RETURN AND DELETION OF PERSONAL DATA 7.1 We shall return to You and, to the extent allowed by applicable law, delete Your Personal Data as set out in the Agreement. We are obliged to ensure that any Sub-processors adhere to the same obligation
Notification of personal data breach 1. In case of any personal data breach, the data processor shall, without undue delay after having become aware of it, notify the data controller of the personal data breach.
2. The data processor’s notification to the data controller shall, if possible, take place within 24 hours after the data processor has become aware of the personal data breach to enable the data controller to comply with the data controller’s obligation to notify the personal data breach to the competent supervisory authority, cf. Article 33
Protection of Personal Data 25.1 The Parties agree that they may obtain and have access to personal data for the duration of the Agreement for the fulfilment of the rights and obligations contained herein. In performing the obligations as set out in this Agreement, the Parties shall at all times ensure that:
a) they process data only for the express purpose for which it was obtained;
b) once processed for the purposes for which it was obtained, all data will be destroyed to an extent that it cannot be reconstructed to its original form;
c) data is provided only to authorised personnel who strictly require the personal data to carry out the Parties’ respective obligations under this Agreement;
d) they do not disclose personal data of the other Party, other than in terms of this Agreement;
e) they have all reasonable technical and organisational measures in place to protect all personal data from unauthorised access and/or use;
f) they have appropriate technical and organisational measures in place to safeguard the security, integrity and authenticity of all data in its possession or under its control in terms of this Agreement;
g) such personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access.
25.2 The Parties agree that if personal data will be processed for additional purposes beyond the original purpose for which it was obtained, explicit consent must be obtained beforehand from those persons whose information will be subject to further processing.
25.3 Should it be necessary for either Party to disclose or otherwise make available the personal data to any third party (including sub-contractors and employees), it may do so only with the prior written permission of the other Party. The Party requiring such permission shall require of all such third parties, appropriate written undertakings to be provided, containing similar terms to that set forth in this clause 25, and dealing with that third party's obligations in respect of its processing of the personal data. Following approval by the other Party, the Party requiring permission agrees that the provisions of this clause 25 shall mutatis mutandis apply to all authorised third parties who process personal data.
25.4 The Parties shall ensure that any persons authorized to process data on their behalf (including employees and third parties) will safeguard the security, integrity and authenticity of all data. Where necessary to meet this requirement, the Parties shall keep all personal data and any analyses, profiles, or documents derived therefrom logically separated from all other data and documentation held by it.
25.5 The Parties shall carry out regular assessments to identify all reasonably foreseeable internal and external risks to the personal data in its possession or under its control. The Parties shall implement and maintain appropriate safeguards against the risks which it identifies and shall also regularly verify that the safeguards which it has in place has been effectively implemented.
25.6 The Parties agree that they will promptly return or destroy any personal data in their possession or control which belongs to the other Party once it no longer serves the purpose for which it was collected in relation to this Agreement, subject to any legal retention requirements. This may be at the request of the other Party and includes circumstances where a person has requested the Parties to delete all instances of their personal data. The information will be destroyed in such a manner that it cannot be reconstructed to its original form, linking it to any particular individual or organisation.
Obligation after the termination of personal data processing services
Processing of Personal Data 1.1. With regard to the Processing of Personal Data, You are the controller and determine the purposes and means of Processing of Personal Data You provide to Us (“Controller”) and You appoint Us as a processor (“Processor”) to process such Personal Data (hereinafter, “Data”) on Your behalf (hereinafter, “Processing”).
1.2. The details of the type and purpose of Processing are defined in the Exhibits attached hereto. Except where the DPA stipulates obligations beyond the Term of the Agreement, the duration of this DPA shall be the same as the Agreement Term.
1.3. You shall be solely responsible for compliance with Your obligations under the applicable Data Protection Laws, including, but not limited to, the lawful disclosure and transfer of Personal Data to Us by upload of source data into the Cloud Service or otherwise.
1.4. Processing shall include all activities detailed in this Agreement and the instructions issued by You. You may, in writing, modify, amend, or replace such instructions by issuing such further instructions to the point of contact designated by Us. Instructions not foreseen in or covered by the Agreement shall be treated as requests for changes. You shall, without undue delay, confirm in writing any instruction issued orally. Where We believe that an instruction would be in breach of applicable law, We shall notify You of such belief without undue delay. We shall be entitled to suspend performance on such instruction until You confirm or modify such instruction.
1.5. We shall ensure that all personnel involved in Processing of Customer Data and other such persons as may be involved in Processing shall only do so within the scope of the instructions. We shall ensure that any person Processing Customer Data is subject to confidentiality obligations similar to the confidentiality terms of the Agreement. All such confidentiality obligations shall survive the termination or expiration of such Processing.
MUTUAL AGREEMENT PROCEDURE 1. Where difficulties or doubts arise between the Contracting Parties regarding the implementation or interpretation of this Agreement, the respective competent authorities shall endeavour to resolve the matter by mutual agreement.
2. In addition to the agreements referred to in paragraph 1, the competent authorities of the Contracting Parties may mutually agree on the procedures to be used under Articles 5 and 6.
3. The competent authorities of the Contracting Parties may communicate with each other directly for purposes of reaching agreement under this Article.
Transfer of Personal Data The Participant authorizes, agrees and unambiguously consents to the transmission by the Company (or any Subsidiary) of any personal data information related to the RSUs awarded under this Agreement for legitimate business purposes (including, without limitation, the administration of the Plan). This authorization and consent is freely given by the Participant.
Power to Modify Foregoing Procedures Notwithstanding any of the foregoing provisions of this Article IX, the Trustees may prescribe, in their absolute discretion except as may be required by the 1940 Act, such other bases and times for determining the per share asset value of the Trust's Shares or net income, or the declaration and payment of dividends and distributions as they may deem necessary or desirable for any reason, including to enable the Trust to comply with any provision of the 1940 Act, or any securities exchange or association registered under the Securities Exchange Act of 1934, or any order of exemption issued by the Commission, all as in effect now or hereafter amended or modified.
Prohibition of Performance Requirements 1. The provisions of the Agreement on Trade-Related Investment Measures in Annex 1A to the WTO Agreement (TRIMs), which are not specifically mentioned in or modified by this Agreement, shall apply, mutatis mutandis, to this Agreement.
2. Member States shall undertake joint assessment on performance requirements no later than 2 years from the date of entry into force of this Agreement. The aim of such assessment shall include reviewing existing performance requirements and considering the need for additional commitments under this Article.
Implementation of Agreement Each Party must promptly execute all documents and do all such acts and things as is necessary or desirable to implement and give full effect to the provisions of this Agreement.
