4. Injury Notification – Subcontractors must notify the person in charge of treatment in accordance with the RGPD “immediately after the disclosure of a violation of personal data.” (Article 33, paragraph 2). The processing manager must report a data breach to the data protection authority within 72 hours of notification. In addition, Article 33, paragraph 3, of the RGPD contains a list of reporting obligations for violations that processing officials must include in their communication to the data protection authority: We insure the risks we take from special insurance companies (reinsurers). It may be necessary to pass on your contract and, if applicable, claims data to a reinsurer so that they can assess the risk or loss themselves. In addition, the reinsurer may help our company assess risks or services and evaluate procedures based on their specific expertise. We only pass on your data to the reinsurer to the extent that it is necessary to carry out our insurance contract with you or to the extent necessary to safeguard our legitimate interests. For more information on the reinsurers used, please see the following links: To the extent that consent is the legal basis, it is imperative that consent be given freely, that non-sensitive personal data be specific, informed and clear, and that the processing of sensitive data continues to require explicit consent. Silence, boxes checked in advance or inactivity are no longer considered valid consent.
The validity of consent expires as soon as consent is revoked or the purpose for which it was requested expires. 3. Compensation – Processors must be compensated for any treatment they harm others while engaged or, subsequently, when administering or processing the data of the processor. 6.2 Justikal has implemented an information security management system in accordance with the international ISO/CIS 27001 security standard, which is considered, in accordance with the agreement of the parties, as appropriate and maximum technical and organizational measures necessary to achieve the objectives of point 6.1. Justikal is committed to complying with equivalent safety requirements or standards for the duration of the data processing contract.