Gdpr Non Disclosure Agreement Template

The Processor will notify the Controller without undue delay of any breach of this Data Processing Agreement or of any accidental, unlawful or unauthorised access, use or disclosure of the Personal Data or of the fact that the Personal Data may have been compromised or constitute a breach of the integrity of the Personal Data. The Processor must provide the Controller with all information necessary for it to comply with applicable data protection regulations and respond to all requests from the competent data protection authorities. It is the responsibility of the Controller to inform the competent data protection authority of any discrepancies in accordance with applicable law. Since companies must demonstrate compliance, this process must be documented. activeMind.legal offers a free template for a privacy privacy letter that meets legal requirements. This data processing agreement is based on the ProtonMail DPA, which can be found on this page. Organizations can use the following document as part of their GDPR compliance. Our privacy privacy letter template contains not only a privacy statement, but also an information sheet that lists the legal provisions that must be respected by those who process personal data. “Processing” of personal data means any use, operation or set of operations performed on personal data, whether or not carried out automatically, such as. B collection, transmission, storage, modification, disclosure within the meaning of applicable law and EU Regulation 2016/679. 12.1 Confidentiality. Each party shall keep this Agreement and the information it receives about the other party and its activities in connection with this Agreement (“Confidential Information”) confidential and may not use or disclose such Confidential Information without the prior written consent of the other party, unless (a) disclosure is required by law; (b) the relevant information is already publicly available.

This is a legally binding agreement, and by accepting it, you are agreeing to the terms of this Agreement on behalf of the company with which you are employed, affiliated or affiliated. The processor has the right to use subcontractors and the controller accepts the use of subcontractors. A list of pre-approved subprocessors is available in the SuperOffice Trust Center. The Processor shall ensure, by written agreement with a Processor, that any processing of personal data carried out by Subcontractors is subject to the same obligations and restrictions imposed on the Processor under this Data Processing Agreement. The Controller acknowledges and agrees that any personal data it uploads as part of the Service, such as.B. downloaded personal data relating to the Controller`s own customers, may be transferred to a third party (sub-processor) based in the European Economic Area (EEA) who will take care of hosting the Service, including the provision of all material. Infrastructure, data storage and communication lines. The obligations of the third party with respect to personal data are set out in a separate data processing agreement between the processor and the third party under this data processing agreement. All data on the Service is stored on servers in Europe. Customer`s use of SuperOffice Products is subject to one or more of the agreements listed below (“Customer Use Agreements”): This Data Processing Agreement and the Non-Disclosure Agreement are governed by the laws of the SuperOffice entity with which Customer enters into a contract: The Processor processes Personal Data only on and in accordance with the Controller`s instructions.

The Processor will not process personal data without prior written agreement with the Controller or without written instructions from the Controller that go beyond what is necessary to fulfil its obligations to the Controller under the Agreement. (c) the Parties seek to implement an agreement on data processing in accordance with the requirements of the applicable legal framework with regard to data processing and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 1.1.8.2 a transfer of the company`s personal data from a processor to a sub-processor or between two entities of a processor in all cases where such a transfer would be prohibited by data protection laws (or by the terms of data transfer agreements established to meet data transfer restrictions of data protection laws); 4.3 The recipient undertakes not to use the confidential information disclosed by the other party for purposes other than those for purposes other than these without first obtaining the written consent of the other party. The Services may include the processing of Customer Data on servers controlled by SuperOffice, and in this case, the processing is subject to the Data Processing Agreement (DPA) of Section A and the Non-Disclosure Agreement (NDA) of Section B. 4.6 Nothing in this Agreement prevents the Recipient from disclosing confidential Information required by law or any competent authority. Please check the data protection privacy letter and adapt the document to the needs of your business if necessary. If the Services run on Customer Data located on servers controlled by Customer, the Services are subject to the Non-Disclosure Agreement in Section B. A comparison of the old and new agreement with an overview of the changes can be found here.

(B) The Company wishes to subcontract certain services involving the processing of personal data to the Processor. I. SuperOffice CRM Online (“MSA”) Master Subscription Agreement 1.1.8.1 a transfer of the Company`s Personal Data from the Company to a subcontractor; or claims by one party due to the other party`s failure to comply with the Data Processing Agreement are subject to the same restrictions as in the Customer`s User Agreement. To assess whether the restriction is being carried out, claims under this Agreement and the Customer`s User Agreement in connection with and limitation of the Customer`s User Agreement will be considered a complete limitation. In the event of a breach of this Agreement or a breach of obligations under applicable law regarding the processing of personal data, the relevant provisions relating to the customer`s breach of the User Agreement shall apply. Instead of returning the personal data (or other data), the controller may, at its sole discretion, request in writing to the processor that all or part of the personal data (or other data) be deleted by the processor, unless mandatory law prevents it by mandatory law from deleting the personal data. 8. Data Protection Impact Assessment and Prior Consultation The Processor shall provide the Company with appropriate assistance in data protection impact assessments and prior consultations with supervisory or other competent data protection authorities that the Company deems reasonably necessary under Article 35 or 36 of the GDPR or equivalent provisions of any other protection law data. in any case, only with regard to the processing of the company`s personal data by and taking into account the nature of the processing and the information available to the subcontractors. 1.1.4 “Data Protection Laws” means the data protection laws of the EU and, where applicable, the data protection laws of another country; 1.1.3 “Processor” means a Sub-Processor; 4.2 When assessing the appropriate level of security, the Processor shall take into account, in particular, the risks associated with the processing, in particular a personal data breach. 10 business days after the date of termination of services regarding the processing of the Company`s Personal Data (the “Termination Date”), delete and arrange for the deletion of all copies of such Company Personal Data.

If employees or external service providers process personal data, companies (controllers and processors) must ensure that the persons authorised to process the personal data have consented to confidentiality or are legally obliged not to disclose confidential information. It is therefore recommended that these persons be required to sign a confidentiality agreement on data protection. The Processor will treat all personal data and other confidential information confidentially. The Processor shall ensure that any employee of the Processor, whether employed or employed, who has access to or is involved in the processing of personal data under the MSA, (i) exercises an obligation of confidentiality and (ii) is aware of and complies with the obligations under this Data Processing Agreement. The obligation of confidentiality also applies 1 year after the termination of the MSA or this data processing agreement. This Agreement will be signed and digitally approved by the responsible person at the Customer by returning an email with such consent/approval.   1.1.10 “Sub-Processor” means any person engaged by or on behalf of the Processor to process Personal Data on behalf of the Company under the Agreement. .

Scenario 3. Access to Customer Data on Servers Controlled by SuperOffice IN FAITH OF THE PLACE WHERE this Agreement is in effect from the date specified below. 2.1.1 comply with all applicable data protection laws when processing the Company`s personal data; and 6.1 Given the nature of the processing, the Processor shall assist the Company by implementing appropriate technical and organisational measures, to the extent possible, to fulfil the Company`s obligations, as reasonably understood by the Company, in response to requests to exercise the rights of the data subject under data protection laws. . . .