15. 4. 2021 Od admin Off

What Is System Protection Agreement

10.2 Current subcontractors for services are listed under www.sinch.com/data-protection-agreement/sub-processors/ („subcontracting list“) and the client agrees and authorizes Sinch to have assigned these subcontractors to process personal data, as listed. The customer can www.sinch.com/data-protection-agreement/sub-processors/ find a mechanism to subscribe to notifications regarding new subcontractors for each applicable service to which the customer subscribes, and if the customer subscribes, Sinch will notify a new subprocessor (s) before allowing new subcontractors to process personal data related to the provision of the corresponding service. 2. Information Security Guidelines 2.1. Sinch has a defined and documented Information Security Management System (ISMS), including a directive and information security procedures approved by Sinch management. They are published within the Sinch organisation and communicated to the relevant staff of Sinch. 2.2. Sinch regularly reviews Sinch`s security policies and procedures and updates them if necessary to ensure they comply with security policies. In addition to what has been agreed within this Data Protection Authority, the data transfer officer recognizes that the subcontractor may transfer, store and process personal data in areas outside of Canada, where it is subject to the laws of foreign jurisdictions in which it is located.

The subcontractor may and will ensure that an affiliate or third party with whom it processes personal data on its behalf does not transfer personal data to a territory outside of Canada, unless this is consistent with the broadly similar conditions agreed prior to that transmission; or to act on this personal data in a manner that violates the person responsible for his obligations under existing data protection legislation. 11. China The following text is added to paragraph 16 of this DPA: „The legal liability provided by the laws of the People`s Republic of China may apply according to the agreements reached with his client by the person in charge of the treatment.“ In addition to what has been agreed in Section 7 of this Data Protection Authority, the parties will also cooperate with respect to data protection violations committed against Canadian regulators, individuals and other organizations that are mandated by law or recommended at the sole discretion of the processing officer. The data importer accepts and guarantees: (a) processing personal data only on behalf of the data exporter and in accordance with its instructions and clauses; if, for whatever reason, it is unable to comply, it undertakes to immediately inform the data exporter of its inability to comply, in which case the data exporter is authorized to suspend the transfer of data and/or terminate the contract; (b) that it has no reason to believe that the current legislation prevents it from complying with the instructions received from the data exporter and its contractual obligations and that, in the event of a change in this legislation that could have a material negative effect on the safeguards and obligations in the clauses, it will immediately inform the exporter as soon as it becomes aware of it, in which case the data exporter is allowed to suspend the data transmission; (c) that it implemented the technical and organizational security measures covered by Appendix 2 prior to the processing of personal data transmitted; (d) promptly inform the data exporter of the following issues: (i) any legally binding request for disclosure of personal data by a law enforcement agency, unless otherwise prohibited, such as a criminal prohibition. B to preserve the confidentiality of a criminal investigation, (ii) any fortuitous or unauthorized access, and (iii) any request that goes directly against the persons concerned without responding to that request, unless it has been authorized to do so; (e) all requests from the exporter for data relating to the processing of pheasant personal data