OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will: 4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company from time to time; 4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator Agreement and “Annexure A”, read together with the Agreement. 4.1.3 only disclose, transfer and / or hand over the Personal Information to those person(s) identified under item of Annexure A; 4.1.4 save for the provisions housed under clause 4.1.3, treat the Personal Information as confidential and not disclose the Personal Information to any other person unless required by law and only once it has provided the Company with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “B”; 4.1.5 has and will continue to have in place, appropriate technical and Organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which in addition, provides a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “C”; 4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person; 4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions; 4.1.8 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69; 4.1.9 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company; 4.1.10 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information; 4.1.11 where it is allowed to transfer the Personal Information onwards as per Annexure “A” to any third party, known as a Sub Operator, for the purposes of performing its mandate, ensure that such party concludes a “Sub Operator agreement” with it and the Company which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub operator agreement will house the same terms and conditions as contained in this Operator Agreement, and which shall be concluded before the Personal Information is transferred to the Sub operator. 4.1.12 ensure that any person acting under the authority of the Operator, including any employee or sub operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement, read together with the Agreement and in particular the Sub Operator Agreement, where applicable. 4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator Agreement. 4.3 The Company, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 2 contracts
Sources: Operator Agreement, Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified persons who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and handover the Personal Information to third parties where under any other person unless specific instructions as issued by the Company in writing or where required by law and law. The disclosure, transfer or handover of Personal Information should only once it be done after the Operator has provided the Company with adequate warning of this requirement to disclose and the related details thereof, including . Details provided to the Company should include the identity of the person or legal entity who is to receive the Personal Information, the reason for the disclosure and confirmation that the person or legal entity to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked “Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organisational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which in addition, provides . This should include Industry Best Practices that provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which protected. The safeguards must comply with the requirements set out under POPIA, which measures are POPIA and be in line with the requirements described under the attached the Company Security Service Level Requirements, marked “Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do so as described under Annexure “A”, read together with the Agreement, and when per its mandate. When conducting such activity activity, the Operator must ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69Section 69 of the Act;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging acknowledges that it has been tasked with processing the Personal Information in its capacity as the Company’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing recording the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards as per Annexure “A” to any third party, known as make use of a Sub Sub-Operator, for the purposes of performing its mandate, ensure that such party concludes a “Sub Sub-Operator agreement” with it and the Company , which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub operator agreement . Sub- Operator agreements will house the same terms and conditions as contained in this Operator Agreement, Agreement / Addendum and which shall must be concluded before the Personal Information is transferred to the Sub operator.Sub-Operator;
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub operatorSub-Operator, shall be obligated to process the Personal Information only on instructions instruction from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Sub-Operator Agreement, where applicable;
4.1.12 notify the Company immediately where it has reasonable grounds to believe that the Personal Information that has been provided to it has been lost, destroyed, or accessed or acquired by any unauthorised person. In such event, the Operator must immediately make available to the Company the details of the Personal Information Breach; comply with all instructions and directions given by the Company; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information compromised, co-operate fully with the Company in relation to any notifications made by the Company to any regulator, Data Subjects, or any other person; and co-operate fully with the Company in relation to any investigations that the Company or any regulator may initiate or which may be initiated by an investigator or other authority;
4.1.13 provide to the Company, and where applicable and with permission from the Company, provide to any investigators and regulators or authorities, with all assistance and co- operation requested in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of the Company;
4.1.14 On request, provide all information, data and materials required by the Company to confirm its compliance with obligations in this Agreement / Addendum. The information shall be provided at no additional cost. The information shall be provided to the Company promptly and within 5 (five) business days of the request or within the period prescribed by the Information Regulator or any regulatory body. If the Company or the Operator, as the case may be, is unable to provide or receive the information within this period, then such information will be provided within a period as agreed as between the parties, but in all events as soon as is practically possible;
4.1.15 comply with all reasonable directions and instructions that may be given by the Company regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions that are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deemed reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The Company, Company in order to ascertain compliance with the warranties and undertakings housed recorded under this Operator AgreementAgreement / Addendum, will have the right right, on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed required for the required review, audit and / or and/or independent or impartial inspection and the inspection. The Operator undertakes to provide all necessary assistance which that may be needed required to give effect to this rightrequirement.
