Controller Obligations Sample Clauses
The Controller Obligations clause defines the responsibilities and duties of the party acting as the data controller under data protection laws. Typically, this clause outlines requirements such as ensuring the lawful processing of personal data, implementing appropriate security measures, and responding to data subject requests. For example, the controller may be required to maintain records of processing activities and notify authorities in the event of a data breach. The core function of this clause is to ensure compliance with applicable data protection regulations and to clarify the controller’s role in safeguarding personal data.
POPULAR SAMPLE Copied 3 times
Controller Obligations. 5.1 The Controller represents and warrants that it shall comply with the terms of the Agreement, this DPA and its obligations under Data Protection Laws.
5.2 The Controller represents and warrants that it has obtained any and all necessary permissions and authorisations necessary to permit the Processor, its affiliates and Sub-Processors, to execute their rights or perform their obligations under this DPA.
5.3 The Controller is responsible for compliance with Data Protection Laws, including requirements with regards to the transfer of Personal Data under this DPA and the Agreement.
5.4 All affiliates of the Controller who use the Software shall comply with the obligations of the Controller set out in this DPA.
5.5 The Controller shall implement appropriate technical and organisational procedures to protect Personal Data, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons. The Controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (i) the pseudonymisation and encryption of Personal Data; (ii) the ability to ensure the on-going confidentiality, integrity, availability and resilience of processing systems and Software; (iii) the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident; (iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In accessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
5.6 The Controller may require correction, deletion, blocking and/or making available the Personal Data during or after termination of the Agreement. The Processor will process the request to the extent it is lawful, and will reasonably fulfil such request in accordance with its standard operational procedures to the extent possible.
5.7 The Controller acknowledges and agrees that some instructions from the Controller, including destruction or return of da...
Controller Obligations. 4.1 Whenever the Company is acting in a capacity as a Controller in relation to Personal Data, it shall comply in all respects with Data Protection Laws including:
a. by Processing such Personal Data fairly and lawfully, including by providing appropriate privacy notices to those Data Subjects in relation to whom that Party is Processing Personal Data as a Controller;
b. by implementing appropriate technical and organisational measures to protect such Personal Data as required under Data Protection Laws;
c. by ensuring that it has obtained consent to the standards required by Data Protection Law if such consent is required to contact any particular Data Subject under e-Privacy Laws; and
d. by determining if further details of the Processing to be undertaken by a Processor pursuant to this Schedule need to be recorded in the relevant Data Processing Details Form to comply with Data Protection Laws.
Controller Obligations. 5.1 The Controller represents and warrants that it shall comply with the terms of the Agreement, this DPA and all applicable data protection laws.
5.2 The Controller represents and warrants that it has obtained any and all necessary permissions and authorisations necessary to permit the Processor, its Affiliates and Sub- Processors, to execute their rights or perform their obligations under this DPA.
5.3 The Controller is responsible for compliance with all applicable data protection legislation, including requirements with regards to the transfer of Personal Data under this DPA and the Agreement.
5.4 All Affiliates of the Controller who use the Services shall comply with the obligations of the Controller set out in this DPA.
5.5 The Controller shall implement appropriate technical and organisational procedures to protect Personal Data as required by Article 32 of the UK GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.
5.6 The Controller shall take steps to ensure that any natural person acting under the authority of the Controller who has access to Personal Data only processes the Personal Data on the documented instructions of the Controller.
5.7 The Controller may require correction, deletion, blocking and/or making available the Personal Data during or after the termination of the Agreement. The Processor will process the request to the extent it is lawful and will reasonably fulfil such request in accordance with its standard operational procedures to the extent possible.
5.8 The Controller acknowledges and agrees that some instructions from the Controller, including destruction or return of data, assisting with audits, inspections or DPIAs by the Processor, may result in additional fees. In such case, the Processor will notify the Controller of its fees for providing such assistance in advance, unless otherwise agreed.
Controller Obligations. Controller instructs Processor to process Personal Data in accordance with this DPA, and is responsible for providing all notices and obtaining all consents, licences and legal bases required to allow Processor to process Personal Data.
Controller Obligations. The Client as the Controller carries the primary obligation to comply with the Data Protection Laws and to protect Client’s Personal Data. Client agrees to identify applicable legal bases for the Processing Personal Data submitted to ▇▇▇▇▇, including when in connection to the disclosure of Client’s Personal Data, Cross-Border Processing, Transfers of Personal Data to Third Countries or International Organisations, Processing of Special Categories of Personal Data as applicable.
Controller Obligations. The Institution shall comply with its obligations under the Data Protection Legislation.
Controller Obligations. 4.1 The Customer represents, undertakes and warrants that all personal data processed by WhatConverts has been and shall be collected and processed by the Customer in accordance with Data Protection Laws and without limitation to the foregoing, the Customer shall take all steps necessary, including without limitation providing appropriate fair collection notices and ensuring that there is a lawful basis for Customer to process the personal data, to ensure that the processing of the personal data by WhatConverts in accordance with this Agreement is in accordance with Data Protection Laws.
Controller Obligations. Each Controller shall at all times ensure Personal Data is Processed fairly, lawfully and transparently in accordance with Data Protection Legislation. Each Controller warrants that any instructions it issues to a Processor in respect of the Personal Data are lawful. The following obligations within this clause 6 shall apply where at least one Processor has been identified in Part 1 of this Agreement. Where the Processor is not a Party to this Agreement, the Controllers who instruct them must ensure that any contracts with such Processors provide equivalent protection to the clauses set out in clause 6 of this Agreement. Where indicated, the obligations shall apply to any Party to this Agreement not just Processors. The Parties acknowledge that for the purposes of the Data Protection Legislation in relation to the Data Processing Activities, the Controller(s) and the Processor(s) are as set out in Part 1 of this Agreement. A Processor must Process the Processor Data only to the extent necessary to perform the Data Processing Activities and only in accordance with the written instructions set out in Part 1 of this Agreement. A Processor must use the Personal Data shared solely for the purposes as instructed and shall not Process the Personal Data for any other purposes. Each Party agrees to treat the data (including Personal Data) received by them under the terms of this Agreement as confidential and shall safeguard it accordingly. All Parties must provide all reasonable assistance to one another and in particular to any Controller in the preparation of any Data Protection Impact Assessment prior to commencing any Processing under this Agreement. Such assistance may include: a systematic description of the envisaged Processing operations and the purpose of the Processing; an assessment of the necessity and proportionality of the Processing operations in relation to the Data Processing Activities; an assessment of the risks to the rights and freedoms of Data Subjects; and the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data. Any Party requested, but in particular any Processor who is a Party to this Agreement, shall provide all reasonable assistance to a Controller if the outcome of the Data Protection Impact Assessment leads the Controller to consult the Information Commissioner concerning any proposed arrangements. A Processor must (and must be required in any contract...
Controller Obligations. 5.1 The Controller represents and warrants that: (i) it shall comply with this DPA and its obligations under Data Protection Law; (ii) has obtained any and all necessary permissions and authorisations necessary to permit the Processor, its Affiliates and Sub-processors, to execute their rights or perform their obligations under this DPA; and
Controller Obligations. 4.1 The Controller warrants and represents that all instructions provided to the Processor in relation to the processing of personal data are lawful and shall as a minimum include: