/Docs/G/Org-JLINC-SISA/Form/0.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=Subcontract.r00t): Visual Print Technical: OpenParameters Xray
COMPLETE PERSONAL DATA LIFE CYCLE
  1. The Data Custodian shall not subcontract any of its Service-related activities consisting (partly) of the processing of the Personal Data or requiring Personal Data to be processed by any third party without the permission of the Rights Holder.
  2. Where the Rights Holder authorizes the Data Custodian named in the SISA to engage sub-processors for Personal Data Processing, those sub-processors shall become Data Custodians to the Data Custodian named in this SISA. The named Data Custodian then becomes the delegated Rights Holder for that processing, provided that only permissions expressed by the original Rights Holder of this SISA may be granted to a sub-processor as a delegated Data Custodian. Further, any permissions withdrawn by the Rights Holder to this SISA will be transmitted and similarly withdrawn by all subsequent Data Custodians.
  3. Notwithstanding any authorization by the Rights Holder within the meaning of the preceding paragraph, the Data Custodian shall remain fully liable vis-à-vis the Rights Holder for the performance of any such sub-processor that fails to fulfill its data protection obligations.
  4. The Data Custodian shall ensure that the sub-processor is bound by the same data protection obligations of the Data Custodian under this Data Processing Agreement, shall supervise compliance thereof, and must in particular impose on its sub-processors the obligation to implement appropriate technical and organizational measures in such a manner that the processing will meet the requirements of applicable Data Protection Law.
  5. The Rights Holder may request that the Data Custodian audit a Third-Party Sub-processor or provide confirmation that such an audit has occurred (or, where available, obtain or assist customer in obtaining a third-party audit report concerning the Third-Party Sub-processor’s operations) to ensure compliance with its obligations imposed by the Data Custodian in conformity with this Agreement.