DATA PROCESSING OBLIGATIONS Sample Clauses

DATA PROCESSING OBLIGATIONS. 1.1. When Processing Personal Data, Pelican undertakes to the Retailer that it shall: 1.1.1. taking into account the nature of the Processing and the information available to Pelican, provide reasonable assistance to the Retailer with any data protection impact assessments, and prior consultations with Regulatory Authorities or other competent data privacy authorities, which the Retailer is required to undertake under Article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Legislation; 1.1.2. Process the Personal Data only to the extent necessary for the Permitted Purposes; 1.1.3. not Process the Personal Data other than on the Retailer’s documented instructions, including with regard to transfer of Personal Data to a Third Country or an international organisation, unless required to do so by Applicable Laws, in which case Pelican shall to the extent permitted by Applicable Laws inform the Retailer of that legal requirement before the relevant Processing of that Personal Data; 1.1.4. keep a record of any Processing of Personal Data it carries out on behalf of the Retailer; 1.1.5. comply with Data Protection Legislation when Processing the Personal Data and not knowingly do or omit to do or permit anything to be done which causes the Retailer to breach the Data Protection Legislation; 1.1.6. taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk; 1.1.7. promptly after becoming aware of any Personal Data Breach notify and provide sufficient information to the Retailer to allow the Retailer to meet any obligations to report or inform Data Subjects of such Personal Data Breach under the Data Protection Legislation. Pelican shall co-operate with the Retailer to assist in the investigation, mitigation and remediation of such breach and shall provide further information where so required by a Regulatory Authority; 1.1.8. restrict access to the Personal Data to Permitted Recipients (and in the case of any access by any employee, ensure that access to the Personal Data is limited to such part or parts of the Personal Data as is strictly necessary for performance of that employee's duties), ensure that all such Permitted Recipients are subject to confiden...
Sample 1Sample 2Sample 3See All (10)
AutoNDA by SimpleDocs
DATA PROCESSING OBLIGATIONS. 4.1. From the Commencement Date, where NBI processes Customer Personal Data provided to it by or on behalf of the RSP, as a processor in connection with the Processing Purposes, NBI agrees that it: 4.1.1. shall process Customer Personal Data only for the Processing Purposes in connection with the provision of the Services, as described in Schedule 1 of this DPA, or as subsequently instructed in writing from time to time by the RSP; 4.1.2. shall ensure that it shall not transfer the Customer Personal Data outside the European Economic Area (“EEA”) without the express written instructions of the RSP and where such instructions are received by NBI, such transfers of Customer Personal Data shall be undertaken in accordance with the Data Protection Laws; 4.1.3. shall ensure that all Relevant Personnel authorised to be involved in the processing of Customer Personal Data for and on behalf of NBI have committed themselves to a duty of confidentiality in respect of Customer Personal Data; 4.1.4. shall implement appropriate technical and organisational measures in accordance with Article 32 of the GDPR to ensure the security of Customer Personal Data, in particular as described in Minimum Security Requirements under Data Processing Schedule 2 of this DPA; 4.1.5. shall only engage sub-contract or outsource the processing of Customer Personal Data under this DPA to any other person or Third Party processor (“Sub- processor”) subject to: having notified the RSP of the identity of such Sub-processor and obtaining the written authorisation of the RSP before engaging any such Sub-processor; and NBI putting in place binding contractual terms with such Sub-processor on terms no less onerous than those contained in this DPA; 4.1.6. taking into account the nature of the processing of Customer Data, NBI shall reasonably assist the RSP in meeting its responsibilities as a controller by putting in place appropriate technical and organisational measures to enable NBI to provide reasonable assistance on request from RSP in responding to any data subject requests received by the RSP in accordance with the Data Protection Laws; 4.1.7. on becoming aware of a “personal data breach” (as such term is defined in the Data Protection Laws) affecting the Customer Personal Data, NBI shall notify the RSP without undue delay and in any event within a period of 24 hours using the following contact details: RSP email addresses [⚫] [⚫] RSP phone number [⚫] [⚫] 4.1.8. on becoming aware of a perso...
