DATA PROCESSING OBLIGATIONS Sample Clauses

DATA PROCESSING OBLIGATIONS. 12.1 Where and insofar as, in connection with this Agreement or any Work Order, either party processes personal data on behalf of the other party, the Receiving Party shall: 12.1.1 process the personal data for and on behalf of the Disclosing Party only on the documented instructions of the Disclosing Party, unless the Receiving Party is required by applicable laws to otherwise process that personal data; 12.1.2 carry out any processing only on the documented instructions of the Disclosing Party in accordance with the Work Order, and such other processing and purposes as may be agreed by the parties from time to time; 12.1.3 implement appropriate technical and organisational measures, that the Disclosing Part has had the opportunity to review and approve, to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and against all other unlawful forms of processing. To the extent such technical and organisational measures have not been approved by the Disclosing Party, the Receiving Party will maintain safeguards no less rigorous than those maintained by it for its own similar personal data, but being in any event sufficient to comply with the Security Requirements; 12.1.4 ensure that Personnel with access to the relevant personal have entered into appropriate contractually binding confidentiality undertakings; 12.1.5 ensure that access to the personal data is restricted to only those members of its Personnel who require it in order to discharge the Receiving Party’s obligations under this Agreement or any Work Order; 12.1.6 notify the Disclosing Party without undue delay following its receipt of any complaint or Subject Access Request or notification of an audit or an investigation by a Supervisory Authority, and shall provide a copy of such complaint, request, notification or correspondence and reasonable details of the circumstances giving rise to it unless prohibited by law; and 12.1.7 not disclose personal data to any person except as required by the delivery or receipt of the Services, to a Supervisory Authority or as otherwise required by law or with the Disclosing Party written consent. 12.2 The Disclosing Party acknowledges that the Receiving Party is reliant on the Disclosing Party for direction as to the extent to which Receiving Party is entitled to use and process the Disclosing Party’s personal data. Consequently, the Receiving Party will not be liable for any claim bro...

DATA PROCESSING OBLIGATIONS. 4.1. From the Commencement Date, where NBI processes Customer Personal Data provided to it by or on behalf of the RSP, as a processor in connection with the Processing Purposes, NBI agrees that it: 4.1.1. shall process Customer Personal Data only for the Processing Purposes in connection with the provision of the Services, as described in Schedule 1 of this DPA, or as subsequently instructed in writing from time to time by the RSP; 4.1.2. shall ensure that it shall not transfer the Customer Personal Data outside the European Economic Area (“EEA”) without the express written instructions of the RSP and where such instructions are received by NBI, such transfers of Customer Personal Data shall be undertaken in accordance with the Data Protection Laws; 4.1.3. shall ensure that all Relevant Personnel authorised to be involved in the processing of Customer Personal Data for and on behalf of NBI have committed themselves to a duty of confidentiality in respect of Customer Personal Data; 4.1.4. shall implement appropriate technical and organisational measures in accordance with Article 32 of the GDPR to ensure the security of Customer Personal Data, in particular as described in Minimum Security Requirements under Data Processing Schedule 2 of this DPA; 4.1.5. shall only engage sub-contract or outsource the processing of Customer Personal Data under this DPA to any other person or Third Party processor (“Sub- processor”) subject to: having notified the RSP of the identity of such Sub-processor and obtaining the written authorisation of the RSP before engaging any such Sub-processor; and NBI putting in place binding contractual terms with such Sub-processor on terms no less onerous than those contained in this DPA; 4.1.6. taking into account the nature of the processing of Customer Data, NBI shall reasonably assist the RSP in meeting its responsibilities as a controller by putting in place appropriate technical and organisational measures to enable NBI to provide reasonable assistance on request from RSP in responding to any data subject requests received by the RSP in accordance with the Data Protection Laws; 4.1.7. on becoming aware of a “personal data breach” (as such term is defined in the Data Protection Laws) affecting the Customer Personal Data, NBI shall notify the RSP without undue delay and in any event within a period of 24 hours using the following contact details: RSP email addresses [⚫] [⚫] RSP phone number [⚫] [⚫] 4.1.8. on becoming aware of a perso...

