Authorization: Customer data is stored in portable storage systems that customers can only access using application user interfaces and application programming interfaces. Customers do not have direct access to the underlying application infrastructure. The authorization model for each of our products must ensure that only the persons assigned accordingly can access the relevant functions, views and adaptation options. Authorization for records is performed by verifying the user`s permissions using the attributes assigned to each record. The parties acknowledge and agree that the customer is responsible for the personal data and the density of the personal data processors. In the context of the agreement and use of Density products, the controller is solely responsible for compliance with legal requirements on data protection and privacy, in particular with regard to the disclosure and transfer of personal data to the processor and the processing of personal data. The controller shall inform the processor of any errors or irregularities concerning the legal provisions relating to the processing of personal data. (iii) any request that emanates directly from the data subjects without answering that question, unless it has been authorised to do so otherwise; The SCCs of subcontractors of THE EEA controllers aim to implement organisations that rely on third parties in the EEA to carry out certain data processing activities on their behalf (i.e. “data processors”) to fulfil their obligations under the EU General Data Protection Regulation (GDPR).

In particular, Article 28 of the GDPR requires data controllers to enter into an agreement (or other act) when outsourcing data processing activities to a processor and define the data protection obligations that must be covered by such a data processing agreement. These data protection obligations include the obligations of the processor with regard to: (1) compliance with the data controller`s processing instructions; (2) the return or erasure of data after the termination of data processing services; (3) information security; (4) Assist the controller in fulfilling its obligations under the GDPR, for example.B. with regard to data subjects` claims for rights, notification of data protection breaches and data protection impact assessments; (5) the execution and assistance of audits carried out by the controller or by any other examiner; and (6) the participation of subcontractors. . . .