DATA PROTECTION AND FREEDOM OF INFORMATION. 7.1. Each party will:-
7.1.1. Comply with the Data Protection Xxx 0000 Maintain the confidentiality of personal data to which it has authorised access under the terms of this Agreement. Take reasonable technical and organisational measures against the unauthorised or unlawful processing of personal data and against the accidental loss or destruction of or damage to personal data (including adequate back up procedures and disaster recovery systems). Provide such assistance and/or information reasonably required by the other in connection with any requests for information received by that party under the Freedom of Information Xxx 0000.
DATA PROTECTION AND FREEDOM OF INFORMATION. 7.1 DWP/Councils are Data Controllers under the Data Protection Xxx 0000 and are joint Data Controllers for the purposes of Universal Support
7.2 DWP and the Council as Data Controllers will comply with the obligations imposed on them by the Seventh Principle of the Data Protection Act by taking appropriate technical, security and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
7.3 DWP and the Council as Data Controllers will ensure they have mechanisms in place to address the issues of physical security, security awareness and training, security management systems development, site-specific information systems security policy and systems specific security policies.
7.4 The full detail of each party’s responsibilities related to data protection will be set out in a separate Data Sharing Agreement signed by both DWP and the Council.
7.5 From time to time either party may receive requests for information relating to this Agreement and/or the UC Live Service. In such event, the other party will do all things reasonably necessary to assist the party who received the request, in meeting the requirements of the Freedom of Information Xxx 0000, the Environmental Information Regulations 2004, the Freedom of Information (Scotland) Xxx 0000 and the Environment Information (Scotland) Regulations 2004.
DATA PROTECTION AND FREEDOM OF INFORMATION. For the purposes of this clause 7 the following definitions apply: Data Protection Legislation : (i) the UKGDPR, the LED and any applicable national implementing Laws as amended from time to time (ii) the DPA 2018 to the extent that it relates to processing of personal data and privacy; (iii) all applicable Law about the processing of personal data and privacy; Data Loss Event : any event that results, or may result, in unauthorised access to Personal Data held by a Party under this Agreement, and/or actual or potential loss and/or destruction of Personal Data in breach of this Agreement, including any Personal Data Breach (as defined in the GDPR). DPA 2018 : Data Protection Act 2018 UKGDPR : the General Data Protection Regulation LED : Law Enforcement Directive (Directive (EU) 2016/680) Personal Data : takes the meaning given in the UKGDPR Data Protection
7.1 The Parties shall comply with the notification requirements under the Data Protection Legislation (DPL).
7.2 All Parties shall duly observe their obligations under the DPL which arise in connection with this Agreement and each Party will ensure that Personal Data is processed only in accordance with its own policies on data protection, information security and retention of Personal Data to comply with its obligations under the Data Protection Legislation.
7.3 No Party shall perform its obligations under this Agreement in such a way as to cause the other Parties to breach any of their applicable obligations under the Data Protection Legislation. Each Party shall notify the others without undue delay in the event of a Data Loss Event.
7.4 The Parties shall collaborate to ensure compliance with their statutory obligations under the DPL, in particular, by providing five working days’ notice to the others if any Party receives a request from a Data Subject to have access to that person's Personal Data; or a complaint or request relating to another Party’s obligations under the Data Protection Legislation.
7.5 Each Party will provide full co-operation and assistance in relation to any complaint or request made, including by providing the other Parties with full details of the complaint or request; providing any Personal Data it holds in relation to a Data Subject (within the timescales required); and providing any information requested.
7.6 Each Party acknowledges that they are subject to the requirements of the Freedom of Information Act 2000 (“FOIA”) and the Environmental Information Regulations 2004 (“E...
DATA PROTECTION AND FREEDOM OF INFORMATION. 17.1 The Employer acknowledges that the Training Provider is subject to the requirements of the Data Protection Xxx 0000, the Freedom of Information Xxx 0000, the Environmental Information Regulations 2004 and, from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679), all as amended from time to time. The Training Provider acknowledges that the Employer is subject to the requirements of the Data Protection Xxx 0000 and, from 25 May 2018, the General Data Protection Regulation (Regulation (EU) 2016/679), as amended from time to time.
17.2 The Employer shall offer such prompt and reasonable assistance to the Training Provider as the Training Provider may request from time to time, to assist it in complying with its information disclosure obligations under the legislation set out at Clause 10.1.
17.3 Where the Training Provider or the Employer handle any personal or sensitive personal data (within the meaning of the Data Protection Xxx 0000 and/or the General Data Protection Regulation (Regulation (EU) 2016/679)), including in relation to the Apprentices or Apprentices, they undertake to comply with their respective obligations under that legislation.
17.4 Where the Employer receives a request for information under the Freedom of Information Xxx 0000 or the Environmental Information Regulations 2004 relating to the operation of this agreement, the Employer shall promptly pass the request to the Training Provider and shall not respond directly to any such request without the Training Provider’s prior written consent.
