Data Sharing Provisions. 4.1 This paragraph 4 sets out the framework for the sharing of personal data between the parties as controllers. Each party acknowledges that one party (referred to in this clause as the Data Discloser) will regularly disclose to the other party Shared Personal Data collected by the Data Discloser for the Agreed Purposes. 4.2 Where the parties are separate controllers of personal data, they shall each ensure their own respective compliance with the Applicable Data Protection Laws in respect of any personal data shared between them, and any material breach of the Applicable Data Protection Laws by one party shall, if not remedied within 30 days of written notice from the other party, give grounds to the other party to terminate this Agreement with immediate effect. 4.3 Particular obligations relating to data sharing. Each party shall: 4.3.1 ensure that it has all necessary notices and consents and lawful bases in place to enable lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes; 4.3.2 give full information to any data subject whose personal data may be processed under this Agreement of the nature of such processing. This includes giving notice that, on the termination of the Agreement, personal data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors and assignees; 4.3.3 process the Shared Personal Data only for the Agreed Purposes; 4.3.4 not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients; 4.3.5 ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by these data sharing provisions; 4.3.6 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data; 4.3.7 not transfer any personal data received from the Data Discloser outside the [UK] OR [EEA] unless the transferor ensures that (i) the transfer is to a country approved under the applicable Data Protection Legislation as providing adequate protection; or (ii) there are appropriate safeguards or binding corporate rules in place pursuant to the applicable Data Protection Legislation; or (iii) the transferor otherwise complies with its obligations under the applicable Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; or (iv) one of the derogations for specific situations in the applicable Data Protection Legislation applies to the transfer.
Appears in 2 contracts
Sources: Lab Services Master Services Agreement, It Master Services Agreement
Data Sharing Provisions. 4.1 This paragraph 4 sets out 5.1 Each Party shall be individually and separately responsible for complying with the framework for obligations that apply to it as a Data Controller under any applicable DP Laws in relation to the sharing Personal Data processed under this Agreement, in particular but without limitation:
5.1.1 ensuring that there is a lawful basis on which Personal Data is processed by it (including its transfer of personal data between the parties as controllers. Each party acknowledges that one party (referred to in this clause as the Personal Data Discloser) will regularly disclose to the other party Shared Party under this Agreement);
5.1.2 ensuring that the transparency disclosure requirements of applicable DP Laws are satisfied by providing the required information to Data Subjects where applicable (including its transfer to the other Party of the Personal Data collected under this Agreement); and
5.1.3 ensuring that it keeps Personal Data secure at all times, including by implementing and maintaining at its cost and expense, appropriate technical and organisational measures in relation to its processing of the Personal Data so as to ensure a level of security appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data Discloser for the Agreed Purposestransmitted, stored or otherwise processed.
4.2 Where 5.2 Notwithstanding paragraph 5.1, each Party shall ensure all Personal Data are accurate prior to any sharing with the parties are separate controllers other Party under this Agreement, and shall take reasonable steps to ensure such Personal Data remains accurate on an ongoing basis, notifying the other Party within a reasonable time in the event it receives updates or corrections to any of personal datasuch Personal Data, they where it is reasonable to do so.
5.3 Each Party shall each ensure their own respective provide reasonable assistance, information and co-operation as regards data protection matters where requested by the other Party in respect of Personal Data shared between them pursuant to this Agreement, including:
5.3.1 In respect of any matter which in the reasonable opinion of the other Party is required for ensuring that Party's continued compliance with the Applicable Data Protection Laws DP Laws;
5.3.2 in respect of any personal claim and/or exercise or purported exercise of rights by a Data Subject under the DP Laws or any investigation or enforcement activity by any lawful data shared between themprotection Supervisory Authority, and any material breach of the Applicable Data Protection Laws by one party shall, if not remedied within 30 days of written notice from which relates to or is connected with the other partyParty's processing of Personal Data pursuant to this Agreement;
5.3.3 in respect of any Personal Data Breach, give grounds without undue delay provide such information as the other Party may require under DP Laws in order to report such Personal Data Breach to the other party Supervisory Authority;
5.3.4 if it is contacted or approached in relation to terminate this Agreement with immediate effectany claim and/or exercise or purported exercise of rights by a Data Subject under DP Laws; and/or
5.3.5 in the event of any investigation or enforcement activity by any Supervisory Authority.
4.3 Particular obligations relating 5.4 Neither Party shall do or permit anything to data sharing. Each party shall:be done through any act or omission that would cause the other Party to incur any liability under DP Laws.
4.3.1 ensure 5.5 If the Parties determine that it has all is necessary notices and consents and lawful bases in place to enable lawful transfer of the Shared Personal Data to a country outside the Permitted Recipients European Economic Area, the Parties shall be responsible for the Agreed Purposes;
4.3.2 give full information to any data subject whose personal data ensuring that such transfer is effected by way of a legally enforceable mechanism for transfers of Personal Data as may be processed permitted under DP Laws from time to time, including where appropriate the model clauses as set out in Annexure 1 to this Agreement of the nature of such processing. This includes giving notice that, on the termination of the Agreement, personal data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors and assignees;
4.3.3 process the Shared Personal Data only for the Agreed Purposes;
4.3.4 not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;
4.3.5 ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by these data sharing provisions;
4.3.6 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;
4.3.7 not transfer any personal data received from the Data Discloser outside the [UK] OR [EEA] unless the transferor ensures that (i) the transfer is to a country approved under the applicable Data Protection Legislation as providing adequate protection; or (ii) there are appropriate safeguards or binding corporate rules in place pursuant to the applicable Data Protection Legislation; or (iii) the transferor otherwise complies with its obligations under the applicable Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; or (iv) one of the derogations for specific situations in the applicable Data Protection Legislation applies to the transfer.
Appears in 1 contract
Data Sharing Provisions. 4.1 This paragraph 4 sets out the framework for the sharing of personal data between the parties as controllers. Each party acknowledges that one party (referred to in this clause as the Data Discloser) will regularly disclose to the other party Shared Personal Data collected by the Data Discloser for the Agreed Purposes.
4.2 Where the parties are separate controllers of personal data, they shall each ensure their own respective compliance with the Applicable Data Protection Laws in respect of any personal data shared between them, and any material breach of the Applicable Data Protection Laws by one party shall, if not remedied within 30 days of written notice from the other party, give grounds to the other party to terminate this Agreement Contract with immediate effect.
4.3 Particular obligations relating to data sharing. Each party shall:
4.3.1 ensure that it has all necessary notices and consents and lawful bases in place to enable lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes;
4.3.2 give full information to any data subject whose personal data may be processed under this Agreement Contract of the nature of such processing. This includes giving notice that, on the termination of the AgreementContract, personal data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors and assignees;
4.3.3 process the Shared Personal Data only for the Agreed Purposes;
4.3.4 not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;
4.3.5 ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by these data sharing provisions;
4.3.6 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;
4.3.7 not transfer any personal data received from the Data Discloser outside the [UK] OR [EEA] [DN: to be amended depending on where the parties are situated and where the sharing will take place.] unless the transferor ensures that (i) the transfer is to a country approved under the applicable Data Protection Legislation as providing adequate protection; or (ii) there are appropriate safeguards or binding corporate rules in place pursuant to the applicable Data Protection Legislation; or (iii) the transferor otherwise complies with its obligations under the applicable Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; or (iv) one of the derogations for specific situations in the applicable Data Protection Legislation applies to the transfer.or
Appears in 1 contract
Sources: Services Agreement