# Annex A: Technical and Organisational measures **ANNEX A : TECHNICAL AND ORGANISATIONAL MEASURES INCLUDING TECHNICAL AND ORGANISATIONAL MEASURES TO ENSURE THE SECURITY OF THE DATA** **Description of the technical and organisational measures implemented by the data importer(s) (including any relevant certifications) to ensure an appropriate level of security, taking into account the nature, scope, context and purpose of the processing, and the risks for the rights and freedoms of natural persons.** Data importer will implement and maintain the technical and organisational measures to adequately protect the data exporter’s Personal Data as further described in the DPA. Data exporter understands and agrees that these technical and organisational measures are subject to technical progress and development and Scaleflex is therefore expressly allowed to implement adequate alternative measures as long as the general security level described in the DPA is maintained. **For transfers to (Sub-) Processors, also describe the specific technical and organisational measures to be taken by the (sub-) processor to be able to provide assistance to the controller and, for transfers from a Processor to a Sub-Processor, to the data exporter.** Scaleflex selects its Sub-Processors very carefully, all of which undergo stringent security assessments and intakes. Scaleflex has imposed on them data protection obligations that correspond to the data protection provisions in the contractual relationship between Customer and Scaleflex. Taking into account the state of the art, costs of implementation, and nature of the processing, our Sub-Processors shall maintain appropriate technical and organisational measures to protect Personal Data against accidental, unauthorised, or unlawful destruction, loss, alteration, disclosure, and access (“Security Measures”), including, as appropriate: (a) the pseudonymisation and encryption of Personal Data; (b) the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of Processing systems; (c) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; and (d) the regular maintenance, testing, assessment, evaluation, and updating of the effectiveness of the Security Measures. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://legal.scaleflex.com/privacy-and-data-processing/global-privacy-policy/data-privacy-addendum/annex-a-technical-and-organisational-measures.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.