Common use of CUSTOMER DATA AND DATA PROTECTION Clause in Contracts

CUSTOMER DATA AND DATA PROTECTION. 7.1 The Customer shall own all rights, title, and interest in and to all the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of the Customer Data. 7.2 Arrow shall not be responsible for any loss, destruction, alteration, or disclosure of Customer Data caused by a Customer third party, other than because of a breach of this Agreement. 7.3 Both parties will comply with all applicable requirements of the General Data Protection Regulation (GDPR), Data Protection Legislation and our Privacy Policy, xxxxx://xxx.xxxxxxxxxxxxxxxxxxx.xx.xx/wp-content/uploads/2022/02/Arrow-Privacy- Policy-10_02_22.pdf. This clause is in addition to, and does not relieve, remove, or replace, either party's obligations under the Data Protection Legislation. 7.4 Arrow shall, in relation to any personal data processed in the performance by Arrow of its obligations under this Agreement: a) process that personal data only on the written instructions of the Customer unless Arrow is otherwise required to do so by Applicable Laws. Where Arrow is required by Applicable Laws to process personal data, Arrow shall promptly notify the Customer of this before performing the required processing unless the Applicable Laws prevent Arrow from so notifying the Customer b) ensure that it has appropriate technical and organisational measures in place, reviewed and approved by the Customer to protect against any unauthorised or unlawful processing of personal data, accidental loss or destruction of personal data, or damage being caused to personal data. These measures shall be appropriate to: i) the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction, or damage of the personal data, and ii) the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting (in transit) personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it) c) not transfer any personal data outside of the United Kingdom unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled: i) Arrow or the Customer has provided appropriate safeguards in relation to the transfer Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 13 ii) the data subject has enforceable rights and effective legal remedies iii) Arrow complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and iv) Arrow complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data d) ensure only personnel required for the purposes of carrying out the Services performed under or pursuant to this Agreement have access to personal data, and that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential e) if the Customer is unable to access the relevant information, to assist the Customer, and in any event, provide reasonable assistance in responding to any request from a supervising authority or a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators f) notify the Customer without undue delay on becoming aware of a personal data breach and provide all reasonable assistance and information as the Customer may require in relation to same g) delete, or return in a format determined by the Customer, personal data, and copies thereof, on termination of this Agreement, unless required by any Applicable Laws to continue to store the personal data; and h) maintain complete and accurate records and information to demonstrate its compliance with this clause and allow for audits to be carried out by the Customer, or the Customer’s designated auditor, only so far as is necessary to demonstrate compliance, provided that the Customer: i) provides Arrow with no less than thirty (30) days’ notice of such audit or inspection; and ii) both parties agree the scope, duration and purpose of such audit or inspection. If the Customer or the Customer’s designated auditor becomes privy to any Confidential Information of Arrow because of this clause, the Customer shall, and shall procure that the Customer’s designated auditor shall hold such Confidential Information in confidence and, unless required by law, shall not make the Confidential Information available to any third party, or use the Confidential Information for any other purpose. 7.5 The Customer will ensure that any third-party processor of personal data under this Agreement will process that personal data only on terms equivalent to those in this Agreement. 7.6 The Customer shall ensure that: a) the Customer is entitled to transfer the relevant personal data to Arrow so that Arrow may lawfully use, process, and transfer the personal data in accordance with this Agreement on the Customer's behalf Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 14 b) the relevant third parties have been informed of, and have given their consent to such use, processing, and transfer as required by all applicable Data Protection Legislation

Appears in 18 contracts

Samples: Master Services Agreement, Master Services Agreement, Master Services Agreement

