General distribution of responsibilities. 27.3.1. All Parties shall, at all times, comply with their respective obligations under all applicable Data Protection Legislation in relation to all Personal Data that is processed under this Agreement. 27.3.2. The MCSC will designate a specific point of contact (“GDPR SPOC”) for carrying-out data subjects’ rights request, it being understood that the data subjects can nonetheless exercise their rights under the GDPR vis- à-vis each Party as individual data controller. 27.3.3. Each Party is individually responsible for: a) notifying the required GDPR processing information under article 13 and 14 of the GDPR to data subjects appointed or acting as representative, personnel or service provider on such Party’s behalf or at such Party’s request in the performance of the Agreement, whose Personal Data is being processed, so that they are aware of the data processing carried out in the framework of the Agreement; b) ensuring the respect for data subjects rights as per articles 15 to 22 of the GDPR. If a Party receives a request, a complaint or inquiry from a data subject regarding the processing of its Personal Data, the GDPR SPOC shall be informed thereof and be requested to honor or implement the request in accordance with the GDPR. c) implementing internally the appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing of Personal Data is performed in accordance with applicable Data Protection Legislation; d) complying with the requirement for records of processing activities in article 30 of the GDPR. For the avoidance of doubt, each Party agrees to keep an entry regarding the processing carried out in the context of the joint controllership in their respective registers to be kept in accordance with article 30 of the GDPR. e) complying with articles 33 and 34 of the GDPR on notification of a Personal Data breach to the supervisory authority and/or to the concerned data subject(s). The concerned Party(ies) shall inform the GDPR SPOC, so that they can inform all other Parties thereof. However, if the reason for the breach is not immediately attributable to one of the data controllers, and the breach is attributable to the provider of the common (online) storage place referred to in Article 26.2 or any processor jointly chosen by the Parties, the GDPR SPOC is responsible for managing a Personal Data breach and notifying the Personal Data breach to the supervisory authority and/or to the data subjects.
Appears in 3 contracts
Samples: Intraday Operations Agreement (Idoa), Intraday Operations Agreement (Idoa), Intraday Operations Agreement
General distribution of responsibilities. 27.3.118.3.1. All Parties shall, at all times, comply with their respective obligations under all applicable Data Protection Legislation in relation to all Personal Data that is processed under this Agreement.
27.3.218.3.2. The TSO MCSC will designate a specific point of contact (“GDPR SPOC”) for carrying-out data subjects’ rights request, it being understood that the data subjects can nonetheless exercise their rights under the GDPR vis- vis-à-vis each Party as individual data controller.
27.3.318.3.3. Each Party is individually responsible for:
a) notifying the required GDPR processing information under article 13 and 14 of the GDPR to data subjects appointed or acting as representative, personnel or service provider on such Party’s behalf or at such Party’s request in the performance of the Agreement, whose Personal Data is being processed, so that they are aware of the data processing carried out in the framework of the Agreement;
b) ensuring the respect for data subjects rights as per articles 15 to 22 of the GDPR. If a Party receives a request, a complaint or inquiry from a data subject regarding the processing of its Personal Data, the GDPR SPOC shall be informed thereof and be requested to honor or implement the request in accordance with the GDPR.
c) implementing internally the appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing of Personal Data is performed in accordance with applicable Data Protection Legislation;
d) complying with the requirement for records of processing activities in article 30 of the GDPR. For the avoidance of doubt, each Party agrees to keep an entry regarding the processing carried out in the context of the joint controllership in their respective registers to be kept in accordance with article 30 of the GDPR.
e) complying with articles 33 and 34 of the GDPR on notification of a Personal Data breach to the supervisory authority and/or to the concerned data subject(s). The concerned Party(ies) Party/ies shall inform the GDPR SPOC, so that they can inform all other Parties thereof. However, if the reason for the breach is not immediately attributable to one of the data controllers, and the breach is attributable to the provider of the common (online) storage place referred to in Article 26.2 17.2 or any processor jointly chosen by the Parties, the GDPR SPOC is responsible for managing a Personal Data breach and notifying the Personal Data breach to the supervisory authority and/or to the data subjects.
Appears in 2 contracts
Samples: Tso Cooperation Agreement for Single Day Ahead Coupling, Tso Cooperation Agreement for Single Intraday Coupling (Tcid)
General distribution of responsibilities. 27.3.128.3.1. All Parties shall, at all times, comply with their respective obligations under all applicable Data Protection Legislation in relation to all Personal Data that is processed under this Agreement.