Appears in 2 contracts
Sources: Operator Agreement / Addendum, Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 4.1. The Operator expressly warrants and undertakes that it will:
4.1.1 4.1.1. process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement with: - this Agreement/Addendum mandate, - read together with “Annexure A” ▇▇▇▇▇▇▇▇ ▇, - any agreement concluded between the Operator and the Company, and - any specific written instructions provided to it by the Company from time to time;
4.1.2 4.1.2. process Personal Information strictly in accordance with POPIA and the POPIA processing conditions and further comply with all reasonable directions and instructions that may be given by the Company regarding the processing of the Personal Information in terms of the Agreement/Addendum. The parties agree that any directions or instructions required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation shall be deemed reasonable;
4.1.3. not use the Personal Information for any other purpose, save for the purpose set out under this Operator Agreement and “Annexure A”, read together with of processing Personal Information as per the Agreement./Addendum;
4.1.3 4.1.4. treat the Personal Information as confidential and only disclose, transfer and / or hand over the Personal Information to those person(spersons(s) identified employed by it and who need to process the Personal Information in accordance with the mandate to process as an Operator and /or in terms of the Agreement/Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for the provisions housed under 4.1.5. in addition to clause 4.1.34.1.4, treat the Personal Information as confidential and not disclose the Personal Information to any other person third parties unless required by law and only once it has provided the Company with adequate warning of this requirement to disclose and the related details thereof, including . Details provided to the Company should include the identity of the person person/legal entity who is to receive the Personal Information, ; the reason for the disclosure disclosure; and confirmation that the person person/legal entity to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto hereto, marked Annexure “B”;
4.1.5 4.1.6. ensure that it has and will continue to have in place, appropriate technical and Organizational organisational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which . This should be in addition, accordance with Best Industry Practice that provides a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which protected. The safeguards must comply with the requirements set out under POPIA, which measures are POPIA and be in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “C”;
4.1.6 4.1.7. promptly and without undue delay notify the Company immediately where if any Personal Information is lost or destroyed or becomes damaged, corrupted, or unusable. The Operator will restore such Personal Information at its own expense;
4.1.8. without undue delay notify the Company if it has reasonable grounds becomes aware of any reason to believe that there was an occurrence of any accidental, unauthorised or unlawful processing of the Personal Information, which has been provided to it, including ; or any Personal Information which it has processedBreach and in such case without undue delay, has been lostalso provide the Company with the following information:
(a) description of the nature of any accidental, destroyedunauthorised or unlawful processing of the Personal Information; or
(b) any Personal Information Breach (including the categories and approximate number of both Data Subjects and Personal Information records concerned the likely consequences; and
(c) description of the measures taken, or accessed proposed to be taken to address any accidental, unauthorised or acquired by unlawful processing of the Personal Information; or
(d) any Personal Information Breach including measures to mitigate its possible adverse effects.;
4.1.9. immediately, following any unauthorised personor unlawful Personal Information processing or Personal Information Breach, ensure that it co-ordinates and co-operates with the Company’s handling of the matter, including:
(a) assisting with any investigation;
4.1.7 process (b) providing the Company with physical access to any facilities and operations affected;
(c) facilitating interviews with the Operator employees, former employees and others involved in the matter;
(d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by the Company; and
(e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Information strictly Breach or unlawful Personal Information processing.
(f) to not inform any third party of any Personal Information Breach without first obtaining the Company’s prior written consent, except when required to do so by law.
(g) agrees that the Company has the sole right to determine: (a) whether to provide notice of the Personal Information Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in accordance the Company discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
(h) will cover all reasonable expenses associated with POPIA the performance of the obligations under clause this clause 4.1 unless the matter arose from the Company’s specific instructions, negligence, wilful default or breach of this Agreement / Addendum, in which case the Company will cover all reasonable expenses.
(i) will also reimburse the Company for actual reasonable expenses that the Company incurs when responding to a Personal Information Breach to the extent that the Operator caused such a Personal Information Breach, including all costs of notice and the POPIA processing conditions;any remedy.
4.1.8 4.1.10. not use the Personal Information for any direct marketing or advertising, research research, or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.11. not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company;
4.1.10 4.1.12. not sell, alienate alienate, or otherwise part with the Personal Information or any of the records housing the Personal Information, save with the Company’s prior written consent;
4.1.11 4.1.13. where it is allowed to transfer the Personal Information onwards as per Annexure “A” to any third party, known as a Sub Operator, for the purposes of performing its mandate, ensure that such party concludes conclude a “Sub Operator agreement” with it and the Company Sub Operator which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which . Sub operator agreement Operator agreements will house the same terms and conditions as contained in this Operator Agreement/Addendum, and which shall must be concluded before the Personal Information is transferred to the Sub operatorOperator.
4.1.12 4.1.14. ensure that any person acting under the authority of the Operator, including any employee or sub operatorSub Operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement/Addendum, read together with the Agreement and in particular the Sub Operator Agreement, where applicable.
4.2 4.2. The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator Agreement/Addendum.
4.3 4.3. The Company, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement/Addendum, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the inspection. The Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company RENTTECH SOUTH AFRICA (PTY) LTD from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by RENTTECH SOUTH AFRICA (PTY) LTD in writing from time to time or where required by law and only once it has provided the Company RENTTECH SOUTH AFRICA (PTY) LTD with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company RENTTECH SOUTH AFRICA (PTY) LTD Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyRENTTECH SOUTH AFRICA (PTY) LTD’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyRENTTECH SOUTH AFRICA (PTY) LTD;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company RENTTECH SOUTH AFRICA (PTY) LTD which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify RENTTECH SOUTH AFRICA (PTY) LTD immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to RENTTECH SOUTH AFRICA (PTY) LTD the details of the Personal Information Breach; comply with all instructions and directions given by RENTTECH SOUTH AFRICA (PTY) LTD; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable RENTTECH SOUTH AFRICA (PTY) LTD’s infrastructure; provide all information which may be requested by RENTTECH SOUTH AFRICA (PTY) LTD, co-operate fully with RENTTECH SOUTH AFRICA (PTY) LTD in relation to any notifications which may be made by RENTTECH SOUTH AFRICA (PTY) LTD to any regulator, Data Subjects, or any other person; and co-operate fully with RENTTECH SOUTH AFRICA (PTY) LTD in relation to any investigations that RENTTECH SOUTH AFRICA (PTY) LTD or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide RENTTECH SOUTH AFRICA (PTY) LTD with all assistance and co- operation requested by RENTTECH SOUTH AFRICA (PTY) LTD in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of RENTTECH SOUTH AFRICA (PTY) LTD.
4.1.14 provide, on request, all information, data and materials required by RENTTECH SOUTH AFRICA (PTY) LTD to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to RENTTECH SOUTH AFRICA (PTY) LTD promptly and in any event within 5 (five) business days of the request, provided that if RENTTECH SOUTH AFRICA (PTY) LTD is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by RENTTECH SOUTH AFRICA (PTY) LTD regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The CompanyRENTTECH SOUTH AFRICA (PTY) LTD, in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company Hatch from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by Hatch in writing from time to time or where required by law and only once it has provided the Company Hatch with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyHatch’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyHatch;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company Hatch which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify Hatch immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to Hatch the details of the Personal Information Breach; comply with all instructions and directions given by Hatch; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable its or Hatch’s infrastructure; and importantly provide all information which may be requested by Hatch and co-operate fully with Hatch in relation to any notifications which may be made by Hatch to any regulator, Data Subjects, or any other person; and co-operate fully with Hatch in relation to any investigations that Hatch or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide to Hatch, and where applicable and with permission from Hatch, provide to any investigators and regulators or authorities, with all assistance and co- operation requested in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of Hatch.
