3.1
The contractor shall ensure the confidentiality of the agreement pursuant to Art. 28(3) s. 2 lit. b, 29, and 32(4) of GDPR by requiring any persons engaged in the processing of personal data to commit to compliance with confidentiality in written form.
3.2
The contractor shall organize the processes and measures they are responsible for in such a manner that they meet the data protection requirements and while ensuring that the personal data is processed exclusively in compliance with the data protection instructions of the client (especially by separating the personal data from the data of other clients of the contractor) and that third parties are unable to gain the data access.
3.3
The contractor shall guarantee the security of the data processing pursuant to Art. 28(3) lit. c, 32 of GDPR, in particular in combination with Art. 5(1),(2) of GDPR, within the scope of responsibilities assigned to them according to the contract. The contractor shall be obligated to take appropriate technical and organizational measures required in order to permanently ensure data security and guarantee a level of security appropriate to the risk in regards to confidentiality, integrity, availability, and resilience of the systems and services relating to the processing. To take into account for this are the state of the art, the costs of implementation, and the nature, scope, circumstances, and purpose of processing, as well as the varying likelihood and severity of the risk for the rights and freedoms of natural persons within the meaning of Art. 32(1) of GDPR. Subject to additional data protection instructions of the client, the technical and organizational measures stated in Attachment 2 of this DP Agreement shall be considered as measures within the meaning of Section 3.3 of this DP Agreement with the conclusion of the contract and/or this DP Agreement.
3.4
The contractor shall process no personal data beyond the extent required to fulfill the obligations strictly required by the agreement (especially any unauthorized duplication or transfer to third parties).
3.5
The contractor shall completely and irrevocably delete or destroy (hereinafter uniformly referred to as "delete") any and all provided and additionally processed personal data in all of the contractor's systems (including any duplications, as well as archiving and backup files) pursuant to the provisions stated in Attachment 2 of this DP Agreement, if the processing of the personal data is no longer required for the fulfillment of the contract processing.
3.6
The deletion of personal data shall be documented by the contractor and confirmed in written form at the client's request. Excluded from this deletion obligation is the personal data required by law to be retained or stored. According to legal provisions, this personal data shall be restricted in its processing and deleted after the obligation to preserve or store data has expired.
.png?mw=512&hash=326ddb2b4595d26528f3df596e3b8cf487887f2d)
.png?mw=600&hash=49b6a289915d28aa461360f7308b092631b1446e)
