Ensure that. (a) the Processor Personnel do not process Personal Data except in accordance with this Contract (and in particular Part A Authorised Processing Template of Annex 1 – Processing Personal Data); (b) it uses best endeavours to ensure the reliability and integrity of any Processor Personnel who have access to the Personal Data and ensure that they: (i) are aware of and comply with the Processor's duties under this clause 14; (ii) are subject to appropriate confidentiality undertakings with the Processor or any Subprocessor; (iii) are informed of the confidential nature of the Personal Data and do not provide any of the Personal Data to any third party unless directed in writing to do so by the Controller or as otherwise allowed by the Contract; and (iv) have undergone adequate training in the use, care, protection and handling of Personal Data. (c) the Processor must not transfer Personal Data outside of the UK and/or the EEA unless the prior written consent of the Controller has been obtained and the following conditions are fulfilled: (d) the transfer is in accordance with Article 45 of the UK GDPR (or section 74A of DPA 2018) and/or the transfer is in accordance with Article 45 of the EU GDPR (where applicable); or (e) the Controller or the Processor has provided appropriate safeguards in relation to the transfer (whether in accordance with UK GDPR Article 46 or section 75 of the DPA 2018) and/or the transfer is in accordance with Article 46 of the EU GDPR (where applicable) as determined by the Controller which could include relevant parties entering into: (i) where the transfer is subject to UK GDPR: (A) the International Data Transfer Agreement (the “IDTA”), as published by the Information Commissioner's Office from time to time under section 119A(1) of the DPA 2018 as well as any additional measures determined by the Controller; (B) the European Commission's Standard Contractual Clauses per decision 2021/914/EU or such updated version of such Standard Contractual Clauses as are published by the European Commission from time to time (“EU SCCs”), together with the UK International Data Transfer Agreement Addendum to the EU SCCs (the “Addendum”) as published by the Information Commissioner's Office from time to time; and/or (ii) where the transfer is subject to EU GDPR, the EU SCCs, as well as any additional measures determined by the Controller being implemented by the importing party; (f) the Data Subject has enforceable rights and effective legal remedies when transferred; (g) the Processor meets its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (h) the Processor complies with the Controller's reasonable prior instructions about the processing of the Personal Data.
Appears in 9 contracts
Samples: Short Form Contract for the Supply of Goods and/or Services, Supply of Goods and/or Services, Short Form Contract for the Supply of Services
Ensure that. (a) the Processor Personnel do not process Personal Data except in accordance with this Contract (and in particular Part A Authorised Processing Template of Annex 1 – Processing Personal Data);
(b) it The Processor must use allit uses best besttakes reasonable endeavours to ensure the reliability and integrity of any Processor Personnel who have access to the Personal Data and ensure that they:
(i) are aware of and comply with the Processor's duties under this clause 14;
(ii) are subject to appropriate confidentiality undertakings with the Processor or any Subprocessor;
(iii) are informed of the confidential nature of the Personal Data and do not provide any of the Personal Data to any third party unless directed in writing to do so by the Controller or as otherwise allowed by the Contract; and
(iv) have undergone adequate training in the use, care, protection and handling of Personal Data.
(b) (c) Where the Personal Data is subject to UK GDPR, the Processor must not transfer Personal Data outside of the UK and/or the EEA unless the prior written consent of the Controller has been obtained and the following conditions are fulfilled:
(d) the transfer is in accordance with Article 45 of the UK GDPR (or section 74A 74A73 of DPA 2018) and/or the transfer is in accordance with Article 45 of the EU GDPR (where applicable); or
(e) the Controller or the Processor has provided appropriate safeguards in relation to the transfer (whether in accordance with UK GDPR Article 46 or section 75 of the DPA 2018) and/or the transfer is in accordance with Article 46 of the EU GDPR (where applicable) as determined by the Controller which could include relevant parties entering into:
(i) where the transfer is subject to UK GDPR:
(A) the International Data Transfer Agreement (the “IDTA”), or International Data Transfer Agreement Addendum to the European Commission's SCCs (the "Addendum"), as published by the Information Commissioner's Office from time to time under section 119A(1) of the DPA 2018 as well as any additional measures determined by the Controller;
(B) the European Commission's Standard Contractual Clauses per decision 2021/914/EU or such updated version of such Standard Contractual Clauses as are published by the European Commission from time to time (“EU SCCs”), together with the UK International Data Transfer Agreement Addendum to the EU SCCs (the “Addendum”) as published by the Information Commissioner's Office from time to time; and/or
(ii) where the transfer is subject to EU GDPR, the EU SCCs, as well as any additional measures determined by the Controller being implemented by the importing party;
(f) the Data Subject has enforceable rights and effective legal remedies when transferred;
(g) the Processor meets its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
(h) the Processor complies with the Controller's reasonable prior instructions about the processing of the Personal Data.,
Appears in 1 contract
Samples: Short Form Contract for the Supply of Goods and/or Services
Ensure that. (a) the Processor Personnel do not process Personal Data except in accordance with this Contract (and in particular Part A Authorised Processing Template of Annex 1 – Processing Personal Data)Error! Reference s ource not found.;
(b) it uses best endeavours to ensure the reliability and integrity of any Processor Personnel who have access to the Personal Data and ensure that they:
(i) are aware of and comply with the Processor's duties under this clause 14;
(ii) are subject to appropriate confidentiality undertakings with the Processor or any Subprocessor;
(iii) are informed of the confidential nature of the Personal Data and do not provide any of the Personal Data to any third party unless directed in writing to do so by the Controller or as otherwise allowed by the Contract; and
(iv) have undergone adequate training in the use, care, protection and handling of Personal Data.
(c) the Processor must not transfer Personal Data outside of the UK and/or the EEA unless the prior written consent of the Controller has been obtained and the following conditions are fulfilled:
(d) the transfer is in accordance with Article 45 of the UK GDPR (or section 74A of DPA 2018) and/or the transfer is in accordance with Article 45 of the EU GDPR (where applicable); or
(e) the Controller or the Processor has provided appropriate safeguards in relation to the transfer (whether in accordance with UK GDPR Article 46 or section 75 of the DPA 2018) and/or the transfer is in accordance with Article 46 of the EU GDPR (where applicable) as determined by the Controller which could include relevant parties entering into:
(i) where the transfer is subject to UK GDPR:
(A) the International Data Transfer Agreement (the “IDTA”), as published by the Information Commissioner's Office from time to time under section 119A(1) of the DPA 2018 as well as any additional measures determined by the Controller;
(B) the European Commission's Standard Contractual Clauses per decision 2021/914/EU or such updated version of such Standard Contractual Clauses as are published by the European Commission from time to time (“EU SCCs”), together with the UK International Data Transfer Agreement Addendum to the EU SCCs (the “Addendum”) as published by the Information Commissioner's Office from time to time; and/or
(ii) where the transfer is subject to EU GDPR, the EU SCCs, as well as any additional measures determined by the Controller being implemented by the importing party;
(f) the Data Subject has enforceable rights and effective legal remedies when transferred;
(g) the Processor meets its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
(h) the Processor complies with the Controller's reasonable prior instructions about the processing of the Personal Data.
Appears in 1 contract