BACKGROUND, PURPOSE AND DEFINITIONS Clause Samples

BACKGROUND, PURPOSE AND DEFINITIONS. The parties to this Data Processing Agreement have entered into an agreement of “Avtale om vikartjenester og rekruttering”. This Data Processing Agreement shall govern the Processor’s rights and obligations with regard to all Processing of Personal Data on behalf of the Controller under the Agreement. This agreement replaces previous agreements regarding data processing. Processor will Process Personal Data as specified and for purposes described in Annex 1 to the state of processing of agreement. For the purposes of this Data Processing Agreement, the Customer will be considered the controller ("Controller") who determines the purposes and means of the processing in accordance with applicable data protection legislation, and the Supplier will be considered the processor ("Processor"), meaning the legal entity Processing Personal Data on behalf of the Controller. When fulfilment of the Agreement will involve Processing of Personal Data (as defined below) it will be subject to statutory provisions and obligations under relevant data protection legislation. The Controller is a legal entity established in the European Economic Area (the "EEA"), therefore relevant data protection legislation will include the EU-Regulation 2016/679 as amended from time to time (the "Regulation") and all relevant national legislation including national implementations of the Directive. The Data Processing Agreement fulfills the requirements set down in the Regulation from the date it enters into force in Norway. The parties agree to amend this Data Processing Agreement to the extent necessary due to any mandatory new requirements according to the Norwegian implementation of the Regulation.

BACKGROUND, PURPOSE AND DEFINITIONS. The Parties to this Data Processing Agreement are defined in Appendix 1. This Data Processing Agreement governs each Party’s rights and obligations, in order to ensure that all processing of personal data is conducted in compliance with applicable data protection legislation, including EU Regulation 2016/679 (“GDPR”) and its applicable national implementation from its effective date. Processor will process personal data in order to deliver services under the Agreement, as specified in Appendix 1. The ultimate recipient of the services will be EPIM or EPIM's customers. EPIM's terms regarding processing of personal data are published on ▇▇▇.▇▇▇▇.▇▇/▇▇▇▇▇ and ▇▇▇.▇▇▇▇.▇▇/▇▇▇▇▇▇▇. To the extent this Data Processing Agreement refers to documents published on ▇▇▇.▇▇▇▇.▇▇/▇▇▇▇▇ and ▇▇▇.▇▇▇▇.▇▇/▇▇▇▇▇▇▇, they shall be considered an integrated part of the Data Processing Agreement. EPIM may make changes to the documents published on ▇▇▇.▇▇▇▇.▇▇/▇▇▇▇▇ and ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇/privacy on at least 30 days’ prior notice. EPIM shall involve both the Controller and/or the Processor when making changes to documents which may affect delivery of the Processor's services. The subject-matter, nature and purpose of the processing, the types of personal data and the categories of data subjects involved are specified in Appendix 1. When this Data Processing Agreement is used in delivery of services by a data processor's sub- contractor (or further down the contractor chain), the term Controller will refer to the data processor and the term Processor to the data processor's sub-contractor. The ultimate data controller (EPIM or EPIM's customer) will also have such rights as the Controller has in this Data Processing Agreement regarding the personal data for which they are the controller, and the data controller may choose to invoke and enforce their and the Controller's rights directly towards the Processor.

BACKGROUND, PURPOSE AND DEFINITIONS. When purchasing services from Service Works Global Nordic (the "Services") according to our agreement with you (the "Agreement"), we may process personal data as defined below on your behalf as a Data Processor. These data processing terms constitute a data processing agreement (the "Data Processing Agreement") between you as the Data Controller and us as a Data Processor, and ensures that our processing of Personal Data is in accordance with applicable laws governing the processing of Personal Data. The Data Processor will handle Personal Data in any content the Data Controller uploads by using the Service for the sole purpose of storage of data, archiving, providing server and hosting services and otherwise providing the Services in accordance with the Agreement. The data may concern any data subject that the Data Controller uploads Personal Data about by using the Services, for example: • Data Controller's employees: Name, address, contact details • Data Controller's customers, contractors and partners: Name, Address, Contact Information For the avoidance of doubt, it is the Data Controller's sole responsibility to ensure that there is a legal basis for the processing of any Personal Data uploaded in any content by using the Service. Processing of Personal Data (as defined below) is subject to requirements and obligations pursuant to law. When Data Controller represents a business established in the European Economic Area (EEA), relevant legislation on the processing of Personal Data is EU Regulation 2016/679. The Parties agree to revise this Data Processing Agreement to the extent required by any mandatory new requirements.

