Common use of PERSONAL DATA PROTECTION Clause in Contracts

PERSONAL DATA PROTECTION. 4.4.1 Processing of personal data by the contracting authority The contracting authority undertakes to process the personal data that are communicated to it in response to the Call for Tenders with the greatest care, in accordance with legislation on the protection of personal data (General Data Protection Regulation, GDPR). Where the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data contains stricter provisions, the contracting authority will act in accordance with said law. 4.4.2 Processing of personal data by the contractor Where during contract performance, the contractor processes personal data of the contracting authority exclusively in the name and on behalf of the contracting authority, for the sole purpose of performing the services in accordance with the provisions of the Tender Specifications or in execution of a legal obligation, the following provisions apply: For any processing of personal data carried out in connection with this public contract, the contractor is required to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. By simply participating in the contracting process, the tenderer certifies that he will strictly comply with the obligations of the GDPR for any processing of personal data conducted in connection with that public contract. The personal data that will be processed are confidential. The contractor will therefore limit access to data to the strictly necessary personnel for the performance, management and monitoring of the public contract. For the performance of the public contract, the contracting authority will determine the purposes and means of processing personal data. In this case, the contracting authority will be responsible for the processing and the contractor will be its processor, within the meaning of Article 28 of the GDPR. Processing carried out on behalf of a controller must be governed by a contract or other legal act that is binding on the processor with regard to the personal data controller and that sets out that the subcontractor acts only on the instruction of the person in charge of the processing and that the confidentiality and security obligations regarding the processing of personal data are also the responsibility of the subcontractor (Article 28 §3 of the GDPR). To this end, the tenderer must fill out, sign and submit to the contracting authority the subcontracting agreement given in the Annex. Filling out and signing this annex is therefore a condition of regularity of the tender, if so required in the section on the content of tenders.

PERSONAL DATA PROTECTION. 4.4.1 Processing of personal data by the contracting authority The contracting authority undertakes to process the personal data that are communicated to it in response to the Call for Tenders with the greatest care, in accordance with legislation on the protection of personal data (General Data Protection Regulation, GDPR). Where the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data contains stricter provisions, the contracting authority will act in accordance with said law. 4.4.2 Processing of personal data by the contractor Where during contract performance, the contractor processes personal data of the contracting authority exclusively in the name and on behalf of the contracting authority, for the sole purpose of performing the services in accordance with the provisions of the Tender Specifications or in execution of a legal obligation, the following provisions apply: For any processing of personal data carried out in connection with this public contract, the contractor is required to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. By simply participating in the contracting process, the tenderer certifies that he will strictly comply with the obligations of the GDPR for any processing of personal data conducted in connection with that public contract. The personal data that will be processed are confidential. The contractor will therefore limit access to data to the strictly necessary personnel for the performance, management and monitoring of the public contract. For the performance of the public contract, the contracting authority will determine the purposes and means of processing personal data. In this case, the contracting authority will be responsible for the processing and the contractor will be its processor, within the meaning of Article 28 of the GDPR. Processing carried out on behalf of a controller must be governed by a contract or other legal act that is binding on the processor with regard to the personal data controller and that sets out that the subcontractor acts only on the instruction of the person in charge of the processing and that the confidentiality and security obligations regarding the processing of personal data are also the responsibility of the subcontractor (Article 28 §3 of the GDPR). To this end, the tenderer must fill out, sign and submit to the contracting authority the subcontracting agreement given in the AnnexAnnex [X]. Filling out and signing this annex is therefore a condition of regularity of the tender, if so required in the section on the content of tenders.

