Data Protection and Information Security. 1.1 The GLA authorises the Grantee, to Process the Agreement Personal Data during the term of this Agreement as a Processor solely for the purpose and to the extent described in Schedule 14.
1.2 In performing the Services and its other obligations under this Agreement the Grantee will:
1.2.1 comply with the Data Protection Laws;
1.2.2 not cause the GLA to breach any obligation under the Data Protection Laws; and
1.2.3 notify the GLA without undue delay if it identifies any areas of actual or potential non- compliance with the Data Protection Laws or this Schedule 13, without prejudice to its obligations to comply with, or to any rights or remedies which the GLA may have for breach of, the Data Protection Laws or this Schedule 13.
1.3 The Grantee will not engage or use any third party for the Processing of Agreement Personal Data or permit any third party to Process Agreement Personal Data without the prior written consent of the GLA.
1.4 If the Grantee appoints a Sub-Processor, the Grantee will ensure that, prior to the Processing taking place, there is a written Grant Agreement in place between the Grantee and the Sub- Processor that specifies the Sub-Processor’s Processing activities and imposes on the Sub- Processor the same terms as those imposed on the Grantee in this Schedule 13. The Grantee will procure that Sub-Processors will perform all obligations set out in this Schedule 13 and the Grantee will remain responsible for all acts and omissions of Sub-Processors as if they were its own.
1.5 The Grantee will:
1.5.1 Process the Agreement Personal Data only on documented instructions (including this Agreement) from the GLA (unless the Grantee or the relevant Sub-Processor is required to Process Agreement Personal Data to comply with United Kingdom, European Union (as it is made up from time to time) or European Union member state Applicable Laws, in which case the Grantee will notify the GLA of such legal requirement prior to such Processing unless such Applicable Laws prohibit notice to the GLA on public interest grounds);
1.5.2 immediately inform the GLA in writing if, in its reasonable opinion, any instruction received from the GLA or a member of its Group infringes any Data Protection Laws;
1.5.3 without prejudice to paragraph 1.5.1, ensure that Agreement Personal Data will only be used for the purpose and to the extent described in Schedule 14;
1.5.4 without prejudice to paragraph 1.5.3, not without the prior written consent of the GLA:
Data Protection and Information Security. In addition to any other information security provisions set forth in this Agreement, Supplier shall comply with the provisions of the Data Protection Addendum attached hereto as Exhibit C which is hereby incorporated into this Agreement as if set forth fully herein. To the extent there is any conflict between the terms of the Data Protection Addendum and the terms of the body of this Agreement, the terms of the Data Protection Addendum shall prevail.
Data Protection and Information Security. 6.1. The Data Protection and Information Security Addendum available at xxxxx://xxx.xx.xxx/legal-privacy/ is incorporated into these Conditions.
Data Protection and Information Security. 15.1 The Parties recognise that they shall each be processing Personal Data in connection with the performance of their obligations and/or exercise of their rights under this Agreement and that the factual arrangement between them shall dictate the role of each Party (as to data controller or data processor) in respect of the Data Protection Laws. Notwithstanding the forgoing, and subject to any application of 15.2 below, the Parties agree and acknowledge that where either Party processes Personal Data pursuant to or in relation to this Agreement, that Party will be carrying out the processing for its own purposes, and as such will be a data controller under the Data Protection Laws.
15.2 No Party (or any sub-contractor of a Party) shall act as a data processor of the other Party unless expressly agreed in writing. Each Party acknowledges and agrees that any such agreed data processing can only take place after appropriate contractual arrangements have been put in place between the Parties ensuring that such data processing is carried out in compliance with applicable Data Protection Laws.
15.3 Each Party shall at all times comply with its or their respective obligations under all applicable Data Protection Laws to the extent such Data Protection Laws applies to it in connection with the performance of its obligations or exercise of its rights under this Agreement.
