Processor Agreement

Transfers of personal data from a data controller to a data processor must be secured by a contractual agreement. The contract must stipulate that the data processor shall act only on instructions from the data controller. The data processor must provide sufficient guarantees in respect of the technical security measures and organizational measure governing the processing to be carried out, and must ensure compliance with such measures.