4.1.14 provide, on request, all information, data and materials required by Hatch to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to Hatch promptly and in any event within 5 (five) business days of the request, provided that if Hatch or the Operator as the case may be, is unable to provide or receive the information within this period, then such information will be provided within a period as agreed as between the parties, but in all events as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by Hatch regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The Company, Hatch in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right right, on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company ▇▇▇’▇ Compliance from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by ▇▇▇’▇ Compliance in writing from time to time or where required by law and only once it has provided the Company ▇▇▇’▇ Compliance with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company ▇▇▇’▇ Compliance Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company▇▇▇’▇ Compliance’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company▇▇▇’▇ Compliance;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement/Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company ▇▇▇’▇ Compliance which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator Agreement/Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement/Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify ▇▇▇’▇ Compliance immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to ▇▇▇’▇ Compliance the details of the Personal Information Breach; comply with all instructions and directions given by ▇▇▇’▇ Compliance; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable ▇▇▇’▇ Compliance’s infrastructure; provide all information which may be requested by ▇▇▇’▇ Compliance, co-operate fully with ▇▇▇’▇ Compliance in relation to any notifications which may be made by ▇▇▇’▇ Compliance to any regulator, Data Subjects, or any other person; and co-operate fully with ▇▇▇’▇ Compliance in relation to any investigations that ▇▇▇’▇ Compliance or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide ▇▇▇’▇ Compliance with all assistance and co-operation requested by ▇▇▇’▇ Compliance in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of ▇▇▇’▇ Compliance.
4.1.14 provide, on request, all information, data and materials required by ▇▇▇’▇ Compliance to confirm its compliance with its obligations in this Agreement/Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to ▇▇▇’▇ Compliance promptly and in any event within 5 (five) business days of the request, provided that if ▇▇▇’▇ Compliance is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by ▇▇▇’▇ Compliance regarding the processing of Personal Information in terms of the Agreement /Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The Company▇▇▇’▇ Compliance, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement/Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company West African International (Pty) Ltd from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by West African International (Pty) Ltd in writing from time to time or where required by law and only once it has provided the Company West African International (Pty) Ltd with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company West African International (Pty) Ltd Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company’s West African International (Pty) Ltd Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyWest African International (Pty) Ltd;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company West African International (Pty) Ltd which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub- operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub- operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub- operator Agreement, where applicable.
4.1.12 notify West African International (Pty) Ltd immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to West African International (Pty) Ltd the details of the Personal Information Breach; comply with all instructions and directions given by West African International (Pty) Ltd; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable West African International (Pty) Ltd’s infrastructure; provide all information which may be requested by West African International (Pty) Ltd, co-operate fully with West African International (Pty) Ltd in relation to any notifications which may be made by West African International (Pty) Ltd to any regulator, Data Subjects, or any other person; and co-operate fully with West African International (Pty) Ltd in relation to any investigations that West African International (Pty) Ltd or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide West African International (Pty) Ltd with all assistance and co-operation requested by West African International (Pty) Ltd in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of West African International (Pty) Ltd.
4.1.14 provide, on request, all information, data and materials required by West African International (Pty) Ltd to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to West African International (Pty) Ltd promptly and in any event within 5 (five) business days of the request, provided that if West African International (Pty) Ltd is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by West African International (Pty) Ltd regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The Company, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company Oceana from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator Agreement and “Annexure A”, read together with of processing the Personal Information as per Agreement./Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and / or in terms of the Agreement/Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and / or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by Oceana in writing from time to time or where required by law and only once it has provided the Company Oceana with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company Oceana Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyOceana’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyOceana;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub -operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement/Addendum, ensure that such party concludes a “Sub Operator sub operator agreement” with it and the Company Oceana which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub operator agreement will house the same terms and conditions as contained in this Operator Agreement/Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement/Addendum, read together with the Agreement and in particular the Sub Operator Agreement, where applicable.
4.1.12 notify Oceana immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to Oceana the details of the Personal Information Breach; comply with all instructions and directions given by Oceana; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable Oceana’s infrastructure; provide all information which may be requested by Oceana, co-operate fully with Oceana in relation to any notifications which may be made by Oceana to any regulator, Data Subjects, or any other person; and co-operate fully with Oceana in relation to any investigations that Oceana or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide Oceana with all assistance and co-operation requested by Oceana in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of Oceana.
4.1.14 provide, on request all information, data and materials required by Oceana to confirm its compliance with its obligations in this Agreement/Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to Oceana promptly and in any event within 5 (five) Business Days of the request, provided that if Oceana is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by Oceana regarding the processing of Personal Information in terms of the Agreement/Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator Agreement/Addendum.
4.3 The CompanyOceana, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement/Addendum, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company BMH from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by BMH in writing from time to time or where required by law and only once it has provided the Company BMH with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company BMH Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyBMH’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyBMH;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement/Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company BMH which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator Agreement/Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement/Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify BMH immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to BMH the details of the Personal Information Breach; comply with all instructions and directions given by BMH; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable BMH’s infrastructure; provide all information which may be requested by BMH, co-operate fully with BMH in relation to any notifications which may be made by BMH to any regulator, Data Subjects, or any other person; and co-operate fully with BMH in relation to any investigations that BMH or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide BMH with all assistance and co-operation requested by BMH in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of BMH.