Sample 1Sample 2Sample 3See All (9)
DATA PROCESSING OBLIGATIONS. From the Commencement Date, where NBI processes Customer Personal Data provided to it by or on behalf of the RSP, as a processor in connection with the Processing Purposes, NBI agrees that it:
Sample 1Sample 2Sample 3See All (6)
DATA PROCESSING OBLIGATIONS. 3.1. Client as Controller appoints JAGGAER as Processor. JAGGAER shall only Process Personal Data on behalf of Client for the purposes set forth in the Agreement, under the Client’s instructions as documented in the Agreement and within the scope thereof or as required to comply with any applicable law. 3.2. Client hereby represents and warrants, throughout the term of the Agreement, that all Personal Data provided or made available by Client to JAGGAER for Processing in connection with the Agreement was collected by Client and transmitted to JAGGAER in accordance with Data Protection Laws and Client has obtained all necessary approvals, consents, authorizations and licenses from each and every Data Subject required under Data Protection Laws to enable JAGGAER to Process the Personal Data pursuant to the Agreement and to exercise its rights and fulfil its obligations under the Agreement. 3.3. Unless restricted by applicable law, JAGGAER shall inform Client if, in JAGGAER’s reasonable opinion, any Processing under the Agreement or an instruction from Client conflicts with JAGGAER’s legal obligations or Data Protection Laws. After JAGGAER so informs Client, JAGGAER shall have no liability for any claim arising from or related to such Processing of Personal Data by JAGGAER. 3.4. JAGGAER shall ensure that all employees, agents and sub-processors authorized by JAGGAER to Process Personal Data are subject to contractual, statutory or common law obligations of confidentiality. 3.5. JAGGAER shall provide Client, at Client’s expense, with reasonable assistance with data protection impact assessments or prior consultations with data protection authorities that Client is required to carry out under Data Protection Laws. 3.6. JAGGAER shall implement appropriate technical and organizational measures, as described in Annex II, in relation to the Processing of Personal Data intended to ensure a level of security appropriate to such Processing, including as the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and a procedure for regularly testing, assessing, and evaluating the effectiveness of such technical and organizational measures. 3.7. Without undue delay and within forty eight (48) hours after JAGGAER becomes aware of an accidental or unlawful destruction, loss or alteration of, unauthorized disclosure of, or access to Personal Data Processed by JAGGAER pursuant to this Addendum (“Personal Data Breach”), JA...
Sample 1Sample 2See All (6)
DATA PROCESSING OBLIGATIONS. In respect of any Personal Data to be processed by the Data Processor pursuant to this Agreement for which the Customer is Data Controller, the Data Processor shall: a) have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk; b) not engage any new sub-processor without giving notice of at least 30 days in advance of providing that new sub-processor with access to Customer Data. A list of current sub-processors can be found at 7 c) ensure that each of the Data Processor’s employees, agents, consultants, subcontractors and sub-processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under this Schedule. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub-processor, subcontractor, agent or consultant to the effect that the sub- processor, subcontractor, agent or consultant shall be obligated to act at all times in accordance with duties and obligations of the Data Processor under this Schedule. The Data Processor shall at all times be and remain liable to the Customer for any failure of any employee, agent, consultant, subcontractor or sub-processor to act in accordance with the duties and obligations of the Data Processor under this Schedule; d) process that Personal Data only on behalf of the Customer in accordance with the Customer’s instructions and to perform its obligations under this Agreement or other documented instructions and for no other purpose save to the limited extent required by law;
Sample 1Sample 2Sample 3See All (4)
DATA PROCESSING OBLIGATIONS. The data processing obligations of Administrator include, but are not limited to, the following: a) Provide data processing in support of all Administrative Services at a performance level not less than a reasonable performance level for such services in the industry and in any event not less than the performance level standards in effect by New York Ceding Company immediately prior to the Closing Date; and b) Maintain appropriate business continuity and disaster recovery plans to continue business operations and recover from a disaster involving facilities and/or systems. Plans will allow for recovery of critical business functions within twenty-four (24) hours and recovery for all material functions within five (5) Business Days.
