176
3.1.2
Clarification of the process for future price adjustments.
3.1.3
Detailed description of the options in the case of disruptions such
as deductions, penalties and damages, service credits.
3.1.4
Detailed description of the provisions in the event of a dispute on
service delivery or delayed payment. Exclusion of rules regarding
deletion of the customer's data, without the express consent of
the customer.
4
Cloud service security
List all essential information and necessary regulations important for the
security of the customer's data in a Cloud service in this content area.
4.1
Rules relating to data protection
4.1.1
The following items must be stated in sufficient detail in the
contract to ensure data proetction compliance: Description of the
service in terms of data protection aspects, description of the
scope, nature and purpose of the planned data acquisition,
processing or use; the nature of the data and the affected
persons; definition of the processing duration and deletion of the
data.
4.1.2
Statement of the rule control of personal data (register entry). In
particular, naming of contact persons within the contractor's
organisation, and for all subcontractors, who are available to the
purchaser for all aspects of data protection. These issues relate, in
particular, to providing support in exercising rights of affected
parties (information, permission, deletion of affected party's
data).
4.1.3
Statement of how the employees of the contractor and all
subcontractors, who could have access to the data, will be bound
to maintain data secrecy and observe other applicable
confidentiality regulations.
Agreement on the responsibilities between the purchaser, who
bears the fundamental data protection responsibility, and the
contractor who is responsible for the implementation of data
protection instructions from the purchaser and must establish the
technical protection measures, etc.
