EEA Personal Data Sample Clauses

EEA Personal Data. With respect to any Customer Data that is subject to the EU General Data Protection Regulation (GDPR) or similar laws of other countries as "personal data," Sendbird accepts the following obligations as a data importer, processor or subprocessor of Customer: (a) processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by European Union or EU Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest; also, the processor shall immediately inform the controller if, in its opinion, an instruction infringes the GDPR, national data protection laws in the EU or other applicable law; (b) ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; (c) takes all measures required pursuant to Article 32 of the GDPR (security of processing); (d) respects the conditions referred to in paragraphs 2 and 4 of Article 28 of the GDPR for engaging another processor; (e) taking into account the nature of the processing, assists the controller by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the controller's obligation to respond to requests for exercising the data subject's rights laid down in Chapter III of the GDPR, including, without limitation, right to access, rectification, erasure and portability of the data subject's personal data; (for the avoidance of doubt, processor shall only assist and enable controller to meet controller’s obligations to satisfy data subjects' rights, but processor shall not respond directly to data subjects) (f) assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (Security of personal data) taking into account the nature of processing and the information available to the processor; (g) at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data; (h) makes available to the controller all information...
Sample 1See All (4)
AutoNDA by SimpleDocs
EEA Personal Data. Where Customer is located in the European Economic Area, Bain (on its behalf and on behalf of its affiliates) and Customer agree to enter into the standard contractual clauses for the transfer of personal data to third countries as set out in Commission Implementing Decision (EU) 2021/914 of 4 June 2021 (Module two controller to processor) (“SCCs”), which are incorporated by reference as follows: i) Customer shall be the data exporter, and Bain and its affiliates shall be the data importer; ii) Clauses 7(a) – (c) shall apply; iii) Option 1 of Clause 9(a) shall apply, and the data importer shall submit the request for specific authorisation at least 14 days prior to the engagement of the sub-processor; iv) Clause 11(a) shall not include an additional redress mechanism for data subject, as set out in the second optional paragraph of Clause 11(a); v) Clause 17 shall state: “These Clauses shall be governed by the law of the EU Member State in which the data exporter is established. Where such law does not allow for third-party beneficiary rights, they shall be governed by the law of another EU Member State that does allow for third-party beneficiary rights. The Parties agree that this shall be the law of Germany”; vi) Clause 18(b) shall state: “The Parties agree that those shall be the courts of vii) Annexes I and II of the SCCs shall be populated with the relevant information set out in Annex A and Annex B. Xxxxx XXX of the SCCs shall be populated with the detail of Part A, Section 12(c) above; and viii) If and to the extent the SCCs conflict with any provision of this Agreement, the SCCs will prevail to the extent of such conflict.
Sample 1
EEA Personal Data. The parties agree that the Standard Contractual Clauses will apply to any Restricted Transfer of Customer Data from the EEA, either directly or via onward transfer. To the extent there is any conflict between the DPA and the applicable EU SCC in relation to the processing of EEA Personal Data, the terms of the EU SCC will prevail. To the extent applicable, the Standard Contractual Clauses will be deemed entered into (and incorporated into this DPA by this reference) and completed as follows: a) Module Two (Controller to Processor) of the EU SCC, available at xxxxx://xx.xxxxxx.xx/info/law/law- topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard- contractual-clauses-international-transfers_en, will apply where Customer is a Controller of Customer Data and Airbrake is a Processor of Customer Data. Airbrake will comply with the obligations of thedata importer’ in the standard contractual clauses and the Customer will comply with the obligations of the 'data exporter'. b) The Customer acknowledges and accepts that the provision of the Service under the Main Agreement may require the processing of Customer Data by Sub-Processors in countries outside the EEA. c) If, in the performance of this DPA, Airbrake transfers any Customer Data to a Sub-Processor located outside of the EEA (without prejudice to clause 4) or Switzerland, Airbrake shall in advance of any such transfer ensure that a legal mechanism to achieve adequacy in respect of that processing is in place, such as: (i) the requirement for Airbrake to execute or procure that the Sub-Processor execute to the benefit of the Customer standard contractual clauses approved by the EU authorities under Data Protection Laws and set out in Appendix 2; or (ii) the existence of any other specifically approved safeguard for data transfers (as recognized under Data Protection Laws) and/or a European Commission finding of adequacy. d) The parties agree that the following terms shall apply to Module Two of the EU SCC: (i) in Clause 7, the optional docking clause will not apply; (ii) certification of deletion of Customer Data that is described in Clause 8.5 of the EU SCC shall be provided by Airbrake to Customer upon request; (iii) in Clause 9, Option 2 will apply and the time period for prior notice of Sub-Processor changes will be as set forth in the DPA; (iv) in Clause 11, the optional language will not apply; (v) in relation to Clause 13(a), see (x) below; (vi) in C...
Sample 1
EEA Personal Data. The Parties agree that the Standard Contractual Clauses will apply to Controller Data that is transferred via the Services from the EEA or Switzerland, either directly or via onward transfer, to any country or recipient outside the EEA or Switzerland that is: (a) not recognized by the European Commission (or, in the case of transfers from Switzerland, the competent authority for Switzerland) as providing an adequate level of protection for Personal Data. To the extent applicable, the Standard Contractual Clauses will be deemed entered into (and incorporated into this Addendum by this reference) and are deemed executed by each of the Parties acting on their own behalf and on behalf of their Affiliates (where applicable) without the need for any further signature from either party and completed as follows: (a) Module Two (Controller to Processor) of the Standard Contractual Clauses will apply where Customer is a Controller of Controller Data and Jasper is Processing Controller Data. (b) Module Three (Processor to Processor) of the Standard Contractual Clauses will apply where Customer is a Processor of Controller Data and Jasper is Processing Controller Data. (c) For each Module, where applicable: (i) in Clause 7 of Standard Contractual Clauses, the optional docking clause will not apply; (ii) the audits described in Clause 8.9(c) and (d) of the SCC shall be carried out in accordance with Section 6 of the DPA (iii) in Clause 9 of the Standard Contractual Clauses, Option 2 will apply and the time period for prior notice of sub-processor changes will be as set forth in the DPA;
Sample 1
EEA Personal Data. With respect to any Customer Data that is subject to the EU General Data Protection Regulation (GDPR) or similar laws of other countries as "personal data," Sendbird, in addition to the obligations above, accepts the following obligations as a data importer, processor or subprocessor of Customer: (a) processes the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by European Union or EU Member State law to which the processor is subject; in such a case, the processor shall inform the controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest; also, the processor shall immediately inform the controller if, in its opinion, an instruction infringes the GDPR, national data protection laws in the EU or other applicable law; (b) takes all measures required pursuant to Article 32 of the GDPR (security of processing); (c) assists the controller in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR (Security of personal data) taking into account the nature of processing and the information available to the processor; (d) at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data;
Sample 1

