If a provision of this data protection authority is invalid or unenforceable or becomes unenforceable, it will not invalidate the entire agreement. Any provision of this data protection authority, which is only partially or partially invalidated, is rewritten by mutual agreement to accurately reflect the invalid or unenforceable provision, even though it is valid and enforceable. To avoid doubts, the 84codes do not physically host any of the servers provided for the service. Instead, data centers are used by external cloud platforms that the data manager selects to use the service itself. These cloud platforms are listed as subprocessors in Schedule 3. All data can be encrypted during transmission and in standby mode for extra security. In addition, 84codes is not aware of the type of data processed by the data manager while using the service. 84Codes employees do not look at the data manager`s data or copy the data on any server other than the one chosen by the data manager. All data stored in the service is stored until the data manager deletes the data either manually or by guidelines. Backups (if any) are deleted after 30 days. ☐ the subcontractor must take appropriate measures to ensure the safety of the processing; The RGPD requires data processing agreements between responsible data controllers and data publishers, as well as requirements for what should be included in these agreements. Article 31 provides that processors and data processors (or their representatives) cooperate with supervisory authorities.

According to the RGPD, the organisation that defines the purpose of data processing (i.e. the person responsible for processing) has more legal obligations, but how the EU client and the subcontractor will protect this data, both parties – the EU company that needs to do the application and the outsourcing company that needs data to complete the project. d. If necessary, the parties reasonably cooperate during the cure period to agree on safeguards or other additional measures that may be necessary to ensure compliance by the data importer with the applicable data protection clauses and legislation. Article 36 addresses situations in which a data protection impact analysis poses a high risk, defines the reporting procedure of data managers, data processors and supervisory authorities, and sets timetables for supervisory authorities to consult with the processor and/or subcontractor on how to improve the situation so that treatment can begin safely.