Document toolboxDocument toolbox

6. Use of Sub-Processors

  1. The Data Processor shall meet the requirements specified in Article 28, sub-section 2 and 4, of the
    General Data Protection Regulation in order to engage another processor (Sub-Processor).

  2. The Data Processor shall therefore not engage another processor (Sub-Processor) for the fulfilment of this Data Processing Agreement without the prior specific or general written consent of the Data Controller.

  3. In the event of general written consent, the Data Processor shall inform the Data Controller of any
    planned changes with regard to additions to or replacement of other data processors and thereby
    give the Data Controller the opportunity to object to such changes.

  4. The Data Controller’s requirements for the Data Processor’s engagement of other sub-processors
    shall be specified in Appendix B to this Data Processing Agreement.

  5. The Data Controller’s consent to the engagement of specific sub-processors, if applicable, shall be
    specified in Appendix B to this Data Processing Agreement.

  6. When the Data Processor has the Data Controller’s authorisation to use a sub-processor, the Data
    Processor shall ensure that the Sub-Processor is subject to the same data protection obligations
    as those specified in this Data Processing Agreement on the basis of a contract or other legal
    document under EU law or the national law of the Member States, in particular providing the
    necessary guarantees that the Sub-Processor will implement the appropriate technical and
    organisational measures in such a way that the processing meets the requirements of the General
    Data Protection Regulation.

    1. The Data Processor shall therefore be responsible, on the basis of a sub-processor agreement for requiring that the sub-processor at least comply with the obligations to which the Data Processor is subject pursuant to the requirements of the General Data Protection Regulation and this Data Processing Agreement and its associated Appendices.

  7. A copy of such a sub-processor agreement and subsequent amendments shall, at the Data
    Controller’s request, be submitted to the Data Controller who will thereby have the opportunity
    to ensure that a valid agreement has been entered into between the Data Processor and the Sub-
    Processor. Commercial terms and conditions, such as pricing, that do not affect the legal data
    protection content of the sub-processor agreement, shall not require submission to the Data
    Controller.

  8. The Data Processor shall in his agreement with the Sub-Processor include the Data Controller as a
    third party in the event of the bankruptcy of the Data Processor to enable the Data Controller to
    assume the Data Processor’s rights and invoke these as regards the Sub-Processor, e.g. so that the
    Data Controller is able to instruct the Sub-Processor to perform the erasure or return of data.

  9. If the Sub-Processor does not fulfil his data protection obligations, the Data Processor shall remain
    fully liable to the Data Controller as regards the fulfilment of the obligations of the Sub-Processor.

Need help? Get in touch with us via: https://www.retinalyze.com/contact