Independent Controllers of Personal Data. 14.11.1 In the event that the Parties are Independent Controllers in respect of Personal Data under the Contract, the terms set out in Part C Independent Controllers (Optional) of Annex 1 – Processing Personal Data shall apply to this Contract.
Independent Controllers of Personal Data. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller.
Independent Controllers of Personal Data. The Parties acknowledge that they are Independent Controllers for the purposes of the Data Protection Legislation in respect of: ● Business contact details of Supplier Personnel for which the Supplier is the Controller, ● Business contact details of any directors, officers, employees, agents, consultants and contractors of National Highways (excluding the Supplier Personnel) engaged in the performance of National Highways’ duties under the Contract) for which National Highways is the Controller, ● [Insert the scope of other Personal Data provided by one Party who is Controller to the other Party who will separately determine the nature and purposes of its Processing the Personal Data on receipt e.g. where (1) the Supplier has professional or regulatory obligations in respect of Personal Data received, (2) a standardised service is such that National Highways cannot dictate the way in which Personal Data is processed by the Supplier, or (3) where the Supplier comes to the transaction with Personal Data for which it is already Controller for use by National Highways] [Guidance where multiple relationships have been identified above, please address the below rows in the table for in respect of each relationship identified] Duration of the Processing [Clearly set out the duration of the Processing including dates] Nature and purposes of the Processing [Please be as specific as possible, but make sure that you cover all intended purposes. The nature of the Processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means) etc. The purpose might include: employment processing, statutory obligation, recruitment assessment etc.] Type of Personal Data [Examples here include: name, address, date of birth, NI number, telephone number, pay, images, biometric data etc.] Categories of Data Subject [Examples include: Staff (including volunteers, agents, and temporary Workers), customers/ clients, Suppliers, patients, students / pupils, members of the public, users of a particular website etc.] International transfers and legal gateway [Explain were geographically Personal Data may be stored or accessed from. Explain the legal gateway you are relying on to export the data e.g. adequacy decision, EU SCCs, UK IDT...
Independent Controllers of Personal Data. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller. Each Party shall Process the Personal Data in compliance with its obligations under the Data Protection Legislation and not do anything to cause the other Party to be in breach of it. Where a Party has provided Personal Data to the other Party in accordance with paragraph 7 of this Fourth Schedule, the recipient of the Personal Data will provide all such relevant documents and information relating to its data protection policies and procedures as the other Party may reasonably require. The Parties shall be responsible for their own compliance with Articles 13 and 14 GDPR in respect of the Processing of Personal Data for the purposes of this Agreement. The Parties shall only provide Personal Data to each other: to the extent necessary to perform their respective obligations under this Agreement; in compliance with the Data Protection Legislation (including by ensuring all required data privacy information has been given to affected Data Subjects to meet the requirements of Articles 13 and 14 of the GDPR); and where it has recorded it in Annex 1 (Processing Personal Data). Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party shall, with respect to its Processing of Personal Data as Independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation, including Article 32 of the GDPR.
Independent Controllers of Personal Data. 17. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller.
18. Each Party shall Process the Personal Data in compliance with its obligations under the Data Protection Legislation and not do anything to cause the other Party to be in breach of it.
19. Where a Party has provided Personal Data to the other Party in accordance with paragraph 7 of this Annex B above, the recipient of the Personal Data will provide all such relevant documents and Information relating to its data protection policies and procedures as the other Party may reasonably require.
20. The Parties shall be responsible for their own compliance with Articles 13 and 14 UK GDPR in respect of the Processing of Personal Data for the purposes of the SEDPS Agreement.
21. The Supplier shall indemnify National Highways against any Losses, damages, cost or expenses incurred by National Highways arising from, or in connection with, any breach of the Supplier’s obligations under Part 3 of this Annex B
22. The provisions of Part 3 of this Annex B shall apply during the continuance of the
Independent Controllers of Personal Data. 17 With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Party, each Party undertakes to comply with the applicable Error! Reference source not found. in respect of their Processing of such Personal Data as Controller. 18 Each Party shall Process the Personal Data in compliance with its obligations under the Error! Reference source not found. and not do anything to cause the other Party to be in breach of it.
