Where Personal Data Sample Clauses
The 'Where Personal Data' clause defines the circumstances and conditions under which personal data is processed, transferred, or accessed within the context of an agreement. Typically, this clause specifies what constitutes personal data, identifies the parties involved in handling such data, and outlines the legal or regulatory frameworks that apply, such as data protection laws. Its core practical function is to ensure that all parties understand their obligations regarding personal data, thereby promoting compliance and reducing the risk of unauthorized use or disclosure.
Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed in accordance with the provisions of the Standard Contractual Clauses, unless the processing takes place: (i) in a third country or territory recognised by the EU Commission to have an adequate level of protection; or (ii) by an organisation located in a country which has other legally recognised appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.
Where Personal Data is transferred from Europe to a country outside of Europe, the parties acknowledge that steps must be taken to ensure that such data transfers comply with European Data Protection Laws. The parties acknowledge that similar obligations can apply for international transfers of Personal Data from a non-European country and shall in good faith take the steps required where necessary under Data Protection Laws to ensure the transfer complies with Data Protection Laws.
Where Personal Data is Processed by SysAid its agents, sub-contractors or employees under or in connection with the Agreement, SysAid shall, and shall procure that its agents, sub-contractors and employees shall:
1.2.1 not Process, transfer, modify, amend or alter the Personal Data or disclose or permit the disclosure of the Personal Data to any Third Party other than:
1.2.1.1 in accordance with Your instructions (that result directly from the provisions of the Agreement or that are reasonably required for proper performance by SysAid of its obligations); or
1.2.1.2 where required by EU or Member State law to which SysAid is subject, in which case SysAid shall inform You of that legal requirement before Processing that Personal Data, unless that law prohibits such information being provided on important grounds of public interest;
1.2.2 take reasonable steps to ensure that all of its employees, agents and sub-contractors who may have access to the Personal Data:
1.2.2.1 are informed of the confidential nature of the Personal Data; and
1.2.2.2 are subject to confidentiality undertakings or professional or statutory obligations of confidentiality that apply with respect to the Processing of such Personal Data;
1.2.3 from and including 25 May 2018, except where statutory guidance indicates that a Personal Data Breach is not required to be notified by a Processor to a Controller, notify You without undue delay upon becoming aware of a Personal Data Breach, and otherwise assist You, taking into account the nature of Processing and the information available to SysAid, in meeting its obligations regarding the notification, investigation, mitigation and remediation of a Personal Data Breach under the Data Protection Legislation, without prejudice to SysAid's right to charge You any reasonable costs for such assistance;
1.2.4 co-operate as reasonably requested by You to the extent necessary to enable You to comply with any exercise of rights by a Data Subject under the Data Protection Legislation in respect of Personal Data Processed by SysAid under the Agreement or comply with any assessment, enquiry, notice or investigation under the Data Protection Legislation, including by any regulator, subject to reasonable advance notice and without prejudice to SysAid’s right to charge You any reasonable costs for such assistance;
1.2.5 only authorize sub-contractors to Process the Personal Data ("Sub- Processor") where not objected to by You, subject to:
1.2.5.1 informing You of the identity ...
Where Personal Data relating to a Data Subject are collected from the Data Subject, or, someone other than the Data Subject, by either of the Joint Controllers, the Controller obtaining the Personal Data shall, at the time when Personal Data is obtained, be it from the other Controller, Data Subject or any other party provide the Data Subject with all of the following information:-
(a) the identity and the contact details of the Controller and, where applicable, of the Controller’s representative;
(b) the contact details of the Data Protection Officer, where applicable;
(c) the purposes of the processing for which the Personal Data are intended as well as the legal basis for the processing;
(d) the legitimate interests pursued by the Controller or by a third party;
(e) the recipients or categories of recipients of the Personal Data, if any;
(f) the categories of Personal Data concerned (this relates to Personal Data obtained from someone other than the Data Subject only);
(g) where applicable, the fact that the Controller intends to transfer Personal Data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or where a transfer requires safeguards under Article 46 or 47, or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available; and
(h) the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject (this only relates when the Personal Data has not been obtained from the Data Subject).
Where Personal Data is Processed in connection with the exercise of the Parties’ rights and obligations under this Contract, the Parties acknowledge that the Customer is the Data Controller (the “Controller”), and the Supplier is the Data Processor (the “Processor”)
Where Personal Data is transferred outside the UK due to a request by the Client for LTT to book arrangements for the Client in a location outside the UK, where LTT is not able to put into place any of the safeguards stipulated at 5.2(a)-(f), or they are otherwise inappropriate in the circumstances, LTT shall rely on the derogation under Article 49 of the UK GDPR to legalise the transfer of data outside the UK, on the basis the transfer relates to the performance of a contract for the benefit of the Data Subject.
Where Personal Data is Processed pursuant to this Agreement, the type of Personal Data and the subject matter, duration, nature and purpose of the Processing, and the categories of Data Subjects, are as described in the relevant Order Form.
Where Personal Data relating to an EU Data Subject is transferred outside of the EEA it shall be processed only by entities which:
Where Personal Data is transferred outside the United Kingdom we will ensure all measures necessary are in place to ensure that any such transfers have adequate protections in place, as set out in the relevant data protection laws.
Where Personal Data is to be exported outside the EEA as part of any processing by or on behalf of the Providers, the Providers must obtain prior written consent from the Owner. Any such consent given by the Owner will be subject to additional requirements in relation to the processing of Personal Data set out in the EU Standard Contract Clauses published by the European Commission.