Data Protection and Data Security. 5.1 The Authorised User acknowledges the need to manage data security and risks around use of data appropriately, both to protect the rights of individual data subjects and to avoid reputational, relationship and commercial risks to HESA, HESA Services and the Organisation arising from any perceived breach or inadequacy in the protection and security of data collected by HESA which could impede the ability of HESA, HESA Services and the Organisation to access data in the future.
5.2 The Authorised User agrees that in connection with the provision or use of Xxxxx Plus Data which relates to individuals it will at all times:
5.2.1 Comply with the DP Legislation including without limitation the data protection principles set out in the DP Legislation; and
5.2.2 Fully co-operate with HESA, HESA Services and the Organisation to enable HESA, HESA Services and/or the Organisation to comply with their obligations under the DP Legislation.
5.3 The Authorised User is referred to clause 8 of the Organisational Agreement and is required to comply with all restrictions in that clause or notified to it by the Organisation for the purposes of ensuring compliance with that clause.
5.4 The Authorised User is required to take reasonable steps to prevent access to Xxxxx Plus Data being obtained by unauthorised individuals (being individuals who are not authorised through an Authorised User Agreement to access the relevant type or level of Xxxxx Plus Data). In particular, the Authorised User will ensure that they log out or lock devices through which they are accessing Xxxxx Plus when not present and keep information extracted from Xxxxx Plus and printed materials generated from Xxxxx Plus secure.
5.5 In relation to Unrounded Data extracted and held by the Authorised User either in electronic or in hard copy form, maintain appropriate security measures with a view to preventing those materials from being accessed or viewed by unauthorised individuals (whether deliberately or inadvertently). Such measures will include but are not limited to:
5.5.1 only generating and retaining such extracts or copies of Xxxxx Plus Data to the extent necessary and proportionate for the Permitted Uses;
5.5.2 keeping under regular review the continuing need to retain such extracts or copies for the Permitted Uses and promptly ensuring the permanent secure deletion or destruction of such extracts or copies when the Authorised User determines that retention is no longer necessary or proportionate fo...
Data Protection and Data Security. 8.1. Subject to clause 6.3, the parties acknowledge that the Organisation and HESA are separate Data Controllers in common of any personal data within Xxxxx Plus which is accessible to the Organisation or its Authorised Users. Each party acknowledges the need to manage data security and risks around use of data appropriately, both to protect the rights of individual data subjects and to avoid reputational, relationship and commercial risks to HESA and HESA Services arising from any perceived breach or inadequacy in the protection and security of data collected by HESA which could impede the ability of HESA, HESA Services and their customers to access data in the future.
8.2. Each party agrees that in connection with the provision or use of Xxxxx Plus it has a separate responsibility to, and will at all times:
8.2.1. Comply with the DP Legislation including without limitation (to the extent relevant and as set out in the DP Legislation) any obligations as to registration as a Data Controller, principles and requirements for data protection and restrictions on processing of personal data, and requirements as to notification of data breaches.
8.2.2. Fully co-operate with each other to enable the other party to comply with the DP Legislation.
8.3. In particular, without prejudice to the generality of clause 8.2, the Organisation shall:
8.3.1. Fully co-operate with HESA Services and HESA as reasonably required to ensure HESA Services’ and HESA's compliance with the DP Legislation;
8.3.2. Take all reasonable steps to ensure its Authorised Users and its other Staff Members, affiliates, agents and contractors comply with the DP Legislation and this Agreement in respect of Xxxxx Plus and Xxxxx Plus Data;
8.3.3. Not use Xxxxx Plus Data, nor permit its Authorised Users or any other person, to use Xxxxx Plus Data to identify any individual, contact any individual or take any decisions in relation to an individual;
8.3.4. Only use and only permit its Authorised Users or any other person to use, Xxxxx Plus Data relating to disability or ethnicity for purposes relating to promoting, maintaining or monitoring equality of opportunity in accordance with equalities legislation;
8.3.5. Not share or permit its Authorised Users to share Xxxxx Plus Data with anyone including Staff Members that are outside the United Kingdom unless it is necessary for a Permitted Use and:
8.3.5.1. Xxxxx Plus Data relating to individuals is rounded in accordance with the Xxxxx Plus Rounding Method...
Data Protection and Data Security. In addition to the requirements of paragraph 7, Professional shall have in place information security safeguards designed to conform to or exceed industry best practices regarding the protection of the confidentiality, integrity and availability of utility and customer information and shall have written agreements requiring any subcontractor to meet those standards. These information security safeguards (the “Information Security Program”) shall be materially consistent with, or more stringent than, the safeguards described in this Exhibit.