PERSONAL DATA PROTECTION. 4.4.1 Processing of personal data by the contracting authority The contracting authority undertakes to process the personal data that are communicated to it in response to the Call for Tenders with the greatest care, in accordance with legislation on the protection of personal data (General Data Protection Regulation, GDPR). Where the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data contains stricter provisions, the contracting authority will act in accordance with said law. 4.4.2 Processing of personal data by the contractor Where Where, during contract performance, the contractor processes may process personal data of the contracting authority exclusively in the name and on behalf of the contracting authority, for the sole purpose of performing the services in accordance with the provisions of the Tender Specifications or in execution of a legal obligation, the following provisions apply: . For any processing of personal data carried out in connection with this public contract, the contractor is required to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. By simply participating in the contracting process, the tenderer certifies that he will strictly comply with the obligations of the GDPR for any processing of personal data conducted in connection with that public contract. The personal data that will be processed are confidential. The contractor will therefore limit access to data to the strictly necessary personnel for the performance, management and monitoring of the public contract. For the performance of the public contract, the contracting authority will determine the purposes and means of processing personal data. In this case, the contracting authority will be responsible for the processing and the contractor will be its processor, within the meaning of Article 28 of the GDPR. Processing carried out on behalf of a controller must be governed by a contract or other legal act that is binding on the processor with regard to the personal data controller and that sets out that the subcontractor acts only on the instruction of the person in charge of the processing and that the confidentiality and security obligations regarding the processing of personal data are also the responsibility of the subcontractor (Article 28 §3 of the GDPR). To this end, the tenderer must fill out, sign and submit to the contracting authority the subcontracting agreement given in the Annex. 2.1 Form 2: Subcontracting]. Filling out and signing this annex is therefore a condition of regularity of the tender, if so required in the section on the content of tenders. 1.6.1 Intellectual property (Art. 19 to 23)

PERSONAL DATA PROTECTION. 4.4.1 Processing of personal data by the contracting authority The contracting authority undertakes to process the personal data that are communicated to it in response to the Call for Tenders with the greatest care, in accordance with legislation on the protection of personal data (General Data Protection Regulation, GDPR). Where the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data contains stricter provisions, the contracting authority will act in accordance with said law. 4.4.2 Processing of personal data by the contractor Where during contract performance, the contractor processes personal data of the contracting authority exclusively in the name and on behalf of the contracting authority, for the sole purpose of performing the services in accordance with the provisions of the Tender Specifications or in execution of a legal obligation, the following provisions apply: For any processing of personal data carried out in connection with this public contract, the contractor is required to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. By simply participating in the contracting process, the tenderer certifies that he will strictly comply with the obligations of the GDPR for any processing of personal data conducted in connection with that public contract. The personal data that will be processed are confidential. The contractor will therefore limit access to data to the strictly necessary personnel for the performance, management and monitoring of the public contract. For the performance of the public contract, the contracting authority will determine the purposes and means of processing personal data. In this case, the contracting authority will be responsible for the processing and the contractor will be its processor, within the meaning of Article 28 of the GDPR. Processing carried out on behalf of a controller must be governed by a contract or other legal act that is binding on the processor with regard to the personal data controller and that sets out that the subcontractor acts only on the instruction of the person in charge of the processing and that the confidentiality and security obligations regarding the processing of personal data are also the responsibility of the subcontractor (Article 28 §3 of the GDPR). To this end, the tenderer must fill out, sign and submit to the contracting authority the subcontracting agreement given in the AnnexAnnex [6.2]. Filling out and signing this annex is therefore a condition of regularity of the tender, if so required in the section on the content of tenders.

PERSONAL DATA PROTECTION. 4.4.1 Processing of personal data by the contracting authority The contracting authority undertakes to process the personal data that are communicated to it in response to the Call for Tenders with the greatest care, in accordance with legislation on the protection of personal data (General Data Protection Regulation, GDPR). Where the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data contains stricter provisions, the contracting authority will act in accordance with said law. 4.4.2 Processing of personal data by the contractor Where during contract performance, the contractor processes personal data of the contracting authority exclusively in the name and on behalf of the contracting authority, for the sole purpose of performing the services in accordance with the provisions of the Tender Specifications or in execution of a legal obligation, the following provisions apply: For any processing of personal data carried out in connection with this public contract, the contractor is required to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. By simply participating in the contracting process, the tenderer certifies that he will strictly comply with the obligations of the GDPR for any processing of personal data conducted in connection with that public contract. The personal data that will be processed are confidential. The contractor will therefore limit access to data to the strictly necessary personnel for the performance, management and monitoring of the public contract. For the performance of the public contract, the contracting authority will determine the purposes and means of processing personal data. In this case, the contracting authority will be responsible for the processing and the contractor will be its processor, within the meaning of Article 28 of the GDPR. Processing carried out on behalf of a controller must be governed by a contract or other legal act that is binding on the processor with regard to the personal data controller and that sets out that the subcontractor acts only on the instruction of the person in charge of the processing and that the confidentiality and security obligations regarding the processing of personal data are also the responsibility of the subcontractor (Article 28 §3 of the GDPR). To this end, the tenderer must fill out, sign and submit to the contracting authority the subcontracting agreement given in the Annex. 3.1 “administrative proposal”. Filling out and signing this annex is therefore a condition of regularity of the tender, if so required in the section on the content of tenders.

