Data Protection Audit Sample Clauses

Data Protection Audit. Upon prior written request by Company, to the extent required under the Data Protection Legislation, Elastic agrees to cooperate and within reasonable time provide Company with: (a) a summary of any required audit reports demonstrating Elastic’s compliance with EU Data Protection obligations under this Addendum (without any confidential or commercially sensitive information); and (b) confirmation that such audit has not revealed any material vulnerability in Elastic’s systems, or to the extent that any such vulnerability was detected, that Elastic has fully remedied such vulnerability. If the above measures are not sufficient to confirm compliance with Data Protection Legislation or reveal some material issues, subject to the strictest confidentiality obligations, Elastic allows Company to request an audit of Elastic’s data protection compliance program by external independent auditors, which are jointly selected by the Parties, at Company’s sole expense. The Parties will mutually agree upon the scope, timing, and duration of the audit. Elastic will make available to Company the result of the audit of its data protection compliance program.
Sample 1
AutoNDA by SimpleDocs
Data Protection Audit. 7.1. Customer, acting by itself or through its appointed representative (acting pursuant to an NDA approved by Drift), shall have the right during the term of the Agreement and for as long thereafter as Drift processes Personal Data regarding which Customer is a Controller, to assess compliance by Drift with the applicable requirements of the EU Data Protection Law and/or this Addendum, and to review the technical and organizational measures taken by Drift against the unauthorized or unlawful processing of Personal Data and against the unauthorized access to, accidental loss or destruction of, or damage to, Personal Data, on at least thirty (30) days’ advance notice to Drift. Before the commencement of any audit, Customer and Drift shall mutually agree upon the scope, timing, and duration of the audit, and Customer shall take all reasonable measures to limit any adverse impact thereof on Drift. 7.2. To the extent permitted by applicable law, Customer shall bear the costs and expenses incurred in respect of the parties’ compliance with their obligations under this clause, unless the audit identifies that the Drift is not in compliance with the applicable requirements of the EU Data Protection Law and/or this Addendum, in which case Drift shall reimburse Customer for all reasonable costs and expenses incurred by Customer and Drift in connection with the audit.
Sample 1
Data Protection Audit. 1.5.1 The Service Provider shall produce and maintain a Data Protection audit plan to be agreed by TTL, which shall include: a) timescales for preparation and conduct of the annual Data Protection audit; b) the Data Protection audit strategy and planned outputs; c) details of the independent Third Party undertaking the Data Protection audit; d) the Service Provider Personnel responsible for fulfilment of the Data Protection audit plan; and e) the Service Provider Personnel responsible for the management of the independent Third Party undertaking the Data Protection audit. 1.5.2 The Service Provider shall implement a comprehensive Data Protection audit, to be undertaken by an independent Third Party approved by TTL, covering all Data Processing undertaken by the Service Provider. The Data Protection audit will be completed at no cost to TTL. 1.5.3 The Service Provider shall conduct the Data Protection audit annually (or at a frequency agreed with TTL) and report the findings to TTL. 1.5.4 The Service Provider shall act on the findings from any Data Protection audits to ensure (within timescales agreed by TTL) that the Service Provider's Processing, storage, disclosure and destruction of Personal Data are conducted in accordance with: a) the Data Protection Legislation; b) the provisions of Clause 50 (Information Compliance); c) Schedule 15 (Information Compliance); and d) Schedule 5 (Service Level Agreement).
Sample 1
Data Protection Audit a) During the term of this Data Processing Agreement the User and/or a reputable independent third- party auditor the User designates will have the right to examine the Service Provider and its subprocessors’ facilities, moreover to verify whether or not the Service Provider operates its data protection system in compliance with the provisions set out in this Data Processing Agreement, if it is suspected that the Processor fails to comply with any provision in this agreement. b) Notwithstanding the above, this audit may not extend to the examination of data belonging to the Service Provider’s clients, furthermore will not grant access to information related to the Service Provider’s security systems/measures. The Processor must be notified about audits initiated by the User at least 30 days in advance. The notification shall reason the necessity of the audit and shall describe its envisaged scope. Audits may not trigger the unreasonable interruption of the Processor’s workflows, and may not exceed a duration of 30 days, which may be extended once in justified cases. Auditing may not involve (i) direct access to the qualified trust service provider’s IT systems and premises, (ii) disturbing the Processor’s employees and causing significant extra work for them. To avoid any misunderstanding, the Parties confirm that the User will bear the costs related to data protection audits.
Sample 1
Data Protection Audit. 6.1. Upon prior written request by Data Controller, Data Processor agrees to cooperate and within reasonable time provide to Data Controller with: (a) a summary of the audit reports demonstrating Data Processor’s compliance with its obligations under this Agreement, after redacting any confidential and commercially sensitive information; and (b) confirmation that the audit has not revealed any material vulnerability in Data Processor’s systems, or to the extent that any such vulnerability was detected, that Data Processor has fully remedied such vulnerability. 6.2. If the above measures are not sufficient to confirm compliance with GDPR or reveal some material issues, subject to the strictest confidentiality obligations, Data Processor allows Data Controller to request an audit of Data Processor’s data protection compliance program by external independent auditors, which are jointly selected by the parties. The external independent auditor cannot be a competitor of Data Processor, and the parties will mutually agree upon the scope, timing, and duration of the audit. The audit may not start with less than 30 days from the first request of the Data Controller. Data Processor will make available to Data Controller the result of the audit of its data protection compliance program. Data Controller shall bear the cost of such audit and must fully reimburse Data Processor for all expenses and costs related to such audit.
Sample 1
Data Protection Audit. Upon prior written request by Merchant, Xxxxxxxx.xxx agrees to cooperate and within reasonable time provide Merchant with: (a) a summary of the audit reports demonstrating Xxxxxxxx.xxx’s compliance with EU Data Protection obligations under this Agreement, after redacting any confidential and commercially sensitive information; and (b) confirmation that the audit has not revealed any material vulnerability in Xxxxxxxx.xxx’s systems, or to the extent that any such vulnerability was detected, that Xxxxxxxx.xxx has fully remedied such vulnerability. If the above measures are not sufficient to confirm compliance with EU Data Protection law or reveal some material issues, subject to the strictest confidentiality obligations, Xxxxxxxx.xxx allows Merchant to request an audit of Xxxxxxxx.xxx’s data protection compliance program by external independent auditors, which are jointly selected by the Parties. The external independent auditor cannot be a competitor of Xxxxxxxx.xxx, and the Parties will mutually agree upon the scope, timing, and duration of the audit. Xxxxxxxx.xxx will make available to Merchant the result of the audit of its data protection compliance program.
Sample 1

