Data Processor-to-Sub-processor Transfers of EEA Personal Data Sample Clauses

Data Processor-to-Sub-processor Transfers of EEA Personal Data. Where Customer, as a Data Processor, transfers or directs the transfer of EEA Personal Data to Conga, as a Sub-processor, the Parties agree to implement Module Three of the SCCs, with Customer acting as the “Data Exporter” and Conga as the “Data Importer.” The contents of Annex I of the SCCs are included within Attachment A to this DPA. The contents of Annex II of the SCCs are included within Attachment B. The Parties further agree to the following implementation choices: • Clause 7: The Parties choose not to include the optional docking clause.
Sample 1Sample 2Sample 3See All (4)
AutoNDA by SimpleDocs

Related to Data Processor-to-Sub-processor Transfers of EEA Personal Data

  • Processing of Customer Personal Data 3.1 UKG will: 3.1.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and 3.1.2 not Process Customer Personal Data other than for the purpose, and in accordance with, the relevant Customer’s instructions as documented in the Agreement and this DPA, unless Processing is required by the Data Protection Laws to which the relevant UKG Processor is subject, in which case UKG to the extent permitted by the Data Protection Laws, will inform Customer of that legal requirement before the Processing of that Customer Personal Data. 3.2 Customer hereby: 3.2.1 instructs UKG (and authorizes UKG to instruct each Subprocessor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory subject to the provisions of this DPA, in each case as reasonably necessary for the provision of the Services and consistent with the Agreement. 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instructions set out in Section 3.2.1 on behalf of each relevant Customer Affiliate; and 3.2.3 warrants and represents that it has all necessary rights in relation to the Customer Personal Data and/or has collected all necessary consents from Data Subjects to Process Customer Personal Data to the extent required by Applicable Law. 3.3 Schedule 1 to this DPA sets out certain information regarding UKG’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR (and equivalent requirements of other Data Protection Laws).

  • COMPLIANCE WITH NEW YORK STATE INFORMATION SECURITY BREACH AND NOTIFICATION ACT Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law Section 899-aa; State Technology Law Section 208).

  • Use of Attachment Facilities by Third Parties Purpose of Attachment Facilities.‌‌ Except as may be required by Applicable Laws and Regulations, or as otherwise agreed to among the Parties, the Attachment Facilities shall be constructed for the sole purpose of interconnecting the Large Generating Facility to the New York State Transmission System and shall be used for no other purpose.

  • Protection of Customer Data The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved by the Customer. To the extent that the Customer Data is held and/or Processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format (if any) specified by the Customer in the Call Off Order Form and, in any event, as specified by the Customer from time to time in writing. The Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall perform secure back-ups of all Customer Data and shall ensure that up-to-date back-ups are stored off-site at an Approved location in accordance with any BCDR Plan or otherwise. The Supplier shall ensure that such back-ups are available to the Customer (or to such other person as the Customer may direct) at all times upon request and are delivered to the Customer at no less than six (6) Monthly intervals (or such other intervals as may be agreed in writing between the Parties). The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). If at any time the Supplier suspects or has reason to believe that the Customer Data is corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a Default so as to be unusable, the Supplier may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of Customer Data to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer, and the Supplier shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Customer’s notice; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer.

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • COMPLIANCE WITH BREACH NOTIFICATION AND DATA SECURITY LAWS Contractor shall comply with the provisions of the New York State Information Security Breach and Notification Act (General Business Law § 899-aa and State Technology Law § 208) and commencing March 21, 2020 shall also comply with General Business Law § 899-bb.

