Data Protection Sample Clauses

Data Protection. All personal data contained in the agreement shall be processed in accordance with Regulation (EC) No 2018/1725 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data. Such data shall be processed solely in connection with the implementation and follow-up of the agreement by the sending organisation, the National Agency and the European Commission, without prejudice to the possibility of passing the data to the bodies responsible for inspection and audit in accordance with EU legislation1 (Court of Auditors or European Antifraud Office (OLAF)). The participant may, on written request, gain access to their personal data and correct any information that is inaccurate or incomplete. They should address any questions regarding the processing of their personal data to the sending organisation and/or the National Agency. The participant may lodge a complaint against the processing of their personal data to the European Data Protection Supervisor with regard to the use of the data by the European Commission.

Data Protection. The Administrator shall implement and maintain a comprehensive written information security program that contains appropriate security measures to safeguard the personal information of the Trust’s shareholders, employees, directors and/or officers that the Administrator receives, stores, maintains, processes or otherwise accesses in connection with the provision of services hereunder. For these purposes, “personal information” shall mean (i) an individual’s name (first initial and last name or first name and last name), address or telephone number plus (a) social security number, (b) driver’s license number, (c) state identification card number, (d) debit or credit card number, (e) financial account number or (f) personal identification number or password that would permit access to a person’s account or (ii) any combination of the foregoing that would allow a person to log onto or access an individual’s account. Notwithstanding the foregoing “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state or local government records lawfully made available to the general public.

Data Protection. 22.1 With respect to the Parties' rights and obligations under this Framework Agreement, the Parties agree that the Authority is the Data Controller and that the Supplier is the Data Processor. 22.2 The Supplier shall: 22.2.1 Process the Personal Data only in accordance with instructions from the Authority (which may be specific instructions or instructions of a general nature as set out in this Framework Agreement or as otherwise notified by the Authority to the Supplier during the Term); 22.2.2 Process the Personal Data only to the extent, and in such manner, as it necessary for the provision of the Services or as is required by Law or any Regulatory Body; 22.2.3 implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful Processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Personal Data and having regard to the nature of the Personal Data which is to be protected; 22.2.4 take all reasonable steps to ensure the reliability of any Supplier’s Staff who have access to the Personal Data; 22.2.5 obtain prior Approval from the Authority in order to transfer the Personal Data to any Sub-Contractors or Affiliates for the provision of the Services; 22.2.6 ensure that all Supplier Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 22 (Data Protection); 22.2.7 ensure that none of Supplier’s Staff publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Authority; 22.2.8 notify the Authority within five (5) Working Days if it receives: (a) a request from a Data Subject to have access to that person's Personal Data; or (b) a complaint or request relating to the Authority's obligations under the Data Protection Legislation; 22.2.9 provide the Authority with full cooperation and assistance in relation to any complaint or request made, including by: (a) providing the Authority with full details of the complaint or request; (b) complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Authority's instructions; (c) providing the Authority with any Personal Data it holds in relati...

Data Protection. 9.1. From time to time and in connection with the Services DST may obtain access to certain personal information from the Fund (including, without limitation, Customer Information). Personal information relating to the Fund and its Affiliates, directors, officers, employees, agents, current and prospective Fund shareholders, plan sponsors and plan participants may be processed by DST and its Affiliates. Each Fund consents to the transmission and processing of such information within and outside the United States in accordance with applicable Law. 9.2. DST will notify the Fund without undue delay after becoming aware of any confirmed unauthorized access to, or acquisition, use, loss, destruction, alteration or compromise of Confidential Information (including, without limitation, Customer Information) of the Fund (“Security Breach”) maintained on DST’s computers, hardware, networks or systems, including any third party data centers, or of any Security Breach occurring at any sub-custodian, agent or service provider of DST, and will provide reasonable assistance to the Fund in its notification of that breach to the relevant supervisory authority and those individuals impacted, as required by applicable Law. DST will not disclose or use Personal Information obtained from or on behalf of the Fund except in accordance with the lawful instructions of the Fund to carry out DST’s obligations under, or as otherwise permitted pursuant to the terms of, its agreements with the Fund and to comply with applicable Law. 9.3. Notwithstanding anything to the contrary contained in Section 13.3, DST shall maintain at a location other than its normal location appropriate redundant facilities for operational back up in the event of a power failure, disaster or other interruption. DST shall continuously back up Fund records and shall store the back up in a secure manner at a location other than its normal location, so that, in the event of a power failure, disaster or other interruption at such normal location, the Fund records, will be maintained intact and will enable DST to perform under this Agreement. DST will maintain a comprehensive business continuity plan and will provide an executive summary of such plan upon reasonable request of the Fund. Without limiting the foregoing, DST will test the adequacy of its business continuity plan at least annually and upon request, the Fund may participate in such test. Upon request by the Fund, DST will provide the Fund with a letter ...