BACKGROUND, PURPOSE AND DEFINITIONS. The parties to this Data Processing Agreement have entered into an agreement ("Agreement") for the provision of agreed services. The Data Controller determines the purpose and aims for treatment in accordance with current legislation on the processing of personal data. The Data Procesor processes personal information on behalf of the Data Controller. This Data Processing Agreement governs Data Processor's rights and obligations to ensure that all processing of Personal Data is in accordance with applicable laws governing the processing of personal data. The Data Processor will handle Personal Data in one or more of the following ways: (Examples) Storage of data, archiving, server and hosting services in accordance with the agreement. Data Processor may have access to the following personal information: (Examples) • Employees: Name, address, contact details • Customers: Name, Address, Contact Information, Credit Reviews, Purchase History, • Suppliers/Contractors: Name, address, contact details, skills Processing of Personal Data (as defined below) is subject to requirements and obligations pursuant to law when Data Controller represents a business established in the European Economic Area (EEA), relevant legislation on the processing of personal data will be EU Directive 95/46 / EC ("the Directive") and all relevant national legislation. This Data Processing Agreement meets the requirements of the Data Protection Act 1998 and the current EU Regulation 2016/679 dated 27.4.2016 (the ‘Regulation’). The Parties agree to revise this Data Processing Agreement to the extent required by any mandatory new requirements pursuant to EU Regulation 2016/679, Revised Communications Protection ("ePrivacy") and relevant English law.

BACKGROUND, PURPOSE AND DEFINITIONS. The parties to this Data Processing Agreement have entered into an agreement of [date] (“the Agreement”) on account of [purpose of the main agreement]. This Data Processing Agreement shall govern the Processor’s rights and obligations with regard to all Processing of Personal Data on behalf of the Controller under the Agreement. Processor will Process Personal Data for the following purposes, as described in Appendix 1 Chapter 1.2 Business overview: • Passage to priced transaction • Agreement to Valid agreement lists Processor will have access to the following Personal Data, as described in Appendix 1 Annex 6 AutoPASS Data formats and Appendix 1: • Transaction data • Information data For the purposes of this Data Processing Agreement, the Customer will be considered the controller ("Controller") who determines the purposes and means of the processing in accordance with applicable data protection legislation, and the Supplier will be considered the processor ("Processor"), meaning the legal entity Processing Personal Data on behalf of the Controller. If the Customer is not itself the controller of the relevant personal data, the Customer acts on behalf of such other potential companies as controllers in relation to this Agreement and the Supplier. Each of the controllers will have such rights as the Customer has in this Data Processing Agreement regarding the personal data for which they are the controllers, and each of the controllers may choose to invoke and enforce their and the Customer’s rights directly towards the Supplier. Furthermore, the Supplier is directly responsible and liable towards the controllers in the same way as towards the Customer. When fulfilment of the Agreement will involve Processing of Personal Data (as defined below) it will be subject to statutory provisions and obligations under relevant data protection legislation. The Controller is a legal entity established in the European Economic Area (the "EEA"), therefore relevant data protection legislation will include the EU Directive 95/46/EC as amended from time to time (the "Directive") and all relevant national legislation including national implementations of the Directive. The Data Processing Agreement fulfills the requirements set down in EU-Regulation 2016/679 (“the Regulation”) from the date it enters into force in Norway. The parties agree to amend this Data Processing Agreement to the extent necessary due to any mandatory new requirements according to the Norwegian implemen...

BACKGROUND, PURPOSE AND DEFINITIONS. The City of Durham collects Recyclable Materials. The Contractor shall receive process and market for reuse all Program Recyclables and Recyclable OCC delivered to the Designated Facilities by, or on behalf of the City.

BACKGROUND, PURPOSE AND DEFINITIONS. 1.1 Danske Bank and KMD has agreed to disclose certain Confidential Information to the Recipient subject to the terms and conditions for participation in Business Analytics Challenge (hereinafter the “Agreement”) in order to prevent the unauthorized disclosure of Confidential Information. Danske Bank and KMD will disclose The Confidential Information to the Recipient for the following Purpose: The Recipient is participating in the Business Analytics Challenge. During the case competition, the Recipient will have access to the analytics environment platform provided by Microsoft containing public data and anonymised customer data delivered by Danske Bank and KMD. The recipient might also request to get the data transferred to his/hers own computer. 1.2 For purposes of this Agreement “Confidential Information” shall mean (i) all information concerning Danske Bank Group or KMD, including its employees, products, services, customers, suppliers, contractors and other third parties conducting business with Danske Bank Group; (ii) the terms of the Agreement; (iii) any information developed by reference to or use of Danske Bank Group's information referenced above; and (v) any information which according to applicable law is confidential, including personal data as defined in the Act on Processing of Personal Data. Information does not have to be marked as confidential in order to qualify as Confidential Information. Information that is not to be considered as “Confidential Information” includes information that i) has passed into the public domain other than by breach of this Agreement; ii) is already before the date of receipt from Danske Bank and KMD in the possession of the Recipient without restriction as to disclosure; iii) is received by the Recipient from a third party who lawfully acquired it and who is under no obligation restricting its disclosure; or iiii) has been independently developed by the Recipient without access to the Confidential Information.