Sample 1Sample 2See All (4)
DATA PROCESSING OBLIGATIONS. 5.1 To the extent that each Party processes Personal Data as a Processor (the “Processing Party”) on behalf of the other Party (the “Controller Party”) in accordance with Annex 1 each Party shall: 5.1.1 at all times comply with Controller Party’s documented instructions, subject to compliance with all applicable Data Protection Laws in relation to Processing the Controller Party’s Personal Data; 5.1.2 take reasonable steps to ensure that access is limited to individuals who are subject to confidentiality undertakings or professional or statutory obligations of confidentiality and who need to know/access Controller Party’s Personal Data for the purposes of fulfilling the Processing Party’s obligations under the Agreement; 5.1.3 implement and maintain (and provide details of such measures at the Controller Party’s request) appropriate technical and organisational measures to ensure a level of security appropriate to the risk including but not limited to the following: (a) the Pseudonymisation and encryption of Controller Party Personal Data; (b) measure(s) to ensure the ongoing confidentiality and access to Controller Party Personal Data in a timely manner in the event of a physical or technical incident; (c) measure(s) to restore the availability and access to Controller Party Personal Data in a timely manner in the event of a physical or technical incident; 5.1.4 assist the Controller Party by implementing and maintaining appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Controller Party’s obligation to respond to Data Subject’s rights (including but not limited to Access Requests) under Data Protection Laws, in particular: (a) notify the Controller Party by email to: xxxxxxx_xxxxxx_xxxxxxx@xxx.xx.xx within 3 Working Days if the Processing Party receives an Access Request from a Data Subject whose Personal Data has been passed to them from the Controller Party and is processed by the Processing Party pursuant to the Agreement and/or this MoA; and (b) in relation to any Access Request received by the Controller Party and shall agree in writing the approach for the secure transfer of any Personal Data relevant to the Data Subject and Access Request, prior to the aforementioned transfer taking place as soon as possible and in any event within 5 Working Days of any request from the Controller Party 5.1.5 assist the Controller Party to ensure compliance with obligations under the Data Protection Laws inclu...
Sample 1See All (4)
AutoNDA by SimpleDocs
DATA PROCESSING OBLIGATIONS. (a) Customer as Controller appoints Virtuozzo as Processor. Virtuozzo shall only Process the Personal Data for the purposes set forth in the Agreement and in accordance with Customer’s written instructions. The Agreement (including this DPA) constitutes such written initial instructions by Customer. (b) Customer hereby warrants and represents, on a continuous basis throughout the Term as defined below, that all Personal Data provided or made available by Customer to Virtuozzo for Processing in connection with the Agreement has been lawfully collected by Customer and transferred to Virtuozzo in compliance with Data Protection Laws. During the Term of this DPA, Customer is solely responsible for obtaining and maintaining all necessary approvals, consents, authorizations and licenses from each and every Data Subject that may be required under Data Protection Laws to enable Virtuozzo to Process the Personal Data pursuant to the Agreement and to exercise its rights and fulfil its obligations under this DPA. (c) Unless restricted by applicable law, Virtuozzo shall inform Customer if, in Virtuozzo’ reasonable opinion, any Processing under the Agreement or an instruction by Customer conflicts with Virtuozzo’ legal obligations or Data Protection Laws, or with any of the exceptions listed in Section 3(a). Upon informing the Customer, Virtuozzo shall have no liability for any claim arising from or related to Processing of Personal Data under this DPA by Virtuozzo in compliance with Customer’s instructions. (d) Virtuozzo shall treat all Personal Data as confidential and shall ensure that all employees, agents and sub-processors authorized by Virtuozzo to Process Personal Data are subject to contractual, statutory or common law obligations of confidentiality. (e) Virtuozzo shall provide Customer with reasonable assistance with data protection impact assessments or prior consultations with data protection authorities that Customer is required to carry out under Data Protection Laws. Any such assistance shall be as agreed between the Parties and subject to a mutually accepted fee. (f) Virtuozzo shall implement appropriate technical and organizational measures in relation to the Processing of Personal Data intended to ensure a level of security appropriate to the Personal Data Processing, including, as applicable, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and a procedure for regularly testing, assessing...
