Obligations of the Recipient. 4.1 The Recipient expressly warrants and undertakes that it will: 4.1.1 process the Personal Information strictly in accordance with its mandate and any specific instructions provided to it by KAAP AGRI from time to time; 4.1.2 not use the Personal Information for any other purpose, save for the purpose of processing the Personal Information as per the Agreement / Addendum; 4.1.3 treat the Personal Information as confidential and only disclose, transfer and/or hand over the Personal Information to those person(s) who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Recipient and/or in terms of the Agreement / Addendum under strict undertakings of confidentiality; 4.1.4 in addition to the provisions of clause 4.1.3, treat the Personal Information as confidential and only disclose, transfer and/or hand over the Personal Information to third parties where under any specific instructions as issued by KAAP AGRI in writing from time to time or where required by law and only once it has provided KAAP AGRI with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “A”; 4.1.5 ensure that it has and will continue to have in place, appropriate technical and organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, including Industry Best Practices, which provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached KAAP AGRI Security Service Level Requirements, marked Annexure “B”; 4.1.6 implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate: the pseudonymisation and encryption of Personal Information; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of security measures. 4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions and any other Data Privacy Laws which may be in place in the Country or area where the Recipient is located and where it is using the Personal Information; 4.1.8 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69; 4.1.9 where processing the Personal Information as an Operator, not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as KAAP AGRI’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with KAAP AGRI; 4.1.10 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information, save with KAAP AGRI’s prior written consent and which is required in order for it to comply with its mandate; 4.1.11 where it has to pass the Personal Information to a sub-Recipient, or sub-Operator, as the case may be, as per its mandate or in terms of the Agreement / Addendum, ensure that such party concludes a “sub-Recipient or sub-Operator Agreement” with it and KAAP AGRI which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which sub-Recipient or sub-Operator Agreement will house the same terms and conditions as contained in this Agreement / Addendum, and which shall be concluded before the Personal Information is transferred to the sub-Recipient or sub-Operator. 4.1.12 ensure that any person acting under the authority of the Recipient, including any employee or sub-Recipient, shall be obligated to process the Personal Information only on instructions from the Recipient and strictly in accordance with this Agreement / Addendum, and in particular the Sub-Recipient or sub-Operator Agreement, where applicable. 4.1.13 promptly and without undue delay notify KAAP AGRI if any Personal Information is lost or destroyed or becomes damaged, corrupted, or unusable. The Recipient will restore such Personal Information at its own expense. 4.1.14 without undue delay notify KAAP AGRI if it becomes aware of any reason to believe that there was an occurrence of any accidental, unauthorised or unlawful processing of the Personal Information; or any Personal Information Breach and in such case without undue delay, also provide KAAP AGRI with the following information: (a) description of the nature of any accidental, unauthorised or unlawful processing of the Personal Information; or (b) any Personal Information Breach (including the categories and approximate number of both Data Subjects and Personal Information records concerned the likely consequences; and (c) description of the measures taken, or proposed to be taken to address any accidental, unauthorised or unlawful processing of the Personal Information; or (d) any Personal Information Breach including measures to mitigate its possible adverse effects. 4.1.15 Immediately, following any unauthorised or unlawful Personal Information processing or Personal Information Breach, ensure that it co-ordinates and co-operates with KAAP AGRI in KAAP AGRI’s handling of the matter, including: (a) assisting with any investigation; (b) providing KAAP AGRI with physical access to any facilities and operations affected; (c) facilitating interviews with the Recipient's employees, former employees and others involved in the matter; (d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by KAAP AGRI; and (e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Information Breach or unlawful Personal Information processing. 4.1.16 do not inform any third party of any Personal Information Breach without first obtaining KAAP AGRI’s prior written consent, except when required to do so by law. 4.1.17 agrees that KAAP AGRI has the sole right to determine: (a) whether to provide notice of the Personal Information Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in KAAP AGRI’s discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy. 4.1.18 will cover all reasonable expenses associated with the performance of the obligations under clause this clause 4.1 unless the matter arose from KAAP AGRI’s specific instructions, negligence, wilful default or breach of this Agreement / Addendum, in which case KAAP AGRI will cover all reasonable expenses. 