Common use of Controller to Controller Actions Clause in Contracts

Controller to Controller Actions. To the extent a Beneficiary introduces to the Action Personal Data and thereby enables other Beneficiaries or Third Parties to access and Process such Personal Data within the Project independent from specific instructions regarding the handling of Personal Data (“Controller to Controller”), the introducing Beneficiary and the accessing Beneficiary/Third Party are additionally obliged as follows: To the extent applicable and where required under Data Protection Legislation, the introducing Beneficiary shall inform the Data Subjects about Personal Data transfers and Processing by the accessing Beneficiary and/or Third Parties The introducing Beneficiary may request the accessing Beneficiary and/or Third Parties to share all information required in order for the introducing Beneficiary to duly inform Data Subjects according to applicable transparency obligations. The introducing and accessing Beneficiary/Third Party respectively are the responsible contact for any requests of the Data Subjects, e.g. for information, correction or deletion of the Personal Data or for an objection to the Processing, the case being. The introducing and accessing Beneficiary/Third Party shall take all reasonable technical and organizational measures necessary to protect the introduced Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction of or damage to such Personal Data, in accordance with Article (5). The accessing Beneficiary and introducing Beneficiary will assist each other upon first request in being able to ensure and show compliance (when Processing Personal Data with the provisions of the Consortium Agreement and/or applicable Data Protection Legislation, taking into account the information available to the introducing and accessing Beneficiary (e.g. in ensuring the introducing and/or the accessing Beneficiary is able to comply with its obligations vis-à-vis the Data Subject and/or prove such compliance). (If an accessing Beneficiary/Third Party is required by law or receives any order, demand, warrant or any other document from a court of competent jurisdiction or other governing body requesting or purporting to compel the production of Personal Data, accessing Beneficiary/Third Party shall, except to the extent prohibited by law, immediately notify the introducing Beneficiary and shall not produce the Personal Data for at least forty-eight (48) hours following such notice to the introducing Beneficiary so that the introducing Beneficiary may, at its own expense, exercise such rights as it may have under law to prevent or limit such disclosure. In addition to the foregoing, accessing Beneficiary/Third Party shall exercise reasonable efforts to prevent and limit any such disclosure, and/or to otherwise preserve the confidentiality of the Personal Data, and shall cooperate with the Introducing Beneficiary with respect to any action taken with respect to such legal process, including to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded to the Personal Data, in compliance with applicable law. The transfer of Personal Data on a Controller-to-Controller basis does not modify the acknowledgment and/or allocation of Intellectual Property rights of Clauses 6, 7 and 8 of this Consortium Agreement. This transfer shall only be the consequence of honoring the rights (e.g., ownership, licenses or Access Rights) that both the introducing Beneficiary and the accessing Beneficiary/Third Party shall have on the relevant Background and Results according to Clauses 6, 7 and 8 of this Consortium Agreement.

Controller to Controller Actions. To the extent a Beneficiary introduces to the Action Personal Data and thereby enables other Beneficiaries or Third Parties to access and Process such Personal Data within the Project independent from specific instructions regarding the handling of Personal Data (“Controller to Controller”), the introducing Beneficiary and the accessing Beneficiary/Third Party are additionally obliged as follows: : (1) To the extent applicable and where required under Data Protection Legislation, the introducing Beneficiary shall inform the Data Subjects about Personal Data transfers and Processing by the accessing Beneficiary and/or Third Parties The introducing Beneficiary may request the accessing Beneficiary and/or Third Parties to share all information required in order for the introducing Beneficiary to duly inform Data Subjects according to applicable transparency obligations. . (2) The introducing and accessing Beneficiary/Third Party respectively are the responsible contact for any requests of the Data Subjects, e.g. for information, correction or deletion of the Personal Data or for an objection to the Processing, the case being. . (3) The introducing and accessing Beneficiary/Third Party shall take all reasonable technical and organizational measures necessary to protect the introduced Personal Data against unauthorized or unlawful Processing and against accidental loss, destruction of or damage to such Personal Data, in accordance with Article (5). . (4) The accessing Beneficiary and introducing Beneficiary will assist each other upon first request in being able to ensure and show compliance (when Processing Personal Data with the provisions of the Consortium Agreement and/or applicable Data Protection Legislation, taking into account the information available to the introducing and accessing Beneficiary (e.g. in ensuring the introducing and/or the accessing Beneficiary is able to comply with its obligations vis-à-vis the Data Subject and/or prove such compliance). . (5) (If an accessing Beneficiary/Third Party is required by law or receives any order, demand, warrant or any other document from a court of competent jurisdiction or other governing body requesting or purporting to compel the production of Personal Data, accessing Beneficiary/Third Party shall, except to the extent prohibited by law, immediately notify the introducing Beneficiary and shall not produce the Personal Data for at least forty-eight (48) hours following such notice to the introducing Beneficiary so that the introducing Beneficiary may, at its own expense, exercise such rights as it may have under law to prevent or limit such disclosure. In addition to the foregoing, accessing Beneficiary/Third Party shall exercise reasonable efforts to prevent and limit any such disclosure, and/or to otherwise preserve the confidentiality of the Personal Data, and shall cooperate with the Introducing Beneficiary with respect to any action taken with respect to such legal process, including to obtain an appropriate protective order or other reliable assurance that confidential treatment will be accorded to the Personal Data, in compliance with applicable law. The transfer of Personal Data on a Controller-to-Controller basis does not modify the acknowledgment and/or allocation of Intellectual Property rights of Clauses 6, 7 and 8 of this Consortium Agreement. This transfer shall only be the consequence of honoring the rights (e.g., ownership, licenses or Access Rights) that both the introducing Beneficiary and the accessing Beneficiary/Third Party shall have on the relevant Background and Results according to Clauses 6, 7 and 8 of this Consortium Agreement.