4.1.14 provide, on request, all information, data and materials required by BMH to confirm its compliance with its obligations in this Agreement/Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to BMH promptly and in any event within 5 (five) business days of the request, provided that if BMH is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by BMH regarding the processing of Personal Information in terms of the Agreement /Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The Company, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by the Company in writing from time to time or where required by law and only once it has provided the Company with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub- operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to the Company the details of the Personal Information Breach; comply with all instructions and directions given by the Company; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable its or the Company’s infrastructure; and importantly provide all information which may be requested by the Company and co-operate fully with the Company in relation to any notifications which may be made by the Company to any regulator, Data Subjects, or any other person; and co-operate fully with the Company in relation to any investigations that the Company or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide to the Company, and where applicable and with permission from the Company, provide to any investigators and regulators or authorities, with all assistance and co-operation requested in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of the Company.
4.1.14 provide, on request, all information, data and materials required by the Company to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to the Company promptly and in any event within 5 (five) business days of the request, provided that if the Company or the Operator as the case may be, is unable to provide or receive the information within this period, then such information will be provided within a period as agreed as between the parties, but in all events as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by the Company regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The Company, Company in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right right, on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement this Agreement, read together with “Annexure A” Clause 3 above, and any specific written instructions provided to it by the Company from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator Agreement and “Annexure A”Clause 3, read together with the Agreementany further specific written instructions.
4.1.3 only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified under item of Annexure Anecessary to fulfil the purpose in Clause 3;
4.1.4 save for the provisions housed under clause 4.1.3, treat the Personal Information as confidential and not disclose the Personal Information to any other person unless required by law and only once it has provided the Company with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed agreed to comply with all requirements of POPIA and perform all its duties in terms of this agreement and the POPIA onwards transmission notice attached hereto marked Annexure “B”Privacy Policy of the Company;
4.1.5 has and will continue to have in place, appropriate technical and Organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which in addition, provides a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, which measures are in line with and the requirements described under Privacy Policy of the attached the Company Security Service Level Requirements, marked Annexure “C”Company;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under “Annexure “A”, read together with the Agreement, and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 6969 of the POPIA;
4.1.9 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company;
4.1.10 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 where it is allowed to transfer the Personal Information onwards as per Annexure “A” onwards, to any third party, known as a Sub Operator, for the purposes of performing its mandate, ensure that such party also concludes a “Sub Operator agreement” with it and the Company which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub operator agreement Operator Agreement will house the same terms and conditions as contained in this Operator Agreement, and which shall be concluded before the Personal Information is transferred to the Sub operator.
4.1.12 ensure that any person acting under the authority of the Operator, including any employee or sub operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement, read together with the Agreement and in particular the Sub Operator Agreementall relevant policies, where applicable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator Agreement.
4.3 The Company, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 4.1. The Operator expressly warrants and undertakes that it will:
4.1.1 4.1.1. process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company Eqstra from time to time;
4.1.2 4.1.2. not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement / Addendum;
4.1.3. treat the Personal Information as confidential and “Annexure A”, read together with the Agreement.
4.1.3 only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for 4.1.4. in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by Eqstra in writing from time to time or where required by law and only once it has provided the Company Eqstra with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 4.1.5. ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company Eqstra Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 4.1.6. process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7. not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8. not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyEqstra’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyEqstra;
4.1.10 4.1.9. not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10. where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company Eqstra which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11. ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.2 4.1.12. notify Eqstra immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately:
4.1.12.1. make available to Eqstra the details of the Personal Information Breach;
4.1.12.2. comply with all instructions and directions given by Eqstra;
4.1.12.3. take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable Eqstra’s infrastructure;
4.1.12.4. provide all information which may be requested by Eqstra, co-operate fully with Eqstra in relation to any notifications which may be made by Eqstra to any regulator, Data Subjects, or any other person; and
4.1.12.5. co-operate fully with Eqstra in relation to any investigations that Eqstra or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13. provide Eqstra with all assistance and co-operation requested by Eqstra in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of Eqstra.
4.1.14. provide, on request, all information, data and materials required by qstra to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to Eqstra promptly and in any event within 5 (five) business days of the request, provided that if Eqstra is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15. comply with all reasonable directions and instructions which may be given by Eqstra regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deemed reasonable.
4.2. The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The Company4.3. Eqstra, in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company Bidvest Buffalo Tapes from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by Bidvest Buffalo Tapes in writing from time to time or where required by law and only once it has provided the Company Bidvest Buffalo Tapes with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company Bidvest Buffalo Tapes Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyBidvest Buffalo Tapes ’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyBidvest Buffalo Tapes ;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement/Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company Bidvest Buffalo Tapes which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator Agreement/Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement/Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify Bidvest Buffalo Tapes immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to Bidvest Buffalo Tapes the details of the Personal Information Breach; comply with all instructions and directions given by Bidvest Buffalo Tapes ; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable Bidvest Buffalo Tapes ’s infrastructure; provide all information which may be requested by Bidvest Buffalo Tapes , co-operate fully with Bidvest Buffalo Tapes in relation to any notifications which may be made by Bidvest Buffalo Tapes to any regulator, Data Subjects, or any other person; and co-operate fully with Bidvest Buffalo Tapes in relation to any investigations that Bidvest Buffalo Tapes or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide Bidvest Buffalo Tapes with all assistance and co-operation requested by Bidvest Buffalo Tapes in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of Bidvest Buffalo Tapes .
