Common use of Obligations of the data exporter Clause in Contracts

Obligations of the data exporter. The data exporter warrants and undertakes that: The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter. It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses. It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established. It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time. It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required. The data importer warrants and undertakes that: It will have in place appropriate technical and organisational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. It will have in place procedures so that any third party it authorises to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorised or required by law or regulation to have access to the personal data. It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws. It will process the personal data for purposes described in Annex A and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses. It will identify to the data exporter a contact point within its organisation authorised to respond to enquiries concerning processing of the personal data and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I (e). At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III.(which may include insurance coverage). Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion. It will process the personal data, at its option, in accordance with: the data protection laws of the country in which the data exporter is established, or the relevant provisions of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorisation or decision and is based in a country to which such an authorisation or decision pertains, but is not covered by such authorisation or decision for the purposes of the transfer(s) of the personal data, or the data processing principles set forth in Annex A. Data importer to indicate which option it selects: The Data Importer selects option (h)(i) Initials of data importer: It will not disclose or transfer the personal data to a third-party data controller located outside the United Kingdom or European Economic Area (EEA) unless it notifies the data exporter about the transfer and the third-party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or the third-party data controller becomes a signatory to these clauses, or another data transfer agreement approved by a competent authority in the EU, or data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer.

Obligations of the data exporter. The data exporter Data Exporter warrants and undertakes that: The personal data have : 1.1 the Personal Data has been collected, processed and transferred in accordance with the laws applicable to the data exporter. It Data Exporter; 1.2 it has used reasonable efforts to determine that the data importer Data Importer is able to satisfy its legal obligations under these clauses. It Standard Clauses; 1.3 it will provide the data importerData Importer, when so requested, with copies of relevant data protection laws Data Protection Laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter Data Exporter is established. It . 1.4 it will respond to enquiries from data subjects queries of Data Subjects and the authority Authority concerning processing of the personal data Personal Data by the data importerData Importer, unless the parties Parties have agreed that the data importer Data Importer will so respond, in which case the data exporter Data Exporter will still respond to the extent reasonably possible and with the information reasonably available to it. 1.5 it will respond to enquiries from Data Subjects and the relevant Authority concerning processing of the Personal Data by the Data Importer, unless the Parties have agreed that the Data Importer will so respond, in which case the Data Exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer Data Importer is unwilling or unable to respond. Responses will be made within a reasonable time. It . 1.6 it will make available, upon request, a copy of the clauses Standard Clauses to data subjects Data Subjects who are third party beneficiaries under clause III 5, unless the clauses Standard Clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter Data Exporter shall inform data subjects Data Subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authorityAuthority. However, However the data exporter Data Exporter shall abide by a decision of the authority Authority regarding access to the full text of the clauses Standard Clauses by data subjectsData Subjects, as long as data subjects Data Subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter Data Exporter shall also provide a copy of the clauses Standard Clauses to the authority Authority where required. The data importer warrants and undertakes that: It will have in place appropriate technical and organisational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. It will have in place procedures so that any third party it authorises to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorised or required by law or regulation to have access to the personal data. It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws. It will process the personal data for purposes described in Annex A and has the legal authority to give the warranties and fulfil the undertakings set out in these clauses. It will identify to the data exporter a contact point within its organisation authorised to respond to enquiries concerning processing of the personal data and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I (e). At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III.(which may include insurance coverage). Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion. It will process the personal data, at its option, in accordance with: the data protection laws of the country in which the data exporter is established, or the relevant provisions of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions of such an authorisation or decision and is based in a country to which such an authorisation or decision pertains, but is not covered by such authorisation or decision for the purposes of the transfer(s) of the personal data, or the data processing principles set forth in Annex A. Data importer to indicate which option it selects: The Data Importer selects option (h)(i) Initials of data importer: It will not disclose or transfer the personal data to a third-party data controller located outside the United Kingdom or European Economic Area (EEA) unless it notifies the data exporter about the transfer and the third-party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or the third-party data controller becomes a signatory to these clauses, or another data transfer agreement approved by a competent authority in the EU, or data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer.

Obligations of the data exporter. The data exporter warrants and undertakes that: The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter. It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses. It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established. It will respond to enquiries from data subjects and the authority concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time. It will make available, upon request, a copy of the clauses to data subjects subject who are third party beneficiaries under clause III III, unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authority. However, the data exporter shall abide by a decision of the authority regarding access to the full text of the clauses by data subjectssubject, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority where required. The data importer warrants and undertakes that: It will have in place appropriate technical and organisational organizational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised unauthorized disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. It will have in place procedures so that any third party it authorises authorizes to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated to process the personal data only on instructions from the data importer. This provision does not apply to persons authorised authorized or required by law or regulation to have access to the personal data. It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority where required) if it becomes aware of any such laws. It will process the personal data for purposes described in Annex A B, and has the legal authority to give the warranties and fulfil fulfill the undertakings set out in these clausesclause. It will identify to the data exporter a contact point within its organisation authorised organization authorized to respond to enquiries concerning processing of the personal data data, and will cooperate in good faith with the data exporter, the data subject and the authority concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I (eI(e). At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil fulfill its responsibilities under clause III.(which III (which may include insurance coverage). Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected object to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion. It will process the personal data, at its option, in accordance with: the The data protection laws of the country in which the data exporter is established, or the The relevant provisions of any Commission decision pursuant to Article 25(6) of Directive 95/46/EC, where the data importer complies with the relevant provisions provision of such an authorisation authorization or decision and is based in a country to which such an authorisation authorization or decision pertains, but is not covered by such authorisation authorization or decision for the purposes of the transfer(s) of the personal data, or the The data processing principles set forth in Annex A. Data importer to indicate which option it selects: The Data Importer selects option (h)(iiii) Initials of data importer: (see signature lines) It will not disclose or transfer the personal data to a third-third party data controller located outside the United Kingdom or European Economic Area (EEA) unless it notifies the data exporter about the transfer and the third-The third party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or the third-The third party data controller becomes a signatory to these clauses, clauses or another data transfer agreement approved by a competent authority in the EU, or data Data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or with With regard to onward transfers of sensitive data, data subjects have given their unambiguous consent to the onward transfer.

