Common use of Data Sharing Provisions Clause in Contracts

Data Sharing Provisions. 3.1. The User acknowledges that the data disclosed to the User by TRAFFIC (the "Data"), including the personal data described at Appendix II, shall be processed strictly for the Permitted Purpose as described in this Agreement (or as otherwise agreed in writing by the Parties). 3.2. The Parties acknowledge that TRAFFIC is a controller of the Data it discloses to the User, and that the User will process the Data as a separate and independent controller strictly for the Permitted Purpose. In no event will the Parties process the Data as joint controllers. 3.3. The User shall not disseminate the Data in its raw or unaggregated form nor make it available to any third party. 3.4. The User shall notify TRAFFIC and await the express permission of TRAFFIC before publishing any output that makes use of the Data, and shall ensure that all resultant analyses are aggregated and the Data anonymised when used externally. 3.5. Each Party shall be individually and separately responsible for complying with the obligations that apply to it as a controller under Applicable Data Protection Law. In particular (and without limitation): (a) TRAFFIC shall be responsible for complying with all necessary transparency and lawfulness requirements under Applicable Data Protection Law in order to disclose the Data to the User to process for the Permitted Purpose; and (b) The User shall be separately and independently responsible for complying with Applicable Data Protection Law in respect of its processing of Data it receives from TRAFFIC. 3.6. The User will implement all appropriate technical and organisational measures, including but not limited to adequate authentication, authorisation and access control, to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a "Security Incident"). 3.7. The User shall ensure that any person it authorises to process the Data shall be subject to statutory or contractual obligations to treat such Data as confidential. 3.8. The User shall have in place policies (a) that explain procedures for complying with the data protection principles of the GDPR; and (b) for retention and destruction of personal data (including timescales for such retention and destruction). On reasonable request, the User shall make these policies available to be inspected by TRAFFIC. 3.9. With the express written permission of TRAFFIC, the User may, at its election, appoint third party processors to process Data for the Permitted Purpose, provided that such processors: (a) agree in writing to process Data in accordance with the User's documented instructions; (b) implement appropriate technical and organisational security measures to protect the Data against a Security Incident; and (c) otherwise provide sufficient guarantees that they will process the Data in a manner that will meet the requirements of Applicable Data Protection Law. 3.10. In the event that the User receives any correspondence, enquiry or complaint from a data subject, regulator or other third party ("Correspondence") related to (a) the disclosure of the Data by TRAFFIC to the User; or (b) processing of Data by the User, it shall promptly inform TRAFFIC giving full details of the same, and the Parties shall cooperate reasonably and in good faith in order to respond to the Correspondence in accordance with any requirements under Applicable Data Protection Law.

Data Sharing Provisions. 3.1. The User acknowledges that the data disclosed to the User by TRAFFIC (the "Data"), including the personal data described at Appendix II, shall be processed strictly for the Permitted Purpose as described in this Agreement (or as otherwise agreed in writing by the Parties). 3.2. The Parties acknowledge that TRAFFIC is a controller of the Data it discloses to the User, and that the User will process the Data as a separate and independent controller strictly for the Permitted Purpose. In no event will the Parties process the Data as joint controllers. 3.3. The User shall not disseminate the Data in its raw or unaggregated form nor make it available to any third party. 3.4. The User shall notify TRAFFIC and await the express permission of TRAFFIC before publishing any output that makes use of the Data, and shall ensure that all resultant analyses are aggregated and the Data anonymised when used externally. 3.5. Each Party shall be individually and separately responsible for complying with the obligations that apply to it as a controller under Applicable Data Protection Law. In particular (and without limitation): (a) TRAFFIC shall be responsible for complying with all necessary transparency and lawfulness requirements under Applicable Data Protection Law in order to disclose the Data to the User to process for the Permitted Purpose; and (b) The User shall be separately and independently responsible for complying with Applicable Data Protection Law in respect of its processing of Data it receives from TRAFFIC. 3.6. The User will implement all appropriate technical and organisational measures, including but not limited to adequate authentication, authorisation and access control, to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a "Security Incident"). 3.7. The User shall ensure that any person it authorises to process the Data shall be subject to statutory or contractual obligations to treat such Data as confidential. 3.8. The User shall have in place policies (a) that explain procedures for complying comply with the data protection principles of the GDPR; and (b) for retention and destruction shall not retain any of personal data (including timescales for such retention and destruction). On reasonable request, the User shall make these policies available Data longer than is necessary to be inspected by TRAFFICfulfil the Permitted Purpose. 3.9. With the express written permission of TRAFFIC, the User may, at its election, appoint third party processors to process Data for the Permitted Purpose, provided that such processors: (a) agree in writing to process Data in accordance with the User's documented instructions; (b) implement appropriate technical and organisational security measures to protect the Data against a Security Incident; and (c) otherwise provide sufficient guarantees that they will process the Data in a manner that will meet the requirements of Applicable Data Protection Law. 3.10. In the event that the User receives any correspondence, enquiry or complaint from a data subject, regulator or other third party ("Correspondence") related to (a) the disclosure of the Data by TRAFFIC to the User; or (b) processing of Data by the User, it shall promptly inform TRAFFIC giving full details of the same, and the Parties shall cooperate reasonably and in good faith in order to respond to the Correspondence in accordance with any requirements under Applicable Data Protection Law.