4.1.14 provide, on request, all information, data and materials required by Bidvest Buffalo Tapes to confirm its compliance with its obligations in this Agreement/Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to Bidvest Buffalo Tapes promptly and in any event within 5 (five) business days of the request, provided that if Bidvest Buffalo Tapes is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by Bidvest Buffalo Tapes regarding the processing of Personal Information in terms of the Agreement /Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The CompanyBidvest Buffalo Tapes , in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement/Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company ENX from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by ENX in writing from time to time or where required by law and only once it has provided the Company ENX with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company ENX Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyENX’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyENX;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company ENX which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify ENX immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to ENX the details of the Personal Information Breach; comply with all instructions and directions given by ENX; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable ENX’s infrastructure; provide all information which may be requested by ENX, co-operate fully with ENX in relation to any notifications which may be made by ENX to any regulator, Data Subjects, or any other person; and co-operate fully with ENX in relation to any investigations that ENX or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide ENX with all assistance and co-operation requested by ENX in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of ENX.
4.1.14 provide, on request, all information, data and materials required by ENX to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to ENX promptly and in any event within 5 (five) business days of the request, provided that if ENX is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by ENX regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The CompanyENX, in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under mandate, the Agreement and the Operator Agreement read together with “Annexure A” POPIA, this Protocol and any specific instructions provided to it by the Company from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under in its mandate, the POPIA, this Operator Agreement Protocol and “Annexure A”, read together with any specific instructions provided to it by the Agreement.Company from time to time;
4.1.3 only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified under item of Annexure Athe extent necessary to properly deliver the service;
4.1.4 save for the provisions housed under clause as set out in 4.1.3, . treat the Personal Information as confidential and not disclose the Personal Information to any other person unless required by law and only once it has provided the Company with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed will process such information in accordance with the POPIA onwards transmission notice attached hereto marked Annexure “B”and both the Operator and/or such third party will only retain the information for such period as is necessary in order to provide the services;
4.1.5 has and will continue to have in place, appropriate technical and Organizational organisational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which in addition, provides a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “C”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards as per Annexure “A” to any third party, known as a Sub Operator, for the purposes of performing its mandate, ensure that such party concludes a “Sub Operator agreementAgreement” with it and the Company which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub operator agreement Operator Agreement will house contain the same terms and conditions as contained in this Operator AgreementProtocol, and which shall be concluded before the Personal Information is transferred to the Sub operator.Operator;
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub operatorSub Operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementProtocol, read together with the Agreement and in particular the Sub Operator Agreement, where applicable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator Agreement.
4.3 The Company, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Popia Protocol
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company PO2 from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by PO2 in writing from time to time or where required by law and only once it has provided the Company PO2 with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company PO2 Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyPO2’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyPO2;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company PO2 which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify PO2 immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to PO2 the details of the Personal Information Breach; comply with all instructions and directions given by PO2; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable PO2’s infrastructure; provide all information which may be requested by PO2, co-operate fully with PO2 in relation to any notifications which may be made by PO2 to any regulator, Data Subjects, or any other person; and co-operate fully with PO2 in relation to any investigations that PO2 or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide PO2 with all assistance and co-operation requested by PO2 in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of PO2.
4.1.14 provide, on request, all information, data and materials required by PO2 to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to PO2 promptly and in any event within 5 (five) business days of the request, provided that if PO2 is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by PO2 regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The CompanyPO2, in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company IRBA from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by IRBA in writing from time to time or where required by law and only once it has provided the Company IRBA with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyIRBA’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyIRBA;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company IRBA which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub- operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify IRBA immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately make available to IRBA the details of the Personal Information Breach; comply with all instructions and directions given by IRBA; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable its or IRBA’s infrastructure; and importantly provide all information which may be requested by IRBA and co-operate fully with IRBA in relation to any notifications which may be made by IRBA to any regulator, Data Subjects, or any other person; and co-operate fully with IRBA in relation to any investigations that IRBA or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide to IRBA, and where applicable and with permission from IRBA, provide to any investigators and regulators or authorities, with all assistance and co- operation requested in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of IRBA.
4.1.14 provide, on request, all information, data and materials required by IRBA to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to IRBA promptly and in any event within 5 (five) business days of the request, provided that if IRBA or the Operator as the case may be, is unable to provide or receive the information within this period, then such information will be provided within a period as agreed as between the parties, but in all events as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by IRBA regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The Company, IRBA in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right right, on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the this Operator Agreement read together with “Annexure A” , any Agreement concluded between the Operator and the Company, and any specific instructions provided to it by the Company from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator Agreement and “Annexure A”, read together with any Agreement concluded between the AgreementOperator and the Company, and any specific instruction provided by the Company from time to time.
4.1.3 only disclose, transfer and / or hand over the Personal Information to those person(spersons(s) identified under item ▇▇▇▇▇▇▇▇ A and when transferring the information ensure that it has in place written arrangements which compel the identified party receiving the information to respect and maintain the confidentiality and security of the Personal Information and that said party has signed the POPIA transmission notice attached as Annexure A;B.
4.1.4 save for the provisions housed under clause 4.1.3, treat the Personal Information as confidential and not disclose the Personal Information to any other person unless required by law and only once it has provided the Company with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “B”;B.
4.1.5 has and will continue to have in place, appropriate technical and Organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which in addition, provides a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “C”C (OPTIONAL);
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 not use the Personal Information for any direct marketing or advertising, research research, or statistical purposes, unless expressly authorised to do as prescribed in its mandate and where applicable the Agreement / as described under Annexure “A”, read together with the Agreement, A and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company;
4.1.10 not sell, alienate alienate, or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 where it is allowed to transfer the Personal Information onwards in terms of the Agreement or as per Annexure “A” A to any third party, known as a Sub Operator, for the purposes of performing its mandate, ensure that such party concludes a “Sub Operator agreement” with it and the Company which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub operator agreement will house the same terms and conditions as contained in this Operator Agreement, and which shall be concluded before the Personal Information is transferred to the Sub operator.
