Data Processing Agreement Indemnification

c. Legitimization of treatment. The person in charge of the processing is responsible for the application of a valid legal basis for the processing of the client`s personal data as well as for the transmission of the client`s personal data to third parties. According to the predecessor of the RGPD, the privacy policy, data publishers are only liable under their contract with a processing manager and not under the law itself. According to the regulations, there are two main sources of adhesion. The first is the private claim of individuals. These claims can be made against both controllers and processors. It is important that if both the processing manager and the subcontractor are involved in the same processing of personal data, they can be co-responsible. While at first glance, this seems to be a considerable new risk: h. Return or destroy the customer`s personal data. After fulfilling Snap`s obligations with respect to the processing of the customer`s personal data under this agreement or at the request of the data company, at any time during the duration of the agreement (and if requested by the processing manager, Snap, at regular intervals defined by the data manager (i) all or part of the client`s personal data held by Snap, to be returned to the processing manager; (ii) make the client`s personal data, in whole or in part, anonymous enough that the data is no longer personal data; or (iii) permanently delete or render the customer`s personal data unreadable. At the request of the company responsible for the data, Snap must provide the processing manager with written confirmation of the anonymization, restitution and deletion of the customer`s personal data.

When it comes to assuming ultimate responsibility for a certain number of personal data, the goat stops at the person in charge of the processing, so it is important to know if it is you. As a general rule, data processing is not of primary interest for the end result of data processing. A data processor will certainly benefit from the treatment. Otherwise, there would be no reason for them to do so. But they are dealing with personal data because someone has asked them to do it. When a company acts as a data processor with respect to a number of personal data, the processor is responsible for carrying out those obligations. But then there is the data that the company receives from the processing manager or collects on its behalf. This personal data can only be processed on the reference of a DPA. A. Where the processing manager is established in the EEA and transfers personal data to Snap Inc., Snap Aus Pty Ltd.

or Snap Group Limited (in the absence of a legal mechanism automatically authorizing an unrestricted transfer to the United Kingdom), the standard contractual clauses are inserted into this agreement by reference and apply to that transfer. Clause 6 against the data exporter or importer because it has disappeared in fact or no longer exists or has become insolvent and no successor organization has assumed, contractually or by law, all the legal obligations of the data exporter or data importer. This liability of one-third of the subprocessor is limited to its own processing operations in accordance with the clauses.