Data Protection and Data Security Clause Samples
Data Protection and Data Security. 5.1 The Authorised User acknowledges the need to manage data security and risks around use of data appropriately, both to protect the rights of individual data subjects and to avoid reputational, relationship and commercial risks to HESA, HESA Services and the Organisation arising from any perceived breach or inadequacy in the protection and security of data collected by HESA which could impede the ability of HESA, HESA Services and the Organisation to access data in the future.
5.2 The Authorised User agrees that in connection with the provision or use of ▇▇▇▇▇ Plus Data which relates to individuals it will at all times:
5.2.1 Comply with the DP Legislation including without limitation the data protection principles set out in the DP Legislation; and
5.2.2 Fully co-operate with HESA, HESA Services and the Organisation to enable HESA, HESA Services and/or the Organisation to comply with their obligations under the DP Legislation.
5.3 The Authorised User is referred to clause 8 of the Organisational Agreement and is required to comply with all restrictions in that clause or notified to it by the Organisation for the purposes of ensuring compliance with that clause.
5.4 The Authorised User is required to take reasonable steps to prevent access to ▇▇▇▇▇ Plus Data being obtained by unauthorised individuals (being individuals who are not authorised through an Authorised User Agreement to access the relevant type or level of ▇▇▇▇▇ Plus Data). In particular, the Authorised User will ensure that they log out or lock devices through which they are accessing ▇▇▇▇▇ Plus when not present and keep information extracted from ▇▇▇▇▇ Plus and printed materials generated from ▇▇▇▇▇ Plus secure.
5.5 In relation to Unrounded Data extracted and held by the Authorised User either in electronic or in hard copy form, maintain appropriate security measures with a view to preventing those materials from being accessed or viewed by unauthorised individuals (whether deliberately or inadvertently). Such measures will include but are not limited to:
5.5.1 only generating and retaining such extracts or copies of ▇▇▇▇▇ Plus Data to the extent necessary and proportionate for the Permitted Uses;
5.5.2 keeping under regular review the continuing need to retain such extracts or copies for the Permitted Uses and promptly ensuring the permanent secure deletion or destruction of such extracts or copies when the Authorised User determines that retention is no longer necessary or proportionate fo...
Data Protection and Data Security. 8.1. Subject to clause 6.3, the parties acknowledge that the Organisation and HESA are separate Data Controllers in common of any personal data within ▇▇▇▇▇ Plus which is accessible to the Organisation or its Authorised Users. Each party acknowledges the need to manage data security and risks around use of data appropriately, both to protect the rights of individual data subjects and to avoid reputational, relationship and commercial risks to HESA and HESA Services arising from any perceived breach or inadequacy in the protection and security of data collected by HESA which could impede the ability of HESA, HESA Services and their customers to access data in the future.
8.2. Each party agrees that in connection with the provision or use of ▇▇▇▇▇ Plus it has a separate responsibility to, and will at all times:
8.2.1. Comply with the DP Legislation including without limitation (to the extent relevant and as set out in the DP Legislation) any obligations as to registration as a Data Controller, principles and requirements for data protection and restrictions on processing of personal data, and requirements as to notification of data breaches.
8.2.2. Fully co-operate with each other to enable the other party to comply with the DP Legislation.
8.3. In particular, without prejudice to the generality of clause 8.2, the Organisation shall:
8.3.1. Fully co-operate with HESA Services and HESA as reasonably required to ensure HESA Services’ and HESA's compliance with the DP Legislation;
8.3.2. Take all reasonable steps to ensure its Authorised Users and its other Staff Members, affiliates, agents and contractors comply with the DP Legislation and this Agreement in respect of ▇▇▇▇▇ Plus and ▇▇▇▇▇ Plus Data;
8.3.3. Not use ▇▇▇▇▇ Plus Data, nor permit its Authorised Users or any other person, to use ▇▇▇▇▇ Plus Data to identify any individual, contact any individual or take any decisions in relation to an individual;
8.3.4. Only use and only permit its Authorised Users or any other person to use, ▇▇▇▇▇ Plus Data relating to disability or ethnicity for purposes relating to promoting, maintaining or monitoring equality of opportunity in accordance with equalities legislation;
8.3.5. Not share or permit its Authorised Users to share ▇▇▇▇▇ Plus Data with anyone including Staff Members that are outside the United Kingdom unless it is necessary for a Permitted Use and:
8.3.5.1. ▇▇▇▇▇ Plus Data relating to individuals is rounded in accordance with the ▇▇▇▇▇ Plus Rounding Method...
