DPA ACCESSION AGREEMENT
This DPA accession agreement is for entering into Data Processing Agreement (“DPA”) publicly available at https://yandex.com/legal/dpa.
1. THE ROLE OF EACH PARTY
as data controller or data processor
| Controller(s): | Processor(s): | ||
| Name | Name | ||
| Address | Address | ||
| Contact person’s name, position and contact details | Contact person’s name, position and contact details | ||
| Controller(s): | Processor(s): | ||
| Name | Name | ||
| Address | Address | ||
| Contact person’s name, position and contact details | Contact person’s name, position and contact details | ||
2. DESCRIPTION OF THE PROCESSING
| Categories of data subjects whose personal data is processed | |
| Categories of personal data processed | |
| Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
| |
| Nature of the processing
| |
| Purpose(s) for which the personal data is processed on behalf of the controller
| |
| Duration of the processing | |
| For processing by (sub-) processors, also specify subject matter, nature and duration of the processing
|
| Categories of data subjects whose personal data is processed | |
| Categories of personal data processed | |
| Sensitive data processed (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
| |
| Nature of the processing
| |
| Purpose(s) for which the personal data is processed on behalf of the controller
| |
| Duration of the processing | |
| For processing by (sub-) processors, also specify subject matter, nature and duration of the processing
|
3. TECHNICAL AND ORGANISATIONAL MEASURES
Technical and organisational security measures implemented by the processor(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, as well as the risks for the rights and freedoms of natural persons.
| Measures of pseudonymisation and encryption of personal data |
| Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services |
| Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident |
| Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing |
| Measures for user identification and authorization |
| Measures for the protection of data during transmission |
| Measures for the protection of data during storage |
| Measures for ensuring physical security of locations at which personal data are processed |
| Measures for ensuring events logging |
| Measures for ensuring system configuration, including default configuration |
| Measures for internal IT and IT security governance and management |
| Measures for certification/assurance of processes and products |
| Measures for ensuring data minimisation |
| Measures for ensuring data quality |
| Measures for ensuring limited data retention |
| Measures for ensuring accountability |
| Measures for allowing data portability and ensuring erasure] For transfers to (sub-) processors, alsodescribe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller |
| Description of the specific technical and organisational measures to be taken by the processor to be able to provide assistance to the controller. |
| Measures of pseudonymisation and encryption of personal data |
| Measures for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services |
| Measures for ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident |
| Processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures in order to ensure the security of the processing |
| Measures for user identification and authorization |
| Measures for the protection of data during transmission |
| Measures for the protection of data during storage |
| Measures for ensuring physical security of locations at which personal data are processed |
| Measures for ensuring events logging |
| Measures for ensuring system configuration, including default configuration |
| Measures for internal IT and IT security governance and management |
| Measures for certification/assurance of processes and products |
| Measures for ensuring data minimisation |
| Measures for ensuring data quality |
| Measures for ensuring limited data retention |
| Measures for ensuring accountability |
| Measures for allowing data portability and ensuring erasure] For transfers to (sub-) processors, alsodescribe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller |
| Description of the specific technical and organisational measures to be taken by the processor to be able to provide assistance to the controller. |
4. LIST OF SUB-PROCESSORS
The controller has authorised the use of the following sub-processors:
| 1 | Name | |
| Address | ||
| Contact person’s name, position and contact details | ||
| Description of the processing (including a clear delimitation of responsibilities in case several sub-processors are authorised) | ||
| 2 | Name | |
| Address | ||
| Contact person’s name, position and contact details | ||
| Description of the processing (including a clear delimitation of responsibilities in case several sub-processors are authorised) | ||
| 3 | Name | |
| Address | ||
| Contact person’s name, position and contact details | ||
| Description of the processing (including a clear delimitation of responsibilities in case several sub-processors are authorised) |
| 1 | Name | |
| Address | ||
| Contact person’s name, position and contact details | ||
| Description of the processing (including a clear delimitation of responsibilities in case several sub-processors are authorised) | ||
| 2 | Name | |
| Address | ||
| Contact person’s name, position and contact details | ||
| Description of the processing (including a clear delimitation of responsibilities in case several sub-processors are authorised) | ||
| 3 | Name | |
| Address | ||
| Contact person’s name, position and contact details | ||
| Description of the processing (including a clear delimitation of responsibilities in case several sub-processors are authorised) |
5. SIGNATURES
| Controller | Processor | ||
| Name | Name | ||
| Signature | Signature | ||
| Accession date | Accession date | ||
| Controller | Processor | ||
| Name | Name | ||
| Signature | Signature | ||
| Accession date | Accession date | ||
Date of publication: 06.09.2021