Independent Controllers of Personal Data. 5.1. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller.
5.2. Each Party shall Process the Personal Data in compliance with its obligations under the Data Protection Legislation and not do anything to cause the other Party to be in breach of it.
5.3. Where a Party has provided Personal Data to the other Party in accordance with this Schedule 4, the recipient of the Personal Data will provide all such relevant documents and information relating to its data protection policies and procedures as the other Party may reasonably require.
5.4. The Parties shall be responsible for their own compliance with Articles 13 and 14 of the GDPR in respect of the processing of Personal Data for the purposes of the Contract.
5.5. The Parties shall only provide Personal Data to each other:
(a) to the extent necessary to perform their respective obligations under the Contract;
(b) in compliance with the Data Protection Legislation (including by ensuring all required data privacy information has been given to affected Data Subjects to meet the requirements of Articles 13 and 14 of the GDPR); and
(c) where it has recorded it in Annex 1 (Processing Personal Data).
5.6. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party shall, with respect to its processing of Personal Data as an independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation, including Article 32 of the GDPR.
Independent Controllers of Personal Data. The Parties acknowledge that they are Independent Controllers for the purposes of the Data Protection Legislation in respect of: ● The names and business contact details of staff of both the Contracting Authority and Supplier necessary to deliver the Services exchanged during the course of the Contract and to undertake efficient Contract and performance management ● The Contract itself will include the names and business contract de- tails of staff of both the Contracting Authority and the Supplier involved in managing the Contract Duration of the Processing Up to 7 years after the expiry or termination of the Framework Agreement Nature and purposes of the Processing The nature of the processing will include access to names and payroll information held on the private cloud system, which the supplier may need to access to provide technical support. The nature of processing will include the storage and use of names and business contact details of staff of both the Contracting Authority and the Supplier as necessary to deliver the services and to undertake the Contract and performance management. To facilitate the fulfilment of the Supplier’s obligations arising under this Framework Agreement including: - Ensuring effective communication between the Supplier and CSS - Maintaining full and accurate records of every Call-Off Contract arising under the Framework Agreement in accordance with Clause 7.6 Type of Personal Data Includes: i. Contact details of, and communications with, CSS staff concerned with management of the Framework Agreement
Independent Controllers of Personal Data. The Parties acknowledge that they are Independent Controllers for the purposes of the Data Protection Legislation in respect of: Business contact details of Unsung staff and contractors for which Unsung is the Controller, Business contact details of any directors, officers, employees, agents, consultants and contractors of Unsung (excluding the Supplier Personnel) engaged in the performance of Unsung’s duties under the Contract) for which Unsung is the Controller, [Insert the scope of other Personal Data provided by one Party who is Controller to the other Party who will separately determine the nature and purposes of its Processing the Personal Data on receipt e.g. where (1) Unsung has professional or regulatory obligations in respect of Personal Data received, (2) a standardised service is such that Unsung cannot dictate the way in which Personal Data is processed by the Customer,
Independent Controllers of Personal Data. [The Parties acknowledge that they are Independent Controllers for the purposes of the Data Protection Legislation in respect of:] [Business contact details of Contractor Personnel,] [Business contact details of any directors, officers, employees, agents, consultants and contractors of the Authority (excluding the Contractor Personnel) engaged in the performance of the Authority’s duties under this Contract.] [Insert the scope of other Personal Data provided by one Party who is Data Controller to the other Party who will separately determine the nature and purposes of its processing the Personal Data on receipt, e.g. where (1) the Contractor has professional or regulatory obligations in respect of Personal Data received, (2) a standardised service is such that the Authority cannot dictate the way in which Personal Data is processed by the Contractor, or (3) where the Contractor comes to the transaction with Personal Data for which it is already Controller for use by the Authority]
