Processing of Customer Personal Data 3.1 UKG will: 3.1.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and 3.1.2 not Process Customer Personal Data other than for the purpose, and in accordance with, the relevant Customer’s instructions as documented in the Agreement and this DPA, unless Processing is required by the Data Protection Laws to which the relevant UKG Processor is subject, in which case UKG to the extent permitted by the Data Protection Laws, will inform Customer of that legal requirement before the Processing of that Customer Personal Data. 3.2 Customer hereby: 3.2.1 instructs UKG (and authorizes UKG to instruct each Subprocessor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory subject to the provisions of this DPA, in each case as reasonably necessary for the provision of the Services and consistent with the Agreement. 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instructions set out in Section 3.2.1 on behalf of each relevant Customer Affiliate; and 3.2.3 warrants and represents that it has all necessary rights in relation to the Customer Personal Data and/or has collected all necessary consents from Data Subjects to Process Customer Personal Data to the extent required by Applicable Law. 3.3 Schedule 1 to this DPA sets out certain information regarding UKG’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR (and equivalent requirements of other Data Protection Laws).
Your Personal Data 17.1. PCSIL is a registered Data Controller with the Data Protection Commission in Ireland. 17.2. In order for us to provide you with the services relating to your Account, we are required to collect and process personal data about you, Additional Cardholders and Authorised Persons, with your consent or on a legal basis to meet our obligations for Anti-Money Laundering legislation or other governmental organisation. Where applicable, if an Account holder is under 16, then parental consent is explicitly required. 17.3. Your consent will be sought for collection of your data and you have the right to agree or decline. Where you decline consent for the collection and processing of your data, we reserve our right to discontinue service due to our obligations as a financial services institution. 17.4. We may disclose or check your personal data with other organisations and obtain further information about you in order to verify your identity and comply with applicable money laundering and governmental regulations. A record of our enquiries will be left on your file. 17.5. We may pass your personal data on to third-party service providers contracted to PCSIL in the course of dealing with your Account. Any third parties that we may share your data with are obliged to keep your details secure, and to use them only to fulfil the service they provide you on our behalf. Where we transfer the personal data to a third country or international organisation, we ensure this is done securely and that they meet a minimum standard of data protection in their country. 17.6. You have the right to receive information concerning the personal data we hold about you and to rectify such data where it is inaccurate or incomplete. You have the right to object to or withdraw any consent you have given for certain types of processing such as direct marketing. 17.7. Your data will be retained for 6 years after the end of the provision of services to you, where your data will be destroyed in compliance with the requirements of the General Data Protection Regulation. 17.8. In the event that you wish to make a complaint about how your personal data is being processed by us (or third parties as described in 17.5 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and PCSIL’s Data Protection Officer. 17.9. Our Privacy Policy provides full details on your rights as a data subject and our obligations as a data controller. Please read this document carefully and ensure you understand your rights.
Personal Data Processing 2.1 The Processor shall process Personal Data only on the basis of corresponding recorded orders from the Controller. 2.2 By way of exception, in particular in urgent cases, processing orders from the Data Controller may also be made orally. In this case, the Data Controller shall confirm as soon as possible and in writing, by any appropriate means, the instructions given orally. 2.3 Where the processing concerns the transmission of Personal Data to a third country outside the European Union or to an international organization, the Data Processor shall also comply with the relevant instructions of the Data Controller, unless different legal requirements exist under European Union laws or the laws of the Member State to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller before processing of the legal requirement in question, unless the said law prohibits this kind of information for reasons of substantial public interest. 2.4 The transmission of Personal Data to a third country outside the European Union is prohibited unless the Data Controller has given prior explicit approval to that end, and one of the following conditions is met: • the European Commission has resolved that an adequate level of protection of personal data is ensured in the country the Personal Data is to be transmitted; • the transmission is to be made to the U.S.A.; and the recipient of the Personal Data has acceded to and abides by the Privacy Shield Framework; • the transmission will be governed by the standard data protection clauses issued by the European Commission. 2.5 The Data Processor shall inform the Data Controller immediately upon receipt of the order or as soon as possible if he / she determines that the content of a particular processing order violates the Regulation and / or national law and / or the law of another Member State of the European Union (EU), and / or other provisions of EU law on the protection of Personal Data. 2.6 The Data Processor acknowledges that the Data Controller has full control over her Personal Data and determines any particular feature of the processing to which the Personal Data will be submitted. If the Data Processor ignores the instructions of the Data Controller and determines alone the scope, the means and generally any other matter concerning the processing of Personal Data, she shall render herself the Data Controller for the purposes of implementing the Regulation and the legal framework on the protection of Personal Data. The practical consequence of this is that, in addition to the full responsibility of the Processor towards the Controller, she shall carry the same level of responsibility vis-à-vis the independent supervisory authority (and any other competent state authority) as well as the Natural Persons - Data Subjects of the data being processed.