Data Protection and Data Security. In addition to the requirements of paragraph 7, Professional shall have in place information security safeguards designed to conform to or exceed industry best practices regarding the protection of the confidentiality, integrity and availability of utility and customer information and shall have written agreements requiring any subcontractor to meet those standards. These information security safeguards (the “Information Security Program”) shall be materially consistent with, or more stringent than, the safeguards described in this Exhibit.
a) Professional’s information security safeguards shall address the following elements: Data Storage, Backups and Disposal Logical Access Control (e.g., Role-Based) Information Classification and Handling Secure Data Transfer (SFTP and Data Transfer Specification) Secure Web Communications Network and Security Monitoring Application Development Security Application Security Controls and Procedures (User Authentication, Security Controls, and Security Procedures, Policies and Logging) Incident Response Vulnerability Assessments Hosted Services Personnel Security
Data Protection and Data Security. Each Party will not use the personal data concerning the End Users of the services, including but not limited to such personal data provided by an Identity Federation, for any other purpose than making available the CLARIN material. Each Party will treat the personal data, to which it has access, in the utmost confidence and not disclose it to third parties. Each Party is committed to comply with the obligations imposed by the currently valid legislation on personal data protection, concerning without limitation processing and disclosure of personal data, obligations of non-disclosure and secrecy, as well as providing a sufficient data security level for the services. If the domicile of the Party is outside the EU or the European Economic Area (EEA) and the Party is in a country for which the European Commission has not verified the adequate level of privacy protection according to the Directive on Data Protection, or if the domicile of the Party is in the United States of America (USA) and the Party is not committed to adhere to the Safe Harbor principles and the Frequently Asked Questions accepted by the U.S. Department of Commerce and the European Commission to comply with the principles on privacy protection, the Party shall adhere to the stipulations of the currently valid EU Directive on Data Protection regarding processing of personal data. If the domicile of the Party is in a country for which the European Commission has verified the adequate level of privacy protection according to the EU Directive on Data Protection, the Party shall adhere to the currently valid legislation in the country of domicile when processing personal data subject to this Agreement. If the domicile of the Party is in the USA and the Party has declared to adhere to the Safe Harbor principles and the Frequently Asked Questions to comply with the principles, the Party shall adhere to the said principles and the related instructions when processing personal data subject to this Agreement.
Data Protection and Data Security. 5.1. The User acknowledges the need to manage data security and risks around use of data appropriately, both to protect the rights of individual data subjects and to avoid reputational, relationship and commercial risks to HESA, HESA Services and the Organisation arising from any perceived breach or inadequacy in the protection and security of data collected by HESA which could impede the ability of HESA, HESA Services and the Organisation to access data in the future.
5.2. The User agrees that in connection with the provision or use of ▇▇▇▇▇ Plus Data which relates to individuals it will at all times:
5.2.1. Comply with the DP Act including without limitation the data protection principles set out in the DP Act; and
5.2.2. Fully co-operate with HESA, HESA Services and the Organisation to enable HESA, HESA Services and/or the Organisation to comply with their obligations under the DP Act.
5.3. The User is referred to clause 8 of the Organisational Agreement and is required to comply with all restrictions in that clause or notified to it by the Organisation for the purposes of ensuring compliance with that clause.
5.4. The User is required to take reasonable steps to prevent access to ▇▇▇▇▇ Plus Data being obtained by unauthorised individuals (being individuals who are not authorised through an Authorised User Agreement to access the relevant type or level of ▇▇▇▇▇ Plus Data). The User will ensure that they log out or lock devices through which they are accessing ▇▇▇▇▇ Plus when not present and keep information extracted from ▇▇▇▇▇ Plus and printed materials generated from ▇▇▇▇▇ Plus secure.
5.5. The User has a duty to inform the Lead Contact immediately of any breach or possible breach of this Agreement, in particular any breach of clause 4 or this clause 5.
5.6. By entering into this Agreement the User gives HESA, HESA Services and the Organisation consent to use of their Personal Data for the purposes of administering this Agreement and the purposes of monitoring or ensuring compliance with this Agreement and the DP Act.
Data Protection and Data Security. 6.1. The Lead Contact acknowledges the need to manage data security and risks around use of data appropriately, both to protect the rights of individual data subjects and to avoid reputational, relationship and commercial risks to HESA, HESA Services and the Organisation arising from any perceived breach or inadequacy in the protection and security of data collected by HESA which could impede the ability of HESA, HESA Services and the Organisation to access data in the future.
6.2. The Lead Contact agrees that in connection with the provision or use of ▇▇▇▇▇ Plus Data which relates to individuals it will at all times:
6.2.1. Comply with the DP Legislation including without limitation the data protection principles set out in the DP Legislation; and
6.2.2. Fully co-operate with HESA, HESA Services and the Organisation to enable HESA, HESA Services and/or the Organisation to comply with their obligations under the DP Legislation.
6.3. The Lead Contact is referred to clause 8 of the Organisational Agreement and is required to comply with all restrictions in that clause or notified to it by the Organisation for the purposes of ensuring compliance with that clause.
Data Protection and Data Security. 13.1 Any personal data provided by you to us at any time will be processed in accordance with the Data Protection Act 1998. We will mainly use your personal data in connection with the provision of our services to you, but may also use it to contact you regarding our other services. We will not provide information to organisations without your consent, unless we are obliged to by the law or are requested to do so by any other regulatory bodies (including, but not limited to, reporting to HMRC on accounts for clients taxed in another jurisdiction), or it is in relation to the provision of services to you. In such cases this will not occur without ensuring the necessary assurances and indemnities are in place to ensure that your personal information is subject to equivalent levels of security at all times.
