1.1.3 “data protection authority” refers to the supervisory authority or any other competent authority responsible for monitoring the enforcement of the Personal Data Protection Act as part of the processing provided for in this agreement. We see what happened when they were not present at the Yahoo security incident! UK 2014. In that case, ICO (the UK supervisory authority) fined Yahoo! UK 250,000 pounds for failing to reach an agreement with its US counterpart (among other breaches) in which the two organisations shared personal data and had a hacking that compromised the personal data of their customers. 1.1.7 The term “contract” refers to cooperation agreements between the parties. Therefore, if we have been tempted to include in one of our contracts the typical NOA clause, which relates to responses to subpoenas, regulatory requests, etc. (which obviously do not do standard model clauses), perhaps this should be extended to take into account the requests of the subjects concerned. When we`re the processor. If we are the sovereign, we might like more discretion over what we do or do not release. The subcontractor must comply with all personal data protection provisions set out in this data processing agreement and applicable data protection legislation that are relevant to the processing of personal data. CONSIDERING that the term “confidential information” includes information disclosed by the parties, orally, in writing or electronically or by any other means (without necessarily “confidential”), which relates to: (a) information about companies or associated companies of a group of companies or information about workers or any other person or legal person related to them; (b) all financial data relating to the main agreement that are used exclusively for cooperation (c) all types of information, such as organizational data and details, financial policies, business plans and strategies, partnerships and investments of companies and/or associated companies that are received by contracting parties in any form (written, electronic or oral), without necessarily being declared “confidential.” If the activities carried out by a third party involve the processing of personal data, the third party is generally considered a data processor under Belgian data protection law. The responsible holder recognizes and accepts that all personal data that the processing manager transfers as part of the service, such as. B personal data downloaded and relating to its own customers, can be transferred to a third party (subcontractor) established in the European Economic Area (EEA) which provides for the hosting of the service, including the provision of all lines of equipment, infrastructure, data storage and communication. The third-party obligations for personal data are defined in a separate data processing agreement between the subcontractor and the third party under this data processing agreement.
All data in the service is stored on servers in Europe. 4.3 The recipient undertakes not to use the confidential information disclosed by the other party for specific purposes without first obtaining written consent from the other party.