Disclosure and Data Sharing Sample Clauses

Disclosure and Data Sharing. The Data Processor (or any subcontractor) shall: (a) only disclose such Personal Data to, or allow access by, its employees, agents and delegates who have had appropriate training in data protection matters and whose use of such Personal Data is strictly necessary for the performance of the Services; (b) ensure all such employees, agents and delegates of the Data Processor who can/or do access such Personal Data are informed of its confidential nature and are bound by confidentiality obligations and use restrictions in respect of the Personal Data, including but not limited to a restriction on copying, publishing, disclosing or divulging such Personal Data to any third party without the prior written consent of the Data Controller; (c) not divulge such Personal Data whether directly or indirectly to any person or firm without the prior written consent of the Data Controller except, subject to clause 1.2.6 of the Agreement, to those of its employees, agents and delegates who are engaged in the processing of the Personal Data or except as may be required by any applicable laws or any court to which the data processor or its Affiliates are subject; and (d) not transfer or otherwise process any Personal Data to a third party outside the European Economic Area (EEA) except with the express prior written consent of the Data Controller. (e) Where such consent is granted, the Data Processor may only process, or permit the processing, of Personal Data outside the EEA under the following conditions: I. the Data Processor is processing Personal Data in a territory which is subject to a current finding by the European Commission under the Data Protection Legislation that the territory provides adequate protection for the privacy rights of individuals. The Data Processor must identify in Annex A the territory that is subject to such an adequacy finding; or II. the Data Processor participates in a valid cross-border transfer mechanism under the Data Protection Legislation, so that the Data Processor (and, where appropriate, the Data Controller) can ensure that appropriate safeguards are in place to ensure an adequate level of protection with respect to the privacy rights of Data Subjects as required by Article 46 of the General Data Protection Regulation ((EU) 2016/679). The Data Processor must identify in Annex A the transfer mechanism that enables the Parties to comply with these cross-border data transfer provisions and the Data Processor must immediately inform the ...