Where you, as a Data Controller, engage the services of Cyclone, we will act as Data Processors on your behalf. In doing so, we will: -

• Only process personal data under the Contract in accordance with your reasonable written instructions and in accordance with applicable Data Protection Legislation
• Adopt appropriate technical and organisational measures against accidental disclosure, loss or destruction of personal data
• Inform you promptly in the event of unauthorised disclosure, loss or destruction of any personal data processed on your behalf
• Refer to you any requests, notices or other communication from data subjects, the Office of the Data Protection Commissioner or any other law enforcement agency relating to personal data processed on your behalf
• Ensure that all Cyclone  personnel processing personal data are under an obligation of confidentiality
• Make available reasonable information necessary to demonstrate compliance with our Data Protection Obligations
• Make available such information and assistance as is reasonably necessary for you to comply with your obligations to respond to requests for exercising the data subject’s rights, to report personal data breaches and to conduct Data Protection Impact Assessments and Prior Consultation with Data Protection Authorities
• Comply with our obligations to you in respect of sub-processing and Third Country Transfers.
• Delete or return all personal data processed on your behalf, upon the termination of any services provided by us to you