Common use of Personal and Protected Information Clause in Contracts

Personal and Protected Information. Application of this clause 41.1 This clause 41 applies only where the Provider deals with Personal Information for the purpose of conducting the Services under this Agreement. 41.2 In this clause 41, the terms ‘agency’, ‘APP code’, ‘contracted service provider’, 'eligible data breach', 'organisation', ‘sensitive information’, and ‘Australian Privacy Principle’ (APP) have the same meaning as they have in section 6 of the Privacy Act, and ‘subcontract’ and other grammatical forms of that word have the meaning given in section 95B(4) of the Privacy Act. 41.3 The Provider acknowledges that it is a contracted service provider and agrees in respect to the conduct of the Services under this Agreement: to use or disclose Personal Information, including sensitive information, obtained in the course of conducting the Services, only for the purposes of this Agreement or where otherwise permitted under the Privacy Act; except where this clause expressly requires the Provider to comply with an APP that applies only to an organisation, to carry out and discharge the obligations contained in the APPs as if it were an agency; not to do any act or engage in any practice that if done or engaged in by an agency or, where relevant, an organisation, would be a breach of an APP; to notify individuals whose Personal Information it holds, that: complaints about its acts or practices may be investigated by the Information Commissioner who has power to award compensation against the Provider in appropriate circumstances; and their Personal Information may be disclosed and passed on to the Department and to other persons in relation to providing the Services; unless expressly authorised or required under this Agreement, not engage in any practice that would breach any registered APP code that is applicable to the Provider; to comply with any request under section 95C of the Privacy Act; to comply with any directions, guidelines, determinations, rules or recommendations of the Information Commissioner to the extent that they are consistent with the requirements of this clause 41; not to transfer Personal Information outside Australia, or to allow parties outside Australia to have access to it, without the prior written approval of the Department; to its name being published in reports by the Information Commissioner; if the Provider suspends or terminates Personnel: to remove any access that the Personnel have to any Personal Information; and to require that the Personnel return to the Provider or the Department any Personal Information held in the Personnel’s possession; it must remind the Personnel of their relevant obligations under this Agreement; and to ensure that any of its Personnel who are required to deal with Personal Information for the purposes of this Agreement: are made aware of their obligations in this clause 41 including to undertake in writing to observe the APPs (or a registered APP code, where applicable); and where required by the Department, undertake in writing to observe the APPs (or a registered APP code where applicable). 41.4 The Provider must immediately Notify the Department if it becomes aware: of an actual or suspected eligible data breach, by any Personnel or Subcontractor; of an actual or suspected breach of any of the obligations contained in, or referred to in, this clause 41 by any Personnel or Subcontractor; that a disclosure of Personal Information may be required by law; or of an approach to the Provider by the Information Commissioner or by a person claiming that their privacy has been interfered with. 41.5 The Provider must ensure that when handling Protected Information, it complies with the requirements under Division 3 [Confidentiality] of Part 5 of the Social Security (Administration) Act 1999 (Cth).