Obligations of the data exporter. The data exporter warrants and undertakes that: The personal data have been collected, processed and transferred in accordance with the laws applicable to the data exporter. It has used reasonable efforts to determine that the data importer is able to satisfy its legal obligations under these clauses. It will provide the data importer, when so requested, with copies of relevant data protection laws or references to them (where relevant, and not including legal advice) of the country in which the data exporter is established. It will respond to enquiries from data subjects and the authority Commissioner concerning processing of the personal data by the data importer, unless the parties have agreed that the data importer will so respond, in which case the data exporter will still respond to the extent reasonably possible and with the information reasonably available to it if the data importer is unwilling or unable to respond. Responses will be made within a reasonable time. It will make available, upon request, a copy of the clauses to data subjects who are third party beneficiaries under clause III 3 unless the clauses contain confidential information, in which case it may remove such information. Where information is removed, the data exporter shall inform data subjects in writing of the reason for removal and of their right to draw the removal to the attention of the authorityCommissioner. However, the data exporter shall abide by a decision of the authority Commissioner regarding access to the full text of the clauses by data subjects, as long as data subjects have agreed to respect the confidentiality of the confidential information removed. The data exporter shall also provide a copy of the clauses to the authority Commissioner where required. The data importer warrants and undertakes that: It will have in place appropriate technical and organisational measures to protect the personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the risk represented by the processing and the nature of the data to be protected. It will have in place procedures so that any third party it authorises to have access to the personal data, including processors, will respect and maintain the confidentiality and security of the personal data. Any person acting under the authority of the data importer, including a data processor, shall be obligated obliged to process the personal data only on instructions from the data importer. This The provision does not apply to persons authorised or required by law or regulation to have access to the personal data. It has no reason to believe, at the time of entering into these clauses, in the existence of any local laws that would have a substantial adverse effect on the guarantees provided for under these clauses, and it will inform the data exporter (which will pass such notification on to the authority Commissioner where required) if it becomes aware of any such laws. It will process the personal data for purposes described in Annex A Appendix 1, and has the legal authority to give the warranties and fulfil the undertakings set out in these theses clauses. It will identify to the data exporter a contact point within its organisation authorised to respond to enquiries concerning processing of the personal data data, and will cooperate in good faith with the data exporter, the data subject and the authority Commissioner concerning all such enquiries within a reasonable time. In case of legal dissolution of the data exporter, or if the parties have so agreed, the data importer will assume responsibility for compliance with the provisions of clause I (e1(e). At the request of the data exporter, it will provide the data exporter with evidence of financial resources sufficient to fulfil its responsibilities under clause III.(which 3 (which may include insurance coverage). Upon reasonable request of the data exporter, it will submit its data processing facilities, data files and documentation needed for processing to reviewing, auditing and/or certifying by the data exporter (or any independent or impartial inspection agents or auditors, selected by the data exporter and not reasonably objected to by the data importer) to ascertain compliance with the warranties and undertakings in these clauses, with reasonable notice and during regular business hours. The request will be subject to any necessary consent or approval from a regulatory or supervisory authority within the country of the data importer, which consent or approval the data importer will attempt to obtain in a timely fashion. It will process the personal data, at its option, in accordance with: the data protection laws of the country in which the data exporter is establishedUK GDPR and DPA 2018, or the relevant provisions of any Commission decision UK adequacy regulations pursuant to Article 25(6) of Directive 95/46/ECSection 17A Data Protection Act 2018 or Paras 4,5 & 6 Schedule 21 Data Protection Act 2018, where the data importer complies with the relevant provisions of such an authorisation or decision adequacy regulations and is based in a country to which such an authorisation or decision adequacy regulations pertains, but is not covered by such authorisation or decision adequacy regulations for the purposes of the transfer(s) of the personal data, or the data processing principles set forth in Annex A. Data importer to indicate which option it selects: The Data Importer selects option (h)(i) Initials of data importer: It will not disclose or transfer the personal data to a third-party data controller located outside the United Kingdom or European Economic Area (EEA) unless it notifies the data exporter about the transfer and the third-party data controller processes the personal data in accordance with a Commission decision finding that a third country provides adequate protection, or the third-party data controller becomes a signatory to these clauses, or another data transfer agreement approved by a competent authority please click in the EU, or data subjects have been given the opportunity to object, after having been informed of the purposes of the transfer, the categories of recipients and the fact that the countries to which data is exported may have different data protection standards, or with regard to onward transfers of sensitive data, data subjects have given their unambiguous consent box next to the onward transfer.chosen option)