Seite 176 - Cloud Migration Version 2012 english

176 
3.1.2 
Clarification of the process for future price adjustments. 
3.1.3 
Detailed description of the options in the case of disruptions such 
as deductions, penalties and damages, service credits. 
3.1.4 
Detailed description of the provisions in the event of a dispute on 
service delivery or delayed payment. Exclusion of rules regarding 
deletion of the customer's data, without the express consent of 
the customer. 
Cloud service security 
List all essential information and necessary regulations important for the 
security of the customer's data in a Cloud service in this content area.  
4.1 
Rules relating to data protection 
4.1.1 
The following items must be stated in sufficient detail in the 
contract to ensure data proetction compliance: Description of the 
service in terms of data protection aspects, description of the 
scope, nature and purpose of the planned data acquisition, 
processing or use; the nature of the data and the affected 
persons; definition of the processing duration and deletion of the 
data. 
4.1.2 
Statement of the rule control of personal data (register entry). In 
particular, naming of contact persons within the contractor's 
organisation, and for all subcontractors, who are available to the 
purchaser for all aspects of data protection. These issues relate, in 
particular, to providing support in exercising rights of affected 
parties (information, permission, deletion of affected party's 
data). 
4.1.3 
Statement of how the employees of the contractor and all 
subcontractors, who could have access to the data, will be bound 
to maintain data secrecy and observe other applicable 
confidentiality regulations. 
Agreement on the responsibilities between the purchaser, who 
bears the fundamental data protection responsibility, and the 
contractor who is responsible for the implementation of data 
protection instructions from the purchaser and must establish the 
technical protection measures, etc.