Data processing agreement
As an Elium customer, you're considered to be a Data Controller. This Data Processing Agreement enables you to demonstrate that you manage your processors seriously and act in compliance. We have defined our provisions below which provide you with the maximum level of assurance.
The GDPR article 28.3 specifies that “the processing [of personal data] by a processor shall be governed by a contract […], that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller …”
So we have prepared this ‘Data Processing Agreement’ document, with the following explanations:
- Data processing, security and protection, technical and organisational measures, confidentiality (articles 4 thru 7)These articles define in a clear way the rights and obligations of the parties with respect to data security and to the technical and organisational measures implemented by Elium to ensure that security.
- Disposal of data at the end of the contract (article 8)This article specifies the procedure to be applied by both parties at the end of the contract, with respect to the disposal of data, in respect of article GDPR 28.3.g.
- Remote maintenance operations (article 9)This article describes the commitments of Elium with respect to remote maintenance operations.
- The data processors of Elium (« sub-processors ») (article 11)This article specifies the rights and obligations of the parties regarding the selection of sub-processors by Elium, in respect of articles GDPR 28.2 et 28.4.
- Data breaches (article 12)This article defines the procedure, and the rights and obligations of the parties in case of data breach, with respect to articles GDPR 28.3.h and 33.5.
- Data subject requests (article 13)This article defines the procedure and the rights and obligations of Elium in the processing of the requests from data subjects, in respect of article GDPR 28.3.e.
- Data protection impact analysis (article 14)This article specifies the rights and obligations of the parties regarding the impact analysis foreseen in the regulation, in respect of article GDPR 35.
- Audit (article 15)This article specifies the rights and obligations of the parties regarding audit operations, in respect of article GDPR 28.3.h.