Common use of Independent Data Controllers Clause in Contracts

Independent Data Controllers. (a) The Parties agree that, for the purposes of Data Protection Legislation, each Party (to the extent it processes Personal Data) processes Personal Data as an independent data controller in its own right. Nothing in this Agreement is intended to construe either Party as the data processor of the other Party or as joint data controllers with one another with respect to Personal Data. (b) Each Party shall: (i) comply with its obligations under Data Protection Legislation; (ii) be responsible for dealing with and responding to data subject requests, enquiries or complaints (including any request by a data subject to exercise their rights under Data Protection Legislation) it receives, unless otherwise agreed between the Parties; and (iii) promptly notify the other Party in writing of each Security Incident of which it becomes aware relating to the Personal Data to the extent the Security Incident is likely to affect the other Party. (c) Each Party warrants that it is not subject to any restriction which would prevent or restrict it from disclosing or transferring Personal Data to the other Party in accordance with the terms of this Agreement. (d) Without prejudice to sub-clause 0, each Party (the Disclosing Party) agrees that if it provides Personal Data to the other Party (the Receiving Party), it shall ensure that it has provided all necessary information to, and obtained all necessary consents from, the data subjects of the Personal Data, in each case to enable the Disclosing Party to disclose the Personal Data to the Receiving Party and for the Receiving Party to use that Personal Data for the Permitted Purposes, in each case in accordance with Data Protection Legislation. (e) In relation to the Personal Data it receives from the Disclosing Party, each Party shall: (i) at all times process the Personal Data in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures; and (ii) ensure that, at a minimum, the measures required under sub-clause 16.2(e)(i) meet the standard required by Data Protection Legislation. 17 Employment Protection and TUPE Notwithstanding anything to the contrary elsewhere in this Agreement: TUPE Indemnity 17.1 the Contractor shall be responsible for and shall indemnify and keep indemnified the Employer and any successor contractor from and against all and any costs, claims, expenses, damages, demands, actions, losses and liabilities arising out of or in connection with any claim in respect of any person which arises or is alleged to arise by reason of the Contractor’s failure to comply with its obligations and/or for failure to inform and consult under the Transfer of Undertakings (Protection of Employment) Regulations 2006 as amended or re- enacted from time to time (“TUPE”); Employee Data 17.2 in the last 12 months prior to completion of the Works under the last Contract Order or after notice of termination has been given in accordance with Clause 20, within 28 days of the Employer’s request, the Contractor shall (where TUPE is likely to apply) provide the Employer with a list of names, ages, addresses and national insurance numbers of all persons who are, who have been, or who may be at any time concerned with the Works or any part of them, specifying their job title, job description, basic salary, bonus and all other emoluments and benefits, period of continuous employment, the percentage of the time that they have worked on this Agreement, details of any agreements entered into with employee representative bodies in relation to such persons, details of all training and competency courses attended and certificates or qualifications obtained, place of work, all relevant contractual and non-contractual termination or severance arrangements, notice periods, contractual holiday entitlements, copy of employment contract or applicable Personnel Records Valuation of Contracts standard terms and employee handbook, immigrant status and right to work documentation, information on any disciplinary or grievance procedure taken against or by any person within the preceding 2 years, information about any tribunal claims in the preceding 2 years or whether there are reasonable grounds to believe a claim may be brought and such other requirements as the Employer may reasonably require (altogether the “Employee Data”). The Employer will, subject to compliance with any Data Protection Legislation, be permitted to disclose any information provided to it under this sub-clause in summary and/or anonymised form to any person who has been invited to tender for the provision of the Works (or similar works) and to any successor contractor and successor contractor’s sub-contractors;

Independent Data Controllers. (a) The Parties agree that, for the purposes of Data Protection Legislation, each Party (to the extent it processes Personal Data) processes Personal Data as an independent data controller in its own right. Nothing in this Agreement is intended to construe either Party as the data processor of the other Party or as joint data controllers with one another with respect to Personal Data. (b) Each Party shall: (i) comply with its obligations under Data Protection Legislation; (ii) be responsible for dealing with and responding to data subject requests, enquiries or complaints (including any request by a data subject to exercise their rights under Data Protection Legislation) it receives, unless otherwise agreed between the Parties; and (iii) promptly notify the other Party in writing of each Security Incident of which it becomes aware relating to the Personal Data to the extent the Security Incident is likely to affect the other Party. (c) Each Party warrants that it is not subject to any restriction which would prevent or restrict it from disclosing or transferring Personal Data to the other Party in accordance with the terms of this Agreement. (d) Without prejudice to sub-clause 0, each Party (the Disclosing Party) agrees that if it provides Personal Data to the other Party (the Receiving Party), it shall ensure that it has provided all necessary information to, and obtained all necessary consents from, the data subjects of the Personal Data, in each case to enable the Disclosing Party to disclose the Personal Data to the Receiving Party and for the Receiving Party to use that Personal Data for the Permitted Purposes, in each case in accordance with Data Protection Legislation. (e) In relation to the Personal Data it receives from the Disclosing Party, each Party shall: (i) at all times process the Personal Data in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures; and (ii) ensure that, at a minimum, the measures required under sub-clause 16.2(e)(i15.2(e)(i) meet the standard required by Data Protection Legislation. 