DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 The Parties acknowledge that for the purposes of the Data Protection Legislation, the Department on behalf of the Secretary of State for Education is the Data Controller and the Provider is the Data Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Provider (i.e. Learner enrolment or delivering education & training, e.g. e-portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.2 to 20.14 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Data Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Data Processor. 20.2 The Data Processor must notify the Data Controller immediately if it considers that any of the Data Controller's instructions infringe the Data Protection Legislation. 20.3 The Data Processor must provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: (a) a systematic description of the envisaged processing operations and the purpose of the processing; (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services; (c) an assessment of the risks to the rights and freedoms of Data Subjects; and (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data. 20.4 If requested by the Department’s Agreement Manager, the Data Processor must, in relation to any Personal Data processed in connection with its obligations under this Agreement: 20.4.1 process that Personal Data only in accordance with Schedule 6, unless the Data Processor is required to do otherwise by Law. If it is so required the Data Processor will promptly notify the Data Controller before processing the Personal Data unless prohibited by Law; 20.4.2 ensure that it has in place Protective Measures, which are appropriate to protect against a Data Loss Event, which the Data Controller may reasonably reject (but failure to reject will not amount to approval by the Data Controller of the adequacy of the Protective Measures), having taken account of the: (a) nature ...

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 The Parties acknowledge that for the purposes of the Data Protection Laws, the Department on behalf of the Secretary of State for Education is the Controller and the Provider is the Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Provider (i.e. Learner enrolment or delivering education & training, e.g. e-portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.2 to 20.14 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Processor.

See All (11)

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 20.1 This Clause 20 applies to the Services except to the extent that it relates to the payment of the Sixth Form Grant to a sixth form by the Provider. 20.2 The Parties acknowledge that for the purposes of the Data Protection Legislation, the Department on behalf of the Secretary of State for Education is the Data Controller and the Provider is the Data Processor only for the processing set out in Schedule 6 (i.e. submission of Learner data to the Department). Any other processing of Personal Data undertaken by the Provider (i.e. Learner enrolment or delivering education & training, e.g. e-portfolios) will be as a Data Controller and not on behalf of the Department. Clauses 20.3 to 20.15 below apply only in relation to the processing of Personal Data on behalf of the Department as set out in Schedule 6, and the only processing that the Data Processor is authorised to do on behalf of the Department is listed in Schedule 6 by the Department and may not be determined by the Data Processor. 20.3 The Data Processor must notify the Data Controller immediately if it considers that any of the Data Controller's instructions infringe the Data Protection Legislation. 20.4 The Data Processor must provide all reasonable assistance to the Data Controller in the preparation of any Data Protection Impact Assessment prior to commencing any processing. Such assistance may, at the discretion of the Data Controller, include: (a) a systematic description of the envisaged processing operations and the purpose of the processing; (b) an assessment of the necessity and proportionality of the processing operations in relation to the Services; (c) an assessment of the risks to the rights and freedoms of Data Subjects; and (d) the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data.

See All (10)

See All (8)

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 15.1 In this clause 15, the following words and expressions shall be defined as follows: Controller, Processor, Data Subject, Personal Data, Personal Data Breach, Data Protection Officer take the meaning given in the GDPR. GDPR: the General Data Protection Regulation (Regulation (EU) 2016/679). LED: Law Enforcement Directive (Directive (EU) 2016/680).

See All (7)

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 16.1 The Parties shall ensure that information acquired by the Parties and sub- contractors in the delivery of this Contract will at all times comply with the provisions and obligations imposed by the Data Protection Act 1998 and the Data Protection Principles together with any subsequent re-enactment or amendment thereof in storing and processing personal data, and all personal data acquired by either party from the other shall be returned to the disclosing party on request. Both Parties hereby acknowledge that performance of a duty imposed by the Act shall not constitute a breach of any obligation in respect of confidentiality which may be owed to the other party. The clause shall not affect THE SFA’s ability to make a search with a credit reference agency. 16.2 With respect to the Parties’ rights and obligations under this Contract the Parties agree that THE SFA is the Data Controller and THE CONTRACTOR is the Data Processor within the meaning of the Data Protection Act. 16.3 THE CONTRACTOR shall: 16.3.1 process Personal Data only in accordance with the instructions from THE SFA (which may be specific instructions or instructions of a general nature as set out in the Contract or otherwise notified by THE SFA to THE CONTRACTOR during the term of the Contract); 16.3.2 process the Personal Data only to the extent and in such manner as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; 16.3.3 implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Personal Data and having regard to the nature of the Personal Data which is to be protected; 16.3.4 take reasonable steps to ensure the reliability of any Contractor Personnel who have access to the Personal Data; 16.3.5 obtain prior written consent from THE SFA in order to transfer the Personal Data to any sub-contractor or other third parties for the provision of the Services; 16.3.6 ensure that all Contractor Personnel do not publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by THE SFA; 16.3.7 notify THE SFA within 5 working days if it receives: 16.3.7.1 a request from a Data Subject to have access to t...

See All (6)

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 10.1. The following details apply to the processing being carried out under this agreement: 10.1.1. The Personal Data will be processed for the provision of Services and Tuition as set out in the agreement. 10.1.2. The Personal Data will be processed for the period of time required by the Funding Rules 10.1.3. The specific processing activities will be: Provision of Services and Tuition under this Agreement and to satisfy regulatory and audit requirements. 10.1.4. The Personal Data processed concern the following categories of data subjects: Employees (internal), Apprentices and prospective apprentices, employees of the Employer. 10.1.5. The Personal Data processed concern the following categories of data: Personal identifiers such name, date of birth, national insurance number, personal learner record, and unique learner number, Contact information such as address, phone number, and e mail address, training and educational achievements, attainment and progress, assessed learning and support needs, biographical information relevant to study or work, financial information including banks details, and any public funded financial support. 10.1.6. The sensitive personal data (special category data) processed concerns the following categories of data: criminal record information, details of health conditions, race, ethnicity, religion and sexuality (information related to protected characteristics is collected for monitoring purposes only) 10.1.7. The following third parties will have access to the Personal Data: employers, regulators, internal and external audit, any subcontractor involved in the delivery or support of the Tuition, qualification bodies, and end point assessors (for apprenticeships), European Social Fund. 10.2. Each party shall comply with the Data Protection Laws applicable to it in connection with this agreement and shall not cause the other party to breach any of its obligations under Data Protection Laws. 10.3. Where a party, or a subcontractor of a party, processes Personal Data (that party being the "Processor") on behalf of the other party or a member of its group (that party being the "Controller") in connection with this agreement, the Processor shall, or shall ensure that its subcontractor shall: 10.3.1. process the Personal Data only on behalf of the Controller, only for the purposes of performing its obligations under this agreement, and only in accordance with instructions contained in this agreement or instructions received in wri...

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 12.1 In this clause 12, the following words and expressions shall be defined as follows:

DATA PROTECTION AND PROTECTION OF PERSONAL DATA. 16.1 The Parties acknowledge that for the purposes of the Data Protection Legislation, the ESFA on behalf of the Secretary of State for Education is the Data Controller and the Contractor is the Data Processor only for the processing set out in Schedule 2 (i.e. submission of Apprentice data to the ESFA). Any other processing of Personal Data (i.e. Apprentice enrolment or delivering education & training, e.g. e-portfolios) undertaken by the Contractor will be as a data controller and not on behalf of the ESFA. Clauses 16.2 to

DATA PROTECTION AND PROTECTION OF PERSONAL DATA Sample Clauses

Filter & Search

Related Clauses

Sub-Clauses