AutoNDA by SimpleDocs

CUSTOMER DATA AND DATA PROTECTION. 7.1 The Customer 5.1 You shall own all rightsright, title, title and interest in and to all the of your Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy, accuracy and quality of the your Customer Data. 7.2 Arrow 5.2 In the event of any loss or damage to Customer Data, your sole and exclusive remedy shall be for us to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by us in accordance with the archiving procedure described in our Back-Up Policy. We shall not have access to Customer Data, (save where we are granted specific access by you) and therefore we shall not be responsible for any loss, destruction, alteration, alteration or disclosure of Customer Data caused by a Customer any third party, other than because of a breach of this Agreement. 7.3 5.3 We shall, in providing the Services, comply with our GDPR statement relating to the privacy and security of you Customer Data available at xxx.xxxxxxxxxx.xxx as may be amended from time to time by us in our sole discretion. 5.4 Both parties will comply with all applicable requirements of the General Data Protection Regulation Legislation. These clauses 5.4 to 5.9 (GDPR), Data Protection Legislation and our Privacy Policy, xxxxx://xxx.xxxxxxxxxxxxxxxxxxx.xx.xx/wp-content/uploads/2022/02/Arrow-Privacy- Policy-10_02_22.pdf. This clause is inclusive) are in addition to, and does do not relieve, remove, remove or replace, either a party's ’s obligations under the Data Protection Legislation. 7.4 Arrow 5.5 The parties acknowledge that for the purposes of the Data Protection Legislation, you are the Data Controller and we are the Data Processor. 5.6 We shall maintain a register setting out the scope, nature and purpose of processing we carry out, the duration of the processing and the types of Personal Data. The parties acknowledge that we shall, in general, not have access to your Personal Data or Customer Data. 5.7 Without prejudice to the generality of clause 5.4 and only where applicable, you will ensure that you have all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to us for the duration and purposes of this Cloud Services Agreement. 5.8 Without prejudice to the generality of clause 5.4, we shall, in relation to any personal data Personal Data processed in connection with the performance by Arrow of its our obligations under this Cloud Services Agreement: a) 5.8.1 process that personal data Personal Data only on the your written instructions unless we are required by the laws of any member of the Customer unless Arrow is otherwise required European Union or by the laws of the European Union applicable to do so by us to process Personal Data (Applicable Laws. Where Arrow is required by Applicable Laws to process personal data, Arrow shall promptly notify the Customer of this before performing the required processing unless the Applicable Laws prevent Arrow from so notifying the Customer); b) 5.8.2 ensure that it has we have in place appropriate technical and organisational measures in placemeasures, reviewed and approved by the Customer to protect against any unauthorised or unlawful processing of personal data, Personal Data and against accidental loss or destruction of personal dataof, or damage being caused to, Personal Data, appropriate to personal data. These measures shall be appropriate to: i) the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction, destruction or damage of the personal data, and ii) and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting (in transit) personal dataPersonal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); c) 5.8.