Personal and Protected Information. Application of this clause‌ 41.1 This clause 41 applies only where the Provider deals with Personal Information for the purpose of conducting the Services under this Agreement. 41.2 In this clause 41, the terms ‘agency’, ‘APP code’, ‘contracted service provider’, 'eligible data breach', 'organisation', ‘sensitive information’, and ‘Australian Privacy Principle’ (APP) have the same meaning as they have in section 6 of the Privacy Act, and ‘subcontract’ and other grammatical forms of that word have the meaning given in section 95B(4) of the Privacy Act. 41.3 The Provider acknowledges that it is a contracted service provider and agrees in respect to the conduct of the Services under this Agreement: to use or disclose Personal Information, including sensitive information, obtained in the course of conducting the Services, only for the purposes of this Agreement or where otherwise permitted under the Privacy Act; except where this clause expressly requires the Provider to comply with an APP that applies only to an organisation, to carry out and discharge the obligations contained in the APPs as if it were an agency; not to do any act or engage in any practice that if done or engaged in by an agency or, where relevant, an organisation, would be a breach of an APP; to notify individuals whose Personal Information it holds, that: complaints about its acts or practices may be investigated by the Information Commissioner who has power to award compensation against the Provider in appropriate circumstances; and their Personal Information may be disclosed and passed on to the Department and to other persons in relation to providing the Services; unless expressly authorised or required under this Agreement, not engage in any practice that would breach any registered APP code that is applicable to the Provider; to comply with any request under section 95C of the Privacy Act; to comply with any directions, guidelines, determinations, rules or recommendations of the Information Commissioner to the extent that they are consistent with the requirements of this clause 41; not to transfer Personal Information outside Australia, or to allow parties outside Australia to have access to it, without the prior written approval of the Department; to its name being published in reports by the Information Commissioner; if the Provider suspends or terminates Personnel: to remove any access that the Personnel have to any Personal Information; and to require that the Personnel return to the Provider or the Department any Personal Information held in the Personnel’s possession; it must remind the Personnel of their relevant obligations under this Agreement; and to ensure that any of its Personnel who are required to deal with Personal Information for the purposes of this Agreement: are made aware of their obligations in this clause 41 including to undertake in writing to observe the APPs (or a registered APP code, where applicable); and where required by the Department, undertake in writing to observe the APPs (or a registered APP code where applicable). 41.4 The Provider must immediately Notify the Department if it becomes aware: of an actual or suspected eligible data breach, by any Personnel or Subcontractor; of an actual or suspected breach of any of the obligations contained in, or referred to in, this clause 41 by any Personnel or Subcontractor; that a disclosure of Personal Information may be required by law; or of an approach to the Provider by the Information Commissioner or by a person claiming that their privacy has been interfered with. 41.5 The Provider must ensure that when handling Protected Information, it complies with the requirements under Division 3 [Confidentiality] of Part 5 of the Social Security (Administration) Act 1999 (Cth).

Personal and Protected Information. Application of this clause 41.1 This clause 41 applies only where the Provider deals with Personal Information for the purpose of conducting the Services under this Agreement. 41.2 In this clause 41, the terms ‘agency’, ‘APP code’, ‘contracted service provider’, 'eligible data breach', 'organisation', ‘sensitive information’, and ‘Australian Privacy Principle’ (APP) have the same meaning as they have in section 6 of the Privacy Act, and ‘subcontract’ and other grammatical forms of that word have the meaning given in section 95B(4) of the Privacy Act. 41.3 The Provider acknowledges that it is a contracted service provider and agrees in respect to the conduct of the Services under this Agreement: to use or disclose Personal Information, including sensitive information, obtained in the course of conducting the Services, only for the purposes of this Agreement or where otherwise permitted under the Privacy Act; except where this clause expressly requires the Provider to comply with an APP that applies only to an organisation, to carry out and discharge the obligations contained in the APPs as if it were an agency; not to do any act or engage in any practice that if done or engaged in by an agency or, where relevant, an organisation, would be a breach of an APP; to notify individuals whose Personal Information it holds, that: complaints about its acts or practices may be investigated by the Information Commissioner who has power to award compensation against the Provider in appropriate circumstances; and their Personal Information may be disclosed and passed on to the Department and to other persons in relation to providing the Services; unless expressly authorised or required under this Agreement, not engage in any practice that would breach any registered APP code that is applicable to the Provider; to comply with any request under section 95C of the Privacy Act; to comply with any directions, guidelines, determinations, rules or recommendations of the Information Commissioner to the extent that they are consistent with the requirements of this clause 41; not to transfer Personal Information outside Australia, or to allow parties outside Australia to have access to it, without the prior written approval of the Department; to its name being published in reports by the Information Commissioner; if the Provider suspends or terminates Personnel: to remove any access that the Personnel have to any Personal Information; and to require that the Personnel return to the Provider or the Department any Personal Information held in the Personnel’s possession; it must remind the Personnel of their relevant obligations under this Agreement; and to ensure that any of its Personnel who are required to deal with Personal Information for the purposes of this Agreement: are made aware of their obligations in this clause 41 including to undertake in writing to observe the APPs (or a registered APP code, where applicable); and where required by the Department, undertake in writing to observe the APPs (or a registered APP code where applicable). 41.4 The Provider must immediately Notify the Department if it becomes aware: of an actual or suspected eligible data breach, by any Personnel or Subcontractor; of an actual or suspected breach of any of the obligations contained in, or referred to in, this clause 41 by any Personnel or Subcontractor; that a disclosure of Personal Information may be required by law; or of an approach to the Provider by the Information Commissioner or by a person claiming that their privacy has been interfered with. 41.5 The Provider must ensure that when handling Protected Information, it complies with the requirements under Division 3 [Confidentiality] of Part 5 of the Social Security (Administration) Act 1999 Xxx 0000 (Cth).

