1. GENERAL
1.1 The Customer is the controller for all personal data processing using the Software, unless specified otherwise in this Agreement. Within the framework of the Services, the Supplier will process personal data on behalf of the Customer as the processor. The object of the processing, the duration, nature and purpose of the processing, the type of personal data and categories of data subject affected by the processing are described in further detail in the Appendix – Description of the processing of personal data in the Services. The Customer is liable to ensure that all such personal data processing takes place in compliance with the personal data legislation in force from time to time, including the General Data Protection Regulation (EU 2016/679) (‘Applicable Legislation’).
2. GENERAL OBLIGATIONS OF THE SUPPLIER
2.1 In its role as processor, the Supplier must only process personal data in accordance with written instructions from the Customer under this Agreement, and any other documented instructions given by the Customer from time to time. Other instructions may be given to the Supplier by email or on a separate form. Instructions should contain information equivalent to that in the appendix to this Data Processing Agreement.
2.2 If the Supplier lacks instructions which the Supplier considers essential to carry out its assignment, the Supplier must inform the Customer without delay and await further instructions. If the Supplier finds that instructions contravene the Applicable Legislation, the Supplier must inform the Customer without undue delay. If, in such case, the Customer fails to provide further instructions to the Supplier, the Supplier must ignore the instructions and notify the Customer that it has done so. If the Customer maintains the unlawful instructions, the Supplier is entitled to terminate the Agreement prematurely as specified in the General Terms and Conditions – Supplier Ease.