It should be noted that the access of ONYX to the Personal Data will not be considered as a data communication since the access is necessary to provide a service to the Controller. However, it will be considered that data communication exists when the purpose of the access by ONYX is to establish a new link with the data subject.
– procure that any person acting under its authority who has access to Personal Data shall process the Personal Data only on and in accordance with the Customer documented instructions (“Processing Instructions”); and
– immediately inform the Customer of any legal requirement that would require ONYX to process the Personal Data otherwise than only on the Processing Instructions, or if any Customer instructions infringes DP Laws.
– such that the processing will meet the requirements of DP Laws and ensure the protection of the rights of data subjects;
– so as to ensure a level of security in respect of Personal Data processed by it is appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.