1. The data importer cannot outsource the processing carried out on behalf of the data exporter in accordance with the clauses without the prior written consent of the data exporter. If the data importer signs its obligations under the clauses with the agreement of the data exporter, it does so only through a written agreement with the subcontract, which imposes on the subcontractor the same obligations as those imposed on the data importer under the clauses. If the subcontractor does not comply with its data protection obligations under such a written agreement, the data importer is fully liable to the data exporter for the performance of the subprocessing obligations arising from this agreement. As you may know, this site is run by the encrypted messaging provider ProtonMail (and funded in part by the European Union`s Horizon 2020 programme). As part of our RGPD compliance efforts, we have made our own data processing agreements available to all our users for download, control and signature. B. The parties also recognize that the confidentiality restrictions imposed by the subprocessor prevent the data importer from transmitting the redirect agreements to the data exporter. Nevertheless, the data importer does everything in its power to require any subprocessor that it has designated the disclosure of the subcontract to the data exporter. 3.1 Instructions.

The customer instructs the company (and authorizes the company to order its staff and subcontractors) to process personal data for commercial purposes and in a manner (including international transfer) and in accordance with the agreement, this DPA and applicable law (the “instructions”). The entity will not retain, retain, use or disclose personal data for purposes other than the commercial purpose or, moreover, by the client or applicable law. The parties agree that the client`s full and definitive instructions regarding the nature and purpose of the treatment are defined in the agreement and the data authority. Processing outside the scope of these instructions (if any) requires prior written agreement between the customer and the company. When the processor assigns processing activities to a subcontractor, it should only use processors with sufficient safeguards, including expertise, reliability and resources, to implement technical and organizational measures that meet the requirements of this regulation, including for processing security.