Related to EEA Personal Data

  • Personal Data Registry Operator shall (i) notify each ICANN-­‐accredited registrar that is a party to the registry-­‐registrar agreement for the TLD of the purposes for which data about any identified or identifiable natural person (“Personal Data”) submitted to Registry Operator by such registrar is collected and used under this Agreement or otherwise and the intended recipients (or categories of recipients) of such Personal Data, and (ii) require such registrar to obtain the consent of each registrant in the TLD for such collection and use of Personal Data. Registry Operator shall take reasonable steps to protect Personal Data collected from such registrar from loss, misuse, unauthorized disclosure, alteration or destruction. Registry Operator shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars.

  • Your Personal Data 17.1. PCSIL is a registered Data Controller with the Data Protection Commission in Ireland. 17.2. In order for us to provide you with the services relating to your Account, we are required to collect and process personal data about you, Additional Cardholders and Authorised Persons, with your consent or on a legal basis to meet our obligations for Anti-Money Laundering legislation or other governmental organisation. Where applicable, if an Account holder is under 16, then parental consent is explicitly required. 17.3. Your consent will be sought for collection of your data and you have the right to agree or decline. Where you decline consent for the collection and processing of your data, we reserve our right to discontinue service due to our obligations as a financial services institution. 17.4. We may disclose or check your personal data with other organisations and obtain further information about you in order to verify your identity and comply with applicable money laundering and governmental regulations. A record of our enquiries will be left on your file. 17.5. We may pass your personal data on to third-party service providers contracted to PCSIL in the course of dealing with your Account. Any third parties that we may share your data with are obliged to keep your details secure, and to use them only to fulfil the service they provide you on our behalf. Where we transfer the personal data to a third country or international organisation, we ensure this is done securely and that they meet a minimum standard of data protection in their country. 17.6. You have the right to receive information concerning the personal data we hold about you and to rectify such data where it is inaccurate or incomplete. You have the right to object to or withdraw any consent you have given for certain types of processing such as direct marketing. 17.7. Your data will be retained for 6 years after the end of the provision of services to you, where your data will be destroyed in compliance with the requirements of the General Data Protection Regulation. 17.8. In the event that you wish to make a complaint about how your personal data is being processed by us (or third parties as described in 17.5 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and PCSIL’s Data Protection Officer. 17.9. Our Privacy Policy provides full details on your rights as a data subject and our obligations as a data controller. Please read this document carefully and ensure you understand your rights.

