Gemalto's engagements as Data Processor


The following engagements (the "Engagements") apply to all personal data which is processed as part of the regular business activities of Gemalto in the course of providing services to customers as a data processor. They demonstrate Gemalto best practices on the processing and protection of personal data based on European General Data protection Regulation (Regulation (EU) 2016/679) (the "GDPR").

The term data processor means that Gemalto is receiving personal data collected by customer and entrusted to Gemalto to undertake on behalf of customer a certain service purchased by customer.

The Engagements 1 to 10 are captured in more details in a certain Data Processing Terms for Cloud Services available via the Data Privacy page .

Where customers rely upon these Engagements as providing adequate safeguards, a copy of Data Processing Terms for Cloud Services will be incorporated into the contract with those Customers.

The Engagements:

Engagement 1: Gemalto cooperates and assists customer to comply with its obligations under applicable data protection laws in a reasonable time and to the extent reasonably possible.

Engagement 2: As part of the Data Processing Terms for Cloud Services, Gemalto provides to customer a personal data processing form describing to customer how the personal data is being processed.

Engagement 3: Gemalto only uses the personal data on behalf of, and in accordance with the instructions of the customer.

Engagement 4: Gemalto assists customer to keep the personal data accurate and up to date.

Engagement 5: Gemalto assists customer to comply with the rights of individuals.

Engagement 6: Gemalto has put in place appropriate technical and organizational measures to safeguard personal information processed on behalf of a customer. Such measures are described in the data privacy guidelines included in the Data Processing Terms for Cloud Services.

Engagement 7: Gemalto will notify customer of any security breach in accordance with the terms of the Data Processing Terms for Cloud Services.

Engagement 8: Gemalto will ensure that sub-processors undertake to comply with provisions which are consistent with (i) the terms in the contract with customer and (ii) these Engagements and (iii) that the sub-processor will adopt appropriate and equivalent security measures.

Engagement 9: Gemalto will ensure that where it believes that the legislation applicable to it prevents it from complying with these engagements, Gemalto will promptly inform the customer.

Engagement 10: Gemalto will ensure that where it receives a legally binding request for disclosure of personal data, Gemalto will notify the customer promptly unless prohibited from doing so by a law enforcement authority.

Engagement 11: Gemalto is organized to ensure and oversee privacy compliance throughout its business.

Engagement 12: Gemalto provides appropriate training to employees who have permanent or regular access to personal data, who are involved in the collection of personal information or in the development of tools used to process personal data.

Engagement 13: Gemalto processing of personal data, even for test or trial purpose, shall be governed by a data processing agreement, in accordance with Article 28(3) of the GDPR.