We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content.

For more information visit our privacy policy.

Data Protection Requirements Sample Clauses

Data Protection Requirements. 2.1 The Parties acknowledge that each Party shall be a Data Controller of the Shared Personal Data. Each Party shall comply with its obligations as a Data Controller under Data Protection Legislation.
Data Protection Requirements. 6.1. The Parties (and their bank payment agents) shall ensure protection of information upon performing Transfers in accordance with CBR Regulation No. 719-P “On requirements to protection of information upon transferring funds and on CBR control of compliance with the requirements to protection of information upon performance of money transfers” dated June 4, 2020”. 6.2. Data protection procedure shall be determined independently by each Party in accordance with the legislation of the Russian Federation and/or foreign legislation applicable to the Party in accordance with clause 6.3 of the Offer. The Company shall specify in its documents: the list and procedure for implementation of organizational measures on data protection and use of technical means of data protection including information on configuration data of technical measures determining their operating conditions; procedure for registration and storage of information in paper and (or) in electronic format confirming implementation of all appropriate organizational and technical measures of data protection. 6.3. Access to the Software shall be performed with the use of personal user accounts. Requirements of password complexity and security requirements set by Software shall be strictly enforced when choosing passwords to user accounts. Software shell be updated regularly. The Parties have an obligation to ensure password protection upon storage and in the course of operation, and ongoing event logging and information securities. 6.4. To protect information upon performing Transfers, the Parties shall use: 6.4.1. means of cryptographic information protection to encrypt protected data while transferring it through publicly available communication channels in accordance with the requirements of legislation, regulations of the Federal Security Service of the Russian Federation and technical documentation for data encryption tools; 6.4.2. cryptographic tools for creation and checking Digital signature with regular updating of private/Digital signature and public/Digital signature verification keys in compliance with applicable legal requirements related to Digital signature (if there are encryption requirements); 6.4.3. Firewalling tools to protect the Software from external network implementing the following functions: ✓ Traffic analysis and filtering in accordance with the firewall rules; ✓ Blocking of connections not complying with the firewall rules; ✓ Blocking of direct connections from externa...
Data Protection Requirements. While using the Product the Customer shall be aware and consider current data protection requirements derived from especially the Regulation (EU) 2016/679 (General Data Protection Regulation). According to the General Data Protection Regulation personal data is all data related to an identified or identifiable person. Further "
Data Protection Requirements. 2.1 The MRO shall comply with the Data Protection Act and General Data Protection Regulation 2016 or other relevant data protection legislation or regulatory provisions at all times and shall procure that no action or inaction of the MRO shall put MedCo in breach of the DPA when processing data in connection with this Agreement including: (a) processing any Personal Data contained within the Database fairly and lawfully including providing Data Subjects with appropriate notices of their inclusion on the Database and giving effect to the rights of Data Subjects; (b) taking appropriate technical and organisational measures against unauthorised or unlawful Processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data. (c) creating any database from the data provided by MedCo or derived from the data (d) retaining any part of the Personal Data any longer than wholly necessary for the Permitted Purpose or regulatory compliance requirements or by operation of law; (e) not using the Personal Data for marketing purposes; (f) not transferring any Personal Data outside the European Economic Area, unless such transfer fully complies at all times with the provisions of the DPA and other applicable law. 2.2 In the event of a Personal Data breach relating to connected with or processed by MedCo, the MRO shall immediately notify MedCo of the breach and the steps it has taken to remedy the breach. The MRO will provide MedCo with such information regarding the breach as is required by the Information Commissioner.
Data Protection Requirements. Each of the Company and its subsidiaries is, and for the past three (3) years has been, to the Company’s knowledge, in material compliance with all applicable laws or statutes and all judgments, orders, binding guidelines, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and procedures that have been officially released (the “Internal Policies”) and contractual obligations relating to the privacy and security of IT Systems and Personal Data, including the collection, storage, transfer (including, without limitation, any transfer across national borders), processing and/or use of Personal Data and securing a valid legal basis for the foregoing, and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification collectively, the “Data Protection Requirements”). To ensure compliance with the Data Protection Requirements, each of the Company and its subsidiaries has in place, materially complies with, and takes appropriate steps reasonably designed to ensure compliance in all material respects with its Internal Policies relating to data privacy and security and the collection, storage, use, disclosure, handling, and analysis of Personal Data, including, without limitation, external facing privacy policies (such external privacy policies, the “Policies”). Each