17 Employment Protection and TUPE Notwithstanding anything to the contrary elsewhere in this Agreement: TUPE Indemnity 17.1 the Contractor shall be responsible for and shall indemnify and keep indemnified the Employer and any successor contractor from and against all and any costs, claims, expenses, damages, demands, actions, losses and liabilities arising out of or in connection with any claim in respect of any person which arises or is alleged to arise by reason of the Contractor’s failure to comply with its obligations and/or for failure to inform and consult under the Transfer of Undertakings (Protection of Employment) Regulations 2006 as amended or re- enacted from time to time (“TUPE”); Employee Data 17.2 in the last 12 months prior to completion of the Works under the last Contract Order or after notice of termination has been given in accordance with Clause 20, within 28 days of the Employer’s request, the Contractor shall (where TUPE is likely to apply) provide the Employer with a list of names, ages, addresses and national insurance numbers of all persons who are, who have been, or who may be at any time concerned with the Works or any part of them, specifying their job title, job description, basic salary, bonus and all other emoluments and benefits, period of continuous employment, the percentage of the time that they have worked on this Agreement, details of any agreements entered into with employee representative bodies in relation to such persons, details of all training and competency courses attended and certificates or qualifications obtained, place of work, all relevant contractual and non-contractual termination or severance arrangements, notice periods, contractual holiday entitlements, copy of employment contract or applicable Personnel Records Valuation of Contracts standard terms and employee handbook, immigrant status and right to work documentation, information on any disciplinary or grievance procedure taken against or by any person within the preceding 2 years, information about any tribunal claims in the preceding 2 years or whether there are reasonable grounds to believe a claim may be brought and such other requirements as the Employer may reasonably require (altogether the “Employee Data”). The Employer will, subject to compliance with any Data Protection Legislation, be permitted to disclose any information provided to it under this sub-clause in summary and/or anonymised form to any person who has been invited to tender for the provision of the Works (or similar works) and to any successor contractor and successor contractor’s sub-contractors;Indemnity

Independent Data Controllers. (a) The Parties agree that, for the purposes of Data Protection Legislation, each Party (to the extent it processes Personal Data) processes Personal Data as an independent data controller in its own right. Nothing in this Agreement is intended to construe either Party as the data processor of the other Party or as joint data controllers with one another with respect to Personal Data. (b) Each Party shall: (i) comply with its obligations under Data Protection Legislation; (ii) be responsible for dealing with and responding to data subject requests, enquiries or complaints (including any request by a data subject to exercise their rights under Data Protection Legislation) it receives, unless otherwise agreed between the Parties; and (iii) promptly notify the other Party in writing of each Security Incident of which it becomes aware relating to the Personal Data to the extent the Security Incident is likely to affect the other Party. (c) Each Party warrants that it is not subject to any restriction which would prevent or restrict it from disclosing or transferring Personal Data to the other Party in accordance with the terms of this Agreement. (d) Without prejudice to sub-clause 0, each Party (the Disclosing Party) agrees that if it provides Personal Data to the other Party (the Receiving Party), it shall ensure that it has provided all necessary information to, and obtained all necessary consents from, the data subjects of the Personal Data, in each case to enable the Disclosing Party to disclose the Personal Data to the Receiving Party and for the Receiving Party to use that Personal Data for the Permitted Purposes, in each case in accordance with Data Protection Legislation. (e) In relation to the Personal Data it receives from the Disclosing Party, each Party shall: (i) at all times process the Personal Data in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures; and (ii) ensure that, at a minimum, the measures required under sub-clause 16.2(e)(i15.2(e)(i) meet the standard required by Data Protection Legislation. 17 Employment Protection and TUPE Notwithstanding anything to the contrary elsewhere in this Agreement: TUPE Indemnity 17.1 the Contractor shall be responsible for and shall indemnify and keep indemnified the Employer and any successor contractor from and against all and any costs, claims, expenses, damages, demands, actions, losses and liabilities arising out of or in connection with any claim in respect of any person which arises or is alleged to arise by reason of the Contractor’s failure to comply with its obligations and/or for failure to inform and consult under the Transfer of Undertakings (Protection of Employment) Regulations 2006 as amended or re- enacted from time to time (“TUPE”); Employee Data 17.2 in the last 12 months prior to completion of the Works under the last Contract Order or after notice of termination has been given in accordance with Clause 20, within 28 days of the Employer’s request, the Contractor shall (where TUPE is likely to apply) provide the Employer with a list of names, ages, addresses and national insurance numbers of all persons who are, who have been, or who may be at any time concerned with the Works or any part of them, specifying their job title, job description, basic salary, bonus and all other emoluments and benefits, period of continuous employment, the percentage of the time that they have worked on this Agreement, details of any agreements entered into with employee representative bodies in relation to such persons, details of all training and competency courses attended and certificates or qualifications obtained, place of work, all relevant contractual and non-contractual termination or severance arrangements, notice periods, contractual holiday entitlements, copy of employment contract or applicable Personnel Records Valuation of Contracts standard terms and employee handbook, immigrant status and right to work documentation, information on any disciplinary or grievance procedure taken against or by any person within the preceding 2 years, information about any tribunal claims in the preceding 2 years or whether there are reasonable grounds to believe a claim may be brought and such other requirements as the Employer may reasonably require (altogether the “Employee Data”). The Employer will, subject to compliance with any Data Protection Legislation, be permitted to disclose any information provided to it under this sub-clause in summary and/or anonymised form to any person who has been invited to tender for the provision of the Works (or similar works) and to any successor contractor and successor contractor’s sub-contractors;.

