(B) The company wishes to provide the data processor with certain services that involve the processing of personal data. This data processing agreement and confidentiality agreement are governed by the laws of the SuperOffice unit, with which the Customer enters into contracts: 8.3.3 When aify transfers personal data to an external subcontractor at the EEA that does not fall within the scope of the BCR, the client expressly mandates Unify to enter into relevant agreements to ensure that the receiving entity implements an adequate level of protection for personal data that is recognised as appropriate by the relevant European or local authorities. The customer`s use of SuperOffice products is subject to one or more of the agreements listed below (“Customer Use Agreements”): the supplier (given the nature of the processing and the information available to the supplier) will appropriately assist the customer in meeting its data protection obligations with respect to data protection impact analyses and prior consultation; if applicable, including the client`s obligations under sections 35 and 36 of the RGPD, by providing (a) copies of security documentation or other documents or information intended to verify relevant aspects of the supplier`s information security program and the security measures applied; and (b) provide the other information contained in the agreement, including this data protection authority. The processing of personal data (as defined below) is subject to the requirements and obligations of existing legislation. If the person in charge of the processing is a legal entity established in the European Economic Area (EEA), the applicable data protection rules include local data protection provisions and this EU Regulation 2016/679 of 27 April 2016. The parties agree to amend this data processing agreement as the new mandatory requirements under the EU Regulation 2016/679 are necessary. The customer acknowledges that he has received all the information he deems necessary to demonstrate that Unify offers sufficient guarantees for the protection of personal data. Separate processing measures (storage, modification, erasure and transfer) of data with different purposes: personal data is processed only to the extent necessary to provide the necessary services, i.e. to the completion of a mission or request for customer assistance. It is a legally binding agreement and, by accepting it, you accept the terms of this agreement on behalf of the company with which you are employed, with whom you are linked or with whom you are linked. The subcontractor is not allowed to keep a copy of the data provided by the data protection officer in any format, and all physical and logical access to that personal data or other data is removed. Personal data is only used for internal purposes (for example. B as part of the relevant customer relationship).
The transfer to a third party, for example a subcontractor. B, is done exclusively taking into account contractual agreements and data protection provisions. Despite the fact that the RGPD requires a written agreement on data processing, neither the EU nor the Finnish data protection authorities have published standard agreements. As a result, many processing managers and subcontractors have designed their own models to meet the requirements of the RGPD. Because the role of companies, the personal data to be processed and the functions outsourced are different, the data processing agreements are also very different. The purpose of access control is to prevent unauthorized persons from physically accessing such data processing equipment that processes or uses personal data. In practice, a data protection agreement may be included in the service contract itself as a section relating to the processing of personal data or by the execution of a separate schedule or data processing agreement.