2. The parties agree that the supervisory authority has the right to carry out a check on the importer of data and a subprocesser with the same scope and conditions as in the case of a control of the data exporter in accordance with existing data protection legislation. d. Notification and objection to new subprocessors. We will notify you of the changes made to the subcontractors by updating Schedule 4 of this data protection authority and will give you the opportunity to object to the obligation of the new subprocessor for reasonable reasons related to the protection of personal data within 30 days of the update of Schedule 4 of this authority. If you express such an objection to us, the parties will discuss your concerns in good faith in order to reach an economically reasonable solution. If no such solution can be found, we will not name the new subprocessor or allow you to suspend or terminate the subscription service in accordance with the termination provisions of the contract without any of the parties being held liable (without prejudice to the costs you receive prior to the suspension or termination). In June 2008, the Council adopted two decisions that incorporated the main provisions of the agreement into EU law, thus extending them to all EU Member States. These decisions focus on the exchange of biometric data (DNA and fingerprints) between police and judicial authorities and require Member States to set up DNA databases. For more details, you can read the ProtonMail data processing agreement or the generic model of data processing agreements that we have made available on this site. one.
The parties acknowledge that, in accordance with FAQ II.1 of Article 29 of WP 176 of the WP 176 working group entitled «FAQs to address certain issues, which, in accordance with Directive 95/46/EC, is likely to be generally approved by the entry into force of the 2010/87/EU decision of 5 February 2010 on standard contractual clauses for the transfer of personal data to subcontractors in third countries, in accordance with Directive 95/46/EC.» 5.1 The subcontractor has no right to make (or pass on) a subcontractor, unless necessary or approved by the company. 2. The data importer and subcontractor guarantee, at the request of the data exporter and/or the supervisory authority, that they submit their computer facilities to review the measures covered in paragraph 1. In some cases, the subcontractor may decide not to process the data itself, but may use a subcontractor who processes the data on its behalf. In practice, this depends on the processor agreement with the controller. This guide serves as an introduction to data processing agreements – what they are, why they are important, who they are and what they need to say. You can also follow the link to find a RGPD data processing model that you can download, customize and use for your business. (i) that processing services be provided by the subcontractor in accordance with Point 11; (i) that, in the case of a subcontract in point 11, the processing activity is carried out by a subcontractor offering at least the same level of protection for personal data and the rights of the person concerned as the importer of data in accordance with the clauses; the treatment by a subcontractor is subject to a contract or other legal act, within the meaning of EU or Member State law, which is mandatory for the subcontractor with regard to the person in charge of the processing and which determines the purpose and duration of the treatment, the nature and purpose of the treatment, the nature of the personal data and the categories of persons concerned, as well as the obligations and rights of the person in charge of the treatment.