Undervisningsudvalget 2018-19 (1. samling)
UNU Alm.del
Offentligt
AWS GDPR DATA PROCESSING ADDENDUM
This Data Processing Addendum (“DPA”) supplements the AWS Customer Agreement available at
http://aws.amazon.com/agreement,
as updated from time to time between Customer and AWS, or other
agreement between Customer and AWS governing Customer’s use of the Service Offerings (the
“Agreement”) when the GDPR applies to your use of the AWS Services to process Customer Data. This
DPA is an agreement between you and the entity you represent (“Customer”, “you” or “your”) and the
applicable Amazon Web Services contracting entity under the Agreement (“AWS”). Unless otherwise
defined in this DPA or in the Agreement, all capitalised terms used in this DPA will have the meanings
given to them in Section 17 of this DPA.
1.
Data Processing.
1.1
Scope and Roles.
This DPA applies when Customer Data is processed by AWS. In this
context, AWS will act as “processor” to Customer who may act either as “controller” or
“processor” with respect to Customer Data (as each term is defined in the GDPR).
Customer Controls.
The Services provide Customer with a number of controls, including
security features and functionalities, that Customer may use to retrieve, correct, delete
or restrict Customer Data as described in the Documentation. Without prejudice to
Section 5.1, Customer may use these controls as technical and organisational measures
to assist it in connection with its obligations under the GDPR, including its obligations
relating to responding to requests from data subjects.
Details of Data Processing.
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.4
2.
1.2
1.3
Subject matter.
The subject matter of the data processing under this DPA is
Customer Data.
Duration.
As between AWS and Customer, the duration of the data processing
under this DPA is determined by Customer.
Purpose.
The purpose of the data processing under this DPA is the provision of
the Services initiated by Customer from time to time.
Nature of the processing:
Compute, storage and such other Services as described
in the Documentation and initiated by Customer from time to time.
Type of Customer Data:
Customer Data uploaded to the Services under
Customer’s AWS accounts.
Categories of data subjects:
The data subjects may include Customer’s
customers, employees, suppliers and end-users.
Compliance with Laws.
Each party will comply with all laws, rules and regulations
applicable to it and binding on it in the performance of this DPA, including the GDPR.
Customer Instructions.
The parties agree that this DPA and the Agreement (including the
provision of instructions via configuration tools such as the AWS management console and APIs
made available by AWS for the Services) constitute Customer’s documented instructions
regarding AWS’s processing of Customer Data (“Documented
Instructions”).
AWS will process
Customer Data only in accordance with Documented Instructions. Additional instructions outside
the scope of the Documented Instructions (if any) require prior written agreement between AWS
1
AWS GDPR Data Processing Addendum
AMAZON CONFIDENTIAL