Obligation after the termination of personal data processing services
Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.
2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33
Complete Disposal Upon Termination of Service Agreement Upon Termination of the Service Agreement Provider shall dispose or delete all Student Data obtained under the Service Agreement. Prior to disposition of the data, Provider shall notify LEA in writing of its option to transfer data to a separate account, pursuant to Article II, section 3, above. In no event shall Provider dispose of data pursuant to this provision unless and until Provider has received affirmative written confirmation from LEA that data will not be transferred to a separate account.
Processing of Personal Data 1.1. With regard to the Processing of Personal Data, You are the controller and determine the purposes and means of Processing of Personal Data You provide to Us (“Controller”) and You appoint Us as a processor (“Processor”) to process such Personal Data (hereinafter, “Data”) on Your behalf (hereinafter, “Processing”).
1.2. The details of the type and purpose of Processing are defined in the Exhibits attached hereto. Except where the DPA stipulates obligations beyond the Term of the Agreement, the duration of this DPA shall be the same as the Agreement Term.
1.3. You shall be solely responsible for compliance with Your obligations under the applicable Data Protection Laws, including, but not limited to, the lawful disclosure and transfer of Personal Data to Us by upload of source data into the Cloud Service or otherwise.
1.4. Processing shall include all activities detailed in this Agreement and the instructions issued by You. You may, in writing, modify, amend, or replace such instructions by issuing such further instructions to the point of contact designated by Us. Instructions not foreseen in or covered by the Agreement shall be treated as requests for changes. You shall, without undue delay, confirm in writing any instruction issued orally. Where We believe that an instruction would be in breach of applicable law, We shall notify You of such belief without undue delay. We shall be entitled to suspend performance on such instruction until You confirm or modify such instruction.
1.5. We shall ensure that all personnel involved in Processing of Customer Data and other such persons as may be involved in Processing shall only do so within the scope of the instructions. We shall ensure that any person Processing Customer Data is subject to confidentiality obligations similar to the confidentiality terms of the Agreement. All such confidentiality obligations shall survive the termination or expiration of such Processing.
Obligations of Business Associate Upon Termination Upon termination of this Agreement for any reason, business associate shall return to covered entity or, if agreed to by covered entity, destroy all protected health information received from covered entity, or created, maintained, or received by business associate on behalf of covered entity, that the business associate still maintains in any form. Business associate shall retain no copies of the protected health information.
Processing of Customer Personal Data 3.1 UKG will:
3.1.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and
3.1.2 not Process Customer Personal Data other than for the purpose, and in accordance with, the relevant Customer’s instructions as documented in the Agreement and this DPA, unless Processing is required by the Data Protection Laws to which the relevant UKG Processor is subject, in which case UKG to the extent permitted by the Data Protection Laws, will inform Customer of that legal requirement before the Processing of that Customer Personal Data.
3.2 Customer hereby:
3.2.1 instructs UKG (and authorizes UKG to instruct each Subprocessor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory subject to the provisions of this DPA, in each case as reasonably necessary for the provision of the Services and consistent with the Agreement.
3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instructions set out in Section 3.2.1 on behalf of each relevant Customer Affiliate; and
3.2.3 warrants and represents that it has all necessary rights in relation to the Customer Personal Data and/or has collected all necessary consents from Data Subjects to Process Customer Personal Data to the extent required by Applicable Law.
3.3 Schedule 1 to this DPA sets out certain information regarding UKG’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR (and equivalent requirements of other Data Protection Laws).
Termination of Agreement, Resignation, or Removal of Custodian Either party may terminate this agreement at any time by giving written notice to the other. We can resign as custodian at any time effective 30 days after we send written notice of our resignation to you. Upon receipt of that notice, you must make arrangements to transfer your IRA to another financial organization. If you do not complete a transfer of your IRA within 30 days from the date we send the notice to you, we have the right to transfer your IRA assets to a successor IRA trustee or custodian that we choose in our sole discretion, or we may pay your IRA to you in a single sum. We will not be liable for any actions or failures to act on the part of any successor trustee or custodian, nor for any tax consequences you may incur that result from the transfer or distribution of your assets pursuant to this section. If this agreement is terminated, we may charge to your IRA a reasonable amount of money that we believe is necessary to cover any associated costs, including but not limited to one or more of the following. • Any fees, expenses, or taxes chargeable against your IRA • Any penalties or surrender charges associated with the early withdrawal of any savings instrument or other investment in your IRA If we are a nonbank custodian required to comply with Regulations section 1.408-2(e) and we fail to do so or we are not keeping the records, making the returns, or sending the statements as are required by forms or regulations, the IRS may require us to substitute another trustee or custodian. We may establish a policy requiring distribution of the entire balance of your IRA to you in cash or property if the balance of your IRA drops below the minimum balance required under the applicable investment or policy established.
