DATA PROTECTION AND GDPR Clause Samples

DATA PROTECTION AND GDPR. 19.1 How long do we keep your personal data?

DATA PROTECTION AND GDPR. 11.1 We will only use the personal information you provide to us to provide our Services, or to inform you about other services which we provide unless you tell us that you do not want to receive this information. We do not share personal information with third parties except as necessary to conduct our business or your request or as required by law or other legal processes. 11.2 Use and collection of personal information We may use information that you provide to: a) Provide our Services. b) Respond to requests placed by you. c) Foresee and solve problems with any of our Services supplied to you. d) Conduct our Services and administer your account in relation to any Agreement you have with us. e) Keep a record of your correspondence if you contact us. f) Periodically send promotional emails about our services, unique offers, or other information which we think you may find interesting using the email address which you have provided. g) Notify you about changes to our Service. 11.3 We may disclose your personal information to third parties: a) In the event, we sell or buy any business or assets, in which case we may disclose your personal data to the prospective buyer or seller. b) If Swift Office Cleaning or substantially all its assets are acquired by a third party, in which case personal data held by it about its clients and staff will be one of the transferred assets. c) If we are under a legal duty to disclose or share your personal data to prevent fraud and comply with any legal obligation. d) As necessary to conduct our business Services and engage sub-contractors or at your request. This is done with your permission, and you have the right to object to your personal data being shared in this way. 11.4 Where your data is stored We store your data on secure British Telecom Servers based in the UK. By submitting your personal data, you agree to this.

DATA PROTECTION AND GDPR a. We will process your own personal data in line with our Data Privacy Policy. A link to our Data Privacy Policy can be found in the Booking Form. b. When you want us to access or use personal data about someone other than you (3rd party data), you must complete the appropriate Data Processing Form and send a copy by email from your usual business address. c. While processing personal data in the provision of Services, we will be acting as ‘data processor’ for you, and you are the ‘data controller’. d. We will process personal 3rd party data on your behalf only in response to your written instructions (which may be in the Booking, Data Processing Form, or in separate email) except where we are required by law to do so. e. We are subject to a duty of confidence (see Clause 8a, and Clause 3d (in relation to our associates)). f. We will take appropriate measures to ensure the security of our processing of your 3rd party data. g. We will assist you in allowing 3rd parties to exercise any of their GDPR rights (including subject access). This will result in additional time-related charges (see clause 5). h. We will apply the security measures you set out in the Data Processing Form for protecting and securing your data. We will offer our advice as administrators on ways we think will work, but we are not offering legal advice on compliance and you should seek your own advice to satisfy yourself that your security measures are adequate. i. We will email you if we become aware of a personal data breach. We will assist you in your investigations in establishing how this occurred. We will assist you, as you may reasonably require, in meeting your GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments. This will result in additional time- related charges (see clause 5). j. On written request by you, we will delete or return all 3rd party personal data supplied by you or assembled by us in the course of delivering Services to you. This will result in additional time-related charges (see clause 5). k. Unless the Data Processing Form specifies otherwise, we will delete all 3rd party data from systems within our control within six weeks of the end of the Booking without returning copies to you; we will not remove data from systems you have given us access or log-ins to, since those systems will remain under your control and we would expect you to be removing our access to them after t...

DATA PROTECTION AND GDPR. 14.1 The parties agree to adhere to all applicable data protection and GDPR laws in relation to the Services and transfer of any data applicable under this Agreement. Full details of these policies can be found on our website; ▇▇▇.▇▇▇▇▇▇▇▇.▇▇.▇▇

DATA PROTECTION AND GDPR. The Parties shall (to the extent applicable to this Agreement) comply with their respective obligations under the provisions of the Data Protection Legislation as if the same were set out in this Agreement. For the avoidance of doubt and pursuant to Article 6 of the GDPR, the parties agree that the processing of the data set out in Schedule 2 of this agreement is lawful processing and compliant with the law.

DATA PROTECTION AND GDPR. If at any point during this term, either Party considers that one Party is acting as processor on behalf of the other, then the Parties shall promptly meet to negotiate in good faith a separate data processing agreement to cover the matters required by the Data Protection Law.

DATA PROTECTION AND GDPR. According to the preceding Article 3 of the Agreement, and exclusively concerning the services offered, a relationship between the parties of data controller (EPOS) and data processor (INGV) is established. (1) of the General Data Protection Regulation (GDPR), when deciding the purposes and means of processing personal data, the controller must ensure that individuals’ personal data is protected. To achieve this, the controller has to put in place measures to protect personal data and enable individuals to exercise their rights. INGV ensures data processing security in accordance with the information security and cybersecurity regulations currently in force in the country and the EU and is required to have a procedure for handling data breaches and response plans. INGV shall appoint authorised persons to process the data who have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality. Furthermore, INGV shall not engage another data processor without prior specific or general written authorisation of the data controller, who has a meaningful possibility to object; assists the data controller in the fulfilment of the data controller’s obligations to respond to individual’s requests for exercising their rights; makes available to the data controller all necessary information to demonstrate compliance with the obligations under the GDPR; INGV shall allow for and contribute to audits, including inspections conducted by the data controller or another auditor mandated by the data controller.

DATA PROTECTION AND GDPR. Supplier must implement information security policies and safeguards and will use industry standard safeguards and security technologies (including, if applicable, encryption, password protection and changes, and firewall protection) to protect against the disclosure, destruction, loss, or alteration of EBRAINS’s Confidential Information. If Supplier is processing or transferring personal data (as defined by the applicable Data Processing Legislation) on behalf of EBRAINS, Supplier will (i) comply with the requirements applicable to Supplier under data protection laws and regulations, including where applicable REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95 / 46 / EC (General Data Protection Regulation) (the “GDPR”) (collectively, “Data Protection Legislation”); (ii) ensure that its actions are consistent with EBRAINS’s Privacy Policy (; and (iii) if required by EBRAINS, execute additional supplemental data protection terms. Supplier shall be responsible for all acts, omissions, and damages arising from the violation of this provision by its affiliates, contractors, subcontractors, and Supplier personnel. Any processing of personal data by Subcontractor on behalf of Client pursuant to this Agreement shall be subject to the signature of EBRAINS’s Data Processing Agreement.

DATA PROTECTION AND GDPR. The practitioner will comply with all Balanced Physiotherapy Ltd.’s guidelines, policies and procedures with regard to privacy, data protection and electronic security.