  • PERSONAL DATA PROTECTION 7.1 By accessing ESZAM AUCTIONEER SDN BHD website, the E-Bidders acknowledge and agree that ESZAM AUCTIONEER SDN BHD website may collect, retain, or disclose the E-Bidder’s information or any information by the e-bidders for the effectiveness of services, and the collected, retained or disclosed information shall comply with Personal Data Protection Act 2010 and any regulations, laws or rules applicable from time to time. 7.2 ESZAM AUCTIONEER SDN BHD will process E-bidder personal data such as name, address, NRIC and contact number for registration and E-bidding purposes. E-bidders shall be responsible for the username and password of eZ2Bid and not to reveal the password to anyone. 7.3 E-bidders agree to accept all associated risks when using the service in the ESZAM AUCTIONEER SDN BHD website and shall not make any claim for any unauthorized access or any consequential loss or damages suffered. 7.4 E-bidders shall be responsible for the confidentiality and the use of password and not to reveal the password to anyone at any time and under any circumstances, whether intentionally or unintentionally. 7.5 E-bidders agree to comply with all the security measures related to safety of the password or generally in respect of the use of the service. 7.6 E-bidders accept the responsibility that in any event that the password is in the possession of any other person whether intentionally or unintentionally, the E-Bidders shall take precautionary steps for the disclosure, discovery, or the Bidders shall immediately notify ESZAM AUCTIONEER SDN BHD

  • Handling Sensitive Personal Information and Breach Notification A. As part of its contract with HHSC Contractor may receive or create sensitive personal information, as section 521.002 of the Business and Commerce Code defines that phrase. Contractor must use appropriate safeguards to protect this sensitive personal information. These safeguards must include maintaining the sensitive personal information in a form that is unusable, unreadable, or indecipherable to unauthorized persons. Contractor may consult the “Guidance to Render Unsecured Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals” issued by the U.S. Department of Health and Human Services to determine ways to meet this standard. B. Contractor must notify HHSC of any confirmed or suspected unauthorized acquisition, access, use or disclosure of sensitive personal information related to this Contract, including any breach of system security, as section 521.053 of the Business and Commerce Code defines that phrase. Contractor must submit a written report to HHSC as soon as possible but no later than 10 business days after discovering the unauthorized acquisition, access, use or disclosure. The written report must identify everyone whose sensitive personal information has been or is reasonably believed to have been compromised. C. Contractor must either disclose the unauthorized acquisition, access, use or disclosure to everyone whose sensitive personal information has been or is reasonably believed to have been compromised or pay the expenses associated with HHSC doing the disclosure if: 1. Contractor experiences a breach of system security involving information owned by HHSC for which disclosure or notification is required under section 521.053 of the Business and Commerce Code; or 2. Contractor experiences a breach of unsecured protected health information, as 45 C.F.R. §164.402 defines that phrase, and HHSC becomes responsible for doing the notification required by 45 C.F.R. §164.404. HHSC may, at its discretion, waive Contractor's payment of expenses associated with HHSC doing the disclosure.

  • Processing of Customer Personal Data 3.1 UKG will: 3.1.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and 3.1.2 not Process Customer Personal Data other than for the purpose, and in accordance with, the relevant Customer’s instructions as documented in the Agreement and this DPA, unless Processing is required by the Data Protection Laws to which the relevant UKG Processor is subject, in which case UKG to the extent permitted by the Data Protection Laws, will inform Customer of that legal requirement before the Processing of that Customer Personal Data. 3.2 Customer hereby: 3.2.1 instructs UKG (and authorizes UKG to instruct each Subprocessor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory subject to the provisions of this DPA, in each case as reasonably necessary for the provision of the Services and consistent with the Agreement. 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instructions set out in Section 3.2.1 on behalf of each relevant Customer Affiliate; and 3.2.3 warrants and represents that it has all necessary rights in relation to the Customer Personal Data and/or has collected all necessary consents from Data Subjects to Process Customer Personal Data to the extent required by Applicable Law. 3.3 Schedule 1 to this DPA sets out certain information regarding UKG’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR (and equivalent requirements of other Data Protection Laws).