13.2 For security, regulatory and compliance monitoring purposes we record client telephone conversations and we may use these for training purposes. We also reserve the right to ask you security questions personal to your account details for your protection. This may include a unique password.
13.3 In order to comply with UK anti-money laundering legislation, we will check your details at credit reference and fraud prevention agencies when opening your account or subsequently. Please note that Redmayne Bentley is also required to verify the identity of any third party who is permitted to give instructions on the account.
13.4 Such agencies may keep a record of our enquiry. By opening an account with us, you freely consent to the processing and disclosure of the personal information for these purposes.
13.5 If the identity of you or any other party for whom we are obliged to seek evidence of identity cannot be confirmed, we may be prevented from carrying out any instruction you wish us to undertake. Redmayne Bentley shall have no liability in respect of losses incurred in such circumstances.
13.6 Cookie Policy: Like most websites, we use cookies at ▇▇▇.▇▇▇▇▇▇▇▇.▇▇.▇▇ and ▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇. A cookie is a small text file placed on to the device you use to access our websites. Through your browser it is possible to enable and disable cookies. However, if you intend to use our Client Web Access, cookies must be enabled as they are essential in the provision of this service. Please note that our website contains links to external websites. We cannot accept any responsibility or liability for the content of these websites. To view our cookie policy visit: ▇▇▇.▇▇▇...
Data Protection and Data Security. 13.1 In relation to the parties’ rights and obligations under this Agreement, the parties agree, subject to Clause 13.2, that the Servicer is the “controller” and the Cash Manager is the “processor” as defined in the Data Protection Legislation.
13.2 Neither the Cash Manager nor the Servicer shall do, nor cause or permit to be done, anything which may result in a breach of the Data Protection Legislation by the other party.
13.3 Without limiting Clause 13.3, the Cash Manager warrants, represents and undertakes to the Servicer and each member of the RBS Group that in respect of any Personal Data supplied by the Servicer to the Cash Manager, the Cash Manager shall:
(A) on behalf of the Servicer carry out Personal Data processing activities necessary for the purposes described in Clause 13.5 below and in processing Personal Data act only on the written instructions of the Servicer. In the event that a legal requirement prevents the Cash Manager from complying with such written instructions (a “Conflicting Requirement”), the Cash Manager shall, unless such Conflicting Requirement prohibits it from doing so promptly inform the Servicer of the relevant Conflicting Requirement, before carrying out the processing activities;
(B) take all appropriate technical and organisational measures against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data, including (without limitation) by:
(1) taking reasonable steps to ensure the reliability of any employees, officers, independent contractors (and Affiliates of any independent contractors and their staff), agency workers and agents in each case of the Cash Manager and/or its Affiliates and/or of any sub-contractor of any such company engaged in the performance of the Cash Management Services or any part thereof (“Staff”) who have access to the Personal Data;
(2) ensuring a level of security appropriate to the nature of the Personal Data and the risks that are presented by its processing; and
(3) all such other measures as are required by Data Protection Legislation;
(C) ensure that only those Staff of the Cash Manager that need to have access to the Personal Data are given access to the extent necessary to provide the Cash Management Services and only after the relevant Staff have been informed by the Cash Manager of the confidential nature of the Personal Data and such Staff agree in writing to be bound by a duty of confidentiality and co...
Data Protection and Data Security. (1) Each Party shall comply with data protection regulations applicable to it and shall bind all of the people engaged on its behalf under this Agreement to observe the provisions concerning data privacy, to the extent they are not already required to do so as part of their general obligations.
(2) loadbee will only gather and use the Retailer’s personal data to the extent required to carry out this Agreement. The Retailer hereby agrees to loadbee’s processing of Retailer’s personal data in accordance with this Agreement. As between loadbee and the Retailer, loadbee will not be liable with respect to any claims, allegations, demands, proceedings, or other actions arising (whether in contract, tort or otherwise) as a direct or indirect result of, or otherwise in connection with, any personal information collected from individuals by the Retailer, a manufacturer or any third party on the Retailer or a manufacturer’s behalf.
(3) loadbee’s data privacy statement provisions shall apply to and be incorporated into this Agreement. These provisions can be viewed and printed at the following URL: ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇.▇▇▇/dataprivacystatement/
Data Protection and Data Security. 45.1 The Contractor and the Client shall comply with the applicable provisions of data protection law and shall obligate their employees involved in the contract and its performance to maintain data confidentiality.
45.2 The Client is solely responsible as the data controller in accordance with the BDSG and the GDPR for the collection, processing, and use of personal data using the software provided by the Contractor under this contract, and warrants that it is authorized to do so. The Client shall indemnify the Contractor in accordance with clause 42.2 against any claims by third parties.
45.3 If the Contractor processes personal data on behalf of the Client as part of the contract, the parties shall conclude the data processing agreement listed under C.