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and 5.8.4 subject to clause 5.9, not transfer any personal data Personal Data outside of the United Kingdom European Economic Area unless the your prior written consent of the Customer has been obtained and the following conditions are fulfilled: i) Arrow or the Customer 5.8.4.1 either of us has provided appropriate safeguards in relation to the transfer Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 13transfer; ii) 5.8.4.2 the data subject has enforceable rights and effective legal remedies; iii) Arrow complies 5.8.4.3 we comply with its our obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data Personal Data that is transferred; and iv) Arrow complies 5.8.4.4 we comply with reasonable instructions notified to it us in advance by the Customer you with respect to the processing of the personal dataPersonal Data; d) ensure only personnel required for the purposes of carrying out the Services performed under or pursuant to this Agreement have access to personal data5.8.5 assist you, and that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential e) if the Customer is unable to access the relevant informationat your cost, to assist the Customer, and in any event, provide reasonable assistance in responding to any request from a supervising authority or a data subject Data Subject and in ensuring compliance with its your obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; f) 5.8.6 notify the Customer you without undue delay on becoming aware of a personal data breach and provide all reasonable assistance and information as the Customer may require in relation to samePersonal Data breach; g) delete5.8.7 at your written direction, delete or return in a format determined by the Customer, personal data, Personal Data and copies thereof, thereof to you on termination of this Agreement, the Cloud Services Agreement unless required by any Applicable Laws to continue Law to store the personal dataPersonal Data; and h) 5.8.8 maintain complete and accurate records and information to demonstrate its compliance with this clause and allow for audits these clauses 5.4 to be carried out by the Customer, or the Customer’s designated auditor, only so far as is necessary to demonstrate compliance, provided that the Customer: i) provides Arrow with no less than thirty 5.9 (30) days’ notice of such audit or inspection; and ii) both parties agree the scope, duration and purpose of such audit or inspection. If the Customer or the Customer’s designated auditor becomes privy to any Confidential Information of Arrow because of this clause, the Customer shall, and shall procure that the Customer’s designated auditor shall hold such Confidential Information in confidence and, unless required by law, shall not make the Confidential Information available to any third party, or use the Confidential Information for any other purposeinclusive). 7.5 The Customer will ensure that any 5.9 You consent to us appointing such third-party processor processors of personal data Personal Data under this Cloud Services Agreement as are required for the delivery of the Services. Where it is agreed that we will process that personal data only on terms equivalent to those provide you with out of hours support, this is provided by a consultant in this AgreementCanada with whom we have entered into Model Contract Clauses. 7.6 The Customer shall ensure that: a) the Customer is entitled to transfer the relevant personal data to Arrow so that Arrow may lawfully use, process, and transfer the personal data in accordance with this Agreement on the Customer's behalf Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 14 b) the relevant third parties have been informed of, and have given their consent to such use, processing, and transfer as required by all applicable Data Protection Legislation

