Data Processing In this clause:
Details of Data Processing (a) Subject matter: The subject matter of the data processing under this DPA is the Customer Data.
Personal Data Processing 2.1 The Processor shall process Personal Data only on the basis of corresponding recorded orders from the Controller.
2.2 By way of exception, in particular in urgent cases, processing orders from the Data Controller may also be made orally. In this case, the Data Controller shall confirm as soon as possible and in writing, by any appropriate means, the instructions given orally.
2.3 Where the processing concerns the transmission of Personal Data to a third country outside the European Union or to an international organization, the Data Processor shall also comply with the relevant instructions of the Data Controller, unless different legal requirements exist under European Union laws or the laws of the Member State to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller before processing of the legal requirement in question, unless the said law prohibits this kind of information for reasons of substantial public interest.
2.4 The transmission of Personal Data to a third country outside the European Union is prohibited unless the Data Controller has given prior explicit approval to that end, and one of the following conditions is met: • the European Commission has resolved that an adequate level of protection of personal data is ensured in the country the Personal Data is to be transmitted; • the transmission is to be made to the U.S.A.; and the recipient of the Personal Data has acceded to and abides by the Privacy Shield Framework; • the transmission will be governed by the standard data protection clauses issued by the European Commission.
2.5 The Data Processor shall inform the Data Controller immediately upon receipt of the order or as soon as possible if he / she determines that the content of a particular processing order violates the Regulation and / or national law and / or the law of another Member State of the European Union (EU), and / or other provisions of EU law on the protection of Personal Data.
2.6 The Data Processor acknowledges that the Data Controller has full control over her Personal Data and determines any particular feature of the processing to which the Personal Data will be submitted. If the Data Processor ignores the instructions of the Data Controller and determines alone the scope, the means and generally any other matter concerning the processing of Personal Data, she shall render herself the Data Controller for the purposes of implementing the Regulation and the legal framework on the protection of Personal Data. The practical consequence of this is that, in addition to the full responsibility of the Processor towards the Controller, she shall carry the same level of responsibility vis-à-vis the independent supervisory authority (and any other competent state authority) as well as the Natural Persons - Data Subjects of the data being processed.
Workstation Encryption Supplier will require hard disk encryption of at least 256-bit Advanced Encryption Standard (AES) on all workstations and/or laptops used by Personnel where such Personnel are accessing or processing Accenture Data.
Data Processing Agreement The Data Processing Agreement, including the Approved Data Transfer Mechanisms (as defined in the Data Processing Agreement) that apply to your use of the Services and transfer of Personal Data, is incorporated into this Agreement by this reference. Each party will comply with the terms of the Data Processing Agreement and will train its employees on DP Law.
ELECTRONIC WORKFLOW SYSTEM OGS reserves the right to incorporate an electronic workflow system that may include elements of the Authorized User RFQ process. OGS reserves the right to post Authorized User Contract usage of Centralized Contracts. For Lot 4 only, when provided for in the RFQ and resultant Authorized User Agreement, the Authorized Users may reimburse travel expenses. All rules and regulations associated with this travel can be found at xxxx://xxx.xxxxx.xx.xx/agencies/travel/travel.htm. In no case will any travel reimbursement be charged that exceeds these rates. All travel will be paid only as specified within the Authorized User Agreement and must be billed with the associated services on the same Invoice with receipts attached. The Contractor shall receive prior approval from the Authorized User for any travel that occurs during the term of an Authorized User Agreement. Parking fees and/or parking tickets shall not be paid by an Authorized User. Unless otherwise specified in writing by the Authorized User, a vehicle will not be provided by Authorized User to the Contractor for travel. Therefore, the Contractor will be responsible for ensuring that the Contractor has access to an appropriate vehicle (e.g., personal vehicle or rental vehicle) or common carrier with which to carry out any necessary travel. For the Contractor to obtain reimbursement for the use of a rental vehicle, such use must be justified as the most cost- effective mode of transportation under the circumstances (including consideration of the most effective use of time). The Contractor is responsible for keeping adequate records to substantiate any claims for travel reimbursement. All services provided under the resultant Authorized User Agreement must be performed within CONUS. There are no BONDS for this Contract. However, an Authorized User may require in an RFQ a performance, payment or Bid bond, or negotiable irrevocable letter of credit or other form of security for the faithful performance for the resultant Authorized User Agreement. Pursuant to New York State Executive Law Article 15-A and Parts 140-145 of Title 5 of the New York Codes, Rules and Regulations (“NYCRR”), the New York State Office of General Services (“OGS”) is required to promote opportunities for the maximum feasible participation of New York State-certified Minority- and Women-owned Business Enterprises (“MWBEs”) and the employment of minority group members and women in the performance of OGS contracts.
Data Encryption Contractor must encrypt all State data at rest and in transit, in compliance with FIPS Publication 140-2 or applicable law, regulation or rule, whichever is a higher standard. All encryption keys must be unique to State data. Contractor will secure and protect all encryption keys to State data. Encryption keys to State data will only be accessed by Contractor as necessary for performance of this Contract.
Program Monitoring The Contractor will make all records and documents required under this Agreement as outlined here, in OEC Policies and NHECC Policies available to the SRO or its designee, the SR Fiscal Officer or their designee and the OEC. Scheduled monitoring visits will take place twice a year. The SRO and OEC reserve the right to make unannounced visits.
Subprocessing The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the subprocessor which imposes the same obligations on the subprocessor as are imposed on the data importer under the Clauses. Where the subprocessor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the subprocessor's obligations under such agreement.
Contract Monitoring The criminal background checks required by this rule shall be national in scope, and must be conducted at least once every three (3) years. Contractor shall make the criminal background checks required by Paragraph IV.G.1 available for inspection and copying by DRS personnel upon request of DRS.