4.1.19 will also reimburse KAAP AGRI for actual reasonable expenses that KAAP AGRI incurs when responding to a Personal Information Breach to the extent that the Recipient caused such a Personal Information Breach, including all costs of notice and any remedy. 4.2 The Recipient warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Agreement/Addendum. 4.3 KAAP AGRI, in order to ascertain compliance with the warranties and undertakings housed under this Agreement / Addendum, will have the right, on reasonable notice and during regular business hours, to view and/or audit, either by itself or through an independent agent, the Recipient’s facilities, files, and any other data processing documentation needed for the required review, audit and/or independent or impartial inspection and the Recipient undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Samples: Data Processing Agreement
Obligations of the Recipient. 4.1 The Recipient expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate and any specific instructions provided to it by KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose of processing the Personal Information as per the Agreement / Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and/or hand over the Personal Information to those person(s) who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Recipient and/or in terms of the Agreement / Addendum under strict undertakings of confidentiality;
4.1.4 in addition to the provisions of clause 4.1.3, treat the Personal Information as confidential and only disclose, transfer and/or hand over the Personal Information to third parties where under any specific instructions as issued by KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD in writing from time to time or where required by law and only once it has provided KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “A”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, including Industry Best Practices, which provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD Security Service Level Requirements, marked Annexure “B”;
4.1.6 implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate: the pseudonymisation and encryption of Personal Information; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of security measures.
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions and any other Data Privacy Laws which may be in place in the Country or area where the Recipient is located and where it is using the Personal Information;
4.1.8 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 where processing the Personal Information as an Operator, not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as KAAP AGRIRENTTECH SOUTH AFRICA (PTY) LTD’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with KAAP AGRIRENTTECH SOUTH AFRICA (PTY) LTD;
4.1.10 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information, save with KAAP AGRIRENTTECH SOUTH AFRICA (PTY) LTD’s prior written consent and which is required in order for it to comply with its mandate;
4.1.11 where it has to pass the Personal Information to a sub-Recipient, or sub-Operator, as the case may be, as per its mandate or in terms of the Agreement / Addendum, ensure that such party concludes a “sub-Recipient or sub-Operator Agreement” with it and KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which sub-Recipient or sub-Operator Agreement will house the same terms and conditions as contained in this Agreement / Addendum, and which shall be concluded before the Personal Information is transferred to the sub-Recipient or sub-Operator.
4.1.12 ensure that any person acting under the authority of the Recipient, including any employee or sub-Recipient, shall be obligated to process the Personal Information only on instructions from the Recipient and strictly in accordance with this Agreement / Addendum, and in particular the Sub-Recipient or sub-Operator Agreement, where applicable.
4.1.13 promptly and without undue delay notify KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD if any Personal Information is lost or destroyed or becomes damaged, corrupted, or unusable. The Recipient will restore such Personal Information at its own expense.
4.1.14 without undue delay notify KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD if it becomes aware of any reason to believe that there was an occurrence of any accidental, unauthorised or unlawful processing of the Personal Information; or any Personal Information Breach and in such case without undue delay, also provide KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD with the following information:
(a) description of the nature of any accidental, unauthorised or unlawful processing of the Personal Information; or
(b) any Personal Information Breach (including the categories and approximate number of both Data Subjects and Personal Information records concerned the likely consequences; and
(c) description of the measures taken, or proposed to be taken to address any accidental, unauthorised or unlawful processing of the Personal Information; or
(d) any Personal Information Breach including measures to mitigate its possible adverse effects.