Appears in 1 contract

Samples: Cloud Services Agreement

CUSTOMER DATA AND DATA PROTECTION. 7.1 The Customer 10.1 You shall own all rightsright, title, title and interest in and to all the of your Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy, accuracy and quality of the your Customer Data. 7.2 Arrow 10.2 We shall not have access to Customer Data, (save where we are granted specific access by you), and therefore we shall not be responsible for any loss, destruction, alteration, alteration or disclosure of Customer Data caused by a Customer any third party, other than because of a breach of this Agreement. 7.3 . Both parties will comply with all applicable requirements of the General Data Protection Regulation Legislation. These clauses 10.2 to 10.7 (GDPR), Data Protection Legislation and our Privacy Policy, xxxxx://xxx.xxxxxxxxxxxxxxxxxxx.xx.xx/wp-content/uploads/2022/02/Arrow-Privacy- Policy-10_02_22.pdf. This clause is inclusive) are in addition to, and does do not relieve, remove, remove or replace, either a party's ’s obligations under the Data Protection Legislation. 7.4 Arrow 10.3 The parties acknowledge that for the purposes of the Data Protection Legislation, you are the Data Controller and we are the Data Processor. 10.4 We shall maintain a register setting out the scope, nature and purpose of processing we carry out, the duration of the processing and the types of Personal Data. The parties acknowledge that we shall, in general, not have access to your Personal Data or Customer Data. 10.5 Without prejudice to the generality of clause 10.2 and only where applicable, you will ensure that you have all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to us for the duration and purposes of this Licence. 10.6 Without prejudice to the generality of clause 10.2, we shall, in relation to any personal data Personal Data processed in connection with the performance by Arrow of its our obligations under this AgreementLicence: a) 10.6.1 process that personal data Personal Data only on the your written instructions unless we are required by the laws of any member of the Customer unless Arrow is otherwise required European Union or by the laws of the European Union applicable to do so by us to process Personal Data (Applicable Laws. Where Arrow is required by Applicable Laws to process personal data, Arrow shall promptly notify the Customer of this before performing the required processing unless the Applicable Laws prevent Arrow from so notifying the Customer); b) 10.6.2 ensure that it has we have in place appropriate technical and organisational measures in placemeasures, reviewed and approved by the Customer to protect against any unauthorised or unlawful processing of personal data, Personal Data and against accidental loss or destruction of personal dataof, or damage being caused to, Personal Data, appropriate to personal data. These measures shall be appropriate to: i) the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction, destruction or damage of the personal data, and ii) and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting (in transit) personal dataPersonal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by itus); c) 10.6.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and 10.6.4 subject to clause 10.8, not transfer any personal data Personal Data outside of the United Kingdom European Economic Area unless the your prior written consent of the Customer has been obtained and the following conditions are fulfilled: i) Arrow or the Customer 10.6.4.1 either of us has provided appropriate safeguards in relation to the transfer Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 13transfer; ii) 10.6.4.2 the data subject has enforceable rights and effective legal remedies; iii) Arrow complies 10.6.4.3 we comply with its our obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data Personal Data that is transferred; and iv) Arrow complies 10.6.4.4 we comply with reasonable instructions notified to it us in advance by the Customer you with respect to the processing of the personal dataPersonal Data; d) ensure only personnel required for the purposes of carrying out the Services performed under or pursuant to this Agreement have access to personal data10.6.5 assist you, and that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential e) if the Customer is unable to access the relevant informationat your cost, to assist the Customer, and in any event, provide reasonable assistance in responding to any request from a supervising authority or a data subject Data Subject and in ensuring compliance with its your obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; f) 10.6.6 notify the Customer you without undue delay on becoming aware of a personal data breach and provide all reasonable assistance and information as the Customer may require in relation to samePersonal Data breach; g) delete10.6.7 at your written direction, delete or return in a format determined by the Customer, personal data, Personal Data and copies thereof, thereof to you on termination of this Agreement, the agreement unless required by any Applicable Laws to continue Law to store the personal dataPersonal Data; and h) 10.6.8 maintain complete and accurate records and information to demonstrate its compliance with this clause these clauses 10.2 to 10.7 (inclusive) and allow for audits to be carried out by you or your designated auditor (where so requested in writing by you for the Customer, or the Customer’s designated auditor, only so far as is necessary to demonstrate compliance, provided that the Customer: i) provides Arrow with no less than thirty (30) days’ notice of such audit or inspection; and ii) both parties agree the scope, duration and sole purpose of such audit or inspection. If Data Protection Legislation) and inform you as soon as practicable if, in our opinion, an instruction infringes the Customer or the Customer’s designated auditor becomes privy to any Confidential Information of Arrow because of this clause, the Customer shall, and shall procure that the Customer’s designated auditor shall hold such Confidential Information in confidence and, unless required by law, shall not make the Confidential Information available to any third party, or use the Confidential Information for any other purposeData Protection Legislation. 7.5 The Customer will ensure that any 10.8 You consent to us appointing such third-party processor processors of personal data Personal Data under this Agreement Licence as are required for the delivery of the Services. Where it is agreed that we will process that personal data only on terms equivalent to those provide you with out of hours Support Services, this is provided by a consultant in this AgreementCanada with whom we have entered into Model Contract Clauses. 7.6 The Customer shall ensure that: a) the Customer is entitled to transfer the relevant personal data to Arrow so that Arrow may lawfully use, process, and transfer the personal data in accordance with this Agreement on the Customer's behalf Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 14 b) the relevant third parties have been informed of, and have given their consent to such use, processing, and transfer as required by all applicable Data Protection Legislation