Termination Procedures and Compensation During Dispute 7.1. After a Change in Control and during the term of this Agreement, any purported termination of the Executive's employment (other than by reason of death) shall be communicated by written Notice of Termination from one party hereto to the other party hereto in accordance with Section 10 hereof. For purposes of this Agreement, a "Notice of Termination" shall mean a notice which shall indicate the specific termination provision in this Agreement relied upon and shall set forth in reasonable detail the facts and circumstances claimed to provide a basis for termination of the Executive's employment under the provision so indicated. Further, a Notice of Termination for Cause issued by the Company is required to include a copy of a resolution duly adopted by the affirmative vote of not less than three-quarters (3/4) of the entire membership of the Board at a meeting of the Board which was called and held for the purpose of considering such termination (after reasonable notice to the Executive and an opportunity for the Executive, together with the Executive's Counsel, to be heard before the Board) finding that, in the good faith opinion of the Board, the Executive engaged in conduct set forth in clause (i) or (ii) of the definition of Cause herein, and specifying the particulars thereof in detail.
CONTRACT MANAGEMENT AND EARLY TERMINATION 14 8.1 Contract Remedies. 14 8.2 Termination for Convenience 14 8.3 Termination for Cause 14 9.1 Amendment 15 9.2 Insurance 15 9.3 Legal Obligations 15 9.4 Permitting and Licensure 16 9.5 Indemnity 16 9.6 Assignments 16 9.7 Independent Contractor 17 9.8 Technical Guidance Letters 17 9.9 Dispute Resolution 17 9.10 Governing Law and Venue 17 9.11 Severability 17 9.12 Survivability 18 9.13 Force Majeure 18 9.14 No Waiver of Provisions 18 9.15 Publicity 18 9.16 Prohibition on Non-compete Restrictions 19 9.17 No Waiver of Sovereign Immunity 19 9.18 Entire Contract and Modification 19 9.19 Counterparts 19 9.20 Proper Authority 19 9.21 E-Verify Program 19 9.22 Civil Rights 19 9.23 System Agency Data 21 v. 2 16.1 Effective 03/26/2019 HHSC Grantee Uniform Terms and Conditions Page 3 of 21
Personal Data Processing 2.1 The Processor shall process Personal Data only on the basis of corresponding recorded orders from the Controller.
2.2 By way of exception, in particular in urgent cases, processing orders from the Data Controller may also be made orally. In this case, the Data Controller shall confirm as soon as possible and in writing, by any appropriate means, the instructions given orally.
2.3 Where the processing concerns the transmission of Personal Data to a third country outside the European Union or to an international organization, the Data Processor shall also comply with the relevant instructions of the Data Controller, unless different legal requirements exist under European Union laws or the laws of the Member State to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller before processing of the legal requirement in question, unless the said law prohibits this kind of information for reasons of substantial public interest.
2.4 The transmission of Personal Data to a third country outside the European Union is prohibited unless the Data Controller has given prior explicit approval to that end, and one of the following conditions is met: • the European Commission has resolved that an adequate level of protection of personal data is ensured in the country the Personal Data is to be transmitted; • the transmission is to be made to the U.S.A.; and the recipient of the Personal Data has acceded to and abides by the Privacy Shield Framework; • the transmission will be governed by the standard data protection clauses issued by the European Commission.
2.5 The Data Processor shall inform the Data Controller immediately upon receipt of the order or as soon as possible if he / she determines that the content of a particular processing order violates the Regulation and / or national law and / or the law of another Member State of the European Union (EU), and / or other provisions of EU law on the protection of Personal Data.
2.6 The Data Processor acknowledges that the Data Controller has full control over her Personal Data and determines any particular feature of the processing to which the Personal Data will be submitted. If the Data Processor ignores the instructions of the Data Controller and determines alone the scope, the means and generally any other matter concerning the processing of Personal Data, she shall render herself the Data Controller for the purposes of implementing the Regulation and the legal framework on the protection of Personal Data. The practical consequence of this is that, in addition to the full responsibility of the Processor towards the Controller, she shall carry the same level of responsibility vis-à-vis the independent supervisory authority (and any other competent state authority) as well as the Natural Persons - Data Subjects of the data being processed.
