This Agreement ("Agreement") incorporates the standard contractual clauses set forth in Commission Implementing Decision (EU) 2021/914 of 4 June 2021, providing a basis for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 ("GDPR"). This Agreement governs the relationship between MultCloud users ("Data Controller") and MultCloud ("Data Processor").
1.1. The Data Processor (MultCloud) shall process personal data solely on the instructions of the Data Controller (user) and solely for the purpose of providing the services offered by the MultCloud platform.
2.1. The Data Processor shall:
· Process personal data (e.g., email addresses, usernames, and phone numbers) solely for account identification and multi-factor authentication to ensure secure access to the MultCloud platform, or process personal data only in accordance with documented instructions from the Data Controller.
· Ensure that all personal data is encrypted and secure at all times.
· Comply with all applicable GDPR requirements and cooperate fully with the Data Controller to ensure compliance.
2.2. The Data Processor agrees not to disclose or transfer personal data to any third party unless explicitly authorized by the Data Controller or required by law.
3.1. The Data Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks, including:
· Encrypting personal data during transfer and storage.
· Regularly testing and assessing security measures.
· Restricting access to personal data to authorized personnel only.
3.2. The Data Processor shall promptly notify the Data Controller upon becoming aware of any personal data breach.
4.1. The Data Processor shall not engage any sub-processors without the prior written consent of the Data Controller.
4.2. Where sub-processors are engaged, the Data Processor shall ensure that the same data protection obligations set out in this Agreement are imposed on the sub-processors by way of a binding contract.
5.1. The Data Processor shall assist the Data Controller in responding to data subject requests to exercise their rights under GDPR, including access, rectification, erasure, restriction of processing, data portability, and objection to processing.
6.1. All data transfers to the United States shall comply with GDPR and the standard contractual clauses specified in this Agreement.
6.2. The Data Processor shall ensure that transferred data remains adequately protected through encryption and adherence to this Agreement.
7.1. The Data Controller and Processor shall cooperate to ensure that data subjects can exercise their rights under GDPR, including:
· The right to access their personal data.
· The right to rectification, erasure, or restriction of processing.
· The right to data portability.
· The right to lodge a complaint with a supervisory authority.
8.1. Upon termination of the Agreement, the Data Processor shall, at the choice of the Data Controller, delete or return all personal data and certify that this has been done.
9.1. This Agreement shall be governed by the laws of the European Union and the selected Member State jurisdiction.
For any questions regarding these SCCs or the processing of personal data, please contact MultCloud at:
Email: [email protected]
By using MultCloud’s services, the Data Controller acknowledges and agrees to these SCCs, ensuring compliance with GDPR and the lawful processing of personal data in third countries.