4.1.12 ensure that any person acting under the authority of the Operator, including any employee or sub operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement, read together with the Agreement and in particular the Sub Operator Agreement, where applicable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator Agreement.
4.3 The Company, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator Agreement and “Annexure A”, read together with the Agreement.
4.1.3 only disclose, transfer and / or hand over the Personal Information to those person(s) identified under item of Annexure A;
4.1.4 save for the provisions housed under clause 4.1.3, treat the Personal Information as confidential and not disclose the Personal Information to any other person unless required by law and only once it has provided the Company with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “B”;
4.1.5 has and will continue to have in place, appropriate technical and Organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which in addition, provides a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “C”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company;
4.1.10 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 where it is allowed to transfer the Personal Information onwards as per Annexure “A” to any third party, known as a Sub Operator, for the purposes of performing its mandate, ensure that such party concludes a “Sub Operator agreement” with it and the Company which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub operator agreement will house the same terms and conditions as contained in this Operator Agreement, and which shall be concluded before the Personal Information is transferred to the Sub operator.
4.1.12 ensure that any person acting under the authority of the Operator, including any employee or sub operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement, read together with the Agreement and in particular the Sub Operator Agreement, where applicable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator Agreement.
4.3 The Company, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company SAPPI from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator Agreement and “Annexure A”, read together with of processing the Personal Information as per Agreement./Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(speople(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement/Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by SAPPI in writing from time to time or where required by law and only once it has provided the Company SAPPI with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company SAPPI Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanySAPPI’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanySAPPI;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement/Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company SAPPI which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement/Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify SAPPI immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to SAPPI the details of the Personal Information Breach; comply with all instructions and directions given by SAPPI; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable SAPPI’s infrastructure; provide all information which may be requested by SAPPI, co-operate fully with SAPPI in relation to any notifications which may be made by SAPPI to any regulator, Data Subjects, or any other person; and co- operate fully with SAPPI in relation to any investigations that SAPPI or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide SAPPI with all assistance and co-operation requested by SAPPI in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of SAPPI.
4.1.14 provide, on request, all information, data and materials required by SAPPI to confirm its compliance with its obligations in this Agreement/Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to SAPPI promptly and in any event within 5 (five) business days of the request, provided that if SAPPI is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by SAPPI regarding the processing of Personal Information in terms of the Agreement/Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator Agreement/Addendum.
4.3 The CompanySAPPI, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement/Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement/Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company BIDVEST AFCOM from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under of processing the information as per this Operator Agreement and “Annexure A”, read together with the Agreement.;
4.1.3 1.1.3 treat the Personal Information as confidential and only disclose, transfer and / or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and / or in terms of the Agreement, under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for 1.1.4 In addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and / or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by BIDVEST AFCOM in writing from time to time or where required by law and only once it has provided the Company BIDVEST AFCOM with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which in addition, provides a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, which measures are in line with the requirements described under the attached the Company BIDVEST AFCOM Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company BIDVEST AFCOM immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”per its mandate and where applicable, read together with the Agreement, and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyBIDVEST AFCOM’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyBIDVEST AFCOM;
4.1.10 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 where it is allowed to transfer the Personal Information onwards make use of a sub -operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement, ensure that such party concludes a “Sub Operator sub operator agreement” with it and the Company BIDVEST AFCOM which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub operator agreement will house the same terms and conditions as contained in this Operator Agreement, and which shall be concluded before the Personal Information is transferred to the Sub sub operator.
4.1.12 ensure that any person acting under the authority of the Operator, including any employee or sub operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement, read together with the Agreement and in particular the Sub Operator Agreement, where applicable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator Agreement.
4.3 The CompanyBIDVEST AFCOM, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement, will have the right on reasonable notice and during regular business hours, to view and / or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company IRBA from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by IRBA in writing from time to time or where required by law and only once it has provided the Company IRBA with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyIRBA’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyIRBA;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company IRBA which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub- operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify IRBA immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately make available to IRBA the details of the Personal Information Breach; comply with all instructions and directions given by IRBA; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable its or IRBA’s infrastructure; and importantly provide all information which may be requested by IRBA and co-operate fully with IRBA in relation to any notifications which may be made by IRBA to any regulator, Data Subjects, or any other person; and co-operate fully with IRBA in relation to any investigations that IRBA or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide to IRBA, and where applicable and with permission from IRBA, provide to any investigators and regulators or authorities, with all assistance and co-operation requested in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of IRBA.
4.1.14 provide, on request, all information, data and materials required by IRBA to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to IRBA promptly and in any event within 5 (five) business days of the request, provided that if IRBA or the Operator as the case may be, is unable to provide or receive the information within this period, then such information will be provided within a period as agreed as between the parties, but in all events as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by IRBA regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The Company, IRBA in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right right, on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company WCGRB from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by the WCGRB in writing from time to time or where required by law and only once it has provided the Company WCGRB with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company WCGRB Security Service Level Requirements, marked Annexure A nnexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyWCGRB’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyWCGRB;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it it, annexed hereto and marked Annexure “D” and the Company WCGRB which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub- operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify the WCGRB immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to the WCGRB the details of the Personal Information Breach; comply with all instructions and directions given by the WCGRB; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable the WCGRB’s infrastructure; provide all information which may be requested by the WCGRB, co-operate fully with WCGRB in relation to any notifications which may be made by the WCGRB to any regulator, Data Subjects, or any other person; and co- operate fully with the WCGRB in relation to any investigations that the WCGRB or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide the WCGRB with all assistance and co-operation requested by the WCGRB in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of the WCGRB.
