Skip to Content

Disclaimer

Disclaimer
MDS makes every effort to publish accurate information on the website. "Google Translate" is provided as a free tool for visitors to read content in one's native language. Translations are not guaranteed to be 100% accurate. Neither MDS nor its employees assume liability for erroneous translations of website content.

 

International Congress of Parkinson’s Disease and Movement Disorders ®

Congress

Agreement for Processing MDS Data

The Details of Processing  

Subject Matter 

Sharing contact information for the International Congress of Parkinson’s Disease and Movement Disorders® with Company 

Duration 

The contract is authorized for ongoing use and can be cancelled by either party 

What processing is being done 

For the International Congress, Company will have access by either a registrant list shared by MDS, by the virtual platform’s exhibit metrics portal, or by report(s) provided by MDS, to the personal contact information of attendees who have registered for the Congress, or who visit the Company’s virtual Exhibit or sponsored session page and have opted in during their registration to share such information  

Purpose 

For Company to be able to contact MDS International Congress attendees to share their product/Company information and offer further assistance 

Type of personal data 

Attendee name, credentials, city/country/postal code, designation/title, institution/company, primary role, email address  

Categories of data subjects 

Attendees of the International Congress who registered for the Congress in person, who registered for the virtual platform only, or who visit the Company virtual Exhibit or sponsored session page 

 

 

This Data Processing Agreement is between the Data Controller (The International Parkinson and Movement Disorder Society/“MDS”/”us”) and the Data Processor (“Company”/”you”):  

Company Name:

Specific Terms/Clauses 

  1. Process only on the written instructions of MDS
    Company may only process personal data in accordance with MDS written instructions, unless required to do so by law, in which case you need to tell MDS what you are required to do by law, before you do it, unless the law prevents you from being told for reasons of important public interest. 

  1. Duty of confidence 
    Company must obtain a commitment of confidentiality from anyone with whom you allow to process the personal data, unless you are already under such a duty by law. This includes, but is not limited to, your employees, temporary and agency workers. 

  1. Appropriate security measures 
    Company must adopt appropriate technical and organizational measures to ensure the security of personal data processing, including encryption, pseudonymization, resilience of processing systems and back-ups, and all other requirements listed in Article 32 of the General Data Protection Regulation (“GDPR”). 

  1. Using sub-processors 
    Company may not employ another processor without MDS’s prior specific or general written authorization. If MDS provides a general authorization, you must inform MDS of any intended changes regarding the addition or replacement of other processors so that MDS has an opportunity to object to those changes. 

If you employ another processor, then you must impose the contract terms of this contract and that are required by Article 28.3 of the GDPR on the sub-processor to ensure that the sub-processor meets the requirements of the GDPR. You will also be liable to MDS for the compliance of the sub-processor. 

  1. Data Subject Rights 
    Company must assist MDS in meeting its obligation to respond to requests by data subjects exercising their rights under Chapter III of the GDPR by having appropriate technical and organizational measures in place. 

  1. Assisting the Controller 
    Company must assist MDS in its obligation to keep personal data secure, under Article 32 of the GDPR. 

Company must inform MDS of a personal data breach without undue delay after becoming aware of it and assist us in our obligation to notify breaches to the Supervisory Authority, under Article 33 of the GDPR. 

Company must assist MDS in advising data subjects when there has been a personal data breach, under Article 34 of the GDPR. 

Company must assist MDS in its obligation to carry out data protection impact assessments (DPIAs), under Article 35 of the GDPR. 

Company must assist MDS in consulting with the Supervisory Authority where its DPIA indicates there is an unmitigated high risk to the processing, under Article 36 of the GDPR. 

  1. End of contract provisions 
    At the end of the contract, Company must either delete or return, as specified by MDS, all the personal data you have been processing for us. 

An exception to this general rule will apply if the personal data is to be retained by law. 

  1. Audits and inspections 
    Company must provide MDS with all the information that is needed to show that all parties have met the obligations of Article 28 of the GDPR. 

Company must submit and contribute to audits and inspections that MDS, or another auditor appointed by us, carries out. 

Company must tell MDS immediately if you think you have been given an instruction which doesn’t comply with the GDPR, or related data protection law. 

  1. Your obligations 
    Nothing within this contract relieves Company of its own direct responsibilities and liabilities under the GDPR. If Company fails to meet any of these obligations or act outside or against MDS’s instructions, then you may be liable to pay damages in legal proceedings or be subject to fines or other penalties or corrective measures. 

Company may be able to claim back part of the compensation paid for MDS’s share of liability. 

Company will not be liable if you can prove you were not in any way responsible for the event giving rise to the damage. 

 

AGREED

Company Representative Name:

Date: