Deutsch
English
Français
Italiano
Español
Magyar
Srpsko hrvatski
Data Protection Agreement
Data Protection Agreement
The Contractor shall use any of the Client’s personal data required for carrying out his contractual duties only to the extent necessary to fulfil this agreement or to optimise his services. According to the existing technical possibilities, the Contractor will implement data security measures – to the extent economically viable – which are appropriate to protect data against loss or accidental or unlawful destruction. In particular, he shall ensure that this data is protected against any unauthorised access by third persons, and that any persons with access to this data – including service providers – take the same measures. Data security measures are to be taken in order to guarantee, in particular, the confidentiality, integrity and availability of data. This includes, but is not limited to measures to mitigate damage caused by force majeure, unlawful behaviour, technical failure or deliberate actions; measures to reconstruct programmes and data; measures to protect against data and programme manipulation; measures to achieve the independence of IT staff, and measures to mitigate operational risks and general operation errors. Any such risks are to be mitigated by organisational, staff-related, technical and architectonic measures, in particular, by explicitly determining the distribution of tasks and duties; by limiting the use of data to the existence of a valid order; by notifying staff of their responsibilities and obligations under the Data Protection Law of the Federal Republic of Austria (Datenschutzgesetz 2000); by closed shop operations in the computer processing centre; by watching and monitoring equipment during operating hours and by means of preventive equipment maintenance; by limiting access to data; by regularly controlling data security measures in terms of their technological state-of-the-art and their functionality/effectiveness; by documenting any measures taken in a data security handbook.
Any data security measures shall be implemented either by the Contractor, his staff and or any service providers commissioned by him.
The Contractor, his staff and any service providers commissioned by him shall keep confidential any information disclosed to them by the nature of their occupation, provided there is no legally justified reason for submitting any data disclosed or made accessible to them.This data protection agreement shall coexist with and complement any legal and contractual stipulations on non-disclosure. The Contractor may contract out any of his obligations to third parties (service providers), yet shall be held responsible and liable for their actions, as for his own conduct or acts. The service providers commissioned by the Contractor are to be bound by the same data protection rules which bind the Contractor, in particular, art 14 and 15 of the Data Protection Law of the Federal Republic of Austria. In the event that the Contractor outsources services to third parties (service providers according to art 4 line 5 of the Data Protection Law of the Federal Republic of Austria), the Contractor is obliged to obtain all authorisations from the data protection committee, which are deemed to be necessary. Any of the above-mentioned stipulations notwithstanding, the Contractor shall make backups and copies of all outsourced data every 24 hours, which are to be stored in Austria. IN CASE OF ANY DIRECT OR INDIRECT HARM CAUSED BY DATA LOSS OR MANIPULATION, THE CONTRACTOR MAY ONLY BE HELD RESPONSIBLE OR LIABLE IF HE DID NOT MAKE THESE BACKUPS OR COPIES. IF ANY DATA BEYOND THIS 24-HOUR TIME FRAME SHOULD BE RECOVERED CLIENT HAS TO EXCLUSIVELY BEAR THE COSTS THEREOF. Pursuant to art 24 para 2a of the data protection law of the Federal Republic of Austria, the contractor shall notify the Client forthwith of any systematic and serious illegal data applications insofar as they concern the Client.