Personal data is only processed to the extent necessary for the provision of the necessary services, i.e. the fulfillment of a job description or a request for assistance issued by the customer. Any use of information systems and personal data that does not comply with routines, instructions from the controller or current data protection legislation, as well as security breaches, are treated as a deviation. Article 6 of the GDPR sets out conditions for the lawful processing of data, including strong consent[v] from the parties. Therefore, trade agreements that bind either party to disclose information must meet their requirements so that the parties can make an informed decision about their consent. The conditions of legality of data processing are as follows: The processor processes personal data only on and in accordance with the instructions of the controller. The processor shall not process personal data without prior written consent with the controller or without written instructions from the controller, which go beyond what is necessary to fulfil its obligations towards the controller of the agreement. In most cases, a commercial contract requires the disclosure of confidential information that leaves very little room for disclosure. As a general rule, there is no clause that reflects the nature, purpose or security measures used by the controller to ensure the security of the data.
Disclosure is on a slippery slope when personal data are requested without knowing the purpose or legal obligations with regard to them. Such dilemmas usually arise when deciding to become a party to commercial contracts with a bank, a trader`s transformer or cloud agreements. [iv] The processor shall ensure, by planned systematic, organisational and technical measures, adequate security of information with regard to the confidentiality, integrity and accessibility of the processing of personal data, in accordance with the provisions of current data protection legislation on information security. This document provides an overview of how SuperOffice processes customer data regarding the data processing contract for support and consulting services (section A). A guide with further instructions will also be made available to the customer. Processing by a controller must be governed by a treaty or other legislation in force in the Union law of the Member States. [viii] In addition to indicating the purpose of the information management, a contract also includes a clause indicating the duration of the processing, the nature, categories of the data subject, the rights and obligations of the controller, the security measures, the inspection and audit of the controller, the obligation of trust, insofar as it is appropriate for the use of the contract. These requirements are set out in Article 28(3) of the GDPR. This article also obliges the documents to explicitly mention the above-mentioned provisions when the data subject is invited to transmit personal data.
The termination clause must be imposed for each contract in such a way that all data conditions are explicitly mentioned and for which informed consent is obtained. The use of SuperOffice products by the customer is subject to one or more of the agreements listed below (“customer user agreements”): it is in no way negotiable. . . .