Independent Data Controllers. (a) The Parties agree that, for the purposes of Data Protection Legislation, each Party (to the extent it processes Personal Data) processes Personal Data as an independent data controller in its own right. Nothing in this Agreement is intended to construe either Party as the data processor of the other Party or as joint data controllers with one another with respect to Personal Data. (b) Each Party shall: (i) comply with its obligations under Data Protection Legislation; (ii) be responsible for dealing with and responding to data subject requests, enquiries or complaints (including any request by a data subject to exercise their rights under Data Protection Legislation) it receives, unless otherwise agreed between the Parties; and (iii) promptly notify the other Party in writing of each Security Incident of which it becomes aware relating to the Personal Data to the extent the Security Incident is likely to affect the other Party. (c) Each Party warrants that it is not subject to any restriction which would prevent or restrict it from disclosing or transferring Personal Data to the other Party in accordance with the terms of this Agreement. (d) Without prejudice to sub-clause 0, each Party (the Disclosing Party) agrees that if it provides Personal Data to the other Party (the Receiving Party), it shall ensure that it has provided all necessary information to, and obtained all necessary consents from, the data subjects of the Personal Data, in each case to enable the Disclosing Party to disclose the Personal Data to the Receiving Party and for the Receiving Party to use that Personal Data for the Permitted Purposes, in each case in accordance with Data Protection Legislation. (e) In relation to the Personal Data it receives from the Disclosing Party, each Party shall: (i) at all times process the Personal Data in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures; and (ii) ensure that, at a minimum, the measures required under sub-clause 16.2(e)(i) meet the standard required by Data Protection Legislation. 17 Employment Protection and TUPE Notwithstanding anything to the contrary elsewhere in this Agreement: TUPE Indemnity 17.1 the Contractor shall be responsible for and shall indemnify and keep indemnified the Employer and any successor contractor from and against all and any costs, claims, expenses, damages, demands, actions, losses and liabilities arising out of or in connection with any claim in respect of any person which arises or is alleged to arise by reason of the Contractor’s failure to comply with its obligations and/or for failure to inform and consult under the Transfer of Undertakings (Protection of Employment) Regulations 2006 as amended or re- enacted from time to time (“TUPE”); Employee Data 17.2 in the last 12 months prior to completion of the Works under the last Contract Order or after notice of termination has been given in accordance with Clause 20, within 28 days of the Employer’s request, the Contractor shall (where TUPE is likely to apply) provide the Employer with a list of names, ages, addresses and national insurance numbers of all persons who are, who have been, or who may be at any time concerned with the Works or any part of them, specifying their job title, job description, basic salary, bonus and all other emoluments and benefits, period of continuous employment, the percentage of the time that they have worked on this Agreement, details of any agreements entered into with employee representative bodies in relation to such persons, details of all training and competency courses attended and certificates or qualifications obtained, place of work, all relevant contractual and non-contractual termination or severance arrangements, notice periods, contractual holiday entitlements, copy of employment contract or applicable Personnel Records Valuation of Contracts standard terms and employee handbook, immigrant status and right to work documentation, information on any disciplinary or grievance procedure taken against or by any person within the preceding 2 years, information about any tribunal claims in the preceding 2 years or whether there are reasonable grounds to believe a claim may be brought and such other requirements as the Employer may reasonably require (altogether the “Employee Data”). The Employer will, subject to compliance with any Data Protection Legislation, be permitted to disclose any information provided to it under this sub-clause in summary and/or anonymised form to any person who has been invited to tender for the provision of the Works (or similar works) and to any successor contractor and successor contractor’s sub-contractors;.