Where one Party is Controller and the other Party its Processor Sample Clauses

Where one Party is Controller and the other Party its Processor. (a) Where a Party is a Processor, it must only process Personal Data if authorised to do so in Part A - Authorised Processing Template of Annex 1 – Processing Personal Data by the Controller. Any further written instructions relating to the processing of Personal Data are incorporated into Part A - Authorised Processing Template of Annex 1 – Processing Personal Data. (b) The Processor must give all reasonable assistance to the Controller in the preparation of any Data Protection Impact Assessment before starting any processing, including: (i) a systematic description of the expected processing and its purpose; (ii) the necessity and proportionality of the processing operations; (iii) the risks to the rights and freedoms of Data Subjects; and (iv) the intended measures to address the risks, including safeguards, security measures and mechanisms to protect Personal Data. (c) The Processor must notify the Controller immediately if it thinks the Controller's instructions breach the Data Protection Legislation. (d) The Processor must put in place appropriate Protective Measures to protect against a Data Loss Event which must be approved by the Controller. (e) If lawful to notify the Controller, the Processor must promptly notify the Controller if the Processor is otherwise required to process Personal Data by Law before processing it. (f) The Processor must use all reasonable endeavours to ensure the reliability and integrity of any Processor Personnel who have access to the Personal Data and ensure that they: (i) are aware of and comply with the Processor's duties under this clause 14; (ii) are subject to appropriate confidentiality undertakings with the Processor or any Subprocessor; (iii) are informed of the confidential nature of the Personal Data and do not provide any of the Personal Data to any third party unless directed in writing to do so by the Controller or as otherwise allowed by the Contract; and (iv) have undergone adequate training in the use, care, protection and handling of Personal Data. (g) Where the Personal Data is subject to UK GDPR, the Processor must not transfer Personal Data outside of the UK unless the prior written consent of the Controller has been obtained and the following conditions are fulfilled: (i) the transfer is in accordance with Article 45 of the UK GDPR (or section 73 of DPA 2018); or (ii) the Controller or the Processor has provided appropriate safeguards in relation to the transfer (whether in accordance with UK GDPR A...

Where one Party is Controller and the other Party its Processor. Where a Party is a Processor, the only Processing that it is authorised to do is listed in Annex 1 (Processing Personal Data) by the Controller.

Where one Party is Controller and the other Party its Processor. Where a Party is a Processor, the only Processing that it is authorised to do is listed in Appendix 1 (Processing Personal Data) by the Controller and may not be determined by the Processor. The Term “Processing” and any associated Terms are to be read in accordance with Article 4 of the UK GDPR.

Where one Party is Controller and the other Party its Processor. 14.9.1 Where a Party is a Processor, the only processing that the Processor is authorised to do is listed in Error! Reference source not found. by the Controller and may not be d etermined by the Processor. The term “processing” and any associated terms are to be read in accordance with Article 4 of the UK GDPR and EU GDPR (as applicable). 14.9.2 The Processor must notify the Controller immediately if it thinks the Controller's instructions breach the Data Protection Legislation. 14.9.3 The Processor must give all reasonable assistance to the Controller in the preparation of any Data Protection Impact Assessment before starting any processing, which may include, at the discretion of the Controller: 14.9.3.1 a systematic description of the expected processing and its purpose; 14.9.3.2 the necessity and proportionality of the processing operations; 14.9.3.3 the risks to the rights and freedoms of Data Subjects; and 14.9.3.4 the intended measures to address the risks, including safeguards, security measures and mechanisms to protect Personal Data. 14.9.4 The Processor must, in in relation to any Personal Data processed under this Contract: 14.9.4.1 process that Personal Data only in accordance with Error! Reference s ource not found. unless the Processor is required to do otherwise by Law. If lawful to notify the Controller, the Processor must promptly notify the Controller if the Processor is otherwise required to process Personal Data by Law before processing it. 14.9.4.2 put in place appropriate Protective Measures to protect against a Data Loss Event which must be approved by the Controller.

Where one Party is Controller and the other Party its Processor. Where a Party is a Processor, the only Processing that it is authorised to do is listed in Annex 1 (Processing Personal Data) by the Controller. The Processor shall notify the Controller immediately if it considers that any of the Controller’s instructions infringe the Data Protection Legislation. The Processor shall provide all reasonable assistance to the Controller in the preparation of any Data Protection Impact Assessment prior to commencing any Processing. Such assistance may, at the discretion of the Controller, include:

Where one Party is Controller and the other Party its Processor. 2.1 Where a Party is a Processor, the only Processing that it is authorised to do is listed in Annex 1 (Processing Personal Data) by the Controller and may not be determined by the Processor. 2.2 The Processor shall notify the Controller immediately if it considers that any of the Controller’s instructions infringe the Data Protection Legislation. 2.3 The Processor shall provide all reasonable assistance to the Controller in the preparation of any Data Protection Impact Assessment prior to com- mencing any Processing. Such assistance may, at the discretion of the Controller, include: 2.3.1 a systematic description of the envisaged Processing and the pur- pose of the Processing; 2.3.2 an assessment of the necessity and proportionality of the Pro- cessing in relation to the Services; 2.3.3 an assessment of the risks to the rights and freedoms of Data Sub- jects; and 2.3.4 the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Per- ▇▇▇▇▇ Data. 2.4 The Processor shall, in relation to any Personal Data Processed in connec- tion with its obligations under this Contract: 2.4.1 process that Personal Data only in accordance with Annex 1 (Pro- cessing Personal Data) unless the Processor is required to do oth- erwise by Law. If it is so required the Processor shall promptly notify the Controller before Processing the Personal Data unless prohib- ited by Law; 2.4.2 ensure that it has in place Protective Measures, including in the case of the Supplier the measures set out in Clause 18.4 of the Core Terms, which the Controller may reasonably reject (but failure to reject shall not amount to approval by the Controller of the ade- quacy of the Protective Measures) having taken account of the: nature of the data to be protected; (a) harm that might result from a Data Loss Event; (b) state of technological development; and (c) cost of implementing any measures. 2.4.3 ensure that: (a) the Processor Personnel do not Process Personal Data ex- cept in accordance with this Contract (and in particular An- nex 1 (Processing Personal Data)); (b) it uses best endeavours to ensure the reliability and integrity of any Processor Personnel who have access to the Per- ▇▇▇▇▇ Data and ensure that they: (i) are aware of and comply with the Processor’s duties under this Schedule 20, Clauses 18 (Data protection), 19 (What you must keep confidential) and 20 (When you can share information); (ii) are subject to appropriate...

Where one Party is Controller and the other Party its Processor. (a) Where a Party is a Processor, it must only process Personal Data if authorised to do so in Part A - Authorised Processing Template of