27.3.228.3.2. The MCSC will designate a specific point of contact (“GDPR SPOC”) for carrying-out data subjects’ rights request, it being understood that the data subjects can nonetheless exercise their rights under the GDPR vis- vis-à-vis each Party as individual data controller.
27.3.328.3.3. Each Party is individually responsible for:
a) notifying the required GDPR processing information under article 13 and 14 of the GDPR to data subjects appointed or acting as representative, personnel or service provider on such Party’s behalf or at such Party’s request in the performance of the Agreement, whose Personal Data is being processed, so that they are aware of the data processing carried out in the framework of the Agreement;
b) ensuring the respect for data subjects rights as per articles 15 to 22 of the GDPR. If a Party receives a request, a complaint or inquiry from a data subject regarding the processing of its Personal Data, the GDPR SPOC shall be informed thereof and be requested to honor or implement the request in accordance with the GDPR.
c) implementing internally the appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing of Personal Data is performed in accordance with applicable Data Protection Legislation;
d) complying with the requirement for records of processing activities in article 30 of the GDPR. For the avoidance of doubt, each Party agrees to keep an entry regarding the processing carried out in the context of the joint controllership in their respective registers to be kept in accordance with article 30 of the GDPR.
e) complying with articles 33 and 34 of the GDPR on notification of a Personal Data breach to the supervisory authority and/or to the concerned data subject(s). The concerned Party(ies) shall inform the GDPR SPOC, so that they can inform all other Parties thereof. However, if the reason for the breach is not immediately attributable to one of the data controllers, and the breach is attributable to the provider of the common (online) storage place referred to in Article 26.2 27.1 or any processor jointly chosen by the Parties, the GDPR SPOC is responsible for managing a Personal Data breach and notifying the Personal Data breach to the supervisory authority and/or to the data subjects.the
Appears in 1 contract
Samples: Single Day Ahead Coupling Operations Agreement (Daoa)
General distribution of responsibilities. 27.3.1. All Parties 39.4.1 Each Party shall, at all times, comply with their its respective obligations under all applicable Data Protection Legislation in relation to all Personal Data that is processed under this Agreement.
27.3.2. 39.4.2 The MCSC NEMO ID SC will designate a specific point of contact (“GDPR SPOC”) for carrying-out data subjects’ rights requestrequests, it being understood that the data subjects can nonetheless exercise their rights under the GDPR vis- vis-à-vis each Party as an individual data controller.
27.3.3. 39.4.3 Each Party is individually responsible for:
a) notifying the required GDPR processing information under article 13 and 14 of the GDPR to data subjects appointed or acting as representative, personnel or service provider on such Party’s behalf or at such Party’s request in the performance of the Agreement, whose Personal Data is being processed, so that they are aware of the data processing carried out in the framework of the Agreement;
b) ensuring the respect for data subjects rights as per articles 15 to 22 of the GDPR. If a Party receives a request, a complaint or inquiry from a data subject regarding the processing of its Personal Data, the GDPR SPOC shall be informed thereof and be requested to honor or implement the request in accordance with the GDPR.;
c) implementing internally the appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing of Personal Data is performed in accordance with applicable Data Protection Legislation;
d) complying with the requirement for records of processing activities in article 30 of the GDPR. For the avoidance of doubt, each Party agrees to keep an entry regarding the processing carried out in the context of the joint controllership in their respective registers to be kept in accordance with article 30 of the GDPR.;
e) complying with articles 33 and 34 of the GDPR on notification of a Personal Data breach to the supervisory authority and/or to the concerned data subject(s). The concerned Party(ies) Party/ies shall inform the GDPR SPOC, so that they can inform all other Parties thereof. However, if the reason for the breach is not immediately attributable to one of the data controllers, and the breach is attributable to the provider of the common (online) storage place referred to in Article 26.2 38.9 or any processor jointly chosen by the Parties, the GDPR SPOC is responsible for managing a Personal Data breach and notifying the Personal Data breach to the supervisory authority and/or to the data subjects.