Related to Data Protection Audit

  • Data Protection All personal data contained in the agreement shall be processed in accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data. Such data shall be processed solely in connection with the implementation and follow-up of the agreement by the sending institution, the National Agency and the European Commission, without prejudice to the possibility of passing the data to the bodies responsible for inspection and audit in accordance with EU legislation (Court of Auditors or European Antifraud Office (XXXX)). The participant may, on written request, gain access to his personal data and correct any information that is inaccurate or incomplete. He/she should address any questions regarding the processing of his/her personal data to the sending institution and/or the National Agency. The participant may lodge a complaint against the processing of his personal data with the [national supervising body for data protection] with regard to the use of these data by the sending institution, the National Agency, or to the European Data Protection Supervisor with regard to the use of the data by the European Commission.

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

  • Pertinent Non-Discrimination Authorities During the performance of this contract, the Engineer, for itself, its assignees, and successors in interest agree to comply with the following nondiscrimination statutes and authorities; including but not limited to: A. Title VI of the Civil Rights Act of 1964 (42 U.S.C. § 2000d et seq., 78 stat. 252), (prohibits discrimination on the basis of race, color, national origin); and 49 CFR Part 21. B. The Uniform Relocation Assistance and Real Property Acquisition Policies Act of 1970, (42 U.S.C. § 4601), (prohibits unfair treatment of persons displaced or whose property has been acquired because of Federal or Federal-aid programs and projects). C. Federal-Aid Highway Act of 1973, (23 U.S.C. § 324 et seq.), as amended, (prohibits discrimination on the basis of sex). D. Section 504 of the Rehabilitation Act of 1973, (29 U.S.C. § 794 et seq.) as amended, (prohibits discrimination on the basis of disability); and 49