a) Professional’s information security safeguards shall address the following elements: Data Storage, Backups and Disposal Logical Access Control (e.g., Role-Based) Information Classification and Handling Secure Data Transfer (SFTP and Data Transfer Specification) Secure Web Communications Network and Security Monitoring Application Development Security Application Security Controls and Procedures (User Authentication, Security Controls, and Security Procedures, Policies and Logging) Incident Response Vulnerability Assessments Hosted Services Personnel Security
Data Protection and Data Security. Each Party will not use the personal data concerning the End Users of the services, including but not limited to such personal data provided by an Identity Federation, for any other purpose than making available the CLARIN material. Each Party will treat the personal data, to which it has access, in the utmost confidence and not disclose it to third parties. Each Party is committed to comply with the obligations imposed by the currently valid legislation on personal data protection, concerning without limitation processing and disclosure of personal data, obligations of non-disclosure and secrecy, as well as providing a sufficient data security level for the services. If the domicile of the Party is outside the EU or the European Economic Area (EEA) and the Party is in a country for which the European Commission has not verified the adequate level of privacy protection according to the Directive on Data Protection, or if the domicile of the Party is in the United States of America (USA) and the Party is not committed to adhere to the Safe Harbor principles and the Frequently Asked Questions accepted by the U.S. Department of Commerce and the European Commission to comply with the principles on privacy protection, the Party shall adhere to the stipulations of the currently valid EU Directive on Data Protection regarding processing of personal data. If the domicile of the Party is in a country for which the European Commission has verified the adequate level of privacy protection according to the EU Directive on Data Protection, the Party shall adhere to the currently valid legislation in the country of domicile when processing personal data subject to this Agreement. If the domicile of the Party is in the USA and the Party has declared to adhere to the Safe Harbor principles and the Frequently Asked Questions to comply with the principles, the Party shall adhere to the said principles and the related instructions when processing personal data subject to this Agreement.
Data Protection and Data Security. 6.1. The User acknowledges the need to manage data security and risks around use of data appropriately, both to protect the rights of individual data subjects and to avoid reputational, relationship and commercial risks to HESA, HESA Services and the Organisation arising from any perceived breach or inadequacy in the protection and security of data collected by HESA which could impede the ability of HESA, HESA Services and the Organisation to access data in the future.
6.2. The User agrees that in connection with the provision or use of Xxxxx Plus Data which relates to individuals it will at all times:
6.2.1. Comply with the DP Act including without limitation the data protection principles set out in the DP Act; and
6.2.2. Fully co-operate with HESA, HESA Services and the Organisation to enable HESA, HESA Services and/or the Organisation to comply with their obligations under the DP Act.
6.3. The User is referred to clause 8 of the Organisational Agreement and is required to comply with all restrictions in that clause or notified to it by the Organisation for the purposes of ensuring compliance with that clause.
6.4. The User is required to take reasonable steps to prevent access to Xxxxx Plus Data being obtained by unauthorised individuals (being individuals who are not authorised through an Authorised User Agreement to access the relevant type or level of Xxxxx Plus Data). The User will ensure that they log out or lock devices through which they are accessing Xxxxx Plus when not present and keep information extracted from Xxxxx Plus and printed materials generated from Xxxxx Plus secure.
6.5. The User has a duty to inform the Organisation's other Lead Contact immediately of any breach or possible breach of this Agreement, in particular any breach of clause 5 or this clause 6.
6.6. By entering into this Agreement the User gives HESA, HESA Services and the Organisation consent to use of their Personal Data for the purposes of administering this Agreement and the purposes of monitoring or ensuring compliance with this Agreement and the DP Act.
Data Protection and Data Security. 6.1. The Lead Contact acknowledges the need to manage data security and risks around use of data appropriately, both to protect the rights of individual data subjects and to avoid reputational, relationship and commercial risks to HESA, HESA Services and the Organisation arising from any perceived breach or inadequacy in the protection and security of data collected by HESA which could impede the ability of HESA, HESA Services and the Organisation to access data in the future.
6.2. The Lead Contact agrees that in connection with the provision or use of Xxxxx Plus Data which relates to individuals it will at all times:
6.2.1. Comply with the DP Legislation including without limitation the data protection principles set out in the DP Legislation; and
6.2.2. Fully co-operate with HESA, HESA Services and the Organisation to enable HESA, HESA Services and/or the Organisation to comply with their obligations under the DP Legislation.
6.3. The Lead Contact is referred to clause 8 of the Organisational Agreement and is required to comply with all restrictions in that clause or notified to it by the Organisation for the purposes of ensuring compliance with that clause.
Data Protection and Data Security. 12.1 The Parties acknowledge their respective duties under the DPA and shall give all reasonable assistance to each other where appropriate or necessary to comply with such duties.
