Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

      2. Data subjects’ rights

    1. Insofar as possible and insofar as personal data specified under Paragraph 5 of this DPA are affected, ResearchGate shall, within its technical and organizational capabilities, assist the Controller in complying with the rights of data subjects according to Chapter 3 GDPR.
    2. If a data subject contacts ResearchGate directly with regard to any data subject rights, it is ResearchGate’s sole responsibility to forward the enquiry to Controller.


      3. Monitoring duties

ResearchGate shall organize its business and operations in such way that the data processed on behalf of the Controller is secured to the extent necessary in each case and protected from unauthorized access by third parties.

    1. ResearchGate has appointed a Data Protection Officer: Jay Monahan, privacy@researchgate.net.

 

     4. Information duties

    1. ResearchGate will inform the Controller immediately if, in its opinion, an instruction issued by the Controller violates legal regulations. In such cases, ResearchGate shall be entitled to suspend execution of the relevant instruction until it is confirmed or changed by the Controller. However, ResearchGate is under no obligation to perform a comprehensive legal examination with respect to Controller’s instructions.
    2. Taking into account the nature of processing and the information available to ResearchGate, ResearchGate shall assist the Controller to comply with the obligations of Articles 32 to 36 GDPR.
    3. In the event that ResearchGate establishes or reasonably believes that there herein relevant personal data processed by ResearchGate has, due to a breach of security, led to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed on behalf of the Controller, ResearchGate shall promptly, and without undue delay, however not later than seventy-two hours after becoming aware of the relevant facts, inform the Controller by email. ResearchGate shall also inform the Controller via email of the following information, without delay as such information becomes available:
      1. the nature of the personal data breach, including, where possible, the categories and approximate number of affected data subjects and categories and approximate number of affected personal data records;
      2. the likely consequences of the personal data breach;
      3. measures taken or proposed to be taken by ResearchGate to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects; and
      4. any other reasonably available information that could help the Controller independently assess any of the above.


     5. Location of processing

...