this is permitted by the applicable law, notify the Controller regarding such legal obligation to respond, before actually responding to the request. (4) The Personal Data Processor shall provide the Controller with reasonable cooperation in the preparation of the assessment of the impact on data protection and the preliminary consultations with the competent personal data protection supervisory bodies, as far and to the extent considered necessary by the Controller, in accordance with article 35 and article 36 of the Regulation. 7 P a g e

(5) The Personal Data Processor may not transfer Controller s Personal Data to any third counties without Controller s express written consent. (6) The limitation, regarding transfers to third countries shall not apply if the Personal Data Processor is obliged to transfer Controller s Personal Data by virtue of the law, applicable to the Personal Data Processor. In these cases, the Personal Data Processor shall notify the Controller regarding such an obligation, prior to processing Controller s Personal Data, unless the applicable law expressly prohibits the provision of such information for important reasons, related to the public interest. Article 5. Breaches of Personal Data s Security (1) The Personal Data Processor shall notify the Controller of any and all breaches of the security of Controller s personal data, immediately and not later than 24 hours, after the Personal Data Processor or his employees discover the security breach. The Personal Data Processor shall provide the Controller with sufficient information, so that the Controller is able to fulfil his obligations to report or notify the personal data subjects of the breach of the data security, in accordance with the requirements of the law, applicable to the Controller. (2) The Personal Data Processor shall provide due cooperation to the Controller and undertake any and all reasonable commercial steps, as specified by the Controller, in order to 8 P a g e

investigate, mitigate the adverse effects and remedy any such breach of the personal data security. Article 6. Deletion of Controller s Personal Data (1) The Personal Data Processor shall immediately, and in any case not later than 1 year after discontinuation of the provision of the services, including the processing of Controller s Personal Data, delete in a manner, preventing any recovery, and ensure the deletion of any and all copies of Controller s Personal Data, processed for the purposes of providing the services as per the Main Agreement. (2) At Controller s request the Personal Data Processor shall provide the Controller with a written certificate. Evidencing that the Personal Data Processor has fulfilled all his obligations hereunder. (3) Without prejudice to the provisions of the preceding paragraphs, all Personal Data Processors are entitled to store Controller s Personal Data, so far and to the extent this is required by the legislation, applicable to them, but only within the scope and terms in accordance with the applicable law. In this case, the Personal Data Processor shall ensure the confidentiality of controller s personal data and make sure that Controller s personal data is solely processed for the purposes, as set out in the applicable law, requiring the storage of Controller s Personal Data. Article 7. Liability and Indemnities 9 P a g e

The Personal Data Processor shall be responsible and shall indemnify, keep harmless and protect the Controller and his employees and agents, for and against any and all costs, liability and claims of any nature whatsoever, incurred or suffered by the Controller and arising from or related to any breach, act of negligence, error or inaction of the Personal Data Processor, his personnel, arising from or related to the personal data protection and security requirements, set out in the Main Agreement and this Personal Data Processing Contract. Article 8. International Transfers (1) The Personal Data Processor shall notify in advance the Controller of the countries and territories, where the Personal Data Processor and his Subcontractors shall process Controller s Personal Data, undertaking to comply with any and all additional reasonable instructions of the Controller with respect to such processing (2) In the cases, when the provision of the services, makes it necessary that Controller s Personal Data is shared or disclosed to a Personal Data Processor, situated outside the European Economic Area, the Processor shall not be entitled to transfer personal data, unless: (а) the transfer of Controller s Personal Data is made to a third country, with respect to which the European Commission has adopted a decision of adequacy; or 10 P a g e

(b) the transfer of Controller s Personal Data takes place, based on any of the legal reasons as set out in art. 26 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data or Chapter Five of the Regulation, as applicable (such as Standard Terms and Conditions of Contract or Compulsory Corporate Rules). Article 9. Miscellaneous (1) So far and to the extent the subject matter of this Personal Data Processing Contract is concerned, in case of discrepancies between the clauses of this Personal Data Processing Contract and any other agreement between the Parties, including the Main Agreement, the provisions of this Personal Data Processing Contract shall prevail. (2) This Personal Data Processing Contract shall be governed by the Bulgarian law and the Bulgarian courts shall have the exclusive jurisdiction over any and all disputes that may arise from or are related from this Personal Data Processing Contract. (3) Should any provision of this Personal Data Processing Contract is or becomes invalid or inapplicable, the remaining part of this Personal Data Processing Contract shall remain valid and in full legal effect. Anny such invalid or inapplicable provision shall be amended, as necessary, in order to ensure 11 P a g e

its validity and applicability, taking into consideration, as fully as possible, the initial intentions and will of the Parties. 12 P a g e

2024 © lawsdocbox.com Privacy Policy | Terms of Service | Feedback