Where you, as a Data Controller, engage the services of Laztech, we will act as a Data Processor on your behalf. In doing so we will:
- Only process personal data under the Contract in accordance with your reasonable written instructions and in accordance with applicable Data Protection Legislation
- Adopt appropriate technical and organisational measures against accidental disclosure, loss or destruction of personal data
- Inform you promptly in the event of unauthorised disclosure, loss or destruction of any personal data processed on your behalf
- Refer to you any requests, notice, or other communication from data subjects, the Office of the Data Protection Commission or any other law enforcement agency relating to personal data processed on your behalf
- Ensure that all Laztech personnel processing personal data are under an obligation of confidentiality
- Make available reasonable information necessary to demonstrate compliance with our Data Protection Obligations
- Make available such information and assistance as is reasonably necessary for you to comply with your obligations to respond to requests for exercising the data subject’s rights, to report data breaches and to conduct Data Protection Impact Assessments and prior consultation with Data Protection Authorities
- Comply with our obligations to you in respect of sub-processing and Third Country transfers
- Delete or return all personal data processed on your behalf where these is no legal basis for use to retain this data, upon termination of any services provided by us to you.