Within the framework of the application of the European regulation on the protection of personal data, PROTEOR undertakes to:
1. Process data only for the sole purpose(s) associated with the processing.
2. Process the data in accordance with the instructions documented by the Data Controller(s).
3. To guarantee, at all times, the security of the personal data processed. In particular, this concerns the following security criteria: confidentiality, integrity, availability and durability.
4. Ensure that persons authorized to process personal data :
o are committed to data security,
o receive the necessary training in the protection of personal data.
5. To take into account, with regard to its tools, products, applications or services, the principles of data protection by design and data protection by default (principles: Privacy by Design, Privacy by Default)
PROTEOR may use another processor to carry out specific processing activities. In this case, it shall inform the Data Controller in advance and in writing, if applicable, of any changes envisaged concerning the addition or replacement of other subcontractors.
The Processor is obliged to perform the obligations of this contract on behalf of and according to the instructions of the Controller.
7. Exercise of the rights of individuals
PROTEOR undertakes to respect the rights of the persons affected by the personal data, and fulfils its obligation to comply with requests to exercise the rights of the persons affected:
These include the Right to Information, Right to Access, Right to Rectification, Right to Erasure and Opposition, Right to Restrict Processing, Right to Data Portability, Right not to be subject to an automated individual decision (including profiling)
All requests are investigated, and a response is obligatorily sent to the applicant.
8. Security measures
Article 32 of the GDPR provides that the implementation of security measures is the responsibility of the controller and the processor. The responsibilities of each party with regard to the measures to be implemented are to be described.
PROTEOR undertakes to implement technical and organizational measures that guarantee a level of security appropriate to the risk, in accordance with PROTEOR’s mission
9. Fate of the data at the end of the processing
At the end of the processing service, PROTEOR undertakes to:
o To archive the data, according to the regulatory obligations
o Destroy the data as the case may be
10. Data Protection Officer (DPO)
PROTEOR has a DPO function.
All questions relating to the protection of personal data should be addressed to the PROTEOR DPO
DPO contact details: firstname.lastname@example.org
11. Register of categories of processing activities:
PROTEOR declares that it keeps a written record of all categories of processing activities carried out on behalf of the Data Controller, including at least the following information:
o the name and contact details of the Controller on whose behalf it is acting, of any subcontractors and, if applicable, of the Data Protection Officer;
o the categories of processing carried out on behalf of the Controller
o where applicable, transfers of personal data to a third country or to an international organization
o to the extent possible, a general description of the technical and organizational security measures, including inter alia, as appropriate :
- pseudonymization and encryption of personal data;
- means to ensure the continued confidentiality, integrity, availability and resilience of processing systems and services
- means to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident
- a procedure to regularly test, analyze and evaluate the effectiveness of technical and organizational measures to ensure the security of processing.