Independent Controllers of Personal Data Sample Clauses

Independent Controllers of Personal Data. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller.

Independent Controllers of Personal Data. In the event that the Parties are Independent Controllers in respect of Personal Data under the Contract, the terms set out in Error! Reference source not found. Error! Reference source not found. of Annex 1 – Processing Personal Data shall apply to this Contract.

Independent Controllers of Personal Data. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller. Each Party shall Process the Personal Data in compliance with its obligations under the Data Protection Legislation and not do anything to cause the other Party to be in breach of it. Where a Party has provided Personal Data to the other Party in accordance with paragraph 7 of this Fourth Schedule, the recipient of the Personal Data will provide all such relevant documents and information relating to its data protection policies and procedures as the other Party may reasonably require. The Parties shall be responsible for their own compliance with Articles 13 and 14 GDPR in respect of the Processing of Personal Data for the purposes of this Agreement. The Parties shall only provide Personal Data to each other: to the extent necessary to perform their respective obligations under this Agreement; in compliance with the Data Protection Legislation (including by ensuring all required data privacy information has been given to affected Data Subjects to meet the requirements of Articles 13 and 14 of the GDPR); and where it has recorded it in Annex 1 (Processing Personal Data). Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party shall, with respect to its Processing of Personal Data as Independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation, including Article 32 of the GDPR.

Independent Controllers of Personal Data. In the event that the Parties are Independent Controllers in respect of Personal Data under the Contract, the terms set out in Error: Reference source not found Error: Reference source not found of Annex 1 – Processing Personal Data shall apply to this Contract. Each Party must: keep all Confidential Information it receives confidential and secure; not disclose, use or exploit the disclosing Party's Confidential Information without the disclosing Party's prior written consent, except for the purposes anticipated under the Contract; and immediately notify the disclosing Party if it suspects unauthorised access, copying, use or disclosure of the Confidential Information. In spite of clause 15.1, a Party may disclose Confidential Information which it receives from the disclosing Party in any of the following instances: where disclosure is required by applicable Law if the recipient Party notifies the disclosing Party of the full circumstances, the affected Confidential Information and extent of the disclosure; if the recipient Party already had the information without obligation of confidentiality before it was disclosed by the disclosing Party; if the information was given to it by a third party without obligation of confidentiality; if the information was in the public domain at the time of the disclosure; if the information was independently developed without access to the disclosing Party's Confidential Information; on a confidential basis, to its auditors or for the purposes of regulatory requirements; on a confidential basis, to its professional advisers on a need-to-know basis; and to the Serious Fraud Office where the recipient Party has reasonable grounds to believe that the disclosing Party is involved in activity that may be a criminal offence under the Bribery Act 2010. The Supplier may disclose Confidential Information on a confidential basis to Supplier Staff on a need-to-know basis to allow the Supplier to meet its obligations under the Contract. The Supplier shall remain responsible at all times for compliance with the confidentiality obligations set out in this Contract by the persons to whom disclosure has been made. The Buyer may disclose Confidential Information in any of the following cases: on a confidential basis to the employees, agents, consultants and contractors of the Buyer; on a confidential basis to any Crown Body, any successor body to a Crown Body or any company that the Buyer transfers or proposes to transfer all or any part o...

Independent Controllers of Personal Data. The Party acknowledge that they are Independent Controllers for the purposes of the Data Protection Legislation in respect of: ● Business contact details of Supplier Personnel for which the Supplier is the Controller, ● Business contact details of any directors, officers, employees, agents, consultants and contractors of Buyer (excluding the Supplier Personnel) engaged in the performance of the Buyer’s duties under the Buyer Agreement) for which Buyer is the Controller, ● [Insert the scope of other Personal Data provided by one Party who is Controller to the other Party who will separately determine the nature and purposes of its Processing the Personal Data on receipt e.g. where (1) the Supplier has professional or regulatory obligations in respect of Personal Data received, (2) a standardised service is such that the Buyer cannot dictate the way in which Personal Data is processed by the Supplier, or (3) where the Supplier comes to the transaction with Personal Data for which it is already Controller for use by the Buyer] [Guidance where multiple relationships have been identified above, please address the below rows in the table for in respect of each relationship identified] Duration of the Processing [Clearly set out the duration of the Processing including dates] Nature and purposes of the Processing [Please be as specific as possible, but make sure that you cover all intended purposes. The nature of the Processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means) etc. The purpose might include employment Processing, statutory obligation, recruitment assessment etc.] Type of Personal Data [Examples here include name, address, date of birth, NI number, telephone number, pay, images, biometric data etc.] Categories of Data Subject [Examples include: Staff (including volunteers, agents, and temporary Workers), customers/ clients, Suppliers, patients, students / pupils, members of the public, users of a particular website etc.]

