Verifi specializes in dispute management, aiding sellers in revenue retention and cost reduction from banks.
4. Obligations of the Data Exporter
4.1 The data exporter agrees and warrants:
- That the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provisions of the applicable data protection law;
- That it has instructed and throughout the duration of the personal data-processing services will instruct the data importer to process the personal data transferred only on the data exporter’s behalf and in accordance with the applicable data
protection law and the Clauses - That the data importer will provide sufficient guarantees in respect of the technical and organisational security;
- That the security measures are appropriate to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, in particular where the processing involves the transmission of data
over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of the data to be protected having regard to the state
of the art and the cost of their implementation; - That it will ensure compliance with the security measures;
- That, if the transfer involves special categories of data, the data subject has been informed or will be informed before, or as soon as possible after, the transfer that its data could be transmitted to a third country not providing adequate protection
within the meaning of EU Data Protection Laws 95/46/EC; - To forward any notification received from the data importer or any sub-processor pursuant to Clause 5(b) and Clause 8(3) to the data protection supervisory authority if the data exporter decides to continue the transfer or to lift the suspension;
- To make available to the data subjects upon request a copy of the Clauses, and a summary description of the security measures, as well as a copy of any contract for sub-processing services which has to be made in accordance with the Clauses, unless
the Clauses or the contract contain commercial information, in which case it may remove such commercial information; - That, in the event of sub-processing, the processing activity is carried out in accordance with Clause 11 by a sub- processor providing at least the same level of protection for the personal data and the rights of data subject as the data importer
under the Clauses; and - That it will ensure compliance with Clause 4(a) to (i).
5. Obligations of the Data Importer
5.1 The data importer agrees and warrants:
- To process the personal data only on behalf of the data exporter and in compliance with its instructions and the Clauses; if it cannot provide such compliance for whatever reasons, it agrees to inform promptly the data exporter of its inability
to comply, in which case the data exporter is entitled to suspend the transfer of data and/or terminate the contract; - That it has no reason to believe that the legislation applicable to it prevents it from fulfilling the instructions received from the data exporter and its obligations under the contract and that in the event of a change in this legislation which
is likely to have a substantial adverse effect on the warranties and obligations provided by the Clauses, it will promptly notify the change to the data exporter as soon as it is aware, in which case the data exporter is entitled to suspend
the transfer of data and/or terminate the contract;