Data Processors. 8.1 MedLIS was developed by Cerner Ireland on behalf of the HSE and they will continue to provide on-going support and maintenance of the system and as such will fulfil the role of Data Processor.
8.2 Each party shall not appoint any additional Data Processors for MedLIS without having first obtained the written approval of the other parties.
8.3 All additional Data Processors will be required to sign a copy of the HSE Service Provider Confidentiality Agreement prior to them gaining access to MedLIS. (xxxx://xxx.xxx.xx/eng/services/publications/pp/ict/HSE-Service-Provider-Confidentiality- Agreement-v3-0.pdf)
Data Processors. DCA is permitted and responsible to enter into data processing agree- ments with third party data processors if deemed appropriate. DCA is responsible for making sure that the data processors engaged in relation to the Fabo Platform are com- plying with its obligations, including conducting audits of third-party data processors through the means considered necessary by DCA, e.g. through external third-party au- dits, questionnaires, physical inspections. An overview of third-party data processors is available to the Fabo Members at xxxx.xxx/xxxx/xxxxxxx. Members will be informed when any new data processors are engaged.
Data Processors. 4.1. Where the Data Receiver appoints a Data Processor to process the Shared Personal Data, it shall comply with Article 28 of the UK GDPR and shall remain liable to the Data Discloser for the acts and/or omissions of the Data Processor.
4.2. Data Receiver shall choose such Data Processor diligently with special attention to its good standing and experience.
4.3. Data Receiver shall enter into a written contract with any Data Processor and such contract shall impose upon the Data Processor the same obligations as imposed by the UK GDPR.
Data Processors a. The data importer, as data controller, shall ensure that its subcontractors, as data processors, provide an adequate level of personal data protection, equivalent to the protection prescribed in this contract. For this purpose, formal guidelines and procedures covering the processing of personal data by data processors (contractors/outsourcing) should be defined, documented and agreed between the data importer and the data processor prior to the commencement of the processing activities. These guidelines and procedures should mandatorily establish the same level of personal data security as mandated in the data importer’s security policy.
b. Upon finding out of a personal data breach, the data processor shall notify the data importer without undue delay.
c. Formal requirements and obligations should be formally agreed between the data importer and the data processor. The data processor should provide sufficient documented evidence of compliance.
d. The data importer’s organization should regularly audit the compliance of the data processor to the agreed level of requirements and obligations.
e. The employees of the data processor who are processing personal data should be subject to specific documented confidentiality/ non-disclosure agreements.
Data Processors. The Data Importer may engage Data Processors. To the extent feasible the Data Importer will take steps to ensure that: the Data Processor will observe the obligations of a Data Controller under the Data Protection Laws in respect of the Personal Data being processed by it; and the Data Processor shall act only on the instructions of the Data Exporter or the Data Importer. Governing Law. THE LAWS THAT SHALL GOVERN THIS AGREEMENT SHALL BE THE LAWS OF THE COUNTRY IN WHICH THE DATA EXPORTER IS ESTABLISHED.
Data Processors. St Andrew’s Children’s Society is the data processor on behalf of the Scottish Government. St Andrew’s Children’s Society is acting on the instruction of the Scottish Government as laid out in the controller processor contract.
Data Processors. 23.3.1 Where any Green Deal Provider or any Supplier (the first party) acts as a Data Processor regarding Personal Data Processed in connection with the Green Deal, on behalf of, as appropriate, any Supplier or any Green Deal Provider (the second party), the first party shall:
(a) take appropriate technical and organisational measures to protect those data against unauthorised or unlawful Processing and against accidental loss, destruction, alteration or damage;
(b) only Process those data in the performance of its obligations under this Agreement or the Data Transfer Services Agreement (and, (i) in respect of each Supplier, under its Electricity Supply Licence, and (ii) in respect of each Green Deal Provider, under its Provider Authorisation) and act on the second party's instructions (such instructions being, as set out in this Agreement);
(c) take reasonable steps to ensure the reliability of its employees who may have access to those data;
(d) provide, at its own cost, reasonable assistance to the second party to enable it to comply with such obligations as are imposed on it by the Data Protection Act, including responding to any data subject access requests received in respect of which the second party is the Data Controller; and
(e) not transfer those data to any country or territory outside the European Economic Area without the second party's prior written consent.
23.3.2 Each Supplier and each Green Deal Provider undertakes that it shall not Process any Personal Data collected by another participant in the Green Deal in connection with the Green Deal for any purposes other than performing its obligations and exercising its rights under this Agreement or the Data Transfer Services Agreement and otherwise complying with a Relevant Instrument and, in particular, shall not, and shall not seek to collect consent from relevant Data Subjects to permit it to, Process such data for its own marketing purposes or commercial promotion without the prior written consent of that other participant in the Green Deal.
Data Processors. A data processor is any person or organisation that processes data on behalf of a data controller. A data processor can only act on the instructions of the data controller or controllers.
Data Processors. 1. Any of the Joint Controllers that deems it necessary to make use of a data processor for the performance of specific activities required under the joint project shall notify the other party with adequate notice.
2. Specific data protection obligations shall be imposed on that controller by means of a contract or other legal act under Union or Member State law, in particular by providing for sufficient safeguards to put in place appropriate technical and organisational measures in such a way that the processing meets the requirements of applicable law.
3. The relationship between the Joint Controllers and any data processors shall remain governed by Article 28 of the GDPR.
Data Processors. We transfer, use and store your personal information outside of the European Union, and the laws of some of these countries may differ and not offer the same standard of protection for personal information as countries within the EU. We currently store your information in Barbados and transfer data to the United States of America. The information collected from you is transferred over the internet and stored at Sitelink, which is a third party processor located at 0000 Xxxxxxxx Xxxxxx, Xxxxxxx, XX 00000, XXX. Sitelink is GDPR compliant. All emails sent by you to Store All are protected by NOD Antivirus. All emails are backed up via the internet with Carbonite located at Corporate Headquarters 0 Xxxxxx xx Xxxxxxxxx, Xxxxxx, XX 00000, XXX. Carbonite is GDPR compliant. Unfortunately, the transmission of information via the internet is not completely secure and we cannot guarantee the security of your data. We will not disclose your personal information to third parties except as detailed in this Privacy Policy.