2.5 Type of Data. DigitalOcean processes the customer data provided by the customer. Such Customer Data may contain special categories of Data depending on how the Services are used by the Customer. Customer Data may be subject to the following processing activities: (i) storage and other processing necessary to provide, maintain and improve the services provided to Customer; (ii) to provide customer and technical support; and (iii) disclosures required by law or otherwise set forth in the Agreement. “Data Protection Legislation” means, where applicable: (a) the GDPR; and/or (b) the Federal Data Protection Act of 19. June 1992 (Switzerland) and all data protection laws that amend, replace or materially replace the GDPR, the Swiss Federal Data Protection Act and/or other applicable national data protection laws of the Member States of the European Union or applicable national/federal or national/provincial data protection laws, including, where applicable, laws, decisions, guidelines, codes of conduct, codes of conduct and data protection certification mechanisms issued from time to time by competent courts or supervisory authorities in relation to the processing of personal data and privacy. 3.4 Objection to sub-processors. The Customer may object in writing to the appointment by DigitalOcean of a new processor for valid reasons related to data protection by informing DigitalOcean in writing immediately within five (5) calendar days of receipt of DigitalOcean`s notice in accordance with Section 3.3. This communication explains the reasons for the objection. In this case, the parties will discuss these concerns in good faith in order to reach a commercially reasonable solution. If this is not possible, either party may terminate the relevant services that cannot be provided by DigitalOcean without using the new subcontractor complained of.

What does the GDPR definition really mean? As before, there must always be a written contract when a company processes personal data on behalf of another company, but even a “basic” clause will now be much longer and more detailed, often encompassing a few pages of text. In addition, a controller is only allowed to use processors that offer sufficient guarantees to take appropriate technical and organisational measures to meet the requirements of the GDPR and to protect the rights of the data subject. Examples of factors to be considered when assessing the suitability of a processor include:• the extent to which the processor can demonstrate compliance with industry standards (if any);• whether it has sufficient technical expertise to help the controller fulfil its obligations under the GDPR;• whether the processor can provide relevant documents such as a privacy policy; Records management policy and/or information security policy;• whether or not the processor can demonstrate compliance with an approved code of conduct or certification scheme. One. The Parties acknowledge that, in accordance with FAQ II.1, the data exporter has been mentioned in Article 29 of WP 176 entitled “FAQ on the collection of certain questions resulting from the entry into force of European Commission Decision 2010/87/EU of 5. February 2010 on standard contractual clauses for the transfer of personal data to processors established in third countries in accordance with Directive 95/46/EC” may give general consent to the further processing of data. Importer.. .