Delete or return all personal data to the data controller at the choice of the data controller, as requested at the time of termination of the agreement. any information concerning an identified or identifiable natural person; an identifiable natural person, a person who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person; Assist the data controller in fulfilling its GDPR obligations regarding processing security, notification of personal data breaches and data protection impact assessment. with regard to personal data, any person (with the exception of a member of the data controller) who processes the data on behalf of the data controller, who is accuRx in the case of this Agreement; This Agreement and its parts constitute written instructions from the Data Controller to the Processor to process the Personal Data in the manner described in Annex 1. The purposes of the treatment are only health and social. For the purposes of the above-mentioned processing, the type of processing may include, but is not limited: in both cases, as long as subscribers use their devices in the European Economic Area, all data is hosted and processed within the EEA, in accordance with NHS Cloud Security Best Practices guidelines in the fields of health and social services. the health and/or social welfare organisation that provides direct care and uses accuRx services to process data on patients in their care; any person to whom the data is disclosed in the context of data processing; The duration of the processing is the duration of this agreement. Immediately notify all customers of any information security breach or incident that may jeopardize personal data and special categories of personal data covered by this Agreement, as soon as they become aware of such an incident, taking into account legal requirements and deadlines for notification of breaches. The processor shall cooperate with the data controller in order to carry out a risk assessment and enable him to monitor and evaluate corrective measures. . . .