the transfer of personal data from the company by a contract subcontractor to a subcontractor or between two branches of a commercial subcontractor, at least where such transmission would be prohibited by data protection legislation (or by the conditions of data transfer agreements put in place to impose restrictions on data protection); In addition, an optional data processing clause in favour of the RGPD is included. This will be useful if the subcontractor processes personal data. The General Data Protection Regulation (RGPD No. 2016/679 of 27 April 2016, applicable 25 May 2018) imposes special obligations on subcontractors whose liability may arise in the event of an infringement. It also provides for the inclusion of additional provisions in contracts with subcontractors. This data processing agreement is adapted by the DPA De ProtonMail which is on this page. Organizations can use the following document as part of their compliance with the RGPD. (C) The parties are working to implement a data processing agreement in line with the requirements of the current legal framework for data processing and the 2016/679 European Parliament and Council 27 April 2016 on the protection of individuals in the processing of personal data and the free movement of personal data and repealing Directive 95/46/EC (General Data Protection Regulation). An optional non-invitation clause is included, which can help protect the company from customer poaching by a defective subcontractor. It is a framework agreement because the signing of the agreement itself does not create service obligations.

Instead, the document provides a framework by which parties can provide specific work statements regarding certain services. Contracting parties are bound by the terms and conditions of use under which the subcontractor, i.e. the service provider, provides services to the person responsible for the processing, namely the client, and allows access to APIs (the “services”). 2.1.2 not the processing of the company`s personal data, except on the documented instructions of the company concerned. The second condition is that, when a processing manager is established in the European Union and transfers personal data to a subcontractor established outside the European Union, the parties must take steps to ensure that the competence in which the data is transferred provides the data with an “adequate level of protection”. 2 The United States, for example, is not considered to be a country with an adequate level of protection.