Confidential Information and Data Protection. 15.1 Neither Party shall disclose any confidential information save as required by any enactment, requirement of any regulatory authority or pursuant to any judicial or arbitral process, or in the case of Network Rail as required by its statutory duties or Network Licence. On termination of this Agreement, the Customer shall either destroy or, if reasonably requested to do so, return any confidential information within its possession or control that belongs to or was provided by Network Rail. 15.2 The Parties agree that, for the purposes of the Data Protection Act 2018 and the European General Data Protection Regulation (Regulation (EU) 2016/679), as amended or re-enacted from time to time (together to be referred to as the GDPR), each Party processes personal data (as defined in the GDPR) as an independent data controller in its own right. Nothing in this Agreement is intended to construe either Party as the data processor of the other Party or as joint data controllers with one another with respect to Personal Data. 15.3 Each Party shall: (a) comply with its obligations under the GDPR; (b) be responsible for dealing with and responding to data subject requests, enquiries or complaints it receives (including any request by a data subject to exercise their rights under GDPR); and (c) be responsible for managing all unlawful or unauthorised processing of personal data or any personal data breach as defined by the GDPR of which it becomes aware in accordance with their obligations under the GDPR, including reporting any such Security Incident to the Information Commissioner's Office (where necessary). 15.4 Each Party warrants that in complying with GDPR it is not subject to any restriction which would prevent or restrict it from disclosing or transferring personal data to the other Party in accordance with the terms of this Agreement.
Appears in 2 contracts
Samples: Basic Implementation Agreement, Basic Implementation Agreement
Confidential Information and Data Protection. 15.1 20.1 Neither Party shall disclose any confidential information save as required by any enactment, requirement of any regulatory authority or pursuant to any judicial or arbitral process, or in the case of Network Rail as required by its statutory duties or Network Licence. On termination of this Agreement, the Customer shall either destroy or, if reasonably requested to do so, return any confidential information within its possession or control that belongs to or was provided by Network Rail.
15.2 20.2 The Parties agree that, for the purposes of the Data Protection Act 2018 and the European General Data Protection Regulation (Regulation (EU) 2016/679), as amended or re-enacted from time to time (together to be referred to as the GDPR), each Party processes personal data (as defined in the GDPR) as an independent data controller in its own right. Nothing in this Agreement is intended to construe either Party as the data processor of the other Party or as joint data controllers with one another with respect to Personal Data.
15.3 20.3 Each Party shall:
(a) comply with its obligations under the GDPR;
(b) be responsible for dealing with and responding to data subject requests, enquiries or complaints it receives (including any request by a data subject to exercise their rights under GDPR); and
(c) be responsible for managing all unlawful or unauthorised processing of personal data or any personal data breach as defined by the GDPR of which it becomes aware in accordance with their obligations under the GDPR, including reporting any such Security Incident to the Information Commissioner's Office (where necessary).
15.4 20.4 Each Party warrants that in complying with GDPR it is not subject to any restriction which would prevent or restrict it from disclosing or transferring personal data to the other Party in accordance with the terms of this Agreement.
Appears in 2 contracts
Samples: Basic Asset Protection Agreement, Basic Asset Protection Agreement
Confidential Information and Data Protection. 15.1 20.1 Neither Party shall disclose any confidential information save as required by any enactment, requirement of any regulatory authority or pursuant to any judicial or arbitral process, or in the 8 Technology and Construction Bar Association. case of Network Rail as required by its statutory duties or Network Licence. On termination of this Agreement, the Customer shall either destroy or, if reasonably requested to do so, return any confidential information within its possession or control that belongs to or was provided by Network Rail.
15.2 20.2 The Parties agree that, for the purposes of the Data Protection Act 2018 and the European General Data Protection Regulation (Regulation (EU) 2016/679), as amended or re-enacted from time to time (together to be referred to as the GDPR), each Party processes personal data (as defined in the GDPR) as an independent data controller in its own right. Nothing in this Agreement is intended to construe either Party as the data processor of the other Party or as joint data controllers with one another with respect to Personal Data.
15.3 20.3 Each Party shall:
(a) comply with its obligations under the GDPR;
(b) be responsible for dealing with and responding to data subject requests, enquiries or complaints it receives (including any request by a data subject to exercise their rights under GDPR); and
(c) be responsible for managing all unlawful or unauthorised processing of personal data or any personal data breach as defined by the GDPR of which it becomes aware in accordance with their obligations under the GDPR, including reporting any such Security Incident to the Information Commissioner's Office (where necessary).
15.4 20.4 Each Party warrants that in complying with GDPR it is not subject to any restriction which would prevent or restrict it from disclosing or transferring personal data to the other Party in accordance with the terms of this Agreement.
Appears in 1 contract
Samples: Basic Asset Protection Agreement