We expect from our vendors and external parties processing personal data to be well prepared and have sufficient expertise, experience, and resources to process personal data in a compliant way and to be able to provide us with assurance and legally binding commitments regarding the same before personal data is shared and processed.
This includes, but is not limited to:
- providing the relevant documentation and information regarding operations involving personal data and related compliance requirements (such as e.g., privacy notices or policies, where relevant, contract templates, as well as specific contractual terms and provisions), destination countries for personal data, specific risks, and measures to ensure security and compliance
- being able to demonstrate having in place sufficiently trained personal with dedicated privacy and security responsibilities
- contributing to our Transfer Impact Assessment process as well as being able to share the relevant assessment from their own side (vendor/external party side)
- working with Accelleron in good faith to negotiate and sign appropriate contractual provisions, including, where relevant, data protection or data processing agreement with appropriate additional standard clauses, so as to ensure compliance, protect the privacy, and, at the same time, provide reasonable and just balance between rights and obligations of both parties (although we use on number of occasions our own templates we expect our vendors to be able to share their own contract templates in advance so as to assess their level of privacy compliance preparedness)
- openness regarding the technical and process set up and willingness to collaborate with our privacy and information security team to implement specific measures and adjustments to protect personal data and privacy of individuals.