Document toolboxDocument toolbox

1. Data Processing Agreement preamble

  1. This Data Processing Agreement sets out the rights and obligations that apply to the Data
    Processor’s handling of personal data on behalf of the Data Controller.

  2. This Agreement has been designed to ensure the Parties’ compliance with Article 28, sub-section
    3 of Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the
    protection of natural persons with regard to the processing of personal data and on the free
    movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation),
    which sets out specific requirements for the content of data processing agreements.

  3. The Data Processor’s processing of personal data shall take place for the purposes of fulfilment of
    the Parties’ ‘Master Agreement’. Nordic Contract for 2015 commencing on 6th of March 2015.

  4. The Data Processing Agreement and the ‘Master Agreement’ shall be interdependent and cannot
    be terminated separately. The Data Processing Agreement may however – without termination of
    the ‘Master Agreement’ – be replaced by an alternative valid data processing agreement.

  5. This Data Processing Agreement shall take priority over any similar provisions contained in other
    agreements between the Parties, including the ‘Master Agreement’.

  6. Four appendices are attached to this Data Processing Agreement. The Appendices form an integral
    part of this Data Processing Agreement.

  7. Appendix A of the Data Processing Agreement contains details about the processing as well as the
    purpose and nature of the processing, type of personal data, categories of data subject and
    duration of the processing.

  8. Appendix B of the Data Processing Agreement contains the Data Controller’s terms and conditions
    that apply to the Data Processor’s use of Sub-Processors and a list of Sub-Processors approved by
    the Data Controller.

  9. Appendix C of the Data Processing Agreement contains instructions on the processing that the
    Data Processor is to perform on behalf of the Data Controller (the subject of the processing), the
    minimum-security measures that are to be implemented and how inspection with the Data
    Processor and any Sub-Processors is to be performed.

  10. The Data Processing Agreement and its associated Appendices shall be retained in writing as well
    as electronically by both Parties.

  11. This Data Processing Agreement shall not exempt the Data Processor from obligations to which
    the Data Processor is subject pursuant to the General Data Protection Regulation or other
    legislation.

Need help? Get in touch with us via: https://www.retinalyze.com/contact