  • Data Protection Act 7.1 With respect to the parties' rights and obligations under this Contract, the parties agree that the Department is the Data Controller and that the Contractor is the Data Processor. 7.2 The Contractor shall: 7.2.1 Process the Personal Data only in accordance with instructions from the Department (which may be specific instructions or instructions of a general nature as set out in this Contract or as otherwise notified by the Department to the Contractor during the Term); 7.2.2 Process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; 7.2.3 The Contractor shall employ appropriate organisational, operational and technological processes and procedures to keep the Personal Data safe from unauthorised use or access, loss, destruction, theft or disclosure. The organisational, operational and technological processes and procedures adopted are required to comply with the requirements of ISO/IEC 27001 as appropriate to the services being provided to the Department; 7.2.4 Take reasonable steps to ensure the reliability of any Contractor Personnel who have access to the Personal Data; 7.2.5 Obtain prior written consent from the Department in order to transfer the Personal Data to any Sub-contractors or Affiliates for the provision of the Services; 7.2.6 Ensure that all Contractor Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this clause 7; 7.2.7 Ensure that none of Contractor Personnel publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Department; 7.2.8 Notify the Department within five Working Days if it receives: a request from a Data Subject to have access to that person's Personal Data; or a complaint or request relating to the Department's obligations under the Data Protection Legislation; 7.2.9 Provide the Department with full cooperation and assistance in relation to any complaint or request made, including by: - providing the Department with full details of the complaint or request; - complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Department's instructions; - providing the Department with any Personal Data it holds in relation to a Data Subject (within the timescales required by the Department); and - providing the Department with any information requested by the Department; 7.2.10 Permit the Department or the Department’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit the Contractor's data Processing activities (and/or those of its agents, subsidiaries and Sub-contractors) and comply with all reasonable requests or directions by the Department to enable the Department to verify and/or procure that the Contractor is in full compliance with its obligations under this Contract; 7.2.11 Provide a written description of the technical and organisational methods employed by the Contractor for processing Personal Data (within the timescales required by the Department) to be used solely for the purposes of this contract and provided that to do so would not be in breach of the Intellectual Property Rights (including Copyright) of a third party; and 7.2.12 Not process Personal Data outside the European Economic Area without the prior written consent of the Department and, where the Department consents to a transfer, to comply with: - the obligations of a Data Controller under the Eighth Data Protection Principle set out in Schedule 1 of the Data Protection Act 1998 by providing -an adequate level of protection to any Personal Data that is transferred; and - any reasonable instructions notified to it by the Department. 7.3 The Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under this Contract in such a way as to cause the Department to breach any of its applicable obligations under the Data Protection Legislation.

  • Privacy and Data Protection 8.1 The Receiving Party undertakes to comply with South Africa’s general privacy protection in terms Section 14 of the Xxxx of Rights in connection with this Bid and shall procure that its personnel shall observe the provisions of such Act [as applicable] or any amendments and re-enactments thereof and any regulations made pursuant thereto. 8.2 The Receiving Party warrants that it and its Agents have the appropriate technical and organisational measures in place against unauthorised or unlawful processing of data relating to the Bid and against accidental loss or destruction of, or damage to such data held or processed by them.

  • Data Protection Legislation the UK Data Protection Legislation and any other European Union legislation relating to personal data and all other legislation and regulatory requirements in force from time to time which apply to a party relating to the use of Personal Data (including, without limitation, the privacy of electronic communications) and the guidance and codes of practice issued by the Information Commissioner or relevant government department in relation to such legislation.

  • DATA PROTECTION AND PRIVACY 14.1 In addition to Supplier’s obligations under Sections 6, 9, 10, and 15, Supplier will comply with this Section 14 when processing Accenture Personal Data. "Accenture Personal Data" means personal data owned, licensed, or otherwise controlled or processed by Accenture including personal data processed by Accenture on behalf of its clients. “Accenture Data” means all information, data and intellectual property of Accenture or its clients or other suppliers, collected, stored, hosted, processed, received and/or generated by Supplier in connection with providing the Deliverables to Accenture, including Accenture Personal Data.

  • Data Protection Officer 10.1 The Data Processor will appoint a Data Protection Officer where such appointment is required by Data Protection Laws and Regulations.

  • Child Support Compliance Act If the Contract Amount is $100,000 or more, this section is applicable. Contractor recognizes the importance of child and family support obligations and fully complies with (and will continue to comply with during the Term) all applicable state and federal laws relating to child and family support enforcement, including disclosure of information and compliance with earnings assignment orders, as provided in Family Code section 5200 et seq. Contractor provides the names of all new employees to the New Hire Registry maintained by the California Employment Development Department.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!