Common use of Where Personal Data Clause in Contracts

Where Personal Data. is Processed by SysAid its agents, sub-contractors or employees under or in connection with the Agreement, SysAid shall, and shall procure that its agents, sub-contractors and employees shall: 1.2.1 not Process, transfer, modify, amend or alter the Personal Data or disclose or permit the disclosure of the Personal Data to any Third Party other than: 1.2.1.1 in accordance with Your instructions (that result directly from the provisions of the Agreement or that are reasonably required for proper performance by SysAid of its obligations); or 1.2.1.2 where required by EU or Member State law to which SysAid is subject, in which case SysAid shall inform You of that legal requirement before Processing that Personal Data, unless that law prohibits such information being provided on important grounds of public interest; 1.2.2 take reasonable steps to ensure that all of its employees, agents and sub-contractors who may have access to the Personal Data: 1.2.2.1 are informed of the confidential nature of the Personal Data; and 1.2.2.2 are subject to confidentiality undertakings or professional or statutory obligations of confidentiality that apply with respect to the Processing of such Personal Data; 1.2.3 from and including 25 May 2018, except where statutory guidance indicates that a Personal Data Breach is not required to be notified by a Processor to a Controller, notify You without undue delay upon becoming aware of a Personal Data Breach, and otherwise assist You, taking into account the nature of Processing and the information available to SysAid, in meeting its obligations regarding the notification, investigation, mitigation and remediation of a Personal Data Breach under the Data Protection Legislation, without prejudice to SysAid's right to charge You any reasonable costs for such assistance; 1.2.4 co-operate as reasonably requested by You to the extent necessary to enable You to comply with any exercise of rights by a Data Subject under the Data Protection Legislation in respect of Personal Data Processed by SysAid under the Agreement or comply with any assessment, enquiry, notice or investigation under the Data Protection Legislation, including by any regulator, subject to reasonable advance notice and without prejudice to SysAid’s right to charge You any reasonable costs for such assistance; 1.2.5 only authorize sub-contractors to Process the Personal Data ("Sub- Processor") where not objected to by You, subject to: 1.2.5.1 informing You of the identity of the proposed Sub- Processor beforehand; and 1.2.5.2 including terms in the contract between SysAid and the Sub-Processor which are substantially the same as those set out in this Section 1.2; and 1.2.5.3 SysAid remaining fully liable to You, in accordance with the terms of the Agreement relating to liability, for any failure by a Sub-Processor to fulfil its obligations in relation to the Processing of any Personal Data; 1.2.6 subject to the requirements of any applicable Exit Plan cease Processing the Personal Data upon the termination or expiry of the Agreement or, if sooner, the Service to which it relates and, at You option, either return or delete the Personal Data and any copies of it or of the information it contains, without prejudice to any EU or Member State legal obligations for SysAid to store or archive such Personal Data.