Common use of Joint Controllers Clause in Contracts

Joint Controllers. 2.1 The BID Company acknowledges that the Council is under no obligation to transfer any Personal Data to the BID Company. Any such transfers will be made by the Council as a good will gesture and in accordance Data Protection Legislation. 2.2 Each Party shall be responsible for its own obligations as a Controller under the Data Protection Legislation. 2.3 Where each Party perform or receive services under the Agreement each party shall be responsible and comply with the Data Protection Legislation 2.4 Each Party shall: 2.4.1 maintain its own records of processing under Article 30 of the GDPR; 2.4.2 be responsible for determining its data security obligations, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data, as well as the risks of varying likelihood and severity to the rights and freedoms of the DataSubjects; 2.4.3 implement appropriate Protective Measures to protect the Personal Data against unauthorised or unlawful Processing and accidental destruction or loss; and 2.4.4 ensure the protection of the rights of the Data Subject, in such a manner that the Processing will meet the requirements of the Data Protection Legislation where Personal Data have been transmitted by it, or while the Personal Data are in its possession or control. 2.5 When transferring Personal Data: 2.5.1 the Party transferring the Personal Data (the - Data Transferor) warrants and undertakes to the Party receiving the Personal Data (the Data Recipient) that such Personal Data have been collected, processed and transferred in accordance with the Data Protection Legislation, this paragraph 2, and any other laws applicable to the Data Transferor and to the Personal Data; 2.5.2 the Data Recipient warrants and undertakes to the Data Transferor that: (a) it will process the Personal Data in accordance with the Data Protection Legislation; (b) it has and will continue to have in place appropriate technical and organisational measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected; and (c) it has the legal authority to give the warranties and fulfil the undertakings set out in this Agreement; and 2.5.3 if the Data Recipient is in breach of any of its obligations under this Agreement then the Data Transferor may temporarily suspend the transfer of the Personal Data to the Data Recipient until the breach is repaired. 2.6 Where appropriate, each Party shall promptly refer to the other Party any requests, from: 2.6.1 Data Subjects in regard to (a) providing information under Articles 13 and 14 of the GDPR; and (b) Data Subject Access Requests under Articles 15 to 22 inclusive of the GDPR; 2.6.2 the Information Commissioner; and 2.6.3 any other law enforcement authority, and to the extent it is reasonable and practical to so do, consult with the other party (at. no additional cost) before responding to such request. 2.7 Each Party shall provide any assistance reasonably requested by the other Party in relation to enquiries from Data Subjects concerning Processing of their Personal Data. 2.8 The Parties shall discuss any proposal by any Party to notify the Information Commissioner and/or Data Subjects where necessary about Data Loss Events and Personal Data Breaches. 2.9 The Parties shall work together to complete any required Data Protection Impact Assessments. 2.10 The Council will be the primary point of contact for Data Subjects. 2.11 The Parties shall publish the essence of their relationship as set out in this Schedule 3.

