Processor acts as a data processor under Applicable Law. Processor processes the Customer's personal data on behalf of the Customer for the purposes of the Agreement in accordance with this DPA and the Customer's documented instructions. Processor shall implement appropriate technical and organizational measures for ensuring the security of the processing and maintain appropriate documentation of these measures and processing activities.
Processor commits to ensure that persons processing personal data under the authority and supervision of Processor have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality in addition to that such persons shall process personal data only pursuant to this DPA, the Agreement and the Customer's instructions.
Processor commits to assist, to the extent possible, taking into account the nature of the processing operation, the Customer to ensure compliance with the Customer's responsibility to respond to requests that concern the use of rights of data subjects by appropriate technical and organizational measures, and to inform the Customer about the requests received from the data subjects.
Processor shall, upon request and to the extent possible, provide the Customer information necessary to demonstrate compliance with the obligations concerning the processing of personal data under this DPA. Processor shall allow the Customer either on their own or with a third-party auditor to conduct audits relating to processing of the Customer's personal data in the presence of Processor. Such third-party auditor shall not be a competitor to Processor and must be approved by Processor prior to the audit. The Customer shall notify Processor in writing at least 30 days prior to the audit. Thereafter, the Parties shall mutually agree on the extent and timing of the audit, always conducted during Processor's normal working hours. The audit may not interfere with Processor's normal business activities, nor lead to breaches of confidentiality obligation of Processor towards third parties nor endanger Processor's data security. The Customer shall bear all costs related to the audit.
Processor shall, taking into account the nature of the processing and information available to Processor, assist the Customer in completing possible data protection impact assessments, notifications of personal data breaches and prior consultation requests to the extent they relate to the software service provided by Processor.
After the end of the provision of Services under the Agreement, Processor commits to either delete or return all personal data to the Customer, based on the Customer's choice. Processor deletes existing copies of personal data unless legislation requires longer storage of personal data.
Processor commits to answer to notifications, complaints and other inquiries of the Customer without undue delay.
Processor shall be entitled to invoice the Customer for costs incurred by the assistance measures performed under this Clause 4 in accordance with its then-valid price list.