4.1.15 Immediately, following any unauthorised or unlawful Personal Information processing or Personal Information Breach, ensure that it co-ordinates and co-co- operates with KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD in KAAP AGRIRENTTECH SOUTH AFRICA (PTY) LTD’s handling of the matter, including:
(a) assisting with any investigation;
(b) providing KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD with physical access to any facilities and operations affected;
(c) facilitating interviews with the Recipient's employees, former employees and others involved in the matter;
(d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by KAAP AGRIRENTTECH SOUTH AFRICA (PTY) LTD; and
(e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Information Breach or unlawful Personal Information processing.
4.1.16 do not inform any third party of any Personal Information Breach without first obtaining KAAP AGRIRENTTECH SOUTH AFRICA (PTY) LTD’s prior written consent, except when required to do so by law.
4.1.17 agrees that KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD has the sole right to determine: (a) whether to provide notice of the Personal Information Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in KAAP AGRIRENTTECH SOUTH AFRICA (PTY) LTD’s discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
4.1.18 will cover all reasonable expenses associated with the performance of the obligations under clause this clause 4.1 unless the matter arose from KAAP AGRIRENTTECH SOUTH AFRICA (PTY) LTD’s specific instructions, negligence, wilful default or breach of this Agreement / Addendum, in which case KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD will cover all reasonable expenses.
4.1.19 will also reimburse KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD for actual reasonable expenses that KAAP AGRI RENTTECH SOUTH AFRICA (PTY) LTD incurs when responding to a Personal Information Breach to the extent that the Recipient caused such a Personal Information Breach, including all costs of notice and any remedy.
4.2 The Recipient warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Agreement/Agreement / Addendum.
4.3 KAAP AGRIRENTTECH SOUTH AFRICA (PTY) LTD, in order to ascertain compliance with the warranties and undertakings housed under this Agreement / Addendum, will have the right, on reasonable notice and during regular business hours, to view and/or audit, either by itself or through an independent agent, the Recipient’s facilities, files, and any other data processing documentation needed for the required review, audit and/or independent or impartial inspection and the Recipient undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Samples: Data Processing Agreement
Obligations of the Recipient. 4.1 The Recipient expressly warrants and undertakes that it will:
4.1.1 : process the Personal Information strictly in accordance with its mandate and any specific instructions provided to it by KAAP AGRI XXX from time to time;
4.1.2 ; not use the Personal Information for any other purpose, save for the purpose of processing the Personal Information as per the Agreement / Addendum;
4.1.3 ; treat the Personal Information as confidential and only disclose, transfer and/or hand over the Personal Information to those person(s) who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Recipient and/or in terms of the Agreement / Addendum under strict undertakings of confidentiality;
4.1.4 ; in addition to the provisions of clause 4.1.3, treat the Personal Information as confidential and only disclose, transfer and/or hand over the Personal Information to third parties where under any specific instructions as issued by KAAP AGRI XXX in writing from time to time or where required by law and only once it has provided KAAP AGRI XXX with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “A”;
4.1.5 ; ensure that it has and will continue to have in place, appropriate technical and organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, including Industry Best Practices, which provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached KAAP AGRI XXX Security Service Level Requirements, marked Annexure “B”;
4.1.6 ; implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate: the pseudonymisation and encryption of Personal Information; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of security measures.
4.1.7 . process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions and any other Data Privacy Laws which may be in place in the Country or area where the Recipient is located and where it is using the Personal Information;
4.1.8 ; not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 ; where processing the Personal Information as an Operator, not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as KAAP AGRIXXX’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with KAAP AGRI;
4.1.10 XXX; not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information, save with KAAP AGRIXXX’s prior written consent and which is required in order for it to comply with its mandate;
4.1.11 ; where it has to pass the Personal Information to a sub-Recipient, or sub-Operator, as the case may be, as per its mandate or in terms of the Agreement / Addendum, ensure that such party concludes a “sub-Recipient or sub-Operator Agreement” with it and KAAP AGRI XXX which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which sub-Recipient or sub-Operator Agreement agreement will house the same terms and conditions as contained in this Agreement / Addendum, and which shall be concluded before the Personal Information is transferred to the sub-Recipient or sub-Operator.
