Contract for the processing of personal data according to the EU General Data Protection Regulation (AV contract)

Contract for the processing of personal data

between

see completed form entries
(hereinafter referred to as the client)

and

see information in the imprint
(hereinafter referred to as the contractor)

1 Introduction, Scope, Definitions

(1) This contract regulates the rights and obligations of the client and contractor (hereinafter referred to as “parties”) in the context of processing personal data on behalf of the client.

(2) This contract applies to all activities in which employees of the contractor or subcontractors commissioned by the contractor process the client’s personal data.

(3) Terms used in this contract are to be understood in accordance with their definition in the EU General Data Protection Regulation. Insofar as statements in the following have to be made “in writing”, the written form is meant in accordance with § 126 BGB. In addition, declarations can also be made in another form, provided that adequate verifiability is guaranteed.

2 Subject and duration of the processing

2.1 Subject

The contractor undertakes the following processing:

• See completed form entries

The processing is based on the service contract between the parties (hereinafter “main contract”).

2.2 Duration

Processing begins on January 25th, 2021, and takes place for an indefinite period until the termination of this contract or the main contract by a party.

3 Type and purpose of data collection, processing or use:

3.1 Nature and purpose of processing

The processing is of the following type: collection, recording and storage
The processing serves the following purpose: contacting the contractor

3.2 Nature of the data

The following data are processed:

• See completed form entries

3.2.1 Categories of Data Subjects

The following are affected by the processing:

• See completed form entries

4 obligations of the contractor

(1) The contractor processes personal data exclusively as contractually agreed or as instructed by the client unless the contractor is legally obliged to carry out specific processing. If such obligations exist for him, the contractor will inform the client of these prior to processing, unless the communication is prohibited by law. In addition, the contractor does not use the data provided for processing for any other purpose, in particular not for its own purposes.

(2) The contractor confirms that he is aware of the relevant general data protection regulations. He observes the principles of proper data processing.

(3) The contractor undertakes to strictly maintain confidentiality during processing.

(4) Persons who can gain knowledge of the data processed in the order must commit themselves in writing to confidentiality unless they are already legally subject to a relevant confidentiality obligation.

(5) The contractor guarantees that the persons employed by him for processing have been familiarized with the relevant provisions of data protection and this contract before the start of processing. Corresponding training and awareness-raising measures are to be repeated regularly as appropriate. The contractor shall ensure that the persons employed for order processing are continuously and appropriately instructed and monitored with regard to compliance with data protection requirements.

(6) In connection with the commissioned processing, the contractor must support the client in creating and updating the list of processing activities and in carrying out the data protection impact assessment. All necessary information and documentation must be kept and forwarded to the client immediately upon request.

(7) If the client is subject to control by supervisory authorities or other bodies or if data subjects assert rights against him, the contractor undertakes to support the client to the extent necessary, insofar as the processing in the order is affected.

(8) The contractor may only provide information to third parties or the person concerned with the prior consent of the client. Inquiries addressed directly to him will be forwarded to the client immediately.

(9) As far as legally required, the contractor appoints a competent and reliable person as data protection officer. It must be ensured that there are no conflicts of interest for the agent. In cases of doubt, the client can contact the data protection officer directly. The contractor will immediately inform the client of the contact details of the data protection officer or justify why none