Appears in 1 contract

Samples: Software License Agreement

CUSTOMER DATA AND DATA PROTECTION. 7.1 The Customer 12.1 You shall own all rightsright, title, title and interest in and to all the of your Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy, accuracy and quality of the your Customer Data. 7.2 Arrow 12.2 We shall not have access to Customer Data, (save where we are granted specific access by you), and therefore we shall not be responsible for any loss, destruction, alteration, alteration or disclosure of Customer Data caused by a Customer any third party, other than because of a breach of this Agreement. 7.3 . Both parties will comply with all applicable requirements of the General Data Protection Regulation Legislation. These clauses 12.2 to 12.7 (GDPR), Data Protection Legislation and our Privacy Policy, xxxxx://xxx.xxxxxxxxxxxxxxxxxxx.xx.xx/wp-content/uploads/2022/02/Arrow-Privacy- Policy-10_02_22.pdf. This clause is inclusive are in addition to, and does do not relieve, remove, remove or replace, either a party's ’s obligations under the Data Protection Legislation. 7.4 Arrow 12.3 The parties acknowledge that for the purposes of the Data Protection Legislation, you are the Data Controller and we are the Data Processor. 12.4 We shall maintain a register setting out the scope, nature and purpose of our processing, the duration of the processing and the types of Personal Data. The parties acknowledge that we shall, in general, not have access to your Personal Data or Customer Data. 12.5 Without prejudice to the generality of clause 12.2 and only where applicable, you will ensure that you have all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to us for the duration and purposes of this agreement. 12.6 Without prejudice to the generality of clause 12.2, we shall, in relation to any personal data Personal Data processed in the connection with our performance by Arrow of its our obligations under this Agreementagreement: a) 12.6.1 process that personal data Personal Data only on the your written instructions unless we are required by the laws of any member of the Customer unless Arrow is otherwise required European Union or by the laws of the European Union applicable to do so by us to process Personal Data (Applicable Laws. Where Arrow is required by Applicable Laws to process personal data, Arrow shall promptly notify the Customer of this before performing the required processing unless the Applicable Laws prevent Arrow from so notifying the Customer); b) 12.6.2 ensure that it has we have in place appropriate technical and organisational measures in placemeasures, reviewed and approved by the Customer to protect against any unauthorised or unlawful processing of personal data, Personal Data and against accidental loss or destruction of personal dataof, or damage being caused to, Personal Data, appropriate to personal data. These measures shall be appropriate to: i) the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction, destruction or damage of the personal data, and ii) and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting (in transit) personal dataPersonal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); c) 12.6.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and 12.6.4 not transfer any personal data Personal Data outside of the United Kingdom European Economic Area unless the your prior written consent of the Customer has been obtained and the following conditions are fulfilled: i) Arrow or the Customer 12.6.4.1 either of us has provided appropriate safeguards in relation to the transfer Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 13transfer; ii) 12.6.4.2 the data subject has enforceable rights and effective legal remedies; iii) Arrow complies 12.6.4.3 we comply with its our obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data Personal Data that is transferred; and iv) Arrow complies 12.6.4.4 we comply with reasonable instructions notified to it us in advance by the Customer you with respect to the processing of the personal dataPersonal Data; d) ensure only personnel required for the purposes of carrying out the Services performed under or pursuant to this Agreement have access to personal data12.6.5 assist you, and that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential e) if the Customer is unable to access the relevant informationat your cost, to assist the Customer, and in any event, provide reasonable assistance in responding to any request from a supervising authority or a data subject Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; f) 12.6.6 notify the Customer you without undue delay on becoming aware of a personal data breach and provide all reasonable assistance and information as the Customer may require in relation to samePersonal Data breach; g) delete12.6.7 at your written direction, delete or return in a format determined by the Customer, personal data, Personal Data and copies thereof, thereof to you on termination of this Agreement, the agreement unless required by any Applicable Laws to continue Law to store the personal dataPersonal Data; and h) 12.6.8 maintain complete and accurate records and information to demonstrate its compliance with this clause these clauses 12.3 to 12.6 (inclusive) and allow for audits to be carried out by you or your designated auditor (where so requested in writing by you for the Customer, or the Customer’s designated auditor, only so far as is necessary to demonstrate compliance, provided that the Customer: i) provides Arrow with no less than thirty (30) days’ notice of such audit or inspection; and ii) both parties agree the scope, duration and sole purpose of such audit or inspection. If Data Protection Legislation) and inform you as soon as practicable if, in our opinion, an instruction infringes the Customer or the Customer’s designated auditor becomes privy to any Confidential Information of Arrow because of this clause, the Customer shall, and shall procure that the Customer’s designated auditor shall hold such Confidential Information in confidence and, unless required by law, shall not make the Confidential Information available to any third party, or use the Confidential Information for any other purposeData Protection Legislation. 7.5 The Customer will ensure that any 12.7 You consent to us appointing such third-party processor processors of personal data Personal Data under this Agreement agreement as are required for the delivery of the Services. Where it is agreed that we will process that personal data only on terms equivalent to those provide you with out of hours Support Services, this is provided by a consultant in this AgreementCanada with whom we have entered into Model Contract Clauses. 7.6 The Customer shall ensure that: a) the Customer is entitled to transfer the relevant personal data to Arrow so that Arrow may lawfully use, process, and transfer the personal data in accordance with this Agreement on the Customer's behalf Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 14 b) the relevant third parties have been informed of, and have given their consent to such use, processing, and transfer as required by all applicable Data Protection Legislation

