Cookies On The Perfetti Website Back

This website uses its own and third-party cookies to analyze your browsing for statistical and possibly for advertising purposes, including showing personalized advertising based on a profile based on your browsing experience.

Click to have more information or here to adjust your cookies settings. You can also accept all cookies by clicking on the "Accept" button.

Accept
Decline
Decline

Data Processing Agreement Template

Data Processing Agreement Template between ABC-based … VAT …, hereinafter referred to as “ABC”. and Perfetti Van Melle …, with registered office in…, hereinafter referred to as “PVM”. Hereinafter jointly referred to as the “Parties” and individually as “Party”

WHEREAS:

  • ABC carries out work duties and renders services for PVM (hereinafter referred to as “the Services”) according to one or more separate agreements (hereinafter referred to as “Principal Agreement”);
  • The performance of the Services by ABC implies access to and processing of personal data of PVM (hereinafter referred to as “PVM Personal Data”);
  • Pursuant to the General Data Protection Regulation (or any other applicable Data Protection Laws) Parties are obliged to enter into a Data Processing Agreement in case the processing of PVM Personal Data is outsourced;
  • PVM pursuant to the aforementioned legislation is deemed “Controller” and ABC is deemed “Processor”.
  • Parties therefore have agreed to sign this Data Processing Agreement subject to the following

IT IS AGREED AS FOLLOWS:

1. DEFINITIONS

In this Agreement the following terms will have the following meanings:

  • “Personal Data”: means any information relating to an identified or identifiable natural person (Data Subject).
  • “PVM Personal Data”: means the Personal Data Processed by ABC on behalf of PVM pursuant to or in connection with the Principal Agreement.
  • Data Protection Laws”: means European Union or Member States Data Protection laws and, to the extent applicable, the data protection or privacy laws of any other country.
  • “GDPR”: means the Regulation (EU) 2016/679.
  • “Controller”: the entity which determines the purposes and means of the Processing of PVM Personal Data.
  • “Processing” means any operation or set of operations which is performed with regard to PVM Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or otherwise making available, alignment or combination, blocking, erasure or destruction.
  • “Processor”: the entity which processes PVM Personal Data on behalf of the Controller.
  • “Sub-processor”: means a third party contracted by Processor that processes the PVM Personal Data.
  • “Personal Data Breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.

2. PROCESSING OF PERSONAL DATA

ABC agrees to Process PVM Personal Data as a consequence of the performance of the Principal Agreement in ac

  • Process PVM Personal Data only following PVM’s documented instructions as they are defined in Schedule 1 and not to apply or use PVM Personal Data for other purposes. In case the Principal Agreement is changed or amended in such a way that Schedule 1 needs amendments or changes, Parties agree to amend Schedule 1 accordingly.
  • Not to give PVM Personal Data to natural or legal persons other than those that may have been expressly authorized by PVM.
  • Once the Principal Agreement has been terminated, PVM Personal Data will be returned to PVM, as well as any supporting material or document which contain it, deleting existing copies.

3. CONFIDENTIALITY

  • ABC undertakes to take all reasonable steps to ensure the reliability of any employee, agent or contractor who may have access to the PVM Personal Data, ensuring in each case that access is strictly limited to those individuals who need to know / access the relevant PVM Personal Data, as strictly necessary for the purposes of the Principal Agreement, and that all such individuals are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.
  • The personal data provided by PVM to ABC will not be disclosed to third parties without prior approval of PVM, unless there is a written consent by the PVM, or unless it is necessary for the execution of the Services, the performance of a legal obligation, a request from an authority, or judicial ruling.

4. TECHNICAL AND ORGANIZATIONAL MEASURES

  • ABC shall in relation to the PVM Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate and when applicable, the measures referred to in Article 32(1) of the GDPR.
  • In assessing the appropriate level of security, ABC shall take into account the particular risks that are presented by Processing.
  • The Security Measures implemented are further described in Schedule 2.
  • ABC shall also assist PVM in ensuring compliance with the obligations pursuant to article 32 to 36 of the GDPR where applicable.

