Here, CloudMQTT explains how the controller will provide instructions and what should be included in those instructions, as well as the controller`s obligation to comply with data protection laws and consent requirements. 9.2. If the controller`s data originates in a country (other than an EEA country) where one or more laws impose restrictions or prohibitions on data transfer, and if the controller has informed the data processor of such restrictions or prohibitions on data transfer, the controller and the data processor must ensure that an appropriate transmission mechanism (which responds to the request(s) country data transfer) is in place. at the reasonable request of the controller and by mutual agreement between the two parties before the data controller`s data is transferred or accessed outside that country. For the avoidance of doubt, this transfer restriction does not apply to the Data Controller or authorized users of its affiliates who have access to the Data Controller`s software and data, and the Data Processor is not responsible for the actions of the Data Controller or authorized users of its affiliates. Neither the Data Controller nor its authorized users are permitted to use the Software or Subscription Services in a country where data location laws would require that the Data Controller`s environment be hosted in that country. b. The Parties acknowledge that if the Data Importer cannot ensure such compliance in accordance with Clause 5(a) and Clause 5(b) for any reason, the Data Importer undertakes to promptly inform the Data Exporter of its inability to comply, in which case the Data Exporter is entitled to suspend the data transfer and/or terminate the contract for the relevant parts of the Services in accordance with under the terms of the contract. 11.1. The Processor must inform the Controller in writing without undue delay and no later than 36 hours of any identified or potential breach of personal data processed under the DPA. `personal data`, `special categories of data`, `processing/processing`, `controller`, `processor`, `data subject` and `supervisory authority` shall have the same meaning as in Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data; 1. The Parties agree that, at the end of the provision of data processing services, the data importer and the sub-processor shall, at the option of the data exporter, return to the data exporter all transmitted personal data and copies thereof or destroy all personal data and certify to the data exporter that it has done so, unless the legislation imposed on the data importer prevents it from retaining the personal data transferred.
return or destroy data in whole or in part. In this case, the data importer guarantees the confidentiality of the personal data transmitted and no longer actively processes the transmitted personal data. 1.1.8.2 a transfer of the company`s personal data from a processor to a sub-processor or between two entities of a processor in all cases where such a transfer would be prohibited by data protection laws (or by the terms of data transfer agreements established to meet data transfer restrictions of data protection laws); (c) the Parties seek to implement a data processing agreement that meets the requirements of the applicable legal framework for data processing and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27. April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). All these points must be made and agreed before a controller can securely authorize a data processor to transfer personal data to other data processors. 4. The parties shall not object to a data subject being represented by an association or other body where the data subject expressly so wishes and where national law so permits. 6.2. The Processor shall ensure that all employees of the Processor necessary to access the Personal Data are informed of the confidentiality of the Personal Data and the security procedures applicable to the processing of or access to the Personal Data. The Processor also assumes full responsibility for all actions performed by the Sub-Processors and gives the Controller the right to monitor and review all activities carried out by the Sub-Processors using their own Customer Data. Some of you already have individual data processing agreements with Templafy and for those who do not, the following data processing agreement governs this important part of our relationship. .