4.1.12 . ensure that any person acting under the authority of the Recipient, including any employee or sub-Recipient, shall be obligated to process the Personal Information only on instructions from the Recipient and strictly in accordance with this Agreement / Addendum, and in particular the Subsub-Recipient or sub-Operator Agreement, where applicable.
4.1.13 . promptly and without undue delay notify KAAP AGRI XXX if any Personal Information is lost or destroyed or becomes damaged, corrupted, or unusable. The Recipient will restore such Personal Information at its own expense.
4.1.14 . without undue delay notify KAAP AGRI XXX if it becomes aware of any reason to believe that there was an occurrence of any accidental, unauthorised or unlawful processing of the Personal Information; or any Personal Information Breach and in such case without undue delay, also provide KAAP AGRI XXX with the following information:
(a) : description of the nature of any accidental, unauthorised or unlawful processing of the Personal Information; or
(b) or any Personal Information Breach (including the categories and approximate number of both Data Subjects and Personal Information records concerned the likely consequences; and
(c) and description of the measures taken, or proposed to be taken to address any accidental, unauthorised or unlawful processing of the Personal Information; or
(d) or any Personal Information Breach including measures to mitigate its possible adverse effects.
4.1.15 Immediately, . Immediately following any unauthorised or unlawful Personal Information processing or Personal Information Breach, ensure that it co-ordinates and co-operates with KAAP AGRI XXX in KAAP AGRIXXX’s handling of the matter, including:
(a) : assisting with any investigation;
(b) providing KAAP AGRI with physical access to any facilities and operations affected;
(c) facilitating interviews with the Recipient's employees, former employees and others involved in the matter;
(d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by KAAP AGRI; and
(e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Information Breach or unlawful Personal Information processing.
4.1.16 do not inform any third party of any Personal Information Breach without first obtaining KAAP AGRI’s prior written consent, except when required to do so by law.
4.1.17 agrees that KAAP AGRI has the sole right to determine: (a) whether to provide notice of the Personal Information Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in KAAP AGRI’s discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
4.1.18 will cover all reasonable expenses associated with the performance of the obligations under clause this clause 4.1 unless the matter arose from KAAP AGRI’s specific instructions, negligence, wilful default or breach of this Agreement / Addendum, in which case KAAP AGRI will cover all reasonable expenses.
4.1.19 will also reimburse KAAP AGRI for actual reasonable expenses that KAAP AGRI incurs when responding to a Personal Information Breach to the extent that the Recipient caused such a Personal Information Breach, including all costs of notice and any remedy.
4.2 The Recipient warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Agreement/Addendum.
4.3 KAAP AGRI, in order to ascertain compliance with the warranties and undertakings housed under this Agreement / Addendum, will have the right, on reasonable notice and during regular business hours, to view and/or audit, either by itself or through an independent agent, the Recipient’s facilities, files, and any other data processing documentation needed for the required review, audit and/or independent or impartial inspection and the Recipient undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Samples: Intercompany Personal Information Transfer Agreement
Obligations of the Recipient. 4.1 The Recipient expressly warrants and undertakes that it will:
4.1.1 : process the Personal Information strictly in accordance with its mandate as described under Annexure “C” and any specific instructions provided to it by KAAP AGRI the C-BRTA from time to time;
4.1.2 ; not use the Personal Information for any other purpose, save for the purpose of processing the Personal Information as per the Agreement / Addendum;
4.1.3 ; treat the Personal Information as confidential and only disclose, transfer and/or hand over the Personal Information to those person(s) who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Recipient and/or in terms of the Agreement / Addendum under strict undertakings of confidentiality;
4.1.4 ; in addition to the provisions of clause 4.1.3, treat the Personal Information as confidential and only disclose, transfer and/or hand over the Personal Information to third parties where under any specific instructions as issued by KAAP AGRI the C-BRTA in writing from time to time or where required by law and only once it has provided KAAP AGRI the C-BRTA with adequate warning of this requirement to disclose and the related details thereof, including the identity of the person who is to receive the Personal Information, the reason for the disclosure and confirmation that the person to whom the Personal Information is to be disclosed to, has signed the POPIA onwards transmission notice attached hereto marked Annexure “A”;
4.1.5 ; ensure that it has and will continue to have in place, appropriate technical and organizational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, including Industry Best Practices, which provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which safeguards comply with the requirements set out under POPIA, and in addition, which measures are in line with the requirements described under the attached KAAP AGRI C-BRTA Security Service Level Requirements, marked Annexure “B”;
4.1.6 ; implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate: the pseudonymisation and encryption of Personal Information; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of security measures.
