πŸ“™ Guidelines for Data Subprocessors
Noon avatar
Written by Noon
Updated over a week ago

The following guidelines are intended for data subprocessors to ensure compliance with the General Data Protection Regulation (GDPR):

1. Obtain written consent: Prior to processing any data, the subprocessor must obtain written consent from Noon at Work B.V. outlining the purpose and duration of the data processing.

2. Protect personal data: Subprocessors must protect personal data in accordance with the GDPR. This includes implementing appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data.

3. Inform Noon at Work B.V. of data breaches: In the event of a data breach, the subprocessor must immediately inform Noon at Work B.V. and provide all necessary details about the breach.

4. Assist Noon at Work B.V. with data subject requests: The subprocessor must assist Noon at Work B.V. in responding to data subject requests, including providing access, rectification, erasure, and restriction of processing.

5. Ensure lawful basis for data processing: The subprocessor must ensure that it has a lawful basis for processing personal data, such as consent or legitimate interests, as outlined in the GDPR.

6. Subcontracting: If the subprocessor intends to subcontract any processing activities, it must obtain prior written authorization from Noon at Work B.V.

7. Retention and deletion: The subprocessor must only retain personal data for as long as necessary to fulfill the purpose of the processing and must delete or return all personal data to Noon at Work B.V. upon termination of the processing.

8. Compliance with Noon at Work B.V. policies: The subprocessor must comply with all relevant policies and procedures established by Noon at Work B.V. regarding personal data processing.

9. Record keeping: The subprocessor must maintain detailed records of all data processing activities, including the purposes of the processing, categories of personal data, recipients of the data, and any transfers of personal data outside of the European Economic Area.

10. Audits: The subprocessor must allow Noon at Work B.V. to audit its processing activities to ensure compliance with the GDPR and these guidelines.

By following these guidelines, data subprocessors working with Noon at Work B.V. can ensure compliance with the GDPR and protect personal data.

Did this answer your question?