Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers. 1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised by the data subject. 2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed. 3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter. 4. Security and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller. 5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organisations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority. 6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II. 7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes.
Appears in 3 contracts
Sources: Data Protection Addendum, Data Transfer Agreement, Data Transfer Agreement
Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.. ANNEX A to the Data Transfer Agreement
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised authorized by the data subjectData Subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporterData Exporter.
4. Security and confidentiality: Technical and organisational organizational security measures must be taken by the data controller organization that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controllerorganization, including a processor, must not process the data except on instructions from the data controllerData Exporter.
5. Rights of access, rectification, deletion correction and objection: As provided in Article 12 of Directive 95/46/ECunder the PDPA, data subjects Data Subjects must, whether directly or via a third party, be provided with the personal information Personal Information about them that an organisation organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporterData Exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer Data Importer or other organisations organizations dealing with the data importer Data Importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subjectData Subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information Personal Information about them rectified, amended, or deleted amended where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation organization may require further justifications before proceeding to rectification, amendment or deletionamendment. Notification of any rectification, amendment or deletion to third parties to whom the data have has been disclosed need not be made when this involves a disproportionate effort. A data subject Data Subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are is processed for the purposes of direct marketing, effective procedures should exist allowing the data subject Data Subject at any time to “"opt-out” " from having his data used for such purposes.
Appears in 2 contracts
Sources: Appgallery Connect Service Agreement, Appgallery Connect Service Agreement
Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised by the data subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation rela- tion to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfertrans- fer), unless such information has already been given by the data exporter.
4. Security and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controllercontrol- ler, including a processor, must not process the data except on instructions from the data controller.
5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive Di- rective 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive repet- itive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organisations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual individ- ual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment amend- ment or deletion. Notification of any rectification, amendment or deletion to third parties par- ties to whom the data have been disclosed need not be made when this involves a disproportionate dis- proportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes.
Appears in 2 contracts
Sources: Joint Controllership Arrangement, Joint Controllership Arrangement
Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause Clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.. DATA PROCESSING PRINCIPLES
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised authorized by the data subjectData Subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporterData Exporter.
4. Security and confidentiality: Technical and organisational organizational security measures must be taken by the data controller organization that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controllerorganization, including a processor, must not process the data except on instructions from the data controllerData Exporter.
5. Rights of access, rectification, deletion correction and objection: As provided in Article 12 of Directive 95/46/ECunder the PDPA, data subjects Data Subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporterData Exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer Data Importer or other organisations organizations dealing with the data importer Data Importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subjectData Subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them the rectified, amended, or deleted amended where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation organization may require further justifications before proceeding to rectification, amendment or deletionamendment. Notification of any rectification, amendment or deletion to third parties to whom the data have has been disclosed need not be made when this involves a disproportionate effort. A data subject Data Subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are is processed for the purposes of direct marketing, effective procedures should exist allowing the data subject Data Subject at any time to “"opt-out” " from having his data used for such purposes.
Appears in 2 contracts
Sources: Agreement on Use of Huawei Apis, Agreement on Use of Huawei Apis
Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. D. The parties agree that Annex B D may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B D may, in the alternative, be drafted to cover multiple transfers.
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B D or subsequently authorised authorized by the data subjectData Subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporterData Exporter.
4. Security and confidentiality: Technical and organisational organizational security measures must be taken by the data controller organization that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controllerorganization, including a processor, must not process the data except on instructions from the data controllerData Exporter.
5. Rights of access, rectification, deletion correction and objection: As provided in Article 12 of Directive 95/46/ECunder the PDPA, data subjects Data Subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporterData Exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer Data Importer or other organisations organizations dealing with the data importer Data Importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subjectData Subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them the rectified, amended, or deleted amended where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation organization may require further justifications before proceeding to rectification, amendment rectification or deletionamendment. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject Data Subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject Data Subject at any time to “"opt-out” " from having his data used for such purposes.
Appears in 1 contract
Sources: Advertising Services Agreement
Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.. ANNEX A to the Data Transfer Agreement
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised authorized by the data subjectData Subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporterData Exporter.
