RGPD compliance requires processors to sign a data processing agreement with all parties acting on their behalf as data processors. If you need some definitions of these terms, you can find them in our article “What is the RGPD,” but as a general rule, a data processor is another company you use to help you store, analyze or communicate personal information. For example, if you are a health insurance fund and you share customer information via encrypted emails, this encrypted messaging service is a data processor. Or if you use Matomo to analyze traffic on your site, Matomo would also be a data editor. Our DATA AGENCY provides a number of guarantees to companies that entrust us with personal data. For example, ProtonMail`s data processing agreement promises the use of technical security measures, such as encryption, in accordance with Article 32 of the RGPD. In addition, it provides appropriate support to those responsible for processing in the implementation of a data protection impact assessment. (f) at the request of the data exporter, to present its data processing services for the review of processing activities covered by the clauses, carried out by the data exporter or by a supervisory body composed of independent members and holding the required professional qualifications, which are related to a confidentiality obligation, possibly chosen by the data exporter , provided that the data exporter does so, if necessary, in agreement with the supervisory authority; 8.3. If the subcontractor fails to meet its obligations under such a written agreement, the supplier is fully liable to the customer for the performance of its contractual obligations by the subcontractor.
(i) to a person, unless they provide appropriate proof of their identity and authority; (ii) any legal auditor who has not previously given written consent (which cannot be improperly withheld); (iii) if the legal auditor does not enter into a confidentiality agreement with OutSystems on terms acceptable for outsourcing; (iv) if and to the extent that OutSystems believes this would reasonably lead to an infringement of the privacy or data security of other OutSystems customers or the availability of OutSystems services for those other customers; v) outside normal hours of operation in these premises; or vi) on more than one occasion during each twelve (12) month period, with the exception of any other additional control or inspection that: a. The client feels that this is necessary because of a breach event; or b. The customer is required to perform in accordance with applicable data protection laws or as indicated by a supervisory authority, if the customer has identified the injury event or the corresponding requirement in his notification to OutSystems for control or inspection. An agreement that explains how personal data for corporate clients is not processed anywhere 12.5.