  • Personal Data Processing 2.1 The Processor shall process Personal Data only on the basis of corresponding recorded orders from the Controller. 2.2 By way of exception, in particular in urgent cases, processing orders from the Data Controller may also be made orally. In this case, the Data Controller shall confirm as soon as possible and in writing, by any appropriate means, the instructions given orally. 2.3 Where the processing concerns the transmission of Personal Data to a third country outside the European Union or to an international organization, the Data Processor shall also comply with the relevant instructions of the Data Controller, unless different legal requirements exist under European Union laws or the laws of the Member State to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller before processing of the legal requirement in question, unless the said law prohibits this kind of information for reasons of substantial public interest. 2.4 The transmission of Personal Data to a third country outside the European Union is prohibited unless the Data Controller has given prior explicit approval to that end, and one of the following conditions is met: • the European Commission has resolved that an adequate level of protection of personal data is ensured in the country the Personal Data is to be transmitted; • the transmission is to be made to the U.S.A.; and the recipient of the Personal Data has acceded to and abides by the Privacy Shield Framework; • the transmission will be governed by the standard data protection clauses issued by the European Commission. 2.5 The Data Processor shall inform the Data Controller immediately upon receipt of the order or as soon as possible if he / she determines that the content of a particular processing order violates the Regulation and / or national law and / or the law of another Member State of the European Union (EU), and / or other provisions of EU law on the protection of Personal Data. 2.6 The Data Processor acknowledges that the Data Controller has full control over her Personal Data and determines any particular feature of the processing to which the Personal Data will be submitted. If the Data Processor ignores the instructions of the Data Controller and determines alone the scope, the means and generally any other matter concerning the processing of Personal Data, she shall render herself the Data Controller for the purposes of implementing the Regulation and the legal framework on the protection of Personal Data. The practical consequence of this is that, in addition to the full responsibility of the Processor towards the Controller, she shall carry the same level of responsibility vis-à-vis the independent supervisory authority (and any other competent state authority) as well as the Natural Persons - Data Subjects of the data being processed.

  • Protection of Personal Data 25.1 The Parties agree that they may obtain and have access to personal data for the duration of the Agreement for the fulfilment of the rights and obligations contained herein. In performing the obligations as set out in this Agreement, the Parties shall at all times ensure that: a) they process data only for the express purpose for which it was obtained; b) once processed for the purposes for which it was obtained, all data will be destroyed to an extent that it cannot be reconstructed to its original form; c) data is provided only to authorised personnel who strictly require the personal data to carry out the Parties’ respective obligations under this Agreement; d) they do not disclose personal data of the other Party, other than in terms of this Agreement; e) they have all reasonable technical and organisational measures in place to protect all personal data from unauthorised access and/or use; f) they have appropriate technical and organisational measures in place to safeguard the security, integrity and authenticity of all data in its possession or under its control in terms of this Agreement; g) such personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access. 25.2 The Parties agree that if personal data will be processed for additional purposes beyond the original purpose for which it was obtained, explicit consent must be obtained beforehand from those persons whose information will be subject to further processing. 25.3 Should it be necessary for either Party to disclose or otherwise make available the personal data to any third party (including sub-contractors and employees), it may do so only with the prior written permission of the other Party. The Party requiring such permission shall require of all such third parties, appropriate written undertakings to be provided, containing similar terms to that set forth in this clause 25, and dealing with that third party's obligations in respect of its processing of the personal data. Following approval by the other Party, the Party requiring permission agrees that the provisions of this clause 25 shall mutatis mutandis apply to all authorised third parties who process personal data. 25.4 The Parties shall ensure that any persons authorized to process data on their behalf (including employees and third parties) will safeguard the security, integrity and authenticity of all data. Where necessary to meet this requirement, the Parties shall keep all personal data and any analyses, profiles, or documents derived therefrom logically separated from all other data and documentation held by it. 25.5 The Parties shall carry out regular assessments to identify all reasonably foreseeable internal and external risks to the personal data in its possession or under its control. The Parties shall implement and maintain appropriate safeguards against the risks which it identifies and shall also regularly verify that the safeguards which it has in place has been effectively implemented. 25.6 The Parties agree that they will promptly return or destroy any personal data in their possession or control which belongs to the other Party once it no longer serves the purpose for which it was collected in relation to this Agreement, subject to any legal retention requirements. This may be at the request of the other Party and includes circumstances where a person has requested the Parties to delete all instances of their personal data. The information will be destroyed in such a manner that it cannot be reconstructed to its original form, linking it to any particular individual or organisation.

  • Personal Information 23.1 Subject to any applicable laws, the Licensee authorises XXXXX to: 23.1.1 use any Personal Information that SAMRO for the purposes of processing, executing and administering the Agreement; calculating Licence Fees; collecting the Licence Fees; 23.1.2 informing the Licensee of any SAMRO news and information or information relating to the Agreement; 23.1.3 informing the Licensee of any amendment, Tariff amendment or General Amendment to this Agreement. 23.1.4 access the Licensees Personal Information from credit bureaux relating to the Licensees payment profile for purposes of financial risk assessment, fraud prevention and debtor tracing and that we may disclose the necessary Personal Information to any such credit bureaux. 23.1.5 obtain, capture store, process, analyse and use the Licensees personal information for SAMRO marketing purposes in relation to XXXXX’s business of managing its Repertoire.

  • Personal Data Breach 7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws. 7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.

  • Personal Day All employees shall receive a personal day in each contract year. This personal day is in addition to the holidays listed in paragraph 3 above. The personal day shall be scheduled in accordance with the following provision: Employees may select such day off on five (5) days notice to the Employer provided such selection does not result in a reduction of employees in the building below 75% of the normal work staff. Such selection shall be made in accordance with seniority.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!