4. Security and confidentiality: Technical and organisational organizational security measures must be taken by the data controller organization that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controllerorganization, including a processor, must not process the data except on instructions from the data controllerData Exporter.
5. Rights of access, rectification, deletion correction and objection: As provided in Article 12 of Directive 95/46/ECunder the PDPA, data subjects Data Subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporterData Exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer Data Importer or other organisations organizations dealing with the data importer Data Importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subjectData Subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted amended where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation organization may require further justifications before proceeding to rectification, amendment or deletionamendment. Notification of any rectification, amendment or deletion to third parties to whom the data have has been disclosed need not be made when this involves a disproportionate effort. A data subject Data Subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are is processed for the purposes of direct marketing, effective procedures should exist allowing the data subject Data Subject at any time to “"opt-out” " from having his data used for such purposes.
Appears in 1 contract
Description of the Transfer. The details of the transfer and of the personal data are is specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause Clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.. DATA PROCESSING PRINCIPLES
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised authorized by the data subjectData Subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporterData Exporter.
4. Security and confidentiality: Technical and organisational organizational security measures must be taken by the data controller organization that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controllerorganization, including a processor, must not process the data except on instructions from the data controllerData Exporter.
5. Rights of access, rectification, deletion correction and objection: As provided in Article 12 of Directive 95/46/ECunder the PDPA, data subjects Data Subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporterData Exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer Data Importer or other organisations organizations dealing with the data importer Data Importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subjectData Subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them the rectified, amended, or deleted amended where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation organization may require further justifications before proceeding to rectification, amendment or deletionamendment. Notification of any rectification, amendment or deletion to third parties to whom the data have has been disclosed need not be made when this involves a disproportionate effort. A data subject Data Subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are is processed for the purposes of direct marketing, effective procedures should exist allowing the data subject Data Subject at any time to “"opt-out” " from having his data used for such purposes.
Appears in 1 contract
Sources: Huawei Health Kit Service Agreement
Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised by the data subject.
2▇. Data ▇▇▇▇ quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.
4▇. Security ▇▇▇▇▇▇▇▇ and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.
5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organisations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7▇. Data ▇▇▇▇ used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-opt- out” from having his data used for such purposes.
Appears in 1 contract
Sources: Consortium Agreement
Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. D. The parties agree that Annex B D may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may▇▇▇▇▇ ▇ ▇▇▇, in the alternative, be drafted to cover multiple transfers.
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B D or subsequently authorised authorized by the data subjectData Subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporterData Exporter.
4. Security and confidentiality: Technical and organisational organizational security measures must be taken by the data controller organization that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controllerorganization, including a processor, must not process the data except on instructions from the data controllerData Exporter.
5. Rights of access, rectification, deletion correction and objection: As provided in Article 12 of Directive 95/46/ECunder the PDPA, data subjects Data Subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporterData Exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer Data Importer or other organisations organizations dealing with the data importer Data Importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subjectData Subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would work be violated. Data subjects must be able to have the personal information about them the rectified, amended, or deleted amended where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation organization may require further justifications before proceeding to rectification, amendment or deletionamendment. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject Data Subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject Data Subject at any time to “opt-out” from having his data used for such purposes.
Appears in 1 contract
Sources: Advertising Services Agreement
Description of the Transfer. The details of the transfer and of the personal data are is specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e▇▇▇▇▇▇ ▇(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers.
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised authorized by the data subjectData Subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporterData Exporter.
4. Security and confidentiality: Technical and organisational organizational security measures must be taken by the data controller organization that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controllerorganization, including a processor, must not process the data except on instructions from the data controllerData Exporter.
5. Rights of access, rectification, deletion correction and objection: As provided in Article 12 of Directive 95/46/ECunder the PDPA, data subjects Data Subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporterData Exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer Data Importer or other organisations organizations dealing with the data importer Data Importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subjectData Subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them the rectified, amended, or deleted amended where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation organization may require further justifications before proceeding to rectification, amendment or deletionamendment. Notification of any rectification, amendment or deletion to third parties to whom the data have has been disclosed need not be made when this involves a disproportionate effort. A data subject Data Subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are is processed for the purposes of direct marketing, effective procedures should exist allowing the data subject Data Subject at any time to “"opt-out” " from having his data used for such purposes.
