Page Comparison

The Data Processor shall implement the appropriate technical and organizational measures as set out in this Agreement and in the Applicable Law, including GDPR, article 32. The security measures are subject to technical progress and development. The Data Processor may update or modify the security measures from time to time provided that such updates and modifications do not result in degradation of the overall security. The Data Processor shall provide documentation for the Data Processor’s security measures if requested by the Data Controller in writing. 

If the Data Processor’s assistance is necessary and relevant, the Data Processor shall assist the Data Controller in preparing data protection impact assessments in accordance with GDPR, article 35, along with any prior consultation in accordance with GDPR, article 36.

The Data Processor shall give immediate notice to the Data Controller in the event of any breach which can lead to accidental or unlawful destruction, loss, alteration, unauthorized unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed with reference to the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”).

The Data Processor shall make reasonable efforts to identify the cause of such a breach and take such steps as are deemed necessary to establish the cause, and to prevent such a breach from reoccurring.

Ordinarily, the Data Processor will not transfer your data to countries outside the European Economic Area. In some cases, personal data will be saved on storage solutions that have servers outside the European Economic Area (EEA), [for example, Google Drive]. Only those storage solutions that provide secure services with adequate relevant safeguards will be employed.