Appears in 1 contract

Samples: Appliance Agreement

AutoNDA by SimpleDocs

CUSTOMER DATA AND DATA PROTECTION. 7.1 The Customer 6.1 Datatank, its Staff, representatives and agents, shall own all rights, title, and interest in and to all the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy, and quality of the Customer Data. 7.2 Arrow shall not be responsible for any loss, destruction, alteration, or disclosure of Customer Data caused by a Customer third party, other than because of a breach of this Agreement. 7.3 Both parties will comply with all applicable the requirements of the General Data Protection Regulation (GDPR), Data Protection Legislation and our Privacy Policy, xxxxx://xxx.xxxxxxxxxxxxxxxxxxx.xx.xx/wp-content/uploads/2022/02/Arrow-Privacy- Policy-10_02_22.pdf. This clause is in addition to, and does not relieve, remove, or replace, either party's obligations under the Data Protection Legislation. 7.4 Arrow shall, in relation to any personal data processed in the performance by Arrow of its obligations under this Agreement: a) process that personal data only on the written instructions of the Customer unless Arrow is otherwise required to do so by Applicable Laws. Where Arrow is required by Applicable Laws to process personal data, Arrow shall promptly notify the Customer of this before performing the required processing unless the Applicable Laws prevent Arrow from so notifying the Customer b) ensure that it has appropriate technical and organisational measures in place, reviewed and approved by the Customer to protect against any unauthorised or unlawful processing of personal data, accidental loss or destruction of personal data, or damage being caused to personal data. These measures shall be appropriate to: i) the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction, or damage of the personal data, and ii) the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting (in transit) personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it) c) not transfer any personal data outside of the United Kingdom unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled: i) Arrow or the Customer has provided appropriate safeguards in relation to the transfer Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 13provision of the services and shall not knowingly or negligently place the Customer in breach, or potential breach, of such legislation ii6.2 In accordance with the Data Protection Act (DPA) 2018 and The Data Protection (Charges and Information) Regulations 2018, Datatank shall ensure that they have notified the Information Commissioner’s Office of their personal data subject processing activities. Datatank shall advise the Customer of its notification reference on the Public Register of Data Controllers. 6.3 Datatank shall only use information that is given or made available to it by the Customer in line with the requirements of the Data Protection Legislation for the provision of the services, in accordance with specific instructions, and for no other purpose whatsoever at any time. 6.4 Datatank shall ensure that personal information is not disclosed to any other party unless it has enforceable rights first consulted the Customer regarding the legality and effective mechanism of the disclosure and the Customer is satisfied that there is a legal remediesor regulatory obligation to disclose the data, and that the disclosure mechanism is appropriate. iii) Arrow complies 6.5 On termination of this Contract Datatank shall return all personal data or destroy or dispose of it in a secure manner and in accordance with any specific written instructions issued by the Customer. 6.6 Datatank shall give all reasonable assistance to the Customer necessary to enable the Customer to comply with its obligations under the Data Protection Legislation by providing an adequate level of protection Legislation 6.7 Datatank shall comply with the Customer’s security requirements and instructions, and shall have appropriate technical and organisation safeguards in place to any personal data that is transferred; and iv) Arrow complies with reasonable instructions notified to it in advance meet the obligations imposed on the Customer by the Customer with respect to the processing Data Protection Legislation specifically as set out in Article 5 (f) of the personal GDPR. 6.8 Datatank shall have, or shall implement prior to receiving Council data, security procedures which satisfy the Customer that relevant standards are adhered to ensure Datatank’s and the Customer’s