PERSONAL DATA PROTECTION. 4.4.1 Processing of personal data by the contracting authority The contracting authority undertakes to process the personal data that are communicated to it in response to the Call for Tenders with the greatest care, in accordance with legislation on the protection of personal data (General Data Protection Regulation, GDPR). Where the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data contains stricter provisions, the contracting authority will act in accordance with said law. 4.4.2 Processing of personal data by the contractor Where during contract performance, the contractor processes personal data of the contracting authority exclusively in the name and on behalf of the contracting authority, for the sole purpose of performing the services in accordance with the provisions of the Tender Specifications or in execution of a legal obligation, the following provisions apply: For any processing of personal data carried out in connection with this public contract, the contractor is required to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. By simply participating in the contracting process, the tenderer certifies that he will strictly comply with the obligations of the GDPR for any processing of personal data conducted in connection with that public contract. The personal data that will be processed are confidential. The contractor will therefore limit access to data to the strictly necessary personnel for the performance, management and monitoring of the public contract. Tender Specifications reference number: UGA1503111-10064 For the performance of the public contract, the contracting authority will determine the purposes and means of processing personal data. In this case, the contracting authority will be responsible for the processing and the contractor will be its processor, within the meaning of Article 28 of the GDPR. Processing carried out on behalf of a controller must be governed by a contract or other legal act that is binding on the processor with regard to the personal data controller and that sets out that the subcontractor acts only on the instruction of the person in charge of the processing and that the confidentiality and security obligations regarding the processing of personal data are also the responsibility of the subcontractor (Article 28 §3 of the GDPR). To this end, the tenderer must fill out, sign and submit to the contracting authority the subcontracting agreement given in the AnnexAnnex [6]. Filling out and signing this annex is therefore a condition of regularity of the tender, if so required in the section on the content of tenders.

PERSONAL DATA PROTECTION. 4.4.1 Processing of personal data by the contracting authority The contracting authority undertakes to process the personal data that are communicated to it in response to the Call for Tenders with the greatest care, in accordance with legislation on the protection of personal data (General Data Protection Regulation, GDPR). Where the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data contains stricter provisions, the contracting authority will act in accordance with said law. 4.4.2 Processing of personal data by the contractor Where during contract performance, the contractor processes personal data of the contracting authority exclusively in the name and on behalf of the contracting authority, for the sole purpose of performing the services in accordance with the provisions of the Tender Specifications or in execution of a legal obligation, the following provisions apply: For any processing of personal data carried out in connection with this public contract, the contractor is required to comply with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data. By simply participating in the contracting process, the tenderer certifies that he will strictly comply with the obligations of the GDPR for any processing of personal data conducted in connection with that public contract. Tender Specifications reference number: UGA1503111-10025 The personal data that will be processed are confidential. The contractor will therefore limit access to data to the strictly necessary personnel for the performance, management and monitoring of the public contract. For the performance of the public contract, the contracting authority will determine the purposes and means of processing personal data. In this case, the contracting authority will be responsible for the processing and the contractor will be its processor, within the meaning of Article 28 of the GDPR. Processing carried out on behalf of a controller must be governed by a contract or other legal act that is binding on the processor with regard to the personal data controller and that sets out that the subcontractor acts only on the instruction of the person in charge of the processing and that the confidentiality and security obligations regarding the processing of personal data are also the responsibility of the subcontractor (Article 28 §3 of the GDPR). To this end, the tenderer must fill out, sign and submit to the contracting authority the subcontracting agreement given in the AnnexAnnex [X]. Filling out and signing this annex is therefore a condition of regularity of the tender, if so required in the section on the content of tenders.