Independent Controllers of Personal Data. 14.11.1 In the event that the Parties are Independent Controllers in respect of Personal Data under the Contract, the terms set out in Part C Independent Controllers (Optional) of Annex 1 – Processing Personal Data shall apply to this Contract.
Independent Controllers of Personal Data. 17. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller.
Independent Controllers of Personal Data. With respect to Personal Data provided by one Party to another Party for which each Party acts as Controller but which is not under the Joint Control of the Parties, each Party undertakes to comply with the applicable Data Protection Legislation in respect of their Processing of such Personal Data as Controller. Each Party shall Process the Personal Data in compliance with its obligations under the Data Protection Legislation and not do anything to cause the other Party to be in breach of it. Where a Party has provided Personal Data to the other Party in accordance with paragraph 7 of this Fourth Schedule, the recipient of the Personal Data will provide all such relevant documents and information relating to its data protection policies and procedures as the other Party may reasonably require. The Parties shall be responsible for their own compliance with Articles 13 and 14 GDPR in respect of the Processing of Personal Data for the purposes of this Agreement. The Parties shall only provide Personal Data to each other: to the extent necessary to perform their respective obligations under this Agreement; in compliance with the Data Protection Legislation (including by ensuring all required data privacy information has been given to affected Data Subjects to meet the requirements of Articles 13 and 14 of the GDPR); and where it has recorded it in Annex 1 (Processing Personal Data). Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, each Party shall, with respect to its Processing of Personal Data as Independent Controller, implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures referred to in Article 32(1)(a), (b), (c) and (d) of the GDPR, and the measures shall, at a minimum, comply with the requirements of the Data Protection Legislation, including Article 32 of the GDPR.
Independent Controllers of Personal Data. The Parties acknowledge that they are Independent Controllers for the purposes of the Data Protection Legislation in respect of: ● Business contact details of Supplier Personnel for which the Supplier is the Controller, ● Business contact details of any directors, officers, employees, agents, consultants and contractors of National Highways (excluding the Supplier Personnel) engaged in the performance of National Highways’ duties under the Contract) for which National Highways is the Controller, ● [Insert the scope of other Personal Data provided by one Party who is Controller to the other Party who will separately determine the nature and purposes of its Processing the Personal Data on receipt e.g. where (1) the Supplier has professional or regulatory obligations in respect of Personal Data received, (2) a standardised service is such that National Highways cannot dictate the way in which Personal Data is processed by the Supplier, or (3) where the Supplier comes to the transaction with Personal Data for which it is already Controller for use by National Highways] [Guidance where multiple relationships have been identified above, please address the below rows in the table for in respect of each relationship identified] Duration of the Processing [Clearly set out the duration of the Processing including dates] Nature and purposes of the Processing [Please be as specific as possible, but make sure that you cover all intended purposes. The nature of the Processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means) etc. The purpose might include: employment processing, statutory obligation, recruitment assessment etc.] Type of Personal Data [Examples here include: name, address, date of birth, NI number, telephone number, pay, images, biometric data etc.] Categories of Data Subject [Examples include: Staff (including volunteers, agents, and temporary Workers), customers/ clients, Suppliers, patients, students / pupils, members of the public, users of a particular website etc.] International transfers and legal gateway [explain were geographically Personal Data may be stored or accessed from. Explain the legal gateway you are relying on to export the data e.g. adequacy decision, EU SCCs, UK IDT...
Independent Controllers of Personal Data. [The Parties acknowledge that they are Independent Controllers for the purposes of the Data Protection Legislation in respect of:] [Business contact details of Contractor Personnel,] [Business contact details of any directors, officers, employees, agents, consultants and contractors of the Authority (excluding the Contractor Personnel) engaged in the performance of the Authority’s duties under this Contract.] [Insert the scope of other Personal Data provided by one Party who is Data Controller to the other Party who will separately determine the nature and purposes of its processing the Personal Data on receipt, e.g. where (1) the Contractor has professional or regulatory obligations in respect of Personal Data received, (2) a standardised service is such that the Authority cannot dictate the way in which Personal Data is processed by the Contractor, or (3) where the Contractor comes to the transaction with Personal Data for which it is already Controller for use by the Authority] Subject matter of the processing [This should be a high level, short description of what the processing is about i.e. its subject matter of the contract. Example: The processing is needed in order to ensure that the Processor can effectively deliver the contract to provide a service to members of the public. ] Duration of the processing [Clearly set out the duration of the processing including dates] Nature and purposes of the processing [Please be as specific as possible, but make sure that you cover all intended purposes. The nature of the processing means any operation such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means) etc. The purpose might include: employment processing, statutory obligation, recruitment assessment etc.] Type of Personal Data being Processed [Examples here include: name, address, date of birth, NI number, telephone number, pay, images, Biometric Data, Data Concerning Health, Profiling, etc.] Categories of Data Subject [Examples include: Staff (including volunteers, agents, and temporary workers), customers/ clients, suppliers, patients, students / pupils, members of the public, users of a particular website etc.] Plan for return and destruction of the data once the processing is complete UNLESS requirement under...