Data Protection. The parties acknowledge that personal data may be transferred under this agreement (“Personal Data”) and each party will fully comply with its respective obligations under the General Data Protection Regulation (EU)2016/679 and applicable complementing national laws (jointly “Privacy Laws”). The parties are independent controllers of their processing operations performed with such Personal Data. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of data subjects, Recipient will maintain appropriate technical and organizational measures in such a manner that processing of Personal Data will meet the requirements of the Privacy Laws. Recipient agrees to notify Provider within a period of 48 hours where Recipient becomes aware of or reasonably suspects that Personal Data has been or may have been lost, damaged or subject to unauthorized internal or external access or any other unlawful processing (a “Security Incident”) and to take reasonable steps to mitigate the impact of any such Security Incident. In the event that Recipient receives (i) any request from a data subject to exercise any of its rights under Privacy Laws in relation to Personal Data (including its rights of access, correction, objection and erasure); and (ii) any other correspondence, inquiry or complaint received from a data subject, regulator or other third party in connection with the processing of Personal Data (collectively, "Correspondence"), it shall promptly inform Provider and the parties shall cooperate in good faith as necessary to respond to such Correspondence and fulfill their respective obligations under Privacy Laws. Upon Provider’s request, Recipient shall restrict the processing of Personal Data identified by Provider. Recipient shall not transfer any Personal Data to a territory outside of the European Economic Area ("EEA") unless it has taken such measures as are necessary to ensure the transfer is in compliance with the Privacy Laws. Such measures may include transferring the Data to a country that the European Commission has decided provides adequate protection for personal data; to a Recipient that has achieved binding corporate rules authorization in accordance with Privacy Laws; or to a Recipient that has executed standard contractual clauses adopted or approved by the European Commission. Recipient will not ma...

Data Protection. The Parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and the Supplier is the Processor unless otherwise specified in Contract Schedule 7. The only processing that the Processor is authorised to do is listed in Contract Schedule 7 by the Controller and may not be determined by the Processor. The Processor shall notify the Controller immediately if it considers that any of the Controller's instructions infringe the Data Protection Legislation. The Processor shall provide all reasonable assistance to the Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Controller, include: a systematic description of the envisaged processing operations and the purpose of the processing; an assessment of the necessity and proportionality of the processing operations in relation to the Services; an assessment of the risks to the rights and freedoms of Data Subjects; and the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data. The Processor shall, in relation to any Personal Data processed in connection with its obligations under this Agreement: process that Personal Data only in accordance with Contract Schedule 7, unless the Processor is required to do otherwise by Law. If it is so required the Processor shall promptly notify the Controller before processing the Personal Data unless prohibited by Law; ensure that it has in place Protective Measures, which are appropriate to protect against a Data Loss Event, which the Controller may reasonably reject (but failure to reject shall not amount to approval by the Controller of the adequacy of the Protective Measures), having taken account of the: nature of the data to be protected; harm that might result from a Data Loss Event; state of technological development; and cost of implementing any measures; ensure that : the Processor Personnel do not process Personal Data except in accordance with this Agreement (and in particular Schedule 7); it takes all reasonable steps to ensure the reliability and integrity of any Processor Personnel who have access to the Personal Data and ensure that they:

Data Protection. 8.1. The sending organisation shall provide the participants with the relevant privacy statement for the processing of their personal data before these are encoded in the electronic systems for managing the Erasmus+ mobilities.

Data Protection. 11.1 In performing the Services, Oracle will comply with the Oracle Services Privacy Policy, which is available at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇.▇▇▇/html/Services-privacy-policy.html and incorporated herein by reference. The Oracle Services Privacy Policy is subject to change at Oracle’s discretion; however, Oracle policy changes will not result in a material reduction in the level of protection provided for Your Personal Data provided as part of Your Content during the Services Period of Your order.

Data Protection. 10.1 The Local Manager will, in connection with the Sub-Advisory Agreement, comply (where applicable) with the UK Data Protection ▇▇▇ ▇▇▇▇ and other applicable data protection laws and regulations (together, the “Data Protection Laws”). 10.2 The Investment Adviser will comply (where applicable) with the Data Protection Laws and (where applicable) take all reasonable steps to ensure that it has obtained all necessary consents for the Local Manager to process any personal data for the purposes of the Agreement.