DATA PROTECTION AND DATA PROCESSING. 6.1 The Company and the Client acknowledge that for the purposes of the Data Protection Xxx 0000 and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be the data controller and the Company shall be the data processor.
6.2 Subject to Clause 6.6, each party shall process Personal Data supplied to it by the other party in connection with the Services, only in so far as it is necessary to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes and shall not sell or distribute such Personal Data to any other party.
6.3 Each party shall take reasonable steps to ensure the reliability of all of their respective employees who have access to the Personal Data.
6.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments.
6.5 Each party warrants to the other, having regard to the state of technological development and the cost of implementing any measures, that it shall:
(a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to:
(i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
(ii) the nature of the data to be protected; and
(b) take reasonable steps to ensure compliance with those measures.
6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law.
6.7 The Client agrees to indemnify and keep indemnified and defend at its own expense the Company against all costs, claims, damages or expenses incurred by the Company or for which the Company may become liable due to any failure by the Client or its employees or agents to comply with any of its obligations under this Clause 6.
DATA PROTECTION AND DATA PROCESSING. 7.1 With respect to the Parties' rights and obligations under the Agreement, the Parties agree that for the purposes of the Data Protection Legislation, the Supplier is a Data Controller in relation to Personal Data.
7.2 The Customer will obtain all necessary consents required under the Data Protection Legislation from data subjects to enable the Customer to share such personal data with the Supplier and to allow the Supplier to process the same in accordance with this agreement and the Data Protection Legislation.
7.3 The Supplier shall process Personal Data under this agreement only to the extent, and in such a manner, as is necessary for the purpose of performing its obligations under this agreement. The Supplier not will transfer any Personal Data processed under the agreement outside the European Economic Area, except with the express written consent of the data subject.
7.4 The Supplier shall comply with its obligations under the Data Protection Legislation by:
7.4.1 obtaining any consents required under the Data Protection Legislation and ensuring that information provided to data subjects at the time of collecting their Personal Data is clear and provides sufficient information to the data subjects for them to understand the circumstances in which it will be shared and the purposes for the data sharing; and
7.4.2 providing to the Customer any information necessary to enable it to perform its obligations under the Data Protection Legislation;
7.4.3 co-operating with the Customer so that it can comply with its obligations under the Data Protection Legislation in respect of any Personal Data collected, held or processed under this Agreement; and
7.4.4 taking appropriate technical and organisational measures against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data (including, but not limited to, adequate back-up procedures and disaster recovery systems) to ensure a level of security appropriate to the risk and which, from implementation of GDPR satisfies the requirements of GDPR as a minimum.
7.5 The Supplier agrees to indemnify and keep the Customer indemnified against all claims and proceedings and all liability, loss, costs and expenses whatsoever incurred in connection therewith by the Customer as a result of any claim made or brought by any individual or other legal person in respect of any loss, damage or distress caused to that individual or other legal person as a re...
DATA PROTECTION AND DATA PROCESSING. 2.1 The Parties shall comply with the Data Protection Wording set out at Schedule 3.
DATA PROTECTION AND DATA PROCESSING. 2.1 The Training Provider shall be the Data Controller of all Personal Data obtained by it from each Apprentice or the Employer for the purpose of the Agreed Services.
2.2 Each Party shall process Personal Data only in accordance with the Data Protection Xxx 0000 and where necessary on the other Party’s instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised.
2.3 Each Party shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Data.
2.4 Each Party warrants to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments.
2.5 Each Party warrants that, having regard to the state of technological development and the cost of implementing any measures, it will:
2.5.1 take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to:
(a) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
(b) the nature of the data to be protected including, but not limited to, the security measures specified or referred to in the Schedule 8;
2.5.2 take reasonable steps to ensure compliance with those measures.
DATA PROTECTION AND DATA PROCESSING. 10.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 10 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation.
10.2 The parties acknowledge that for the purposes of the Data Protections Legislation, the Customer is the data controller of the Personal Data in respect of which the Company is providing the services under the Main agreement as the data processor. For the avoidance of doubt, references to Personal Data below are in respect of that for which the Customer is the data controller.