DATA PROCESSING OBLIGATIONS. 3.1. Client as Controller appoints JAGGAER as Processor. JAGGAER shall only Process Personal Data on behalf of Client for the purposes set forth in the Agreement, under the Client’s instructions as documented in the Agreement and within the scope thereof or as required to comply with any applicable law. 3.2. Client hereby represents and warrants, throughout the term of the Agreement, that all Personal Data provided or made available by Client to JAGGAER for Processing in connection with the Agreement was collected by Client and transmitted to JAGGAER in accordance with Data Protection Laws and Client has obtained all necessary approvals, consents, authorizations and licenses from each and every Data Subject required under Data Protection Laws to enable JAGGAER to Process the Personal Data pursuant to the Agreement and to exercise its rights and fulfil its obligations under the Agreement. 3.3. Unless restricted by applicable law, JAGGAER shall inform Client if, in JAGGAER’s reasonable opinion, any Processing under the Agreement or an instruction from Client conflicts with JAGGAER’s legal obligations or Data Protection Laws. After JAGGAER so informs Client, JAGGAER shall have no liability for any claim arising from or related to such Processing of Personal Data by JAGGAER. 3.4. JAGGAER shall ensure that all employees, agents and sub-processors authorized by JAGGAER to Process Personal Data are subject to contractual, statutory or common law obligations of confidentiality. 3.5. JAGGAER shall provide Client, at Client’s expense, with reasonable assistance with data protection impact assessments or prior consultations with data protection authorities that Client is required to carry out under Data Protection Laws. 3.6. JAGGAER shall implement appropriate technical and organizational measures, as described in Annex II, in relation to the Processing of Personal Data intended to ensure a level of security appropriate to such Processing, including as the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and a procedure for regularly testing, assessing, and evaluating the effectiveness of such technical and organizational measures. 3.7. Without undue delay and within forty eight (48) hours after JAGGAER becomes aware of an accidental or unlawful destruction, loss or alteration of, unauthorized disclosure of, or access to Personal Data Processed by JAGGAER pursuant to this Addendum (“Personal Data Breach”), JA...

DATA PROCESSING OBLIGATIONS. From the Commencement Date, where NBI processes Customer Personal Data provided to it by or on behalf of the RSP, as a processor in connection with the Processing Purposes, NBI agrees that it:

DATA PROCESSING OBLIGATIONS. 3.1 The parties have determined that for purposes of the Applicable Data Protection Laws the University is the [Controller OR Processor] and the Supplier is the [Controller OR Processor]. [DN: amend depending on the circumstances.]. Part 2 of this Schedule 3 sets out the scope, nature and purpose of processing by the Processor, the duration of the processing and the types of personal data and categories of data subject. 3.2 Without prejudice to the generality of paragraph 2.1, the Controller will ensure that it has all necessary appropriate consents and notices in place to enable the lawful transfer of the personal data to the Processor and/or lawful collection of the personal data by the Processor on behalf of the Controller for the duration of this Contract. 3.3 Without prejudice to the generality of paragraph 3.2, the Processor shall, in relation to any personal data processed in connection with the performance by the Processor of its obligations under this Contract: 3.3.1 process that personal only on the documented instructions of the Controller, unless the Processor is required by other Applicable Laws to otherwise process that personal data. Where the Processor is relying on other Applicable Laws as the basis for processing personal data, the Processor shall promptly notify the Controller of this before performing the processing required by other Applicable Laws unless those laws prohibit the Processor from so notifying the Controller on important grounds of public interest. The Processor shall immediately inform the Controller if, in the opinion of the Processor, the instructions of the Controller infringe Applicable Data Protection Laws; 3.3.2 implement appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the personal data and against its accidental loss, damage or destruction, including: 3.3.2.1 the pseudonymisation and encryption of personal data; 3.3.2.2 the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; 3.3.2.3 the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and 3.3.2.4 a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. 3.3.3 ensure, and procure, that any personnel engaged and authorised by the Processor to process pers...

DATA PROCESSING OBLIGATIONS. In respect of any Personal Data to be processed by the Data Processor pursuant to this Agreement for which the Customer is Data Controller, the Data Processor shall: a) have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk; b) not engage any new sub-processor without giving notice of at least 30 days in advance of providing that new sub-processor with access to Customer Data. A list of current sub-processors can be found at 7 c) ensure that each of the Data Processor’s employees, agents, consultants, subcontractors and sub-processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under this Schedule. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub-processor, subcontractor, agent or consultant to the effect that the sub- processor, subcontractor, agent or consultant shall be obligated to act at all times in accordance with duties and obligations of the Data Processor under this Schedule. The Data Processor shall at all times be and remain liable to the Customer for any failure of any employee, agent, consultant, subcontractor or sub-processor to act in accordance with the duties and obligations of the Data Processor under this Schedule; d) process that Personal Data only on behalf of the Customer in accordance with the Customer’s instructions and to perform its obligations under this Agreement or other documented instructions and for no other purpose save to the limited extent required by law;