Personal Data Registry Operator shall (i) notify each ICANN-‐accredited registrar that is a party to the registry-‐registrar agreement for the TLD of the purposes for which data about any identified or identifiable natural person (“Personal Data”) submitted to Registry Operator by such registrar is collected and used under this Agreement or otherwise and the intended recipients (or categories of recipients) of such Personal Data, and (ii) require such registrar to obtain the consent of each registrant in the TLD for such collection and use of Personal Data. Registry Operator shall take reasonable steps to protect Personal Data collected from such registrar from loss, misuse, unauthorized disclosure, alteration or destruction. Registry Operator shall not use or authorize the use of Personal Data in a way that is incompatible with the notice provided to registrars.
Personal Data Breaches 5.7.1 The Data Processor shall give immediate notice to the Data Controller if a breach occurs, that can lead to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored or otherwise processed re the Personal Data processed on behalf of the Data Controller (a “Personal Data Breach”). 5.7.2 The Data Processor shall make reasonable efforts to identify the cause of such a breach and take those steps as they deem necessary to establish the cause, and to prevent such a breach from reoccurring.
Privacy of Customer Information Company Customer Information in the possession of the Agent, other than information independently obtained by the Agent and not derived in any manner from or using information obtained under or in connection with this Agreement, is and shall remain confidential and proprietary information of the Companies. Except in accordance with this Section 10.10, the Agent shall not use any Company Customer Information for any purpose, including the marketing of products or services to, or the solicitation of business from, Customers, or disclose any Company Customer Information to any Person, including any of the Agent’s employees, agents or contractors or any third party not affiliated with the Agent. The Agent may use or disclose Company Customer Information only to the extent necessary (i) for examination and audit of the Agent’s activities, books and records by the Agent’s regulatory authorities, (ii) to protect or exercise the Agent’s, the Custodian’s and the Lenders’ rights and privileges or (iii) to carry out the Agent’s, the Custodian’s and the Lenders’ express obligations under this Agreement and the other Facilities Papers (including providing Company Customer Information to Approved Investors), and for no other purpose; provided that the Agent may also use and disclose the Company Customer Information as expressly permitted by the relevant Company in writing, to the extent that such express permission is in accordance with the Privacy Requirements. The Agent shall take commercially reasonable steps to ensure that each Person to which the Agent intends to disclose Company Customer Information, before any such disclosure of information, agrees to keep confidential any such Company Customer Information and to use or disclose such Company Customer Information only to the extent necessary to protect or exercise the Agent’s, the Custodian’s and the Lenders’ rights and privileges, or to carry out the Agent’s, the Custodian’s and the Lenders’ express obligations, under this Agreement and the other Facilities Papers (including providing Company Customer Information to Approved Investors). The Agent agrees to maintain an Information Security Program and to assess, manage and control risks relating to the security and confidentiality of Company Customer Information pursuant to such program in the same manner as the Agent does so in respect of their own customers’ information, and shall implement the standards relating to such risks in the manner set forth in the Interagency Guidelines Establishing Standards for Safeguarding Company Customer Information set forth in 12 CFR Parts 30, 208, 211, 225, 263, 308, 364, 568 and 570. Without limiting the scope of the foregoing sentence, the Agent shall use at least the same physical and other security measures to protect all Company Customer Information in the Agent’s possession or control as the Agent uses for their own customers’ confidential and proprietary information.