Joint Controllers. 2.1 The BID Company acknowledges that the Council is under no obligation to transfer any Personal Data to the BID Company. Any such transfers will be made by the Council as a good will gesture and in accordance Data Protection Legislation. 2.2 Each Party shall be responsible for its own obligations as a Controller under the Data Protection Legislation. 2.3 Where each Party perform or receive services under the Agreement each party shall be responsible and comply with the Data Protection Legislation 2.4 Each Party shall: 2.4.1 maintain its own records of processing under Article 30 of the GDPR; 2.4.2 be responsible for determining its data security obligations, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data, as well as the risks of varying likelihood and severity to the rights and freedoms of the DataSubjectsData Subjects; 2.4.3 implement appropriate Protective Measures to protect the Personal Data against unauthorised or unlawful Processing and accidental destruction or loss; and 2.4.4 ensure the protection of the rights of the Data Subject, in such a manner that the Processing will meet the requirements of the Data Protection Legislation where Personal Data have been transmitted by it, or while the Personal Data are in its possession or control. 2.5 When transferring Personal Data: 2.5.1 the Party transferring the Personal Data (the - Data Transferor) warrants and undertakes to the Party receiving the Personal Data (the Data Recipient) that such Personal Data have been collected, processed and transferred in accordance with the Data Protection Legislation, this paragraph 2, and any other laws applicable to the Data Transferor and to the Personal Data; 2.5.2 the Data Recipient warrants and undertakes to the Data Transferor that: (a) it will process the Personal Data in accordance with the Data Protection Legislation; (b) it has and will continue to have in place appropriate technical and organisational measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected; and (c) it has the legal authority to give the warranties and fulfil the undertakings set out in this Agreement; and 2.5.3 if the Data Recipient is in breach of any of its obligations under this Agreement then the Data Transferor may temporarily suspend the transfer of the Personal Data to the Data Recipient until the breach is repaired. 2.6 Where appropriate, each Party shall promptly refer to the other Party any requests, from: 2.6.1 Data Subjects in regard to (a) providing information under Articles 13 and 14 of the GDPR; and (b) Data Subject Access Requests under Articles 15 to 22 inclusive of the GDPR; 2.6.2 the Information Commissioner; and 2.6.3 any other law enforcement authority, and to the extent it is reasonable and practical to so do, consult with the other party (at. no additional cost) before responding to such request. 2.7 Each Party shall provide any assistance reasonably requested by the other Party in relation to enquiries from Data Subjects concerning Processing of their Personal Data. 2.8 The Parties shall discuss any proposal by any Party to notify the Information Commissioner and/or Data Subjects where necessary about Data Loss Events and Personal Data Breaches. 2.9 The Parties shall work together to complete any required Data Protection Impact Assessments. 2.10 The Council will be the primary point of contact for Data Subjects. 2.11 The Parties shall publish the essence of their relationship as set out in this Schedule 3.

Joint Controllers. 2.1 The BID Company acknowledges that the Council is under no obligation to transfer any Personal Data to the BID Company. Any such transfers will be made by the Council as a good will gesture and in accordance Data Protection Legislation. 2.2 Each Party shall be responsible for its own obligations as a Controller under the Data Protection Legislation. 2.3 Where each Party perform or receive services under the Agreement each party shall be responsible and comply with the Data Protection Legislation 2.4 Each Party shall: 2.4.1 maintain its own records of processing under Article 30 of the GDPR; 2.4.2 be responsible for determining its data security obligations, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing of Personal Data, as well as the risks of varying likelihood and severity to the rights and freedoms of the DataSubjectsData Subjects; 2.4.3 implement appropriate Protective Measures to protect the Personal Data against unauthorised unauthoris ed or unlawful Processing and accidental destruction or loss; and 2.4.4 ensure the protection of the rights of the Data Subject, in such a manner that the Processing will meet the requirements of the Data Protection Legislation where Personal Data have been transmitted by it, or while the Personal Data are in its possession or control. 2.5 When transferring Personal Data: 2.5.1 the Party transferring the Personal Data (the - Data Transferor) warrants and undertakes to the Party receiving the Personal Data (the Data Recipient) that such Personal Data have been collected, processed and transferred in accordance with the Data Protection Legislation, this paragraph 2, and any other laws applicable to the Data Transferor and to the Personal Data; 2.5.2 the Data Recipient warrants and undertakes to the Data Transferor that: (a) it will process the Personal Data in accordance with the Data Protection Legislation; (b) it has and will continue to have in place appropriate technical and organisational measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected; and (c) it has the legal authority to give the warranties and fulfil the undertakings set out in this Agreement; and 2.5.3 if the Data Recipient is in breach of any of its obligations under this Agreement then the Data Transferor may temporarily suspend the transfer of the Personal Data to the Data Recipient until the breach is repaired. 2.6 Where appropriate, each Party shall promptly refer to the other Party any requests, from: 2.6.1 Data Subjects in regard to (a) providing information under Articles 13 and 14 of the GDPR; and (b) Data Subject Access Requests under Articles 15 to 22 inclusive of the GDPR; 2.6.2 the Information Commissioner; and 2.6.3 any other law enforcement authority, and to the extent it is reasonable and practical to so do, consult with the other party (at. no additional cost) before responding to such request. 2.7 Each Party shall provide any assistance reasonably requested by the other Party in relation to enquiries from Data Subjects concerning Processing of their Personal Data. 2.8 The Parties shall discuss any proposal by any Party to notify the Information Commissioner and/or Data Subjects where necessary about Data Loss Events and Personal Data Breaches. 2.9 The Parties shall work together to complete any required Data Protection Impact Assessments. 2.10 The Council will be the primary point of contact for Data Subjects. 2.11 The Parties shall publish the essence of their relationship as set out in this Schedule 3.