Data Controllers. 11.1.1 In the terms of the GDPR a Data Controller works alone, jointly or in common with other data controllers, depending on the circumstances of the data processing activity10.
11.1.2 Each Health and Social Care partner is an individual Data Controller and is alone legally responsible for ensuring their processing of PCD is done fairly and lawfully in compliance with data protection legislation.
11.1.3 Any processing of personal data undertaken by a Data Controller and their staff, is undertaken in their own right and each Data Controller party to this Agreement is not liable for the actions of another.
11.1.4 The GDPR conditions for processing are listed in Appendix D.
11.1.5 The Data Controllers work jointly to decide and agree the policy under which the LCR will operate.
11.1.6 The Data Controllers work in common sharing the pool of information held in the LCR, which they process independently of each other under the terms of this Agreement and in accordance with the law.
Data Controllers. The Parties agree that if they are Controllers or Joint Controllers in relation to Personal Data processed under the Contract (“Contract Data”) they shall determine their respective obligations under the Data Protection Legislation (either independently (as Controllers) or by means of an arrangement between them (as Joint Controllers) and provide such reasonable co-operation and assistance to each other as may be necessary under that arrangement. The Parties agree that, as Controllers, or Joint Controllers, they shall each comply with the obligations imposed on a Controller (and Joint Controller where appropriate) by the Data Protection Legislation and, subject to the arrangements agreed in accordance with clause 25.10: Each party will be responsible for responding to : a request from the Data Subject received by them to exercise their rights under the Data Protection Legislation in respect of the Contract Data. Each party agrees to provide reasonable assistance to the other party as is necessary for the receiving party to comply with such a request;
a Personal Data Breach notified to them in respect of the Contract Data whether actual or suspected; and
(iii) correspondence from the Information Commissioner’s Office in relation to the Contract Data all in line with their own procedures however it is also acknowledged that the parties will provide each other with reasonable assistance in responding to any such correspondence. In the event that either party intends to notify the Information Commissioner’s Office regarding a Personal Data Breach in relation to the Contract Data then the notifying party shall, without undue delay (and in any event within 48 hours where possible), notify the other party about the actual or suspended Personal Data Breach and shall implement any measures necessary to restore the security of compromised Personal Data. The parties will ensure that:
(i) all relevant fair Processing notices have been made available to relevant Data Subjects in relation to the Contract Data in accordance with Data Protection Legislation; and
(ii) such fair Processing notices are sufficient in scope to enable their Personal Data to be Processed by the parties as Controllers or by both parties as Joint Controllers in connection with the Services and in accordance with Data Protection Legislation. Where Contract Data is to be transferred outside the European Economic Area (or, following the withdrawal of the United Kingdom from the European Union, outsid...
Data Controllers. 10.1.1 In the terms of the GDPR a Data Controller works alone, jointly or in common with other data controllers, depending on the circumstances of the data processing activity4.
10.1.2 Each Health and Social Care partner is an individual Data Controller and is alone legally responsible for ensuring their processing of PCD is done fairly and lawfully in compliance with data protection legislation.
10.1.3 Any processing of personal data undertaken by a Data Controller and their staff, is undertaken in their own right and each Data Controller party to this Agreement is not liable for the actions of another.
10.1.4 The GDPR conditions for processing are listed in Appendix A.
Data Controllers. 3.1. To the extent that each Party is acting as a data controller:
a. each Party shall, in respect of personal data shared with the other, ensure that their privacy notices are clear and provide sufficient information to the data subjects for them to understand what of their personal data may be shared with the other Party, the purposes of the data sharing and either the Identity of the other Party or a description of the type of organisation that will receive the personal data;
b. each Party must ensure it requests processing of personal data on the basis of one or more lawful grounds (Including consent where legally required) and ensure compliance with Data Protection Legislation at all times for the period it remains a data controller in respect of the shared data; and
c. the Parties agree to provide reasonable assistance as is necessary to each other to enable them to comply with subject access requests, other requests from data subjects who wish to exercise their rights under Data Protection Legislation, or other queries or complaints from individuals.
Data Controllers. The personal data processed by the Parties within the framework of this Contract shall be processed in accordance with the Data Protection Legislation. The definitions contained in the Data Protection Legislation apply to this Contract. Under this Contract, each Party acts as a Data Controller and neither Party acts as a Processor for the other Party.
Data Controllers. If you have any questions or need further information about our privacy practices, please contact:
Data Controllers. The data controllers involved in this data sharing are the referring adoption agency (either a voluntary registered adoption service or local authority - further details in Section 3) and the Scottish Government. The Register is a database which records and stores information that is a duplication of information already held by agencies. Section 4.1 (and Annexes C & D) outlines the information that is processed by the Register. The Register uses this information, or allows agencies and adopters to use this information, to identify potential links between children with a plan for adoption and prospective adopters. Adoption agencies are the data controllers of the information up to the point where
Data Controllers. X4 acts as a data controller in connection with the Processing of Subject Personal Data in relation to the conduct of the Trial. The Institution is the data controller of the Data Subject Personal Data processed in the Trial for purposes of provision of health care. společností X4 nebo jí předem schválené. Společnost X4 má právo kontrolovat účtenky a další dokumentaci Poskytovatele a Hlavního zkoušejícího týkající se Poskytnutí hodnotného plnění. 14. Ochrana osobních údajů (a) Osobní údaje subjektů Studie. Termínem "Osobní údaje" se rozumí veškeré informace týkající se identifikované nebo identifikovatelné fyzické osoby ("Subjekt údajů"); identifikovatelná fyzická osoba je osoba, kterou lze přímo či nepřímo identifikovat, zejména odkazem na identifikátor, jako je jméno, identifikační číslo, lokační údaje, online identifikátor nebo jeden či více zvláštních prvků fyzické, fyziologické, genetické, psychické, ekonomické, kulturní nebo společenské identity této fyzické osoby.
Data Controllers. A data controller is a person or organisation that either alone or jointly with another controller, determines the purposes for which and the manner in which any personal data are processed.
Data Controllers. 5.1 The Data Controller for the information to be shared is listed above along with the role (owner) which has operational responsibility for the data. The registration number and named contacts for each Data Controller organisation are: Organisation Registration Number Named Person Contact Details
5.2 The personal Information must only be used for the purposes stated in paragraph 4.1 of this Protocol. The prior written agreement of the Data Controller must be sought before using shared information for any other purpose.
5.3 The partner organisations receiving shared personal information must review the need to continue to hold it after ……….(Period or date) and must destroy it after ……….. (Period or date). The outcome of review or destruction must be notified to the relevant Data Controller.
