Sinch implements the measures described in this appendix, provided that the measures can contribute, directly or indirectly, to the protection of personal data within the framework of the SA concluded between the parties to the data processing or contribute to the protection of personal data. Sinch`s technical and organizational measures are based on the state of the art, implementation costs and the nature, scope, circumstances and purpose of treatment, and the likelihood and seriousness of the risk to the rights and freedoms of individuals. Technical and organisational measures are subject to technical progress and development. In this regard, Sinch is authorized to implement other appropriate measures. The level of safety must be consistent with best practices in industrial safety and no less than the measures described in this procedure. All important changes must be compatible and documented with the customer. 1. The data importer cannot outsource the processing carried out on behalf of the data exporter in accordance with the clauses without the prior written consent of the data exporter. If the data importer signs its obligations under the clauses with the agreement of the data exporter, it does so only through a written agreement with the subcontract, which imposes on the subcontractor the same obligations as those imposed on the data importer under the clauses. If the subcontractor does not comply with its data protection obligations under such a written agreement, the data importer is fully liable to the data exporter for the performance of the subprocessing obligations arising from this agreement. 2. The prior written contract between the data importer and the subprocessor also provides for a third-party clause under clause 3 for cases: in which the person concerned is unable to claim the damages covered in paragraph 6 of paragraph 6 of this article against the data exporter or importer on the grounds that they have disappeared, that they are no longer insolvent or insolvent and that no successor organization has contractually or by law assumed all the legal obligations of the data exporter or data importer.
This liability of one-third of the subprocessor is limited to its own processing operations in accordance with the clauses. 3. Data protection provisions for the sub-treatment of the contract covered in paragraph 1 are governed by the law of the Member State in which the data extract is drawn up. 4. The data exporter keeps a list of sub-processing agreements concluded in accordance with the clauses and communicated by the data importer in accordance with point 5, point j), which are updated at least once a year. The list is subject to the data protection regulator of the data exporter. The data importer accepts and guarantees: (a) processing personal data only on behalf of the data exporter and in accordance with its instructions and clauses; if, for whatever reason, it is unable to comply, it undertakes to immediately inform the data exporter of its inability to comply, in which case the data exporter is authorized to suspend the transfer of data and/or terminate the contract; (b) that it has no reason to believe that the current legislation prevents it from complying with the instructions received from the data exporter and its contractual obligations and that, in the event of a change in this legislation that could have a material negative effect on the safeguards and obligations in the clauses, it will immediately inform the exporter as soon as it becomes aware of it, in which case the data exporter is allowed to suspend the data transmission; (c) that it implemented the technical and organizational security measures covered by Appendix 2 prior to the processing of personal data transmitted; (d) promptly inform the data exporter of the following issues: (i) any legally binding request for disclosure of personal data by a law enforcement agency, unless otherwise prohibited, such as a criminal prohibition. B aimed at