compliance with Data Protection Legislation requirements. d) ensure only personnel required 6.9 The Customer shall be entitled to establish its own processes for evaluating and monitoring the effectiveness of Datatank’s data protection procedures and systems and shall be entitled to deduct the reasonable cost of maintaining such systems from sums due to Datatank. Datatank shall, upon reasonable notice, allow officers of the Customer to have reasonable rights of access to Datatank’s premises, Staff and records for the purposes of carrying out the Services performed under or pursuant to this Agreement have access to personal data, and that all personnel who have access to and/or process personal data are obliged to keep the personal data confidential e) if the Customer is unable to access the relevant information, to assist the Customer, and in any event, provide reasonable assistance in responding to any request from a supervising authority or a data subject and in ensuring monitoring Datatank’s compliance with its security requirements, including its obligations under the Data Protection Legislation with respect Legislation. . 6.10 Datatank shall take reasonable steps to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators f) notify ensure the Customer without undue delay on becoming aware reliability of a personal data breach and provide all reasonable assistance and information as the Customer may require in relation its Staff that have access to same g) delete, or return in a format determined by the Customer, personal ’s data, and copies thereofshall ensure that its Staff receive training in data protection to ensure compliance. Datatank shall ensure that it, on termination its Staff, representatives, agents and visitors will not access, read, listen to or in any way use Council Data unless necessary in connection with the provision of this Agreementthe services. 6.11 Datatank shall ensure that Personal Data, unless required by any Applicable Laws as defined under the Data Protection Legislation, is not transferred to continue a country or territory outside the European Economic Area and that no other data is transferred to store a country or territory outside the personal data; and h) maintain complete and accurate records and information to demonstrate its compliance with this clause and allow for audits to be carried out by European Economic Area without the prior approval of the Customer, or the Customer’s designated auditor, only so far as is necessary to demonstrate compliance, provided that the Customer:. i) provides Arrow with no less than thirty (30) days’ notice of such audit or inspection; and ii) both parties agree the scope, duration and purpose of such audit or inspection. If 6.12 Datatank shall immediately inform the Customer of any breach or potential breach of these terms. 6.13 In the Customer’s designated auditor becomes privy event that Datatank fails to any Confidential Information of Arrow because of this clausecomply with these terms, the Customer shallreserves the right to terminate this Contract, and shall procure that the Customer’s designated auditor shall hold such Confidential Information in confidence andwhole or in part, unless required by law, in writing with immediate effect. Datatank shall not make the Confidential Information available to any third party, or use the Confidential Information be liable for any other purpose. 7.5 The Customer will ensure that any third-party processor of personal data under this Agreement will process that personal data only on terms equivalent indirect or consequential losses caused to those in this Agreement. 7.6 The Customer shall ensure that: a) the Customer by its breach of this clause 15 (including damage to goodwill or loss of reputation 6.14 The amount of database storage i.e. of emails, electronic documents, images and application data is entitled limited to transfer 50Gbytes per organisation (not user). Additional storage capacity can be purchased at the relevant personal data to Arrow so that Arrow may lawfully use, process, and transfer the personal data in accordance with this Agreement on the Customer's behalf Tel: 0000 000 0000 Web: xxx.xxxxxxxxxxxxxxxxxxx.xx.xx 14 bprice of 20p (xxxxx) the relevant third parties have been informed of, and have given their consent to such use, processing, and transfer as required by all applicable Data Protection Legislationper GByte per month.

Appears in 1 contract

Samples: Terms of Service

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!