4.1.7 . process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions and any other Data Privacy Laws which may be in place in the Country or area where the Recipient is located and where it is using the Personal Information;
4.1.8 , provided that the POPIA provisions at all times will take precedence; not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 ; where processing the Personal Information as an Operator, not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as KAAP AGRIthe C-BRTA’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with KAAP AGRI;
4.1.10 the C-BRTA; not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information, save with KAAP AGRIthe C-BRTA’s prior written consent and which is required in order for it to comply with its mandate;
4.1.11 ; where it has to pass the Personal Information to a sub-Recipient, or sub-Operator, as the case may be, as per its mandate or in terms of the Agreement / Addendum, ensure that such party concludes a “sub-Recipient or sub-Operator Agreement” with it and KAAP AGRI the C-BRTA, which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which sub-Recipient or sub-Operator Agreement will house the same terms and conditions as contained in this Agreement / Addendum, and which shall be concluded before the Personal Information is transferred to the sub-Recipient or sub-Operator.
4.1.12 . ensure that any person acting under the authority of the Recipient, including any employee or sub-Recipient, shall be obligated to process the Personal Information only on instructions from the Recipient and strictly in accordance with this Agreement / Addendum, and in particular the Sub-Recipient or sub-Operator Agreement, where applicable.
4.1.13 . promptly and without undue delay notify KAAP AGRI the C-BRTA if any Personal Information is lost or destroyed or becomes damaged, corrupted, or unusable. The Recipient will restore such Personal Information at its own expense.
4.1.14 . without undue delay notify KAAP AGRI the C-BRTA if it becomes aware of any reason to believe that there was an occurrence of any accidental, unauthorised or unlawful processing of the Personal Information; or any Personal Information Breach and in such case without undue delay, also provide KAAP AGRI the C-BRTA with the following information:
(a) : description of the nature of any accidental, unauthorised or unlawful processing of the Personal Information; or
(b) or any Personal Information Breach (including the categories and approximate number of both Data Subjects and Personal Information records concerned the likely consequences; and
(c) and description of the measures taken, or proposed to be taken to address any accidental, unauthorised or unlawful processing of the Personal Information; or
(d) or any Personal Information Breach including measures to mitigate its possible adverse effects.
4.1.15 . Immediately, following any unauthorised or unlawful Personal Information processing or Personal Information Breach, ensure that it co-ordinates and co-operates with KAAP AGRI in KAAP AGRIthe C-BRTA’s handling of the matter, including:
(a) : assisting with any investigation;
(b) providing KAAP AGRI with physical access to any facilities and operations affected;
(c) facilitating interviews with the Recipient's employees, former employees and others involved in the matter;
(d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by KAAP AGRI; and
(e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Information Breach or unlawful Personal Information processing.
4.1.16 do not inform any third party of any Personal Information Breach without first obtaining KAAP AGRI’s prior written consent, except when required to do so by law.
4.1.17 agrees that KAAP AGRI has the sole right to determine: (a) whether to provide notice of the Personal Information Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in KAAP AGRI’s discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
4.1.18 will cover all reasonable expenses associated with the performance of the obligations under clause this clause 4.1 unless the matter arose from KAAP AGRI’s specific instructions, negligence, wilful default or breach of this Agreement / Addendum, in which case KAAP AGRI will cover all reasonable expenses.