DATA PROCESSING OBLIGATIONS. The data processing obligations of Administrator include, but are not limited to, the following: a) Provide data processing in support of all Administrative Services at a performance level not less than a reasonable performance level for such services in the industry and in any event not less than the performance level standards in effect by Ceding Company immediately prior to the Closing Date; and b) Maintain appropriate business continuity and disaster recovery plans to continue business operations and recover from a disaster involving facilities and/or systems. Plans will allow for recovery of critical business functions within twenty-four (24) hours and recovery for all material functions within five (5) Business Days.

DATA PROCESSING OBLIGATIONS. (a) Customer as Controller appoints Virtuozzo as Processor. Virtuozzo shall only Process the Personal Data for the purposes set forth in the Agreement and in accordance with Customer’s written instructions. The Agreement (including this DPA) constitutes such written initial instructions by Customer. (b) Customer hereby warrants and represents, on a continuous basis throughout the Term as defined below, that all Personal Data provided or made available by Customer to Virtuozzo for Processing in connection with the Agreement has been lawfully collected by Customer and transferred to Virtuozzo in compliance with Data Protection Laws. During the Term of this DPA, Customer is solely responsible for obtaining and maintaining all necessary approvals, consents, authorizations and licenses from each and every Data Subject that may be required under Data Protection Laws to enable Virtuozzo to Process the Personal Data pursuant to the Agreement and to exercise its rights and fulfil its obligations under this DPA. (c) Unless restricted by applicable law, Virtuozzo shall inform Customer if, in Virtuozzo’ reasonable opinion, any Processing under the Agreement or an instruction by Customer conflicts with Virtuozzo’ legal obligations or Data Protection Laws, or with any of the exceptions listed in Section 3(a). Upon informing the Customer, Virtuozzo shall have no liability for any claim arising from or related to Processing of Personal Data under this DPA by Virtuozzo in compliance with Customer’s instructions. (d) Virtuozzo shall treat all Personal Data as confidential and shall ensure that all employees, agents and sub-processors authorized by Virtuozzo to Process Personal Data are subject to contractual, statutory or common law obligations of confidentiality. (e) Virtuozzo shall provide Customer with reasonable assistance with data protection impact assessments or prior consultations with data protection authorities that Customer is required to carry out under Data Protection Laws. Any such assistance shall be as agreed between the Parties and subject to a mutually accepted fee. (f) Virtuozzo shall implement appropriate technical and organizational measures in relation to the Processing of Personal Data intended to ensure a level of security appropriate to the Personal Data Processing, including, as applicable, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and a procedure for regularly testing, assessing...

DATA PROCESSING OBLIGATIONS. 37.1. In respect of any Personal Data to be processed by the Data Processor pursuant to this Agreement for which the Councils are Data Controllers, the Data Processor shall: 37.1.1. have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk and shall implement any reasonable security measures as requested by the Councils from time to time; 37.1.2. not engage any sub-processor without the prior specific or general written authorisation of the Councils (and in the case of general written authorisation; the Data Processor shall inform the Councils of any intended changes concerning the addition or replacement of other processors and the Councils shall have the right to object to such changes); 37.1.3. ensure that each of the Data Processor’s employees, agents, consultants, Sub-Contractors and sub-processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under the Data Protection clauses in this Agreement. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub-processor, subcontractor, agent or consultant to the effect that the sub-processor, subcontractor, agent or consultant shall be obligated to act at all times in accordance with duties and obligations of the Data Processor under this Schedule. The Data Processor shall at all times be and remain liable to the Councils for any failure of any employee, agent, consultant, subcontractor or sub-processor to act in accordance with the duties and obligations of the Data Processor under this Schedule; 37.1.4. process that Personal Data only on behalf of the Councils in accordance with the Councils’ instructions and to perform its obligations under this agreement or other documented instructions and for no other purpose save to the limited extent required by law; 37.1.5. (at no additional cost to the Councils) within 7 days following the end of the term of this agreement, deliver to the Councils (in such format as the Councils may require) a full and complete copy of all Personal Data, and, following confirmation of receipt from the Councils, permanently remove the Personal Data (and copies) from the Data Processor’s systems, and the Data Pr...