Data Processing Agreement Subject Matter

For the purposes of Article 26, paragraph 2, Directive 95/46/EC, for the transfer of personal data to subcontractors in third countries that do not guarantee an appropriate level of data protection, the contracting entity that is a contracting party to the data protection authority, to which these model contractual clauses are attached, is not assured. (f) at the request of the data exporter, to present its data processing services for the review of processing activities covered by the clauses, carried out by the data exporter or by a supervisory body composed of independent members and holding the required professional qualifications, which are bound by a confidentiality obligation, possibly selected by the data exporter in agreement with the supervisory authority; ☐ the subcontractor must take appropriate measures to ensure the safety of the processing; 4.8 With respect to the processing of personal data on behalf of the processor, the data processor: Clause 12 Obligation after termination of services for the processing of personal data 4. For the purposes of this Data Protection Authority, the customer is the owner responsible for the Customer`s personal data and Mailgun is the processor of that data, unless the customer acts as a processor of the customer`s personal data, in which case Mailgun is a subprocessor. ☐ the subcontractor must delete all personal data (at the choice of the processing manager) at the end of the contract or return it to the processing manager, and the subcontractor must also delete existing personal data, unless the law requires its storage; and online replicators and backups: production databases are designed, where possible, for you to replicate data between no less than 1 primary database and a secondary database. All databases are secure and managed by at least industrial methods. (b) that it has no reason to believe that the current legislation prevents it from complying with the instructions received from the data exporter and its contractual obligations and that, in the event of a change in this legislation that could have a material negative effect on the safeguards and obligations in the clauses, it will immediately inform the exporter as soon as it becomes aware of it, in which case the data exporter is allowed to suspend the data transmission; The EU`s general data protection regulation is more serious about contracts than previous EU data protection rules. If your organization is subject to the RGPD, you must have a written data processing agreement with all data processors. Yes, a data processing agreement is boring paperwork. But it is also one of the most fundamental steps of RGPD compliance and necessary to avoid RGPD sanctions.

G. Compliance demonstration. We will provide all reasonably necessary information to demonstrate compliance with this data protection authority, and provide audits, including inspections, and help assess compliance with this data protection authority. You acknowledge and accept that you will exercise your audit rights in accordance with this Data Protection Authority by instructing us to comply with the audit measures described in this subsection (g). You acknowledge that the subscription service is hosted by our data center partners who manage independently validated security programs (including SOC 2 and ISO 27001) and that our systems are regularly tested by independent third-party penetration control companies. On request, we will provide you (on a confidential basis) with a summary of the penetration test reports so that you will be able to verify compliance with this privacy policy. In addition, we will respond, upon written (confidential) request, to all requests for information necessary to confirm our compliance with this authority, provided that you do not exercise this right more than once in a calendar year. 5.2.1 a request from a person concerned, requested by a person concerned; or `European data`, data of a pe