Sample 1
DATA PROCESSING OBLIGATIONS. 3.1 The parties acknowledge and agree that, in respect of the Protected Data, each party is an independent controller in common (and not a joint controller). 3.2 Each party shall comply with DP Laws and its obligations under this Agreement in connection with the processing of Protected Data. The Kitchen Provider shall only use Protected Data for the purpose of processing fulfilling the Order in accordance with paragraph 2 or for the Agreed Purpose. 3.3 Applicable DP Laws may in the future change, or be scheduled to change, in a way that either party considers this Agreement is no longer adequate for the purpose of the data sharing arrangements envisaged hereunder. In such circumstances, upon request by either party, the parties (acting reasonably and in good faith) shall promptly meet to discuss, agree and document appropriate changes to the Agreement. 3.4 Each party may deal at its discretion with all Data Subject Requests and Complaints that it receives directly from a Data Subject or the person making the Complaint. The Kitchen Provider shall notify PICKY of Data Subject Requests within 3 days of receipt by theKitchen Provider ofsuchData Subject Requests. 3.5 Each party agrees to provide reasonable and prompt assistance to the other party as necessary to enable the other party to comply with Data Subject Requests and/or to respond to any other queries or Complaints received from Data Subjects or Supervisory Authorities and, in each case, related to the Protected Data. 3.6 In respect of any Personal DataBreach(actual or suspected) related tothe ProtectedData,the Kitchen Provider shall notify PICKY of the breach without undue delay (but no later than 24 hours after becoming aware of the Personal Data Breach) and provide PICKY without undue delay (wherever possible, within 24 hours of becoming aware of the breach) with all details relating to the breach as PICKY reasonably requires. 3.7 To the extent permitted by Applicable Law, neither party shall: 3.7.1 notify a Supervisory Authority or Data Subject of any Protected Data Breach; or 3.7.2 issue any public statement about or otherwise notify any Data Subject of any Protected Data Breach, without first consulting with, and obtaining the consent of, the other party, such consent not to be unreasonably withheld or delayed. 3.8 The Kitchen Provider shall not retain or process any Protected Data for longer than is necessary in connection with carrying out the Agreed Purpose, or, if longer, to adhere to its bind...
Sample 1
DATA PROCESSING OBLIGATIONS. 37.1. In respect of any Personal Data to be processed by the Data Processor pursuant to this Agreement for which the Councils are Data Controllers, the Data Processor shall: 37.1.1. have in place and at all times maintain appropriate technical and organisational measures in such a manner as is designed to ensure the protection of the rights of the data subject and to ensure a level of security appropriate to the risk and shall implement any reasonable security measures as requested by the Councils from time to time; 37.1.2. not engage any sub-processor without the prior specific or general written authorisation of the Councils (and in the case of general written authorisation; the Data Processor shall inform the Councils of any intended changes concerning the addition or replacement of other processors and the Councils shall have the right to object to such changes); 37.1.3. ensure that each of the Data Processor’s employees, agents, consultants, Sub-Contractors and sub-processors are made aware of the Data Processor’s obligations under this Schedule and enter into binding obligations with the Data Processor to maintain the levels of security and protection required under the Data Protection clauses in this Agreement. The Data Processor shall ensure that the terms of this Schedule are incorporated into each agreement with any sub-processor, subcontractor, agent or consultant to the effect that the sub-processor, subcontractor, agent or consultant shall be obligated to act at all times in accordance with duties and obligations of the Data Processor under this Schedule. The Data Processor shall at all times be and remain liable to the Councils for any failure of any employee, agent, consultant, subcontractor or sub-processor to act in accordance with the duties and obligations of the Data Processor under this Schedule; 37.1.4. process that Personal Data only on behalf of the Councils in accordance with the Councils’ instructions and to perform its obligations under this agreement or other documented instructions and for no other purpose save to the limited extent required by law; 37.1.5. (at no additional cost to the Councils) within 7 days following the end of the term of this agreement, deliver to the Councils (in such format as the Councils may require) a full and complete copy of all Personal Data, and, following confirmation of receipt from the Councils, permanently remove the Personal Data (and copies) from the Data Processor’s systems, and the Data Pr...
Sample 1Sample 2
Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!