* This English version of the Data Processing Agreement is an automatically generated translation of the original German document. It is provided solely for convenience. In the event of any discrepancies or inconsistencies, the German version shall prevail and is legally binding.
Addendum to the DPA for Q.wiki Now! for the ISMS Module
Preamble
The parties have entered into an agreement on the processing of data on behalf of the Controller for Q.wiki Now! pursuant to Art. 28 GDPR, hereinafter referred to as the “Main DPA”.
The Controller intends to use the optionally available ISMS Module to support the establishment and operation of an information security management system, hereinafter “ISMS”, which requires an amendment to the Main DPA.
The details are set out below:
Section 1 Subject Matter of the Agreement, Order of Precedence
1.1 The Main DPA and this Addendum shall apply jointly to the ISMS Module. This Addendum exclusively governs the supplementary provisions set out herein, in particular the additional subprocessors listed in Annex 1. In the event of any inconsistency between the Main DPA and this Addendum with respect to the ISMS Module, this Addendum shall take precedence.
1.2 The term of this Addendum shall correspond to the term of the Main DPA and shall apply for the duration of the use of the ISMS Module. In addition, the post-contractual obligations and confidentiality obligations provided for in the Main DPA shall apply accordingly.
Section 2 Scope and Purpose of Processing in the ISMS Module
2.1 Within the scope of the ISMS Module, the Processor provides services to the Controller to support the mapping, maintenance and use of ISMS-related information and processes, for example structured information, documentation, evaluations and support functions.
2.2 The Processor processes personal data for the ISMS Module exclusively on behalf of and in accordance with the instructions of the Controller, as set out in the Main DPA.
Section 3 Type of Processed Data, Categories of Data Subjects
The type or types of personal data and the categories of data subjects correspond to the categories described in Annex 1 of the Main DPA.
Section 4 Use of Subprocessors for the ISMS Module
4.1 The provisions of the Main DPA, in particular the provisions contained therein on the use of subprocessors, shall apply accordingly to the use of subprocessors, the notification of intended engagements or replacements, and any right to object.
4.2 In addition to the subprocessors listed in Annex 3 - Approved Subprocessors of the Main DPA, the additional subprocessors listed in Annex 1 to this Addendum shall be used for the ISMS Module.
4.3 Where subprocessors are established outside the EU or EEA, or where access from a third country cannot be excluded, any transfer of data to third countries shall take place only in accordance with the requirements for transfers to third countries provided for in the Main DPA.
Section 5 Technical and Organisational Measures
The technical and organisational measures agreed in the Main DPA, in particular Annex 2, shall also apply to the ISMS Module.
Section 6 Final Provisions
In all other respects, the provisions of the Main DPA shall apply.
Annex 1 - Additional Approved Subprocessors for the ISMS Module
The Processor uses services provided by third parties for the processing of data on behalf of the Controller. These third parties process data on behalf of the Processor, hereinafter referred to as “subprocessors”.
In addition to the subprocessors listed in Annex 3 of the Main DPA, the following additional processors shall be engaged for the ISMS Module, and the Controller approves their engagement:
We are happy to provide you with inspiring content, current events and news.