10.3 Without prejudice to the generality of the clause 10.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data (including any Special Categories of Personal Data) to and processing by EPX for the duration and purposes of this agreement.
10.4 Without prejudice to the generality of clause 10.1, EPX shall, in relation to any Personal Data processed in connection with the performance by EPX of its obligations under this agreement:
10.4.1 process that Personal Data only on the written instructions of the Customer unless EPX is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Company to process Personal Data (Applicable Laws). Where EPX is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, EPX shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit EPX from so notifying the Customer;
10.4.2 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Da...
DATA PROTECTION AND DATA PROCESSING. 9.1 The Customer and the Supplier acknowledge that for the purposes of General Data Protection Regulation (GDPR), the Customer is the Data Controller and the Supplier is the Data Processor in respect of any Personal Data.
9.2 The Supplier shall process the Personal Data only in accordance with the Customer’s instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised by the Customer.
9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it.
9.4 The Supplier shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Data.
9.5 Each party warrants to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments.
9.6 The Supplier warrants that, having regard to the state of technological development and the costs of implementing any measures, it will:
(a) take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to:
(i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and
(ii) the nature of the data to be protected.
(b) take reasonable steps to ensure compliance with those measures.
9.7 Each party agrees to indemnify and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations under this Clause 9.
9.8 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s instructions.
9.9 The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor’s cont...
DATA PROTECTION AND DATA PROCESSING. 2.10.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 2.10 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation. In this Clause 2.10, Applicable Laws means (for so long as and to the extent that they apply to the Supplier) the law of the European Union, the law of any member state of the European Union and/or Domestic UK Law; and Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK.
2.10.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Controller and the Supplier is the Processor. Schedule 3 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of Personal Data and categories of Data Subject.
2.10.3 Without prejudice to the generality of Clause 2.10.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the Supplier and/or lawful collection of the Personal Data by the Supplier on behalf of the Customer for the duration and purposes of this agreement.
2.10.4 Without prejudice to the generality of Clause 2.10.1, the Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this agreement:
(i) process that Personal Data only on the documented written instructions of the Customer which are set out in Schedule 3 unless the Supplier is required by Applicable Laws to otherwise process that Personal Data. Where the Supplier is relying on Applicable Laws as the basis for processing Personal Data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
(ii) ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of imple...
DATA PROTECTION AND DATA PROCESSING. 8.1 You acknowledge that for the purposes of the Data Protection Legislation:
8.1.1 You are the Data Controller; and
8.1.2 We are the Data Processor - in respect of any Personal Data processed under or in connection with the Contract and the Services.
8.2 We may authorise third party processors and subcontractors (TPPs) to process Personal Data.
8.3 By entering into the Contract you consent to us processing Personal Data in accordance with the Data Processing Policy, in order that we may properly perform our obligations in respect of the Contract.
8.4 The Data Processing Policy includes details about:
8.4.1 the Data we collect from in order to perform our obligations in respect of the contract;
8.4.2 the use we will make of that Data;
8.4.3 who we may disclose the Data to;
8.4.4 where we will store your Data and, for how long; and
8.4.5 your rights in respect of Data.
DATA PROTECTION AND DATA PROCESSING. 2.1 The Parties shall comply with the Data Protection Wording set out at Error! Reference source not found..
DATA PROTECTION AND DATA PROCESSING. 5.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation.
5.2 The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer is the Data Controller and USC is the Data Processor.
5.3 Without prejudice to the generality of clause 5.1, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to USC for the duration and purposes of the Agreement.
5.4 Without prejudice to the generality of clause 5.1, USC shall, in relation to any Personal Data processed in connection with the performance by USC of its obligations under the Agreement:
5.4.1 process that Personal Data only on the written instructions of the Customer unless USC is required by the Data Protection Legislation to otherwise process that Personal Data. Where USC is relying on laws of a member of the EU or EU law as the basis for processing Personal Data, it shall promptly notify the Customer of this before performing the processing required by the applicable laws unless USC is so prohibited from notifying the Customer;
5.4.2 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
5.4.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
5.4.4 not transfer any Personal Data outside of the EEA unless the prior written consent of the Customer has been obtained and...