4.1.19 will also reimburse KAAP AGRI for actual reasonable expenses that KAAP AGRI incurs when responding to a Personal Information Breach to the extent that the Recipient caused such a Personal Information Breach, including all costs of notice and any remedy.
4.2 The Recipient warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Agreement/Addendum.
4.3 KAAP AGRI, in order to ascertain compliance with the warranties and undertakings housed under this Agreement / Addendum, will have the right, on reasonable notice and during regular business hours, to view and/or audit, either by itself or through an independent agent, the Recipient’s facilities, files, and any other data processing documentation needed for the required review, audit and/or independent or impartial inspection and the Recipient undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Samples: Data Processing Agreement
Obligations of the Recipient. 4.1 The Recipient expressly warrants and undertakes that it will:
4.1.1 process the Personal Information strictly in accordance with its mandate as described under “Annexure C” and any specific instructions provided to it by KAAP AGRI the Company from time to time;
4.1.2 not use the Personal Information for any other purpose, save for the purpose of processing the Personal Information as per the Agreement / Addendum;
4.1.3 treat the Personal Information as confidential and only disclose, transfer and/or hand over the Personal Information to those person(s) who are employed by it, and who need to process the Personal Information in accordance with the mandate to process as an Recipient and/or in terms of the Agreement / Addendum under strict undertakings of confidentiality;
4.1.4 in addition to the provisions of clause 4.1.3, treat the Personal Information as confidential and only disclose, transfer and/or hand over and handover the Personal Information to third parties where under any specific instructions as issued by KAAP AGRI the Company in writing from time to time or where required by law and law. The disclosure, transfer or handover of Personal Information should only once it be done after the Recipient has provided KAAP AGRI the Company with adequate warning of this requirement to disclose and the related details thereof, including . Details provided to the Company should include the identity of the person or legal entity who is to receive the Personal Information, the reason for the disclosure and confirmation that the person or legal entity to whom the Personal Information is to be disclosed to, has signed the POPIA onwards onward transmission notice attached hereto marked “Annexure “A”;
4.1.5 ensure that it has and will continue to have in place, appropriate technical and organizational organisational measures to protect and safeguard the Personal Information against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access, including . This should include Industry Best Practices, which Practices that provide a level of security appropriate to the risk represented by the processing and the nature of the Personal Information to be protected and which protected. The safeguards must comply with the requirements set out under POPIA, POPIA and in addition, which measures are be in line with the requirements described under the attached KAAP AGRI Security Service Level Requirements, marked “Annexure “B”;
4.1.6 implement such measures to ensure a level of security appropriate to the risk involved, including as appropriate: the pseudonymisation and encryption of Personal Information; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to Personal Information in a timely manner in the event of a physical or technical incident; and a process for regularly testing, assessing and evaluating the effectiveness of security measures.
4.1.7 process the Personal Information strictly in accordance with POPIA and the POPIA processing conditions and any other Data Privacy Laws which that may be in place in the Country or area where the Recipient is located and where it is using the Personal Information, provided that the POPIA provisions at all times will take precedence;
4.1.8 not use the Personal Information for any direct marketing or advertising, research or statistical purposes, unless expressly authorised to do as per its mandate and when conducting such activity ensure that this is done strictly in compliance with the requirements of POPIA and its regulations especially those applicable to direct marketing detailed under section 69;
4.1.9 where processing the Personal Information as an Operator, not treat the Personal Information as its own, it expressly acknowledging that it has been tasked with processing the Personal Information in its capacity as KAAP AGRIthe Company’s Operator and agent, and that ownership of all the records housing the Personal Information and any records comprising such Personal Information pertaining to the Data Subject, will always remain with KAAP AGRIthe Company;
4.1.10 not sell, alienate or otherwise part with the Personal Information or any of the records housing the Personal Information, save with KAAP AGRIthe Company’s prior written consent and which is required in order for it to comply with its mandate;
4.1.11 where it has to pass the Personal Information to a sub-Recipient, or sub-Operator, as the case may be, as per its mandate or in terms of the Agreement / Addendum, ensure that such party concludes a “sub-Recipient or sub-Operator Agreement” with it and KAAP AGRI the Company, which compels the third party receiving the Personal Information to respect and maintain the confidentiality and security of the Personal Information, which sub-Recipient or sub-sub- Operator Agreement will house the same terms and conditions as contained in this Agreement / Addendum, and which shall be concluded before the Personal Information is transferred to the sub-Recipient or sub-Operator.