15.4 The Parties shall ensure they have made all necessary registrations and notifications of their particulars in accordance with applicable Data Protection Laws and shall ensure that such registrations and notifications are kept accurate and up to date during the term of this Agreement. You shall supply on request to any Lender a copy of such registrations and notifications, together with any amended particulars that may be filed from time to time.
15.5 You shall ensure that you obtain consent from the Applicant prior to the transfer of their Personal Data to the relevant Lender in connection with any Mortgage Application.
15.6 In addition to and notwithstanding any other right or obligation arising under this Agreement, you shall (and shall procure that all Personnel shall):
15.6.1 take all appropriate technical and organisational measures necessary or desirable to ensure that Personal Data you process is protected against loss, destruction and damage, and against unauthorised access, use, modification, disclosure or other misuse;
15.6.2 take all technical and organisational security measures...
Data Protection and Information Security. 4.1 For the purposes of this clause 4, the terms process, processes, processing, personal data, controller and data subject have the meanings given in the Data Protection Legislation. “Data Protection Legislation” means the Data Protection Law DIFC Law No. 5 of 2020, any applicable data protection laws including any subordinate legislation, regulation or guidance issued by the relevant authority and the requirements of the Information Security Regulations for public and semi-public sectors of the Dubai Government in so far as they may be applicable to the information of Dubai Government Members provided to the Trustee.
Data Protection and Information Security. 7.1 Both parties will comply with all their obligations under GDPR data protection legislation, which arise in connection with the MoU.
7.2 Both parties agree that they will not share any personal data in connection with the MoU, except the names of the parties signing this agreement, which will be processed by the parties in compliance with data protection legislation.
7.3 Both parties agree that where it becomes necessary to share any further data, the parties will enter into a legally binding data processing agreement.
Data Protection and Information Security. 15.1. Each party, when acting as data processor, shall process personal data in accordance with Regulatory Requirements governing the protection of confidential information and personal data within the territory in which the party is registered and operates.Where one party acts as the data processor ("Data Processor") of personal data processed by the other party as data controller ("Data Controller"), the Data Processor shall at all times follow the Data Controller's reasonable instructions with regards to the personal data processed.
15.2. In case the Merchant integrates any fast registration gateway functionality as further described in the relevant Manuals in order to facilitate payments by new INTECH D.O.O. customers, the Merchant shall procure all necessary consents from such customers to process and share with INTECH D.O.O. any data required to facilitate the use of such fast registration functionality.
15.3. The Merchant shall not store Sensitive Payment User Data unless it is a necessary and unavoidable requirement owing to the operating process, in which case the Merchant shall store and process Sensitive Payment User Data strictly in compliance with the provisions of this clause 1.
15.4. Where the Merchant is processing or storing Sensitive Payment User Data, the Merchant represents, warrants and undertakes to comply fully with the Payment Card Industry Data Security Standard in force from time to time (PCI DSS).
15.5. Upon written request from INTECH D.O.O. (whether acting for itself or on behalf of an operator of a Card or Payment Scheme), the Merchant shall, within three (3) business days of INTECH
D. O.O. 's request provide:
(i) information regarding the extent to which the Merchant stores Transaction Data and/or Sensitive Payment User Data ;
(ii) the manner in which this is stored by the Merchant;
Data Protection and Information Security. 17.1 The Parties agree that, for the purposes of processing of Personal Data collected by AVEVA or shared by Customer with AVEVA in connection with the performance of this Agreement, AVEVA will act for all purposes as an independent Controller, and no joint controllership (or equivalent concept under Applicable Data Protection Legislation) over any such Personal Data arises as between AVEVA and the Customer. If AVEVA and the Customer are determined to be joint Controllers (or equivalent) in respect of any such Personal Data by any court in the UK or the European Economic Area (EEA), or by any government authority with responsibility for data privacy, or an equivalent finding is made by a competent court or authority elsewhere:
17.1.1 the Customer shall ensure that it (or its Affiliate) has a legal basis for processing, including all necessary and appropriate consents and notices, to enable the lawful transfer of the Personal Data to AVEVA for the duration and purposes of this Agreement;
17.1.2 the Customer shall ensure that it informs Users and individuals whose Personal Data the Customer discloses to or otherwise shares with AVEVA about AVEVA’s processing of their Personal Data pursuant to this Agreement;
17.1.3 each Party shall comply with all Applicable Data Protection Legislation in connection with all such processing of Personal Data, and shall provide, upon request of the other Party, all information necessary to demonstrate such compliance; and
17.1.4 subject to the provisions of Clause 22, each Party shall indemnify the other Party for any and all Damages reasonably incurred by the other Party as a result of the failure by the indemnifying Party to comply with its obligations as Controller under the Applicable Data Protection Legislation.
