Vendor Data Protection Agreement

It is strongly recommended that the provider accept the U-M Data Protection Addendum (DPA) or consult the equivalent in the supplier agreement. Procurement Services coordinates the implementation of the CCA with the supplier and works with the unit, the General Counsel Office (OGC) and the AI on any verification contained in the DPA verification process. Persons authorised to use a data processing system shall only have access to the data to which they have the right to access and personal data may not be read, copied, modified or deleted without authorisation during processing. This data processing agreement is adapted from the ProtonMail DPA that you will find on this page. Organizations can use the document below as part of their GDPR compliance. Appendix 4 Decision C(2010)593 Commission Standard Contractual Clauses (processors) For the purposes of Article 26(2) of Directive 95/46/EC on the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection Name of the data exporting organisation: customer within the meaning of the agreement. For more information necessary to identify the organization: .... (data exporters) And name of data import organization: Gigamon Inc. Address: 3300 Olcott Street, Santa Clara, CA 95054 The data exporter acknowledges that its data is in the data centers of Google Inc. and/or one or more of its associated companies (together "Google") (and not the data importer) and therefore in the data centers of Google Inc.

and/or one or more of its associated companies (together "Google") and, therefore, that most of the technical and organisational security measures concerning the data of the data importer (in particular paragraphs 4c, 4 d., 4e and 4 h above) are provided by the relevant Google unit within the framework of its own responsibility. Accordingly, and notwithstanding other provisions of these clauses, the data importer disclaims all liability with regard to Google`s acts and/or omissions, including (without limitation) Google`s technical and organisational security measures, which are mentioned only for information purposes and without any information set out in Annexes 1 and 2. It must be possible to verify a posteriori and to determine whether and by whom personal data have been entered, modified or deleted in data processing systems. (B) The company wishes to subcontract to the subcontractor certain services that involve the processing of personal data. Personal data related to the provision and operation of Insight offerings includes data contained in machine event data, threat operator data and data transmitted by the controller/customer, which is processed to monitor the customer`s chosen network for adverse activities and provide applications, additional modules, features and services selected by the customer. The personal data transmitted are subject to processing activities, as described in the contracts or an order for services referring to this MDPA. "non-European data protection legislation" means all national/federal or state/provincial/provincial data protection or data protection laws, with the exception of data protection legislation. The personal data transmitted are subject to the following basic processing activities: the seller will assist the customer (taking into account the type of processing and the information available to the seller) in the performance of its obligations under data protection legislation with regard to data protection impact assessments and prior consultations, including, where applicable, the Customer`s obligations under A`s on 35 and 36 of the GDPR, by a) providing for verification copies of the security documentation or other documents or information describing the relevant aspects of the Provider`s information security program and related security measures; and (b) provide the other information contained in the Agreement, including this DPA. . . .

Posted in Uncategorized