Data Processors Sample Clauses
Data Processors. 8.1 MedLIS was developed by Cerner Ireland on behalf of the HSE and they will continue to provide on-going support and maintenance of the system and as such will fulfil the role of Data Processor.
8.2 Each party shall not appoint any additional Data Processors for MedLIS without having first obtained the written approval of the other parties.
8.3 All additional Data Processors will be required to sign a copy of the HSE Service Provider Confidentiality Agreement prior to them gaining access to MedLIS. (xxxx://xxx.xxx.xx/eng/services/publications/pp/ict/HSE-Service-Provider-Confidentiality- Agreement-v3-0.pdf)
Data Processors. DCA is permitted and responsible to enter into data processing agree- ments with third party data processors if deemed appropriate. DCA is responsible for making sure that the data processors engaged in relation to the Fabo Platform are com- plying with its obligations, including conducting audits of third-party data processors through the means considered necessary by DCA, e.g. through external third-party au- dits, questionnaires, physical inspections. An overview of third-party data processors is available to the Fabo Members at xxxx.xxx/xxxx/xxxxxxx. Members will be informed when any new data processors are engaged.
Data Processors. 4.1. Where the Data Receiver appoints a Data Processor to process the Shared Personal Data, it shall comply with Article 28 of the UK GDPR and shall remain liable to the Data Discloser for the acts and/or omissions of the Data Processor.
4.2. Data Receiver shall choose such Data Processor diligently with special attention to its good standing and experience.
4.3. Data Receiver shall enter into a written contract with any Data Processor and such contract shall impose upon the Data Processor the same obligations as imposed by the UK GDPR.
Data Processors. St Andrew’s Children’s Society is the data processor on behalf of the Scottish Government. St Andrew’s Children’s Society is acting on the instruction of the Scottish Government as laid out in the controller processor contract.
Data Processors. A data processor is any person or organisation that processes data on behalf of a data controller. A data processor can only act on the instructions of the data controller or controllers.
Data Processors. 23.3.1 Where any Green Deal Provider or any Supplier (the first party) acts as a Data Processor regarding Personal Data Processed in connection with the Green Deal, on behalf of, as appropriate, any Supplier or any Green Deal Provider (the second party), the first party shall:
(a) take appropriate technical and organisational measures to protect those data against unauthorised or unlawful Processing and against accidental loss, destruction, alteration or damage;
(b) only Process those data in the performance of its obligations under this Agreement or the Data Transfer Services Agreement (and, (i) in respect of each Supplier, under its Electricity Supply Licence, and (ii) in respect of each Green Deal Provider, under its Provider Authorisation) and act on the second party's instructions (such instructions being, as set out in this Agreement);
(c) take reasonable steps to ensure the reliability of its employees who may have access to those data;
(d) provide, at its own cost, reasonable assistance to the second party to enable it to comply with such obligations as are imposed on it by the Data Protection Act, including responding to any data subject access requests received in respect of which the second party is the Data Controller; and
(e) not transfer those data to any country or territory outside the European Economic Area without the second party's prior written consent.
23.3.2 Each Supplier and each Green Deal Provider undertakes that it shall not Process any Personal Data collected by another participant in the Green Deal in connection with the Green Deal for any purposes other than performing its obligations and exercising its rights under this Agreement or the Data Transfer Services Agreement and otherwise complying with a Relevant Instrument and, in particular, shall not, and shall not seek to collect consent from relevant Data Subjects to permit it to, Process such data for its own marketing purposes or commercial promotion without the prior written consent of that other participant in the Green Deal.
Data Processors. When appointing data processors, all parties shall: (i) carry out adequate due diligence before the Data processor processes personal data to ensure the Data processor is capable of complying with the terms for data processors under Article 28 GDPR; and (ii) enter into a written addendum with each data processor on terms required under Article 28 GDPR.
Data Processors. In the event that Travel Agency appoints a data processor in respect of any of Data processing activities then Travel Agency shall ensure that, prior to any processing of Data by the data processor, you enter into an agreement with the data processor on terms that comply with the requirements of Data Protection Laws. Travel Agency shall remain fully responsible for the acts, omissions and defaults of its data processor as if those were the acts, omissions and defaults of the Travel Agency.
Data Processors a. The data importer, as data controller, shall ensure that its subcontractors, as data processors, provide an adequate level of personal data protection, equivalent to the protection prescribed in this contract. For this purpose, formal guidelines and procedures covering the processing of personal data by data processors (contractors/outsourcing) should be defined, documented and agreed between the data importer and the data processor prior to the commencement of the processing activities. These guidelines and procedures should mandatorily establish the same level of personal data security as mandated in the data importer’s security policy.
b. Upon finding out of a personal data breach, the data processor shall notify the data importer without undue delay.
c. Formal requirements and obligations should be formally agreed between the data importer and the data processor. The data processor should provide sufficient documented evidence of compliance.
d. The data importer’s organization should regularly audit the compliance of the data processor to the agreed level of requirements and obligations.
e. The employees of the data processor who are processing personal data should be subject to specific documented confidentiality/ non-disclosure agreements.
Data Processors. 10.1 When the Parties use a data processor to process data on their behalf, the data processor must provide sufficient guarantees about its security measures to protect the processing.34 The guarantees may be provided by the data processor confirming it has completed the IGSoC process (see 9.3). (NHS Digital says, ‘All organisations that have access to NHS patient data must provide assurances that they are practising good information governance and use the Information Governance Toolkit to evidence this. Where services are commissioned for NHS patients, the commissioner is required to obtain this assurance from the provider organisation and this requirement should be set out in the commissioner-provider contract.)35
10.2 There must be a written contract (‘data processing agreement’) setting out what the data processor is allowed to do with the personal data. The contract must also require the data processor to take the same security measures the Parties would have to take if they were processing the data.36
10.3 The NHS Digital Deed of Undertaking is a generic data processing agreement covering all processing undertaken by system suppliers on behalf of general practices. It has been signed 30 Data Protection Act 1998, Schedule 1, Part II, paragraph 9 31 See xxxx://xxxxxxx.xxxxxxx.xxx.xx/infogov/igsoc/background/index_html 32 About the Toolkit, NHS Digital, paragraphs 5 & 7 xxxxx://xxx.xxx.xxxxx.xxx.xx/resources/About%20the%20IG%20Toolkit.pdf 33 xxxx://xxxxxxx.xxxxxxx.xxx.xx/infogov/security/risk/nhsinforiskmgt 34 Data Protection Act 1998, Schedule 1, Part II, paragraph 11 35 About the Toolkit, NHS Digital, paragraph 9 xxxxx://xxx.xxx.xxxxx.xxx.xx/resources/About%20the%20IG%20Toolkit.pdf 36 As above, paragraph 12. The ICO recommends the data processing contract published by the European Committee for Standardization xxx://xxx.xxxxxx.xx/PUBLIC/CWAs/e-Europe/DPP/CWA15292-00-2005- May.pdf by each of the suppliers. General practice Parties must have countersigned the Deed of Undertaking signed by their supplier/s and provided them with a copy (they are available on line).37
10.4 If one Party will process data on behalf of another Party, for example by operating a viewing platform, this Agreement also acts as a data processing agreement in respect of that processing (see paragraph 7.3 and section 9).
10.5 The Parties must take reasonable steps to check that the security measures referred to in paragraph 10.2 are in place.38 This may be done by confirming that th...