Appears in 1 contract
Sources: Huawei Health Kit Service Agreement
Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. The parties agree that Annex B may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B may, in the alternative, be drafted to cover multiple transfers. Dated: same as the Agreement. In the event that this Schedule 2 has been accepted, or deemed to be accepted, by the Client after the start date of the Agreement, this Schedule 2 shall be deemed to have started at the same time as the Agreement, with retroactive effect.
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B or subsequently authorised by the data subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporter.
4. Security and confidentiality: Technical and organisational security measures must be taken by the data controller that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, presented by the processing. Any person acting under the authority of the data controller, including a processor, must not process the data except on instructions from the data controller.
5. Rights of access, rectification, deletion and objection: As provided in Article 12 of Directive 95/46/EC, data subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer or other organisations dealing with the data importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would be violated. Data subjects must be able to have the personal information about them rectified, amended, or deleted where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation may require further justifications before proceeding to rectification, amendment or deletion. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject at any time to “opt-out” from having his data used for such purposes.
Appears in 1 contract
Sources: End User License Agreement
Description of the Transfer. The details of the transfer and of the personal data are specified in Annex B. D. The parties agree that Annex B D may contain confidential business information which they will not disclose to third parties, except as required by law or in response to a competent regulatory or government agency, or as required under clause I(e). The parties may execute additional annexes to cover additional transfers, which will be submitted to the authority where required. Annex B D may, in the alternative, be drafted to cover multiple transfers.
1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Annex B D or subsequently authorised authorized by the data subjectData Subject.
2. Data quality and proportionality: Personal data must be accurate and, where necessary, kept up to date. The personal data must be adequate, relevant and not excessive in relation to the purposes for which they are transferred and further processed.
3. Transparency: Data subjects must be provided with information necessary to ensure fair processing (such as information about the purposes of processing and about the transfer), unless such information has already been given by the data exporterData Exporter.
4. Security and confidentiality: Technical and organisational organizational security measures must be taken by the data controller organization that are appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, unauthorised unauthorized disclosure or access, presented by the processing. Any person acting under the authority of the data controllerorganization, including a processor, must not process the data except on instructions from the data controllerData Exporter.
5. Rights of access, rectification, deletion correction and objection: As provided in Article 12 of Directive 95/46/ECunder the PDPA, data subjects Data Subjects must, whether directly or via a third party, be provided with the personal information about them that an organisation organization holds, except for requests which are manifestly abusive, based on unreasonable intervals or their number or repetitive or systematic nature, or for which access need not be granted under the law of the country of the data exporterData Exporter. Provided that the authority has given its prior approval, access need also not be granted when doing so would be likely to seriously harm the interests of the data importer Data Importer or other organisations organizations dealing with the data importer Data Importer and such interests are not overridden by the interests for fundamental rights and freedoms of the data subjectData Subject. The sources of the personal data need not be identified when this is not possible by reasonable efforts, or where the rights of persons other than the individual would work be violated. Data subjects must be able to have the personal information about them the rectified, amended, or deleted amended where it is inaccurate or processed against these principles. If there are compelling grounds to doubt the legitimacy of the request, the organisation organization may require further justifications before proceeding to rectification, amendment or deletionamendment. Notification of any rectification, amendment or deletion to third parties to whom the data have been disclosed need not be made when this involves a disproportionate effort. A data subject Data Subject must also be able to object to the processing of the personal data relating to him if there are compelling legitimate grounds relating to his particular situation. The burden of proof for any refusal rests on the data importer, and the data subject may always challenge a refusal before the authority.
6. Sensitive data: The data importer shall take such additional measures (e.g. relating to security) as are necessary to protect such sensitive data in accordance with its obligations under clause II.
7. Data used for marketing purposes: Where data are processed for the purposes of direct marketing, effective procedures should exist allowing the data subject Data Subject at any time to “opt-out” from having his data used for such purposes.
Appears in 1 contract
Sources: Advertising Services Agreement