DATA PROTECTION AND FREEDOM OF INFORMATION. 18.1. THE GRANT RECIPIENT shall comply with its obligations under the Data Protection Act 1998 and all amendments and all new statutory provisions, regulations, orders, directives and requirements that may come into force or being and ensure the protection of all data and archive material from unauthorised access, tampering and system failures.
18.2. The Grant Recipient acknowledges that the Council is subject to obligations under the Freedom of Information Xxx 0000 (“FOIA”), the Environmental Information Regulations 2004 (“EIR”) and any subordinate legislation made under this Act from time to time together with any guidance and/or codes of practice issued by the Information Commissioner in relation to such legislation and shall assist and co-operate with the Council (at THE GRANT RECIPIENT’s expense) to enable the Council to comply with its obligations under such legislation.
18.3. The Grant Recipient shall and shall procure that its Sub-contractors shall provide the Council with a copy of any requested information under Clause 18.2 within 5 Business Days from the Council’s request and to provide all necessary assistance as reasonably requested by the Council to enable it to comply with its obligations under the FOIA or the EIR.
18.4. The Grant Recipient acknowledges that the Council may, acting in accordance with the Department for Constitutional Affairs’ Code of Practice on the Discharge of Functions of Public Authorities under Part I of the Freedom of Information Xxx 0000, the FOIA, or the EIR disclose information: (i) without consulting with The Grant Recipient; or (ii) following consultation with THE GRANT RECIPIENT and having taken its views into account.
18.5. The Grant Recipient shall ensure that all information relating to this Agreement is retained for disclosure and shall permit the Council to inspect such records as requested from time to time.
DATA PROTECTION AND FREEDOM OF INFORMATION. 21.1 The Service Provider warrants that it will lawfully process in accordance with the provisions of the Data Protection Xxx 0000 (DPA) any Personal Data that it has or shall obtain under this Contract.
21.2 In relation to personal data provided by the Council to the Service Provider the Council is the Data Controller of the personal data and the Service Provider is the Data Processor of the personal data and the Service Provider, its servants and sub-contractors shall at all times comply with the instructions of the Council and in accordance with the law.
(a) Shall only undertake processing of Personal Data reasonably required in connection with the services provided under this Contract and shall not transfer or disclose any Personal Data to any third party other than to the extent required under a court order or by law.
(b) Subject at all times to Clause 21.2(a), the Service Provider shall not disclose Personal Data to any third party including sub-contractors without express consent of the Authorised Officer.
(c) Shall bring into effect and maintain all reasonable technical and organisational measures necessary to prevent unauthorised or unlawful processing of Personal Data and accidental loss or destruction or damage to Personal Data, and
(d) Shall ensure that any Personal Data it obtains and provides to the Council has been lawfully obtained and complies with the DPA and that the use thereof in accordance with this Contract shall not breach any of the provisions of the DPA.
(e) Upon notice that the Council is required to provide information to a data subject under the DPA, or other information requested under the Freedom of Information Xxx 0000 (FOIA) held or under control of the Service Provider, the Service Provider warrants to use all reasonable endeavours to help the Council meet its obligations under the Acts.
(f) The Service Provider shall take reasonable precautions (having regard to the nature of its obligations under this Contract) to preserve the integrity of any Personal Data.
(g) On termination of this Contract for any reason the Service Provider shall immediately cease all processing of the Personal Data and shall return to the Council in a format specified by the Council (or destroy as the Council may request in its discretion) all Personal Data processed by it on the Council’s behalf.
21.3 The Service Provider shall indemnify the Council against any loss or damage, which the Council may sustain or incur as a result of any breach by the...
DATA PROTECTION AND FREEDOM OF INFORMATION. 23.1 The Parties agree that with the exception of Personal Data detailed in Clause 23.2 no Personal Data will be processed under this Contract and that the Consultant will only receive anonymised personal data for the purpose of performing the Services. If the Consultant receives any Personal Data whether due to a failure to fully anonymise Personal Data or otherwise it shall promptly alert the Authorised Officer and then follow his instructions on handling or disposal of such Personal Data.
23.2 The Consultant will receive the email addresses and telephone numbers of staff engaged in contract management by the Council and contract delivery by the Consultant and names, titles and work email addresses of personnel employed by the Council’s current suppliers where these are given to the Supplier for the purposes of performing the Services. The Consultant shall process the Personal Data described in this Clause 23.2 strictly for the purpose of performing the Services and shall not retain it after completion of the Contract or share it with any other party without the Council’s express permission or to comply with any statutory obligation.
23.3 If at any time during the Contract Period the Council determines that it is necessary to provide additional instructions on the processing by the Consultant of Personal Data the Consultant shall promptly agree any such instructions and any obligations which the Council reasonably requires and imposes on the Consultant.
23.4 The Council has a number of obligations under the Freedom of Information Act 2000 (FOIA) and Environmental Information Regulations (EIR) to provide information of its functions where a person has made a request, unless the FOIA or the EIR exempts the requested information from such provision. The Consultant and his sub-contractors shall co-operate with the Council in respect of any request affecting or related to the provision of the Services by among other things providing written responses to requests as required by the Authorised Officer. The Consultant shall use all reasonable endeavours to help the Council meet its obligations under the FOIA and the EIR.