39.4.4 The GDPR SPOC is responsible for:
a) verifying that data subjects whose Personal Data is being processed are notified of the required GDPR processing information under articles 13 and 14 of the GDPR, so that they are aware of the data processing being carried out in the framework of ANIDOA;
b) ensuring compliance by the Parties with all data subjects’ rights as per articles 15 to 22 of the GDPR. If a Party receives a request, a complaint or an inquiry from a data subject regarding the processing of its Personal Data, the GDPR SPOC shall be informed thereof and be required to respond to such request, complaint or inquiry in accordance with the GDPR;
c) implementing the appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing of Personal Data is performed in accordance with GDPR;
d) complying with the requirement for records of processing activities applicable in article 30 of the GDPR. For the avoidance of doubt, the GDPR SPOC shall be required to keep an entry regarding the processing carried out in the context of the joint controllership in a register maintained in accordance with article 30 of the GDPR;
e) complying with articles 33 and 34 of the GDPR in notifying the supervisory authority and/or to the concerned data subject(s) of a Personal Data breach
f) complying with such further applicable national legal provisions, if any, as may be indicated by the Parties to the GDPR SPOC from time to time.
Appears in 1 contract
General distribution of responsibilities. 27.3.128.3.1. All Parties shall, at all times, comply with their respective obligations under all applicable Data Protection Legislation in relation to all Personal Data that is processed under this Agreement.
27.3.228.3.2. The MCSC will designate a specific point of contact (“GDPR SPOC”) for carrying-out data subjects’ rights request, it being understood that the data subjects can nonetheless exercise their rights under the GDPR vis- vis-à-vis each Party as individual data controller.
27.3.328.3.3. Each Party is individually responsible for:
a) notifying the required GDPR processing information under article 13 and 14 of the GDPR to data subjects appointed or acting as representative, personnel or service provider on such Party’s behalf or at such Party’s request in the performance of the Agreement, whose Personal Data is being processed, so that they are aware of the data processing carried out in the framework of the Agreement;
b) ensuring the respect for data subjects rights as per articles 15 to 22 of the GDPR. If a Party receives a request, a complaint or inquiry from a data subject regarding the processing of its Personal Data, the GDPR SPOC shall be informed thereof and be requested to honor or implement the request in accordance with the GDPR.
c) implementing internally the appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing of Personal Data is performed in accordance with applicable Data Protection Legislation;
d) complying with the requirement for records of processing activities in article 30 of the GDPR. For the avoidance of doubt, each Party agrees to keep an entry regarding the processing carried out in the context of the joint controllership in their respective registers to be kept in accordance with article 30 of the GDPR.
e) complying with articles 33 and 34 of the GDPR on notification of a Personal Data breach to the supervisory authority and/or to the concerned data subject(s). The concerned Party(ies) shall inform the GDPR SPOC, so that they can inform all other Parties thereof. However, if the reason for the breach is not immediately attributable to one of the data controllers, and the breach is attributable to the provider of the common (online) storage place referred to in Article 26.2 27.1 or any processor jointly chosen by the Parties, the GDPR SPOC is responsible for managing a Personal Data breach and notifying the Personal Data breach to the supervisory authority and/or to the data subjects.
Appears in 1 contract
General distribution of responsibilities. 27.3.1. All Parties 28.4.1 Each Party shall, at all times, comply with their its respective obligations under all applicable Data Protection Legislation in relation to all Personal Data that is processed under this Agreement.
27.3.2. 28.4.2 The MCSC NEMO Committee will designate a specific point of contact (the “GDPR SPOC”) for carrying-out data subjects’ rights requestrequests, it being understood that the data subjects can nonetheless exercise their rights under the GDPR vis- vis-à-vis each Party as an individual data controller.
27.3.3. 28.4.3 Each Party is individually responsible for:
ai) notifying the required GDPR processing information under article articles 13 and 14 of the GDPR to data subjects appointed or acting as representative, personnel or service provider on such Party’s behalf or at such Party’s request in the performance of the this Agreement, whose Personal Data is being processed, so that they are aware of the data processing carried out in the framework of the this Agreement;
bii) ensuring the respect for data subjects rights as per articles 15 to 22 of the GDPR. If a Party receives a request, a complaint or inquiry from a data subject regarding the processing of its Personal Data, the GDPR SPOC shall be informed thereof and be requested to honor honour or implement the request in accordance with the GDPR.;
ciii) implementing internally the appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing of Personal Data is performed in accordance with applicable Data Protection Legislation;
div) complying with the requirement for records of processing activities in article 30 of the GDPR. For the avoidance of doubt, each Party agrees to keep an entry regarding the processing carried out in the context of the joint controllership in their respective registers to be kept in accordance with article 30 of the GDPR.; and
ev) complying with articles 33 and 34 of the GDPR on notification of a Personal Data breach to the relevant supervisory authority and/or to the concerned data subject(s). The concerned Party(ies) Party/ies shall inform the GDPR SPOC, so that they can inform all other Parties thereof. However, however, if the reason for the breach is not immediately attributable to one of the data controllers, and the breach is attributable to the provider of the common (online) storage place referred to in Article 26.2 clause 12.1 or any processor jointly chosen by the Parties, the GDPR SPOC is responsible for managing a Personal Data breach and notifying the Personal Data breach to the relevant supervisory authority and/or to the data subjects.
