Common use of Data Protection Policy Clause in Contracts

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process WOAH’s data, on behalf of WOAH. In application of this Agreement, WOAH’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). WOAH, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to WOAH is simply for convenience and does not imply a waiver of any privileges and immunities applicable to WOAH. WOAH nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: Privacy Policy - WOAH - World Organisation for Animal Health WOAH undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from WOAH, including with regard to the location of the hosting and transfers to third countries; informs WOAH before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform WOAH if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of WOAH, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of WOAH, subject to obtaining WOAH's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to WOAH for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps WOAH, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to WOAH ( xxx@xxxx.xxx), who shall be responsible for responding to it; notifies W of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxxx.xxx; such notification shall be accompanied by any relevant communication in order to enable WOAH, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists WOAH in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides WOAH with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by WOAH or an auditor chosen by WOAH, and shall contribute to such audits under the conditions referred to below.

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process WOAH’s data, on behalf of WOAH. In application of this Agreement, WOAH’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). WOAH, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to WOAH is simply for convenience and does not imply a waiver of any privileges and immunities applicable to WOAH. WOAH nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: Privacy Policy - WOAH - World Organisation for Animal Health WOAH undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from WOAH, including with regard to the location of the hosting and transfers to third countries; informs WOAH before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform WOAH if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of WOAH, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of WOAH, subject to obtaining WOAH's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to WOAH for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps WOAH, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to WOAH ( xxx@xxxx.xxx(xxx@xxxx.xxx ), who shall be responsible for responding to it; notifies W of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxxx.xxx; such notification shall be accompanied by any relevant communication in order to enable WOAH, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists WOAH in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides WOAH with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by WOAH or an auditor chosen by WOAH, and shall contribute to such audits under the conditions referred to below.

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process WOAHthe OIE’s data, on behalf of WOAHthe OIE. In application of this Agreement, WOAHthe OIE’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). WOAHThe OIE, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to WOAH the OIE is simply for convenience and does not imply a waiver of any privileges and immunities applicable to WOAHthe OIE. WOAH The OIE nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: Privacy Policy - WOAH - World Organisation for Animal Health WOAH xxxxx://xxx.xxx.xxx/privacy-policy/ The OIE undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from WOAHthe OIE, including with regard to the location of the hosting and transfers to third countries; informs WOAH the OIE before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform WOAH the OIE if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of WOAHthe OIE, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of WOAHthe OIE, subject to obtaining WOAHthe OIE's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to WOAH the OIE for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps WOAHthe OIE, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to WOAH ( xxx@xxxx.xxxthe OIE (xxx@xxx.xxx ), who shall be responsible for responding to it; notifies W the OIE of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxxx.xxxxxx@xxx.xxx ; such notification shall be accompanied by any relevant communication in order to enable WOAHthe OIE, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists WOAH the OIE in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides WOAH the OIE with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by WOAH the OIE or an auditor chosen by WOAHthe OIE, and shall contribute to such audits under the conditions referred to below.

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process WOAH’s data, on behalf of WOAH. In application of this Agreement, WOAH’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). WOAH, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to WOAH is simply for convenience and does not imply a waiver of any privileges and immunities applicable to WOAH. WOAH nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: Privacy Policy - WOAH - World Organisation for Animal Health WOAH undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from WOAH, including with regard to the location of the hosting and transfers to third countries; informs WOAH before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform WOAH if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of WOAH, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of WOAH, subject to obtaining WOAH's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to WOAH for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps WOAH, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to WOAH ( xxx@xxxx.xxxxxx@xxxx.xxx ), who shall be responsible for responding to it; notifies W of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxxx.xxxxxx@xxxx.xxx ; such notification shall be accompanied by any relevant communication in order to enable WOAH, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists WOAH in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides WOAH with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by WOAH or an auditor chosen by WOAH, and shall contribute to such audits under the conditions referred to below.

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process WOAH’s data, on behalf of WOAH. In application of this Agreement, WOAH’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). WOAH, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to WOAH is simply for convenience and does not imply a waiver of any privileges and immunities applicable to WOAH. WOAH nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: Privacy Policy - WOAH - World Organisation for Animal Health WOAH undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from WOAH, including with regard to the location of the hosting and transfers to third countries; informs WOAH before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform WOAH if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of WOAH, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of WOAH, subject to obtaining WOAH's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to WOAH for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps WOAH, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to WOAH ( xxx@xxxx.xxx), who shall be responsible for responding to it; notifies W of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxxx.xxxxxx@xxxx.xxx ; such notification shall be accompanied by any relevant communication in order to enable WOAH, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists WOAH in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides WOAH with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by WOAH or an auditor chosen by WOAH, and shall contribute to such audits under the conditions referred to below.