4.1.14 provide, on request, all information, data and materials required by the WCGRB to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to the WCGRB promptly and in any event within 5 (five) business days of the request, provided that if the WCGRB is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by the WCGRB regarding the processing of Personal Information in terms of the Agreement
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The CompanyWCGRB, in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes in favour of the Responsible Party that it will:
4.1.1 process : ensure that the Personal Information is processed strictly in accordance with its mandate set out under the Agreement and the POPIA this Operator Agreement read together with Annexure “Annexure A” ”, together with any main agreement which may be concluded as between the Operator and the Responsible Party as well as any specific instructions provided to it by the Company Responsible Party as may occur from time to time;
4.1.2 ; not use the Personal Information for any other purposereason save as contained in Annexure “A” together with, save for any main agreement (where applicable) as concluded between the purpose set out under this Operator Agreement and “Annexure A”, read the Responsible Party together with any specific instructions provided to it by the Agreement.
4.1.3 only Responsible Party from time to time; disclose, transfer and / or hand over the Personal Information to only those person(s) identified under item of Annexure “A;
4.1.4 save for the provisions housed under clause 4.1.3”, and which are subject to confidentiality obligations; treat the all Personal Information as strictly confidential and not disclose the Personal Information it to any other person unauthorised parties, unless required by law to do so, and in that event, only once it has provided the Company Responsible Party with adequate warning of this requirement to disclose and the related details thereof, including which warning shall include the identity of the person party who is to receive the Personal Information, Information and the reason for the disclosure and confirmation disclosure; ensure that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “B”;
4.1.5 has and will continue to have in place, appropriate technical and Organizational organisational measures to protect and safeguard the Personal Information are in place so as to prevent against accidental or unlawful destruction or accidental destruction, loss, alteration, unauthorised disclosure or access, and which in addition, provides shall further provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information which is required to be protected and protected, which safeguards are to comply with the requirements set out under POPIA, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “C”;
4.1.6 ; immediately notify the Company immediately Responsible Party in circumstances where it has reasonable grounds to believe suspect that the Personal Information, which has been provided to it, including any Personal Information which it has processed, in its possession has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 ; not use the Personal Information for any direct marketing or advertising, research or statistical purposes. Further, unless expressly if authorised to do as described under Annexure “A”, read together with the Agreement, and when conducting conduct such activity by the Responsible Party, the Operator shall at all times ensure that this is done strictly in compliance with the requirements of POPIA and its regulations POPIA, especially those applicable to direct marketing detailed under section 69;
4.1.9 69 and the related Regulations; not treat the Personal Information as its own, with it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the Company’s an Operator and agentonly, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the Company;
4.1.10 Responsible Party and not divest in it at any time or for any reason; not sell, alienate alienate, export or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 where it is allowed to transfer the Personal Information onwards as per Annexure “A” to any third party, known as a Sub Operator, for the purposes of performing its mandate, ensure that such party concludes a “Sub Operator agreement” with it and the Company which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub operator agreement will house the same terms and conditions as contained in this Operator Agreement, and which shall be concluded before the Personal Information is transferred to the Sub operator.
4.1.12 ; ensure that any person and all persons acting under the authority of the Operator, including any employee or sub operatorthird party, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement, read together with the Agreement and in particular the Sub Operator Agreement, where applicable.
4.2 . The Operator hereby warrants that it has the legal authority to give the above-mentioned warranties and fulfil the abovementioned warranties and undertakings set out contained in this Operator Agreement.
4.3 . The CompanyResponsible Party will be permitted, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement, will have the right on reasonable notice and during regular business hours, to view and / or audititself, either by itself or through a third party, conduct an independent agent, inspection and/or audit the Operator’s facilities, files, and files together with any other data processing documentation needed for or records required in order to perform the required review, inspection and/or audit so as to satisfy itself that the warranties and / or independent or impartial inspection and the undertakings contained in this Operator undertakes to provide all necessary assistance which may be needed to give effect to this rightAgreement have been complied with.
Appears in 1 contract
Sources: Popia Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company NWP from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by NWP in writing from time to time or where required by law and only once it has provided the Company NWP with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company NWP Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyNWP’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyNWP;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement / Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company NWP which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator AgreementAgreement / Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator AgreementAgreement / Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify NWP immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to NWP the details of the Personal Information Breach; comply with all instructions and directions given by NWP; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable NWP’s infrastructure; provide all information which may be requested by NWP, co-operate fully with NWP in relation to any notifications which may be made by NWP to any regulator, Data Subjects, or any other person; and co-operate fully with NWP in relation to any investigations that NWP or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide NWP with all assistance and co-operation requested by NWP in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of NWP.
4.1.14 provide, on request, all information, data and materials required by NWP to confirm its compliance with its obligations in this Agreement / Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to NWP promptly and in any event within 5 (five) business days of the request, provided that if NWP is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by NWP regarding the processing of Personal Information in terms of the Agreement / Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The CompanyNWP, in order to ascertain compliance with the warranties and undertakings housed under this Operator AgreementAgreement / Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator Agreement read together with “Annexure A” and any specific instructions provided to it by the Company Kaap Agri from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator of processing the Personal Information as per Agreement and “Annexure A”, read together with the Agreement./ Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and / or and/or hand over the Personal Information to those person(s) identified who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Operator and/or in terms of the Agreement / Addendum under item strict undertakings of Annexure Aconfidentiality;
4.1.4 save for in addition to the provisions housed under of clause 4.1.3, treat the Personal Information as confidential and not disclose only disclose, transfer and/or hand over the Personal Information to third parties where under any other person unless specific instructions as issued by Kaap Agri in writing from time to time or where required by law and only once it has provided the Company Kaap Agri with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “BA”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and Organizational organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and including Industry Best Practices, which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached the Company Kaap Agri Security Service Level Requirements, marked Annexure “CB”;
4.1.6 notify the Company immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions;
4.1.8 4.1.7 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 4.1.8 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as the CompanyKaap Agri’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyKaap Agri;
4.1.10 4.1.9 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 4.1.10 where it is allowed to transfer the Personal Information onwards make use of a sub-operator, as per Annexure “A” to any third party, known as a Sub Operator, for its mandate or in terms of the purposes of performing its mandateAgreement/Addendum, ensure that such party concludes a “Sub Operator sub-operator agreement” with it and the Company Kaap Agri which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which Sub sub-operator agreement will house the same terms and conditions as contained in this Operator Agreement/Addendum, and which shall be concluded before the Personal Information is transferred to the Sub sub-operator.