28.4.4 The GDPR SPOC is responsible for: i) making sure the Privacy Policy is online and up to date;
Appears in 1 contract
Samples: All Nemo Cooperation Agreement
General distribution of responsibilities. 27.3.1. All Parties 18.11.4.1 Each Party shall, at all times, comply with their its respective obligations under all applicable Data Protection Legislation in relation to all Personal Data that is processed under this Agreement.
27.3.2. 18.11.4.2 The MCSC NEMO DA SC will designate a specific point of contact (“GDPR SPOC”) for carrying-out data subjects’ rights requestrequests, it being understood that the data subjects can nonetheless exercise their rights under the GDPR vis- vis-à-vis each Party as an individual data controller.
27.3.3. 18.11.4.3 Each Party is individually responsible for:
a) notifying the required GDPR processing information under article 13 and 14 of the GDPR to data subjects appointed or acting as representative, personnel or service provider on such Party’s behalf or at such Party’s request in the performance of the Agreement, whose Personal Data is being processed, so that they are aware of the data processing carried out in the framework of the Agreement;
b) ensuring the respect for data subjects rights as per articles 15 to 22 of the GDPR. If a Party receives a request, a complaint or inquiry from a data subject regarding the processing of its Personal Data, the GDPR SPOC shall be informed thereof and be requested to honor or implement the request in accordance with the GDPR.;
c) implementing internally the appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing of Personal Data is performed in accordance with applicable Data Protection Legislation;
d) complying with the requirement for records of processing activities in article 30 of the GDPR. For the avoidance of doubt, each Party agrees to keep an entry regarding the processing carried out in the context of the joint controllership in their respective registers to be kept in accordance with article 30 of the GDPR.;
e) complying with articles 33 and 34 of the GDPR on notification of a Personal Data breach to the supervisory authority and/or to the concerned data subject(s). The concerned Party(ies) Party/ies shall inform the GDPR SPOC, so that they can inform all other Parties thereof. thereof However, if the reason for the breach is not immediately attributable to one of the data controllers, and the breach is attributable to the provider of the common (online) storage place referred to in Article 26.2 18.2.2 or any processor jointly chosen by the Parties, the GDPR SPOC is responsible for managing a Personal Data breach and notifying the Personal Data breach to the supervisory authority and/or to the data subjects.
18.11.4.4 The GDPR SPOC is responsible for:
a) verifying that data subjects whose Personal Data is being processed are notified of the required GDPR processing information under articles 13 and 14 of the GDPR, so that they are aware of the data processing being carried out in the framework of the use of NEMO website;
b) ensuring compliance by the Parties with all data subjects’ rights as per articles 15 to 22 of the GDPR. If a Party receives a request, a complaint or an inquiry from a data subject regarding the processing of its Personal Data, the GDPR SPOC shall be informed thereof and be required to respond to such request, complaint or inquiry in accordance with the GDPR;
c) implementing the appropriate technical and organisational measures to ensure and to be able to demonstrate that the processing of Personal Data is performed in accordance with GDPR;
d) complying with the requirement for records of processing activities applicable in article 30 of the GDPR. For the avoidance of doubt, the GDPR SPOC shall be required to keep an entry regarding the processing carried out in the context of the joint controllership in a register maintained in accordance with article 30 of the GDPR;
e) complying with articles 33 and 34 of the GDPR in notifying the supervisory authority and/or to the concerned data subject(s) of a Personal Data breach;
f) complying with such further applicable national legal provisions, if any, as may be indicated by the Parties to the GDPR SPOC from time to time.
Appears in 1 contract