Controller to Controller Clauses Clause Samples

Controller to Controller Clauses. 1. In respect of the Personal Data processed by the Parties acting as a Controller under this agreement: Each Party will: (i) ensure that the persons engaged in the processing of Personal Data are bound by appropriate confidentiality obligations; (ii) comply promptly with any lawful request from the other Party requesting access to, copies of, or the amendment, transfer or deletion of the Personal Data to the extent the same is necessary to allow either Party to fulfill its own obligations under the Data Protection Laws; (iii) notify the other Party within forty-eight (48) hours if it receives any complaint, notice or communication (whether from a data subject, competent supervisory authority or otherwise) relating to the processing of Personal Data or to either Party’s compliance with Data Protection Laws under this Agreement, and provide the other Party with reasonable cooperation, information and assistance in relation to any such complaint, notice or communication; (iv) notify the other Party immediately if it becomes aware of a breach of this clause, in which case the Party in breach shall take any and all steps to remedy such breach; (v) facilitate the handling of any Personal Data Breach, that is likely to result in a risk to the rights and freedoms of natural persons for which the other Party is responsible as soon as reasonably practicable upon becoming aware, which shall include the Party responsible for the breach notifying the relevant supervisory authority, promptly and in any event no later than seventy-two (72) hours after becoming aware of it, as well as the relevant data subjects without undue delay, where required by the Data Protection Laws; (vi) provide reasonable assistance in assisting the other Party’s obligations under the Data Protection Laws.