4.1.12 ensure that any person acting under the authority of the Recipient, including any employee or sub-Recipient, shall be obligated to process the Personal Information only on instructions from the Recipient and strictly in accordance with this Agreement / Addendum, and in particular the Sub-Recipient or sub-Operator Agreement, where applicable.
4.1.13 promptly and without undue delay notify KAAP AGRI the Company if any Personal Information is lost or destroyed or becomes damaged, corrupted, or unusable. The Recipient will restore such Personal Information at its own expense.
4.1.14 without undue delay notify KAAP AGRI the Company if it becomes aware of any reason to believe that there was an occurrence of any accidental, unauthorised or unlawful processing of the Personal Information; or any Personal Information Breach and in such case without undue delay, also provide KAAP AGRI the Company with the following information:
(a) description of the nature of any accidental, unauthorised or unlawful processing of the Personal Information; or
(b) any Personal Information Breach (including the categories and approximate number of both Data Subjects and Personal Information records concerned the likely consequences; and
(c) description of the measures taken, or proposed to be taken to address any accidental, unauthorised or unlawful processing of the Personal Information; or
(d) any Personal Information Breach including measures to mitigate its possible adverse effects.
4.1.15 Immediatelyimmediately, following any unauthorised or unlawful Personal Information processing or Personal Information Breach, ensure that it co-ordinates and co-operates with KAAP AGRI in KAAP AGRIthe Company’s handling of the matter, including:
(a) assisting with any investigation;
(b) providing KAAP AGRI the Company with physical access to any facilities and operations affected;
(c) facilitating interviews with the Recipient's employees, former employees and others involved in the matter;
(d) making available all relevant records, logs, files, data reporting and other materials required to comply with all Data Protection Legislation or as otherwise reasonably required by KAAP AGRI; and
(e) taking reasonable and prompt steps to mitigate the effects and to minimise any damage resulting from the Personal Information Breach or unlawful Personal Information processing.
4.1.16 do not inform any third party of any Personal Information Breach without first obtaining KAAP AGRI’s prior written consent, except when required to do so by law.
4.1.17 agrees that KAAP AGRI has the sole right to determine: (a) whether to provide notice of the Personal Information Breach to any Data Subjects, supervisory authorities, regulators, law enforcement agencies or others, as required by law or regulation or in KAAP AGRI’s discretion, including the contents and delivery method of the notice; and (b) whether to offer any type of remedy to affected Data Subjects, including the nature and extent of such remedy.
4.1.18 will cover all reasonable expenses associated with the performance of the obligations under clause this clause 4.1 unless the matter arose from KAAP AGRI’s specific instructions, negligence, wilful default or breach of this Agreement / Addendum, in which case KAAP AGRI will cover all reasonable expenses.
4.1.19 will also reimburse KAAP AGRI for actual reasonable expenses that KAAP AGRI incurs when responding to a Personal Information Breach to the extent that the Recipient caused such a Personal Information Breach, including all costs of notice and any remedy.
4.2 The Recipient warrants that it has the legal authority to give the above-mentioned warranties and fulfil the undertakings set out in this Agreement/Addendum.
4.3 KAAP AGRI, in order to ascertain compliance with the warranties and undertakings housed under this Agreement / Addendum, will have the right, on reasonable notice and during regular business hours, to view and/or audit, either by itself or through an independent agent, the Recipient’s facilities, files, and any other data processing documentation needed for the required review, audit and/or independent or impartial inspection and the Recipient undertakes to provide all necessary assistance which may be needed to give effect to this right.
Appears in 1 contract
Samples: Cross Border Agreement / Addendum