Personal and Protected Information. Application of this clause‌ 41.1 This clause 41 applies only where the Provider deals with Personal Information for the purpose of conducting the Services under this Agreement. 41.2 In this clause 41, the terms ‘agency’, ‘APP code’, ‘contracted service provider’, 'eligible data breach', 'organisation', ‘sensitive information’, and ‘Australian Privacy Principle’ (APP) have the same meaning as they have in section 6 of the Privacy Act, and ‘subcontract’ and other grammatical forms of that word have the meaning given in section 95B(4) of the Privacy Act. 41.3 The Provider acknowledges that it is a contracted service provider and agrees in respect to the conduct of the Services under this Agreement: to use or disclose Personal Information, including sensitive information, obtained in the course of conducting the Services, only for the purposes of this Agreement or where otherwise permitted under the Privacy Act; except where this clause expressly requires the Provider to comply with an APP that applies only to an organisation, to carry out and discharge the obligations contained in the APPs as if it were an agency; not to do any act or engage in any practice that if done or engaged in by an agency or, where relevant, an organisation, would be a breach of an APP; to notify individuals whose Personal Information it holds, that: complaints about its acts or practices may be investigated by the Information Commissioner who has power to award compensation against the Provider in appropriate circumstances; and their Personal Information may be disclosed and passed on to the Department and to other persons in relation to providing the Services; unless expressly authorised or required under this Agreement, not engage in any practice that would breach any registered APP code that is applicable to the Provider; to comply with any request under section 95C of the Privacy Act; to comply with any directions, guidelines, determinations, rules or recommendations of the Information Commissioner to the extent that they are consistent with the requirements of this clause 41; not to transfer Personal Information outside Australia, or to allow parties outside Australia to have access to it, without the prior written approval of the Department; to its name being published in reports by the Information Commissioner; if the Provider suspends or terminates Personnel: to remove any access that the Personnel have to any Personal Information; and to require that the Personnel return to the Provider or the Department any Personal Information held in the Personnel’s possession; it must remind the Personnel of their relevant obligations under this Agreement; and to ensure that any of its Personnel who are required to deal with Personal Information for the purposes of this Agreement: are made aware of their obligations in this clause 41 including to undertake in writing to observe the APPs (or a registered APP code, where applicable); and where required by the Department, undertake in writing to observe the APPs (or a registered APP code where applicable). 41.4 The Provider must immediately Notify the Department if it becomes aware: of an actual or suspected eligible data breach, by any Personnel or Subcontractor; of an actual or suspected breach of any of the obligations contained in, or referred to in, this clause 41 by any Personnel or Subcontractor; that a disclosure of Personal Information may be required by law; or of an approach to the Provider by the Information Commissioner or by a person claiming that their privacy has been interfered with. 41.5 The Provider must ensure that when handling Protected Information, it complies with the requirements under Division 3 [Confidentiality] of Part 5 of the Social Security (Administration) Act 1999 Xxx 0000 (Cth).