23.5 The Council is obliged by the Local Government Transparency Code issued by the Secretary of State under the Local Government (Transparency Requirements) (England) Regulations 2014 to publish contracts (worth more than £5,000) in their entirety, subject to redaction of commercially sensitive information, confidential information, intellectua...
DATA PROTECTION AND FREEDOM OF INFORMATION. If and to the extent that the Supplier (for the purpose of this Clause 8, the ‘Data Processor’) processes any Personal Data on behalf of LSE under this Agreement (for the purpose of this clause 8, the Data Controller’) the Data Processor undertakes to the Data Controller that the Data Processor: Will comply with all Data Protection legislation comply with the obligations imposed on the Data Controller by the Security Data Protection Principle, namely: to only Process Personal Data for and on behalf of the Data Controller for the purpose of performing this Agreement and in accordance with this Agreement (and where necessary only on instructions from the Data Controller to ensure compliance with Data Protection Legislation); where applicable, to provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: a systematic description of the envisaged processing operations and the purpose of the processing; an assessment of the necessity and proportionality of the processing operations in relation to the Services; an assessment of the risks to the rights and freedoms of Data Subjects; and the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data. to maintain Protective Measures which have been reviewed and approved by the Data Controller sufficient to comply at least with the obligations imposed on the Data Controller by the Security Data Protection Principle These measures will protect against a data loss event having taken into account: the nature of the data to be protected; the harm that might result from a Data Loss Event; the state of technological development; and the cost of implementing any measures; to allow representatives of the Data Controller to audit the Data Processor's compliance with the requirements of this Clause 8.1.2 on reasonable notice and/or, at the option of the Data Controller, on request to provide the Data Controller with evidence of its compliance with such requirements; to not engage another processor without prior specific or general written authorisation of the Data Controller; where applicable, shall not transfer any Personal Data outside the European Economic Area without the prior written consent of the Data Controller and that the following conditions are fulfilled: the Data Controll...
DATA PROTECTION AND FREEDOM OF INFORMATION. 38.1 Any personal data submitted in the framework of the procurement procedure and/or subsequently included in the contract shall be processed pursuant to the Data Protection Act (2001). It shall be processed solely for the purposes of the performance, management and follow-up of the procurement procedure and/or subsequent contract by the Central Government Authority/Contracting Authority without prejudice to possible transmission to the bodies charged with a monitoring or inspection task in conformity with National and/or Community law.
38.2 The provisions of this contract are without prejudice to the obligations of the Central Government Authority in terms of the Freedom of Information Act (Cap. 496 of the Laws of Malta). The Central Government Authority, prior to disclosure of any information to a third party in relations to any provisions of this contract which have not yet been made public, shall consult the contractor in accordance with the provisions of the said Act, pertinent subsidiary legislation and the Code of Practice issued pursuant to the Act. Such consultation shall in no way prejudice the obligations of the Central Government Authority in terms of the Act.
DATA PROTECTION AND FREEDOM OF INFORMATION. 20.1 Each Party shall comply with its obligations under the provisions of the Data Protection Xxx 0000.
20.2 Where the Council, as part of the provision of Services under this Agreement, processes personal data on behalf of the Trust, then in relation to such personal data the Council shall:-
20.2.1 act only on instructions from the Trust; and
20.2.2 comply with the Trust’s instructions in relation to the processing of such personal data, as such instructions are given and varied from time to time by the Trust; and
20.2.3 take all appropriate technical and organisational measures against unauthorised or unlawful processing of such personal data and against accidental loss or destruction of, or damage to, such personal data.
20.3 The provisions of clause 20.2 shall apply in relation to any personal data processed by the Trust on behalf of the Council under this Agreement as if each reference in that clause to the Council were a reference to the Trust and vice versa.
20.4 For the purposes of clause 20.2, the terms “personal data” and “processing” shall have the meanings ascribed to them in the Data Protection Xxx 0000.
20.5 The Trust acknowledges the Council’s obligations under the Freedom of Information (Scotland) Act 2002 (“the Act”) and the Environmental Information (Scotland) Regulations 2004 ("the Regulations") and acknowledges in particular that the Council may be required to provide information relating to this Agreement or the Trust to any person on request in order to comply with the Act or the Regulations.
20.6 Where the Council seeks to consult the Trust in connection with a request for information made under the Act or the Regulations the Trust will facilitate the Council’s compliance with the Act or the Regulations by responding timeously to the Council.
20.7 In the event that the Trust is or becomes a designated Scottish public authority by Order of the Scottish Ministers under Section 5 of the Act the Trust shall comply with the said Act and the Regulations.
20.8 Where the Trust receives a request for information, pursuant to Clause 20.7 or otherwise, which relates to or is likely to have an effect on the interests of the Council, the Trust shall consult with the Council before responding to such request.