Customer Data 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at XxxxxXXX.xxx or such other website address as may be notified to the Customer as such document may be amended by the Supplier in its sole discretion from time to time the current version of which is set out at Schedule 3 of this Agreement. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy as such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (b) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (c) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (d) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. 5.5 The Supplier and the Customer shall comply with their respective obligations as set out in Schedule 4 of this Agreement
Protection of Customer Data The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved by the Customer. To the extent that the Customer Data is held and/or Processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format (if any) specified by the Customer in the Call Off Order Form and, in any event, as specified by the Customer from time to time in writing. The Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall perform secure back-ups of all Customer Data and shall ensure that up-to-date back-ups are stored off-site at an Approved location in accordance with any BCDR Plan or otherwise. The Supplier shall ensure that such back-ups are available to the Customer (or to such other person as the Customer may direct) at all times upon request and are delivered to the Customer at no less than six (6) Monthly intervals (or such other intervals as may be agreed in writing between the Parties). The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). If at any time the Supplier suspects or has reason to believe that the Customer Data is corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a Default so as to be unusable, the Supplier may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of Customer Data to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer, and the Supplier shall do so as soon as practicable but not later than five (5) Working Days from the date of receipt of the Customer’s notice; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in Call Off Schedule 8 (Business Continuity and Disaster Recovery) or as otherwise required by the Customer.
Personal Data Breach 7.1 Processor shall notify Company without undue delay upon Processor becoming aware of a Personal Data Breach affecting Company Personal Data, providing Company with sufficient information to allow the Company to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws. 7.2 Processor shall co-operate with the Company and take reasonable commercial steps as are directed by Company to assist in the investigation, mitigation and remediation of each such Personal Data Breach.
YOUR PERSONAL INFORMATION 17.1 We collect certain information about the purchaser and the users of the Card in order to operate the Card programme. IDT Financial Services Limited is the data controllers of Your personal data, and will manage and protect Your personal data in accordance with applicable law.IDT Financial Services Limited receives card services from First Data Slovakia s.r.o., which acts as a data processor for IDT Financial Services Limited. 17.2 We may transfer Your personal data outside the EEA to Our commercial partners where necessary to provide Our services to You, such as customer service, account administration, financial reconciliation, or where the transfer is necessary as a result of Your request, such as the processing of any international transaction. When We transfer personal data outside the EEA, We will take steps to ensure that Your personal data is afforded substantially similar protection as personal data processed within the EEA. Please be aware that not all countries have laws to protect personal data in a manner equivalent to that of the EEA. Your use of Our products and services will indicate to Us that You agree to the transfer of Your personal data outside the EEA. If You withdraw Your consent to the processing of Your personal data or its transfer outside the EEA, which You can do by using the contact details in clause 15, We will not be able to provide Our services to You. Therefore, such withdrawal of consent will be deemed to be a termination of the Agreement. 17.3 Unless You have provided Your explicit permission, Your personal data will not be used for marketing purposes by Us or Our commercial partners (unless You have independently provided Your consent to them directly), nor will it be shared with third parties unconnected with the Card scheme. 17.4 You have the right to request details of the personal information that is held about You, and You may receive this by writing to our Customer Service Center. 17.5 Please refer to the Privacy Policy of IDT Financial Services Limited xxxx://xxx.xxxxxxxxxx.xxx/privacypolicy.pdf for full details, which You accept by accepting the Agreement.