17.2 The Parties agree that if AVEVA is determined by any court or any government authority with responsibility for data privacy in the UK, the EEA or Switzerland, to be a Processor with respect to any Personal Data on behalf of the Customer, or an equivalent finding is made by a competent court or authority elsewhere, the Data Processing Addendum shall apply to such processing of Personal Data.
17.3 The Customer undertakes, represents and warrants that it has the right to share with AVEVA any and all Personal Data provided by the Customer to AVEVA.
17.4 Whenever there is a Restricted Transfer from the EEA to any country outside the EEA, the transfer shall be governed by the EEA SCC which is hereby incorporated ...
Data Protection and Information Security. Any Li- censed Property and Support Services shall be pro- vided to Customer in accordance with AvePoint’s DPIS Policy. Protection des données et sécurité de l’information. Tous les Produits sous Licence et tous les Services de Sup- port doivent être fournis au Client conformément à la poli- tique DPIS d’AvePoint.
Data Protection and Information Security. § 29.1 SUPPLIER undertakes to take notice and to comply with the most recent version of any data protection regulations, especially the rules of the EU-GDPR, as far as applicable to SUPPLIER.
§ 29.2 SUPPLIER undertakes to educate and train all employees and sub-suppliers/ subcontractors with regards to the relevant data protection regulations and to appropriately oblige them to data confidentiality. SUPPLIER undertakes specially to take measures to assure data protection through privacy by design and privacy settings by default.
§ 29.3 SUPPLIER undertakes to support PANKL in any events relevant for data protection in connection with deliveries and / or services applying these Purchasing Conditions. If SUPPLIER handles personal data of PANKL as processor, it shall do so exclusively based on PANKL’s instructions and shall conclude a separate data processing agreement in accordance with Article 28, Paragraph 3 of the EU-GDPR.
§ 29.4 SUPPLIER explicitly assures PANKL that it will implement and maintain appropriate technical, organizational, and other protective measures to safeguard orderly protection of all PANKL’s information and data. This includes among other things that SUPPLIER shall not transfer any confidential information which SUPPLIER receives by PANKL to any laptop computer or any portable storage media, which can be removed from SUPPLIER’s premises, except such data is encrypted and such data is stored on the portable storage media only to allow safeguarding of such data outside SUPPLIER’s premises.
§ 29.5 SUPPLIER shall use reasonable efforts to prevent the loss or theft of passwords as well as the unauthorized access or use of PANKL’s data and information. SUPPLIER shall notify PANKL immediately about any type of password loss or theft or any type of unauthorized access or use of PANKL’s data or information. SUPPLIER shall utilize protective measures and physical security procedures with regards to access and privacy of PANKL’s confidential information and data, which at least represent the industry standard for such premises, and which assure appropriate technical and organizational protection against unintended or unlawful loss or modification, unauthorized disclosure or access of PANKL’s confidential information or data. SUPPLIER assures that it utilizes processes and security procedures to keep its information systems free from viruses and similar defaults.
§ 29.6 SUPPLIER undertakes to notify PANKL immediately, but in any case, no later tha...