For the purposes of Article 26, paragraph 2, Directive 95/46/EC, for the transfer of personal data to subcontractors in third countries that do not guarantee an appropriate level of data protection, the contracting entity that is a contracting party to the data protection authority, to which these model contractual clauses are attached, is not assured. (f) at the request of the data exporter, to present its data processing services for the review of processing activities covered by the clauses, carried out by the data exporter or by a supervisory body composed of independent members and holding the required professional qualifications, which are bound by a confidentiality obligation, possibly selected by the data exporter in agreement with the supervisory authority; ☐ the subcontractor must take appropriate measures to ensure the safety of the processing; 4.8 With respect to the processing of personal data on behalf of the processor, the data processor: Clause 12 Obligation after termination of services for the processing of personal data 4. For the purposes of this Data Protection Authority, the customer is the owner responsible for the Customer`s personal data and Mailgun is the processor of that data, unless the customer acts as a processor of the customer`s personal data, in which case Mailgun is a subprocessor. ☐ the subcontractor must delete all personal data (at the choice of the processing manager) at the end of the contract or return it to the processing manager, and the subcontractor must also delete existing personal data, unless the law requires its storage; and online replicators and backups: production databases are designed, where possible, for you to replicate data between no less than 1 primary database and a secondary database. All databases are secure and managed by at least industrial methods. (b) that it has no reason to believe that the current legislation prevents it from complying with the instructions received from the data exporter and its contractual obligations and that, in the event of a change in this legislation that could have a material negative effect on the safeguards and obligations in the clauses, it will immediately inform the exporter as soon as it becomes aware of it, in which case the data exporter is allowed to suspend the data transmission; The EU`s general data protection regulation is more serious about contracts than previous EU data protection rules. If your organization is subject to the RGPD, you must have a written data processing agreement with all data processors. Yes, a data processing agreement is boring paperwork. But it is also one of the most fundamental steps of RGPD compliance and necessary to avoid RGPD sanctions.