DATA PROTECTION & SECURITY. 12.1 The Contractor shall comply with all applicable requirements of the Data Protection Laws.
12.2 The Parties acknowledge that for the purposes of the Data Protection Laws, NUI Galway is the Data Controller and the Contractor is the Data Processor in respect of Data which is Personal Data.
12.3 Without prejudice to the generality of clause 12.1, the Contractor shall, in relation to any Personal Data processed in connection with the performance by the Contractor of its obligations under this Agreement: (a) process that Personal Data only on the written instructions of NUI Galway; (b) ensure that it has in place appropriate technical and organisational measures, as may be reviewed and approved by NUI Galway, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (d) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; (e) not transfer any Personal Data outside of the European Economic Area unless the prior written consent of NUI Galway has been obtained and the following conditions are fulfilled; (i) appropriate safeguards are in place in relation to the transfer, to ensure that Personal Data is adequately protected in accordance with Chapter V of Regulation 2016/679 ( General Data Protection Regulation); (ii) the data subject has enforceable rights and effective legal remedies; (iii) The Contractor complies with its obligations under the Data Protection Laws by providing an adequate level of protection to any Personal Data that is transferred; and (iv) The Contractor complies with reasonable instructions notified to it in advance by NUI Galway with respect to the processing of the Personal Data;
12.4 The Contractor sh...
DATA PROTECTION & SECURITY. If the Data includes any identifiable Personal Data, the Recipient shall:-
DATA PROTECTION & SECURITY. Suppliers are responsible for data protection, privacy compliance, and security control validation/ certification of their subcontractors. • For data classified as Confidential, Confidential – Internal Use Only or Restricted, data should be encrypted using AES-256 or stronger. • To protect data integrity, data should be hashed using SHA-256 or stronger. • All Confidential hard copy data that is no longer required must be shredded by use of a crosscut shredder. • The print process must be adequately secured to prevent unauthorized disclosure/access. • Extra precautions must be in place to protect the Confidential Information stored on portablesystems or mobile devices. Devices and data must be stored securely when not in use. • Portable systems with Confidential Information must not transfer data by use of Personal Area Networks • Web sites and applications must be backed up in accordance with Business Continuity andDisaster Recovery requirements. • Supplier must secure all backup media during transportation and in storage. • Supplier should catalog all media so that a missing storage unit (and which unit it is) shall be easily identified. Supplier should not label media in such a way that it discloses the datait contains or its owner company in a manner that is easily identified by an outsider. • Supplier should maintain system and application backups that support a total system restorefor a 30-day period as a minimum. Backup media must be on separate media from the system. • Supplier must destroy all Confidential Information within 30 days of termination of Supplier contract. Copies of Confidential Information on system backup media that is co-mingled with other system data are not included.
DATA PROTECTION & SECURITY. 6.1 If the Data includes any identifiable Personal Data, the Recipient shall:-
6.1.1 take appropriate technical and organisational measures against the unauthorised or unlawful processing and/or use of the Data, any data derived from the Data and/or and all Confidential Information, against the accidental loss or destruction of, or damage to, such data and information.
6.1.2 ensure that the measures referred to in clause 6.1 shall include the measures set out in Schedule B.
6.1.3 restrict access to the Data, any data derived from the Data and all other Confidential Information to such of its employees who strictly need access to such data and/or information to undertake the Research Programme, and shall ensure that all such employees are reliable, and informed of the confidential nature of such data and/or information and the importance of processing it securely.
6.2 For the avoidance of doubt, the Recipient undertakes that it shall not disclose to a third party, whether in connection with the Research Programme or otherwise, any data and/or information contained in or derived from the Data which constitutes Personal Data.
DATA PROTECTION & SECURITY. For the purposes of this clause 8, the meaning of personal data, data processor and data controller shall be determined in accordance with the Data Protection Xxx 0000.
DATA PROTECTION & SECURITY. 11.1 Both parties will comply with all applicable laws in relation to the control and processing of Personal Data.
11.2 Both parties shall ensure that in relation to any sensitive data (including both Confidential Information and Personal Data) processed in connection this Agreement that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of that data and against accidental loss or destruction of, or damage to, that data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures.
DATA PROTECTION & SECURITY. 12.1 The Merchant and the Service Provider undertake to provide appropriate data protection and to ensure confidentiality, availability and accuracy of data. They shall, in particular, be obliged to ensure reasonable protection of their systems against unauthorised or accidental destruction, accidental loss, technical errors, falsification, theft, unlawful use, unauthorised alteration, copying, access and other unauthorised activities.
DATA PROTECTION & SECURITY. 3.1 The Parties shall, in performing their obligations under this Agreement, comply in all respects with all relevant Data Protection Laws.
3.2 Morae acknowledges that Client Data is the sole and valuable property of the Client (and its clients, where applicable) and that any unauthorised disclosure, use or loss of it could give rise to damage to the Client (and its clients, where applicable).
DATA PROTECTION & SECURITY. 4.1 In rendering the Services, Xxxxxx may from time to time be provided with, or have access to, information of Customer, Business User or Candidate which may qualify as Personal Data.
4.2 For the purposes of the GDPR (if applicable), Xxxxxx will process any Personal Data as ‘data processor in accordance with the Data Protection Law applicable to ‘data processors’. Upon request, Xxxxxx can provide for a data processing addendum to be part of the Agreement.
4.3 In this paragraph, the following terms, indicated with a capital, whether single or plural, will have the following meaning
DATA PROTECTION & SECURITY. 8.1 The parties acknowledge their respective duties and obligations under the Data Protection Xxx 0000 (“DPA”) and the Freedom of Information Xxx 0000 (“FOIA”) (and any other applicable laws or obligations regarding the use of personal data) and shall give all reasonable assistance to each other where appropriate or necessary to comply with such duties.
8.2 To the extent that we are acting as a data processor (as defined in the DPA) on your behalf, we shall:
8.2.1 process the relevant personal data only in accordance with the terms of this XXXX and any lawful instructions reasonably given by you from time to time;
8.2.2 put in place appropriate technical and organisational measures against any unauthorised or unlawful processing of such personal data, and against the accidental loss or destruction of or damage to such personal data having regard to the specific requirements within this XXXX, the state of technical development and the level of damages that may be suffered by a data subject whose personal data is affected by such unauthorised or unlawful processing or by its loss, damage or destruction;
8.2.3 take reasonable steps to ensure the reliability of employees who will have access to such personal data, and ensure that such employees are aware of and trained in the policies and procedures identified within this XXXX; and
8.2.4 not cause or allow such personal data to be transferred outside the European Economic Area without you prior written consent.
8.3 We shall both use our reasonable efforts to ensure that personal data processed in accordance with this XXXX is safeguarded at all times in accordance with any applicable law.
