Yoga Food & Travel Rotating Header Image

Subcontractor Agreement Gdpr

This is a framework agreement, because signing the agreement itself does not create service obligations. Instead, the document provides a framework for parties to provide specific performance statements regarding certain services. In addition, an optional GDPR clause is included. This is useful when the processor processes the personal data. An optional no-debauchery clause can help protect the company from poaching customers by a defective subcontractor. The General Data Protection Regulation (GDPR no. 2016/679 of 27 April 2016, applicable on 25 May 2018) imposes specific obligations on subcontractors whose liability may arise from an infringement. It also provides for the inclusion of additional provisions in contracts with subcontractors. The parties are bound by the general conditions of use in which the processor, namely the service provider, provides the controller, namely the customer, with services allowing access to the APIs (hereinafter the “services”). This data processing agreement is adapted from the ProtonMail DPA that you will find on this page. Organizations can use the document below as part of their GDPR compliance.

(C) the Parties shall endeavour to implement a data processing agreement in accordance with the requirements of the existing legal framework on data processing and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 1.1.8.2 the transmission of the company`s personal data of a mandated processor to a subcontractor or between two entities of a subcontractor, if such a transfer was prohibited by data protection legislation (or by the terms of data transfer agreements concluded to address the data protection restrictions of data protection legislation). ACCORDINGLY, this Agreement is concluded with effect from the date indicated below. A construction company employs a subcontractor for certain work and provides them with the contact information of the customers for whom the work is to be carried out. The processor continues to use the data to send marketing material to customers. In this case, the processor is not only considered a “subcontractor” within the meaning of the GDPR, since the processor processes personal data not only on behalf of the construction company, but also processes them for its own needs. The processor therefore acts as a “data controller”. The processor shall inform the controller of any breach of the protection of personal data no later than forty (48) hours after becoming aware of it. This communication shall be transmitted together with all the documents necessary for the controller to be able, where appropriate, to notify the competent supervisory authority of that infringement. Contracts between managers and subcontractors ensure that they both understand their obligations, responsibilities and commitments. Contracts also help them comply with the GDPR and help managers prove to individuals and supervisory authorities that they are complying with the principle of accountability.

the name and contact details of the controller on whose behalf the processor is acting, of all other processors and, where applicable, of the data protection officer; 6.1 Taking into account the nature of the processing, the processor shall assist the company in responding, as far as possible, to requests to exercise the rights of the data subject, in accordance with data protection legislation, by implementing appropriate technical and organisational measures in order to meet the obligations of the company, as reasonably understood by the company. ☐, the processor must delete all personal data at the end of the contract or return them to the controller (at the choice of the controller), and the processor must also delete existing personal data, unless the law requires their retention; and 10.1 Subject to this Section 10, the Processor shall make available to the Enterprise, upon request, all information necessary to demonstrate compliance with this Agreement and shall enable and contribute to audits, including inspections, carried out by the Enterprise or by an auditor appointed by the Enterprise, with respect to the processing of the Company`s personal data by the Subcontractors. . . .

Comments are closed.