Common use of Joint Controllers Clause in Contracts

Joint Controllers. 2.1 The BID Company acknowledges that the Council is under no obligation to transfer any Personal Data to the BID Company. Any such transfers will be made by the Council as a good- will gesture. 2.2 Each Party shall be responsible for its own obligations as a Controller under the Data Protection Legislation. 2.3 Each Party shall perform or receive the Services in compliance with the Data Protection Legislation. 2.4 The subject matter, duration, nature, and purpose of Processing of Personal Data by and on behalf of the Parties under this Agreement is detailed in Annex A below. 2.5 Each Party shall: 2.4.1 maintain its own records of processing under Article 30 of the UK GDPR; 2.4.2 be responsible for determining its data security obligations, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data, as well as the risks of varying likelihood and severity to the rights and freedoms of the DataSubjects; 2.4.3 implement appropriate Protective Measures to protect the Personal Data against unauthorised or unlawful Processing and accidental destruction or loss; and 2.4.4 ensure the protection of the rights of the Data Subject, in such a manner that the Processing will meet the requirements of the Data Protection Legislation where Personal Data have been transmitted by it, or while the Personal Data are in its possession or control.

Joint Controllers. 2.1 The BID Company acknowledges that the Council is under no obligation to transfer any Personal Data to the BID Company. Any such transfers will be made by the Council as a good- good­ will gesture. 2.2 Each Party shall be responsible for its own obligations as a Controller under the Data Protection Legislation. 2.3 Each Party shall perform or receive the Services in compliance with the Data Protection Legislation. 2.4 The subject matter, duration, nature, and purpose of Processing of Personal Data by and on behalf of the Parties under this Agreement is detailed in Annex A below. 2.5 Each Party shall: 2.4.1 maintain its own records of processing under Article 30 of the UK GDPR; 2.4.2 be responsible for determining its data security obligations, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data, as well as the risks of varying likelihood and severity to the rights and freedoms of the DataSubjects; 2.4.3 implement appropriate Protective Measures to protect the Personal Data against unauthorised or unlawful Processing and accidental destruction or loss; and 2.4.4 ensure the protection of the rights of the Data Subject, in such a manner that the Processing will meet the requirements of the Data Protection Legislation where Personal Data have been transmitted by it, or while the Personal Data are in its possession or control.