Independent Controllers of Personal Data. 17. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller. 18. Each Party shall Process the Personal Data in compliance with its obligations under the Data Protection Legislation and not do anything to cause the other Party to be in breach of it. 19. Where a Party has provided Personal Data to the other Party in accordance with paragraph 7 of this Annex B above, the recipient of the Personal Data will provide all such relevant documents and Information relating to its data protection policies and procedures as the other Party may reasonably require. 20. The Parties shall be responsible for their own compliance with Articles 13 and 14 UK GDPR in respect of the Processing of Personal Data for the purposes of the SEDPS Agreement. 21. The Supplier shall indemnify National Highways against any Losses, damages, cost or expenses incurred by National Highways arising from, or in connection with, any breach of the Supplier’s obligations under Part 3 of this Annex B 22. The provisions of Part 3 of this Annex B shall apply during the continuance of the

Independent Controllers of Personal Data. The Parties acknowledge that they are Independent Controllers for the purposes of the Data Protection Legislation in respect of: ● Business contact details of Supplier Personnel for which the Supplier is the Controller, ● Business contact details of any directors, officers, employees, agents, consultants and contractors of Relevant Authority (excluding the Supplier Personnel) engaged in the performance of the Relevant Authority’s duties under the Contract) for which the Relevant Authority is the Controller, ● [Insert the scope of other Personal Data provided by one Party who is Controller to the other Party who will separately determine the nature and purposes of its Processing the Personal Data on receipt e.g. where (1) the Supplier has professional or regulatory obligations in respect of Personal Data received, (2) a standardised service is such that the Relevant Authority cannot dictate the way in which Personal Data is processed by the Supplier, or (3) where the Supplier comes to the transaction with Personal Data for which it is already Controller for use by the Relevant Authority] [Guidance where multiple relationships have been identified above, please address the below rows in the table for in respect of each relationship identified] Duration of the Processing The duration of the Processing shall be contained to the term of the contract which begins on 16/10/23 and ends on 15/10/26 unless the optional extensions 2 x 12 months are enacted and therefore the end date will be extended to 16/10/27 or 15/10/28. Nature and purposes of the Processing [Please be as specific as possible, but make sure that you cover all intended purposes. The nature of the Processing means any operation for delivering Managed Print Services to the NDA Group Type of Personal Data ● The names of HP Inc UK and Apogee Corporation Staff ● The personal/home address of HP Inc UK and Apogee Corporation Staff ● HP / Apogee staff work email addresses ● HP / Apogee staff work telephone numbers ● NDA Group - The Names, Job Titles, Work Email Addresses & Work Telephone Numbers Categories of Data Subject Staff (including volunteers, agents, and temporary workers) Plan for return and destruction of the data once the Processing is complete Unless requirement under Union or Member State law to preserve that type of data Data will be retained for the duration of the contract and will be returned or destroyed at the end of the contract, as indicated by the client at the time of contract termin...

Independent Controllers of Personal Data. 2.1 With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller and with the following clauses of Paragraph 2 of this Part D of Appendix 1. 2.2 Each Party shall Process the Personal Data in compliance with its obligations under the Data Protection Legislation and not do anything to cause the other Party to be in breach of it. 2.3 Where a Party has provided Personal Data to the other Party in accordance with Paragraph 2.2 of this Part D of Appendix 1 above, the recipient of the Personal Data will provide all such relevant documents and information relating to its data protection policies and procedures as the other Party may reasonably require. 2.4 The Parties shall be responsible for their own compliance with Articles 13 and 14 UK GDPR in respect of the Processing of Personal Data for the purposes of the Contract. 2.5 The Parties shall only provide Personal Data to each other: to the extent necessary to perform their respective obligations under the Contract; in compliance with the Data Protection Legislation (including by ensuring all required data privacy information has been given to affected Data Subjects to meet the requirements of Articles 13 and 14 of the UK GDPR); and where it has recorded it in the table in Paragraph 1 of this Part D of Appendix 1. 2.6 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party shall, with respect to its Processing of Personal Data as Independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the UK GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation, including Article 32 of the UK GDPR.

Independent Controllers of Personal Data. The Parties acknowledge that they are Independent Controllers for the purposes of the Data Protection Legislation in respect of: • Business contact details of Supplier Personnel, • Business contact details of any directors, officers, employees, agents, consultants and contractors of the Buyer (excluding the Supplier Personnel) engaged in the performance of the Buyer’s duties under this Contract. • [Insert the scope of other Personal Data provided by one Party who is Data Controller to the other Party who will separately determine the nature and purposes of its processing the Personal Data on receipt. e.g. where (1) the Supplier has professional or regulatory obligations in respect of Personal Data received, (2) a standardised service is such that the Buyer cannot dictate the way in which Personal Data is processed by the Supplier, or (3) where the Supplier comes to the transaction with Personal Data for which it is already Controller for use by the Buyer] Duration of the processing [Clearly set out the duration of the processing including dates] Nature and purposes of the processing [Please be as specific as possible, but make sure that you cover all intended purposes. The nature of the processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means) etc. The purpose might include: employment processing, statutory obligation, recruitment assessment etc.] Type of Personal Data [Examples here include: name, address, date of birth, NI number, telephone number, pay, images, biometric data etc.] Categories of Data Subject [Examples include: Staff (including volunteers, agents, and temporary workers), customers/ clients, suppliers, patients, students / pupils, members of the public, users of a particular website etc.] Plan for return and destruction of the data once the processing is complete UNLESS requirement under union or member state law to preserve that type of data [Describe how long the data will be retained for, how it be returned or destroyed]