5. SUB-PROCESSORS

  • ABC may engage a Sub-Processor provided that an agreement with the same content of this Data Processing Agreement is signed between ABC and the Sub-processor.
  • The list of Sub-processors is attached to this Agreement as Schedule 3. This schedule should be updated any time there is a new Sub-processor appointed by ABC after having received the written approval of PVM.
  • Where that Sub-processor fails to fulfil its data protection obligations, ABC shall remain fully liable to PVM for the performance of that Sub-processor’s obligations.
  • Failure to comply with the above obligation by ABC will give a right to PVM to terminate immediately the Agreement.

6. DATA SUBJECTS RIGHTS

  • ABC shall assist PVM by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of PVM’ obligations to respond to requests to exercise Data Subject’s rights (“the Data Subject’s Rights”) under the Data Protection Laws.
  • ABC shall:
  • promptly notify PVM if ABC receives a request from a Data Subject to exercise the Data Subject’s Rights;
  • ABC undertakes not to answer to Data Subject request without prior approval of PVM except for the cases in which ABC is obliged to answer by Law. In this last case ABC will promptly inform PVM.

7. PERSONAL DATA BREACH

  • ABC shall notify only PVM without undue delay upon ABC becoming aware of a Personal Data Breach affecting PVM Personal Data, providing PVM with sufficient information to allow PVM to meet any obligation to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws. Laws.
  • ABC shall co-operate with PVM and take such reasonable steps as are directed by PVM to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

8. AUDIT RIGHTS

  • PVM may, by itself or through third parties, audit and inspect ABC’s premises during normal office hours, to verify compliance by ABC with the provisions of this Data Processing Agreement.
  • At PVM request, ABC shall make available to PVM the supporting documentation for compliance with this Data Processing Agreement.

9. GOVERNING LAW AND VENUE

This Agreement will be governed by the law of India and the venue is the Court of the place where PVM resides.

The Parties have executed this Data Processing Agreement in two copies.

Place…….. Date

Perfetti Van Melle … ABC

SCHEDULE 1

The Processor can process and use the PVM Personal Data only according to the purposes set forth in the Principal Agreement.

Only the category of the Data Subjects indicated in the Principal Agreement can be subject of the processing.

Only the categories of Personal Data expressly provided by the Principal Agreement can be processed according to this Agreement.

SCHEDULE 2

In order to protect PVM Personal Data ABC declares to have implemented the following technical and organizational security measures:

  • Personal Data Protection security policy.
    • a Personal Data Protection security policy has been adopted and is available for PVM.
    • this policy has been made known to all employees and relevant parties.
  • Security awareness.
    • all processor’s employees and, where applicable, other relevant parties have been trained and are informed about security procedures adopted by the processor.
  • Security of equipment.
    • the equipment is physically protected against unauthorized access, damage and malfunctions.
  • Access security.
    • ABC has in place procedures to control all the authorized users accessing the information, the equipment and the whole ABC’s systems and services.
    • the procedures map all the access and activities of the authorizes users until their final logoff.
    • special attention will be given to managing user access rights with extra rights, such as system administrators.
  • Logging and control.
    • activities which users perform with PVM Personal Data are recorded in log files as well as unauthorized access or defaults that can cause damage or loss of personal data.
    • the log files are periodically checked.
  • Correct processing in application systems.
    • In all application systems are security measures built-in.
    • The part of the system processing special categories of data are subject to dedicated security measures.
  • Incidents management.
    • ABC has implemented an incident management system to check, collect incidences and report without delay any incidents and security vulnerabilities.
  • Services continuity management.
    • All the above described measures concur to monitor and warrant the continuity of the Services in case of natural disasters, accidents, loss of equipment or willful misconduct or any other event.