Data Privacy Agreement
_____________ (“XXXX”) is committed to compliance and conducting business with transparency and integrity. An important area of compliance are the various data privacy related laws around the world whereby personal data is protected.
The standard that we have decided to follow is the General Data Protection Regulation (“GDPR”) although compliance with all applicable data protection, data privacy or data security laws is essential (“Data Protection Laws”). As you are a third party vendor (“Third Party”) who through our business interactions may receive access to personal data as defined under GDPR or similar law (“Personal Data”), it is important that we execute this Agreement.
All terms and conditions are described below and this Agreement supplements and replaces any other agreement between us relating to data privacy and is applicable to both of our affiliates.
- Third Party may have access to Personal Data of XXXX or may act as data processor as described in applicable Data Proection Laws.
- Third Party shall comply with the Data Protection Laws as applicable and shall:
- (a) use or process the Personal Data only for the limited and specified purposes set forth an agreement or per the written instructions of XXXX;
(b) ensure that only persons authorized by us have access to Personal Data and such persons are reliable and understand the obligations of this agreement;
(c) maintain the Personal Data strictly confidential;
(d) take appropriate organizational and technical measures to ensure that Personal Data is protected against loss, destruction and damage, unauthorized access, use, modification, disclosure or other misuse;
(e) notify XXXX immediately, within 24 hours, on becoming aware of unauthorized use or data processing of the Personal Data including actual, alleged or threatened access or loss;
(f) provide reasonable assistance to address any actual, alleged or threatened us and if requested at any time carry out a data processing impact assessment;
(g) agree that XXXX cab provide a summary or copy of this Agreement and relevant processing of Personal Data by Third Party to authorities; and
(h) allow XXXX the right to audit during reasonable business hours Third Party’s compliance with this Agreement
- Third Party shall not engage further any party to process or use any Personal Data without the prior written authorization of XXXX whereby such party must comply with the obligations under this Agreement.
- Upon termination of the Agreement, Third Party shall return all copies of the Personal Data to XXX and upon request delete all copies in Third Party’s possession subject to legal obligations of the Third Party to retain such information.
- If Personal Data subject to restrictions within the European Economic Area, the Third Party will not transfer Personal Data outside the area without prior written consent of XXXX and ensuring that appropropriate contractual clauses in the form approved by the European Commission or equivalent transfer agreements are in place.
Agreed to and effective as of the date executed by the Third Party:
THIRD PARTY XXXX