  • Collection of Personal Information 10.1 The Subscriber acknowledges and consents to the fact that the Issuer is collecting the Subscriber’s personal information for the purpose of fulfilling this Agreement and completing the Offering. The Subscriber acknowledges that its personal information (and, if applicable, the personal information of those on whose behalf the Subscriber is contracting hereunder) may be included in record books in connection with the Offering and may be disclosed by the Issuer to: (a) stock exchanges or securities regulatory authorities, (b) the Issuer's registrar and transfer agent, (c) tax authorities, (d) authorities pursuant to the PATRIOT Act (U.S.A.) and (e) any of the other parties involved in the Offering, including the Issuer’s Counsel. By executing this Agreement, the Subscriber is deemed to be consenting to the foregoing collection, use and disclosure of the Subscriber's personal information (and, if applicable, the personal information of those on whose behalf the Subscriber is contracting hereunder) for the foregoing purposes and to the retention of such personal information for as long as permitted or required by applicable laws. Notwithstanding that the Subscriber may be purchasing the Note as agent on behalf of an undisclosed principal, the Subscriber agrees to provide, on request, particulars as to the nature and identity of such undisclosed principal, and any interest that such undisclosed principal has in the Issuer, all as may be required by the Issuer in order to comply with the foregoing. 10.2 Furthermore, the Subscriber is hereby notified that the Issuer may deliver to any government authority having jurisdiction over the Issuer, the Subscriber or this Subscription, including the SEC and/or any state securities commissions, certain personal information pertaining to the Subscriber, including the Subscriber’s full name, residential address and telephone number, the number of Shares or other securities of the Issuer owned by the Subscriber, the principal amount of Note purchased by the Subscriber, the total Subscription Amount paid for the Note and the date of distribution of the Note.

  • Processing of Personal Data 1.1. With regard to the Processing of Personal Data, You are the controller and determine the purposes and means of Processing of Personal Data You provide to Us (“Controller”) and You appoint Us as a processor (“Processor”) to process such Personal Data (hereinafter, “Data”) on Your behalf (hereinafter, “Processing”). 1.2. The details of the type and purpose of Processing are defined in the Exhibits attached hereto. Except where the DPA stipulates obligations beyond the Term of the Agreement, the duration of this DPA shall be the same as the Agreement Term. 1.3. You shall be solely responsible for compliance with Your obligations under the applicable Data Protection Laws, including, but not limited to, the lawful disclosure and transfer of Personal Data to Us by upload of source data into the Cloud Service or otherwise. 1.4. Processing shall include all activities detailed in this Agreement and the instructions issued by You. You may, in writing, modify, amend, or replace such instructions by issuing such further instructions to the point of contact designated by Us. Instructions not foreseen in or covered by the Agreement shall be treated as requests for changes. You shall, without undue delay, confirm in writing any instruction issued orally. Where We believe that an instruction would be in breach of applicable law, We shall notify You of such belief without undue delay. We shall be entitled to suspend performance on such instruction until You confirm or modify such instruction. 1.5. We shall ensure that all personnel involved in Processing of Customer Data and other such persons as may be involved in Processing shall only do so within the scope of the instructions. We shall ensure that any person Processing Customer Data is subject to confidentiality obligations similar to the confidentiality terms of the Agreement. All such confidentiality obligations shall survive the termination or expiration of such Processing.

  • Bulk Registration Data Access to Icann Periodic Access to Thin Registration Data. In order to verify and ensure the operational stability of Registry Services as well as to facilitate compliance checks on accredited registrars, Registry Operator will provide ICANN on a weekly basis (the day to be designated by ICANN) with up-to-date Registration Data as specified below. Data will include data committed as of 00:00:00 UTC on the day previous to the one designated for retrieval by ICANN.

  • END USER AGREEMENTS (“EUA GAC acknowledges that the END USER may choose to enter into an End User Agreement (“EUA) with the Contractor through this Agreement, and that the term of the EUA may exceed the term of the current H-GAC Agreement. H-GAC’s acknowledgement is not an endorsement or approval of the End User Agreement’s terms and conditions. Contractor agrees not to offer, agree to or accept from the END USER, any terms or conditions that conflict with those in Contractor’s Agreement with H-GAC. Contractor affirms that termination of its Agreement with H-GAC for any reason shall not result in the termination of any underlying EUA, which shall in each instance, continue pursuant to the EUA’s stated terms and duration. Pursuant to the terms of this Agreement, termination of this Agreement will disallow the Contractor from entering into any new EUA with END USERS. Applicable H-GAC order processing charges will be due and payable to H-GAC

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!