of the Company and its subsidiaries has, during the past three (3) years, at all times made all disclosures required by applicable Data Protection Requirements, except as would not reasonably be expected, individually or in the aggregate, to have a Material Adverse Effect, and none of such disclosures made or contained in any Policy have, to the knowledge of the Company, been inaccurate or in violation of any applicable Data Protection Requirements in any material respect. The Company further certifies that neither it nor any of its subsidiaries: (i) has received notice from any data privacy authority of any actual or potential liability under or relating to, or actual or potential violation of, any of the Data Protection Requirements, and has no knowledge of any event or condition that would reasonably be expected to result in any such notice; (ii) is currently conducting or paying for, in whole or in part, any investigation, audit, remediation, or other corrective action pursuant to any Data Protection Requirement, other than periodic or ongoing reviews and consultation in the ordinary cour...
Data Protection Requirements. 2.1 The ME shall comply with the Data Protection Legislation or other relevant data protection legislation or regulatory provisions at all times and shall procure that no action or inaction of the ME shall put MedCo in breach of the Data Protection Legislation when Processing data. in connection with this Agreement.: 2.2 Without prejudice to clause 2.1 of this Schedule, the ME shall ensure that: 2.2.1 any Personal Data: 2.2.1.1 has been obtained and transferred to MedCo in accordance with the Data Protection Legislation; and 2.2.1.2 is accurate and up to date. 2.2.2 prior to the transfer to MedCo of Personal Data, it has: 2.2.2.1 provided the Data Subjects of the Personal Data with a Privacy Policy on its own behalf and on behalf of MedCo that allows MedCo to Process the relevant Personal Data; and 2.2.2.2 referred Data Subjects to MedCo's Privacy Policy at xxx.xxxxx.xxx.xx for information on how MedCo will Process the relevant Personal Data. 2.2.3 implements and maintains appropriate technical and organisational measures to preserve the confidentiality and integrity of the Personal Data and prevent any unlawful Processing or disclosure or damage, taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of the Data Subjects (the "Security Measures");
Data Protection RequirementsSeller warrants that, with respect to any personal data that may be processed in connection with this Order, it will duly observe its obligations under all applicable privacy and data protection laws, regulations and directives (“Data Protection Requirements”), including if applicable the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and any successor thereto. Seller shall implement administrative, physical and technical safeguards to protect any personal data that may be processed in connection with this Order. Such safeguards shall be no less rigorous than accepted industry practices, and Supplier shall ensure that all such safeguards comply with applicable Data Protection Requirements, as well as the terms and conditions of this Order.
Data Protection Requirements. 1.1. In this Schedule, the following terms shall have the meanings given to them below:
Data Protection Requirements. 12.2.1 Under this Agreement and for the purposes of Regulation (EU) 2016/679 of 27 April 2016 (the General Data Protection Regulation "GDPR") and any applicable national regulations implementing the GDPR, including Applicable Legislation, the Parties will be acting as data controllers of personal data to be collected and processed by said entities under this Agreement. The EETS Provider is the data controller of all personal data relating to its contractual relationship with the EETS User. The Toll Charger is the data controller of all personal data collected from such EETS User in connection with the EETS User's circulation in the Toll Domain. For the purpose of enabling the Services and the provision of this Agreement, personal data needs to be exchanged between the Parties.
Data Protection Requirements. 17.1 All staff who have access to personal Data recorded on the NERCP system must be made aware of the following: The information held within NERCP files or other documentation is confidential and must be used only for the purpose for which it was generated in accordance with agreed principles. Any such information must not be disclosed to any third party. The responsibility and potential criminal/civil liability for inappropriate disclosure rests with the individual once he/she has been made aware of these statutory requirements. Breaches of confidentiality by members or their representatives may also be subject to sanctions by the NERCP Membership. All NERCP information will be stored under secure conditions. NERCP files will not be photocopied or otherwise reproduced unless expressly authorised by the NERCP office. NERCP files must only be destroyed at the NERCP office, unless otherwise authorised by the NERCP. 17.2 All staff allowed access to the NERCP data must sign the Data Protection Declaration form (See Appendix A). 17.3 If an individual makes a request to a NERCP member regarding data held on that individual, that person should be referred to the Head of Business Crime. 17.4 The Partnership procedures need to be monitored periodically to ensure efficient operation: The Steering Group and/or any representatives authorised on their behalf will audit individual members a minimum of once a year to ensure security and confidentiality. A record will be kept by the Partnership manager or nominated person of the audit, e.g. date carried out and by whom. Any shortcomings identified must be rectified. 17.5 Any changes to nominated contacts with individual members must be communicated immediately to the NERCP office. 17.6 NERCP will ensure that security measures are in place if transferring data electronically. 17.7 Where appropriate, NERCP data will be handled in accordance with current management of police information (MOPI) guidelines