12.2 Each Party in performing its obligations in relation to the Interim Service and the Operational Service under this Agreement:
12.2.1 shall create and keep up to date such records as it is reasonable and prudent to create including providing details to the other Party of how that other Party‟s obligations are being performed;
12.2.2 shall keep the records stored electronically in accordance with statutory requirements and appropriate guidance in relation to storing the records;
12.2.3 shall take reasonable steps to ensure the security of all records at all times and safeguard the records from unauthorised access or tampering;
12.2.4 shall ensure that a comprehensive recovery system is in place in the event of partial or complete failure of the Mobilising System;
12.2.5 shall retain Personal Data for such purposes as shall be necessary to meet statutory and operational needs but no longer than is necessary for these purposes;
12.2.6 shall register under the DPA to the full extent required for the purposes of this Agreement and maintain such registration to comply in full with the provisions of the DPA and to procure compliance by relevant officers, agents and employees with this Clause 12;
12.2.7 shall take all reasonable steps to ensure that its officers, employees, agents and sub-contractors have the appropriate technical and organisational measures in place against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by the Party and its officers, employees, agents and sub-contractors and that it has taken, or will take at all material times all reasonable steps to ensure the reliability of any of its officers, employees, agents and sub-contractors which will have access to personal data processed as part of the Interim Service and the Operational Service;
12.2.8 undertakes that it will act only on the instructions of the other Party in relation to the processing of any personal data made available by or on behalf of that other Party in connection with the Interim Service and the Operational Service (or otherwise);
12.2.9 undertakes that it will only obtain, hold, process, use, store and disclose Personal Data as is necessary to perform its obligations under this Agreement and that...
Data Protection and Data Security. (1) Each Party shall comply with data protection regulations applicable to it and shall bind all of the people engaged on its behalf under this Agreement to observe the provisions concerning data privacy, to the extent they are not already required to do so as part of their general obligations.
(2) loadbee will only gather and use the Retailer’s personal data to the extent required to carry out this Agreement. The Retailer hereby agrees to loadbee’s processing of Retailer’s personal data in accordance with this Agreement. As between loadbee and the Retailer, loadbee will not be liable with respect to any claims, allegations, demands, proceedings, or other actions arising (whether in contract, tort or otherwise) as a direct or indirect result of, or otherwise in connection with, any personal information collected from individuals by the Retailer, a manufacturer or any third party on the Retailer or a manufacturer’s behalf.
(3) loadbee’s data privacy statement provisions shall apply to and be incorporated into this Agreement. These provisions can be viewed and printed at the following URL: xxxxx://xxx.xxxxxxx.xxx/dataprivacystatement/
Data Protection and Data Security. 45.1 The Contractor and the Client shall comply with the applicable provisions of data protection law and shall obligate their employees involved in the contract and its performance to maintain data confidentiality.
45.2 The Client is solely responsible as the data controller in accordance with the BDSG and the GDPR for the collection, processing, and use of personal data using the software provided by the Contractor under this contract, and warrants that it is authorized to do so. The Client shall indemnify the Contractor in accordance with clause 42.2 against any claims by third parties.
45.3 If the Contractor processes personal data on behalf of the Client as part of the contract, the parties shall conclude the data processing agreement listed under C.
Data Protection and Data Security. 13.1. Both Customer and Supplier shall comply with all applicable requirements of the Data Protection Legislation. This clause 13 is in addition to, and does not relieve, remove, or replace, either Party’s obligations under the Data Protection Legislation.
13.2. The Parties acknowledge that for the purposes of the UK GDPR, Customer is the “data controller” and Supplier is the “data processor”. Before Supplier carries out any processing activities, the Parties will sign a data processing addendum setting out the scope, nature, and purpose of processing by Supplier, the duration of the processing and the types of Personal Data (“Protected Data”) and the categories of “Data Subject” (as defined in the UK GDPR).
13.3. Without prejudice to the generality of clause 13.1, Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Protected Data to Supplier for the duration and purposes of this Contract.
13.4. Without prejudice to the generality of clause 13.1, Supplier undertakes:
13.4.1. if Supplier considers, in its opinion, that Customer’s instruction breaches the Data Protection Legislation in relation to the processing of Protected Data, it shall immediately inform Customer. In addition, if Supplier is required by any law to process Protected Data in a manner not anticipated by Customer’s instructions, Supplier shall promptly notify Customer of this before performing the processing required, unless the law prohibits Supplier from notifying Customer;
13.4.2. to ensure it has in place appropriate technical and organisational measures, reviewed and approved by Customer, to protect against unauthorised or unlawful processing of Protected Data and against accidental loss or destruction of, or damage to, Protected Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Protected Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Protected Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it);
13.4....