4.1.12 4.1.11 ensure that any person acting under the authority of the Operator, including any employee or sub sub-operator, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement/Addendum, read together with the Agreement and in particular the Sub Operator Sub-operator Agreement, where applicable.
4.1.12 notify Kaap Agri immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it including any Personal Information, which it has processed and which pertains to the Agreement, has been lost, destroyed, or accessed or acquired by any unauthorised person and in such event, immediately: make available to Kaap Agri the details of the Personal Information Breach; comply with all instructions and directions given by Kaap Agri; take all measures necessary to determine the scope of the compromise and to restore the integrity of the Personal Information so compromised, including where applicable Kaap Agri’s infrastructure; provide all information which may be requested by Kaap Agri, co-operate fully with Kaap Agri in relation to any notifications which may be made by Kaap Agri to any regulator, Data Subjects, or any other person; and co-operate fully with Kaap Agri in relation to any investigations that Kaap Agri or any regulator, may initiate or which may be initiated by an investigator or other authority.
4.1.13 provide Kaap Agri with all assistance and co-operation requested by Kaap Agri in relation to any requests or complaints received from any person or entity, including requests for the deletion, updating or correction of Personal Information which it is processing on behalf of Kaap Agri.
4.1.14 provide, on request, all information, data and materials required by Kaap Agri to confirm its compliance with its obligations in this Agreement/Addendum. The information shall be provided at no additional cost where provided in an electronic format only. The information shall be provided to Kaap Agri promptly and in any event within 5 (five) business days of the request, provided that if Kaap Agri is unable to receive the information within this period, then such information will be provided as soon as is practically possible.
4.1.15 comply with all reasonable directions and instructions which may be given by Kaap Agri regarding the processing of Personal Information in terms of the Agreement /Addendum. It is further agreed that any directions or instructions which are required for purposes of ensuring compliance with any applicable laws, including Data Protection Legislation, shall be deeded reasonable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Operator AgreementAgreement / Addendum.
4.3 The CompanyKaap Agri, in order to ascertain compliance with the warranties and undertakings housed under this Operator Agreement/Addendum, will have the right on reasonable notice and during regular business hours, to view and / or and/or audit, either by itself or through an independent agent, the Operator’s facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Sources: Operator Agreement / Addendum
OBLIGATIONS OF THE OPERATOR. 4.1 The Operator expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate set out under the Agreement and the Operator this Agreement read together with “Annexure ASchedule” and any specific instructions provided to it by the Company Responsible Party from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose set out under this Operator Agreement and “Annexure ASchedule”, read together with the Agreement.;
4.1.3 only disclose, transfer and / or hand over the Personal Information to those person(s) identified under item 5 of Annexure ASchedule;
4.1.4 save for the provisions housed contained under clause 4.1.3, treat the Personal Information as confidential and not disclose the Personal Information to any other person unless required by law and only once it has provided the Company Responsible Party with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “B”;.
4.1.5 has and will continue to have in place, place appropriate technical and Organizational organisational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which in addition, provides provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, which measures are in line with the requirements described under the attached the Company Security Service Level Requirements, marked Annexure “C”POPI;
4.1.6 notify the Company Responsible Party immediately where it has reasonable grounds to believe that the Personal Information, which has been provided to it, it including any Personal Information which it has processed, has been lost, destroyed, or accessed or acquired by any unauthorised person;.
4.1.7 process the Personal Information strictly in accordance with POPIA POPI and the POPIA POPI processing conditions;
4.1.8 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as described under Annexure “A”, read together with the Agreement, and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information information in its capacity as the CompanyResponsible Party ’s Operator and agent, and that ownership of in all the records housing the such Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with the CompanyResponsible Party;
4.1.10 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information;
4.1.11 where it is allowed to can transfer the Personal Information onwards as per Annexure “A” to any third party, known as a Sub Operator, Party for the purposes of performing its mandate, ensure that such party concludes a “Sub Operator agreement” with it and has in place written arrangements which compel the Company which compels the said third party receiving the Personal Information Party to respect and maintain the confidentiality and security of the Personal personal Information, which Sub operator agreement will house the same terms and conditions as contained in this Operator Agreement, and which shall be concluded before the Personal Information is transferred to the Sub operator.
4.1.12 ensure that any person acting under the authority of the Operator, including any employee or sub operatorthird Party, shall be obligated to process the Personal Information only on instructions from the Operator and strictly in accordance with this Operator Agreement, read together with the Agreement and in particular the Sub Operator Agreement, where applicable.
4.2 The Operator warrants that it has the legal authority to give the above-mentioned abovementioned warranties and fulfil the undertakings set out in this Operator Agreementthese clauses.
4.3 The Company, in order Responsible Party will to ascertain compliance with the warranties and undertakings housed contained under this Operator Agreement, will have the right on reasonable notice and during regular business hours, hours to view and / or audit, either by itself or through an independent agent, the Operator’s Data processors facilities, files, and any other data processing documentation needed for the required review, audit and / or and/or independent or impartial inspection and the Operator undertakes to provide all necessary assistance which may be needed to give effect to this rightinspection.
Appears in 1 contract
Sources: Operator Agreement