Common use of PERSONAL DATA PROTECTION ACT Clause in Contracts

PERSONAL DATA PROTECTION ACT. 26.1 Both parties shall comply with all applicable requirements of the Data Protection Legislation. This clause 26 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation. 26.2 The CONTRACTOR shall, in relation to any Personal Data processed in connection with the performance by the CONTRACTOR of its obligations under the PURCHASE ORDER: a) process that Personal Data only to the extent, and in such manner, as is necessary for the purposes specified in the PURCHASE ORDER and in accordance with the written instructions of the COMPANY; b) ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); ensure that access to Personal Data is limited to personnel who need to access the Personal Data to ensure the CONTRACTOR’s obligations under the PURCHASE ORDER and that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; c) not transfer any Personal Data hosted from within the European Economic Area (EEA) outside of the EEA unless the prior written consent of the COMPANY has been obtained and the following conditions are fulfilled: I. the COMPANY or the CONTRACTOR has provided appropriate safeguards in relation to the transfer; II. the data subject has enforceable rights and effective legal remedies; III. the CONTRACTOR complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and IV. the CONTRACTOR complies with reasonable instructions notified to it in advance by the COMPANY with respect to the processing of the Personal Data; d) assist the COMPANY at the COMPANY’s cost, in responding to any request from an individual for access to Personal Data and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, subject access requests, impact assessments and consultations with supervisory authorities or regulators; e) notify the COMPANY without undue delay on becoming aware of a Personal Data breach; f) at the written direction of the COMPANY, delete or return Personal Data and copies thereof to the COMPANY on termination of the agreement or otherwise unless required by applicable global law to store the Personal Data; and g) maintain complete and accurate records and information to demonstrate its compliance with this clause 26 and allow for audits by the Company or the Company’s designated auditor on 7 days’ notice. No notice will be required if the COMPANY reasonably believes that the CONTRACTOR is in breach of its obligations under the PURCHASE ORDER. 26.3 The COMPANY does not consent to the CONTRACTOR appointing any third party processor of Personal Data under the PURCHASE ORDER. 26.4 The CONTRACTOR agrees to indemnify and keep indemnified and defend at its own expense the COMPANY against all costs, claims, damages or expenses incurred by the COMPANY or for which the COMPANY may become liable due to any failure by the CONTRACTOR or its personnel or agents to comply with any of its obligations under the PURCHASE ORDER.

PERSONAL DATA PROTECTION ACT. 26.1 26.1. Both parties shall comply with all applicable requirements of the Data Protection Legislation. This clause 26 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation. 26.2 26.2. The CONTRACTOR shall, in relation to any Personal Data processed in connection with the performance by the CONTRACTOR of its obligations under the PURCHASE ORDER: (a) process that Personal Data only to the extent, and in such manner, as is necessary for the purposes specified in the PURCHASE ORDER and in accordance with the written instructions of the COMPANY; (b) ensure that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational organisation al measures adopted by it); ensure that access to Personal Data is limited to personnel who need to access the Personal Data to ensure the CONTRACTOR’s obligations under the PURCHASE ORDER and that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; (c) not transfer any Personal Data hosted from within the European Economic Area (EEA) outside of the EEA unless the prior written writt en consent of the COMPANY has been obtained and the following conditions are fulfilled: I. i. the COMPANY or the CONTRACTOR has provided appropriate safeguards in relation to the transfer; IIii. the data subject has enforceable rights and effective legal remedies; IIIiii. the CONTRACTOR complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and IViv. the CONTRACTOR complies with reasonable instructions notified to it in advance by the COMPANY with respect to the processing of the Personal Data; (d) assist the COMPANY at the COMPANY’s cost, in responding to any request from an individual for access to Personal Data and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, subject access requests, impact assessments and consultations with supervisory authorities or regulators; (e) notify the COMPANY without undue delay on becoming aware of a Personal Data breach; (f) at the written direction of the COMPANY, delete or return Personal Data and copies thereof to the COMPANY on termination of the agreement or otherwise unless required by applicable global law to store the Personal Data; and (g) maintain complete and accurate records and information to demonstrate its compliance with this clause 26 and allow for audits by the Company or the Company’s designated auditor on 7 days’ notice. No notice will be required if the COMPANY reasonably believes that the CONTRACTOR is in breach of its obligations under the PURCHASE ORDER. 26.3 26.3. The COMPANY does not consent to the CONTRACTOR appointing any third party processor of Personal Data under the PURCHASE ORDER. 26.4 26.4. The CONTRACTOR agrees to indemnify and keep indemnified and defend at its own expense the COMPANY against all costs, claims, damages or expenses incurred by the COMPANY or for which the COMPANY may become liable due to any failure by the CONTRACTOR or its personnel or agents to comply with any of its obligations under the PURCHASE ORDER.