PROCESSING OBLIGATIONS. 2.1 The Processor shall only carry out those actions in respect of the personal data Processed on behalf of the Controller as are stipulated in the Agreement, this DPA or otherwise with prior written consent from the Controller.
2.2 The Controller will ensure that its instructions for the Processing of personal data are in accordance with the Privacy Legislation which applies to the Processing of personal data under the Agreement.
2.3 In the course of exercising its obligations, the Processor will not transfer, and must ensure that no Sub-Contractor transfers, any personal data to any country or territory outside the European Economic Area without the prior written consent of the Controller.
PROCESSING OBLIGATIONS. The contractor shall carry out the contract only within the framework of the agreements made and according to the instructions of the client. The contractor shall not use the data for any other purposes and in particular is not entitled to pass it on to third parties. Excerpts, copies or duplicates of data or data carriers may only be produced and used without the knowledge of the client, as far as this is necessary for the execution of the contract or to ensure proper data processing or a legal or other storage obligation exists. Extracts, copies or duplicates that may have been made are to be deleted immediately after the processing or use has been completed by the contractor, or destroyed or handed over to the client. Decisions significant for security regarding the organisation of the data processing and the applied procedures must be agreed with the client. Information to third parties or the data subject may not be given by the contractor or only on the instructions of the client. Information given to employees of the client by the contractor may only be given to authorised persons. The contractor undertakes to use only software, data or data carriers which have been reliably tested for freedom from harmful software in order to prevent viruses from being introduced.
PROCESSING OBLIGATIONS. 2.1 The Processor shall only carry out those actions in respect of the personal data processed on behalf of the Controller as stipulated in the Agreement, this DPA or otherwise on documented instructions from the Controller, unless required to do so by union or member state law to which the Processor is subject. In such a case the Processor shall inform the Controller of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest.
2.2 The Controller will ensure that its instructions for the processing of personal data are in accordance with the GDPR and other applicable (local) (privacy) laws and regulations.
PROCESSING OBLIGATIONS. Commencing with each Processing Run Commencement Date, Akorn shall Process the Bulk Product corresponding to the applicable Purchase Order in accordance with the terms of this Article II (each a "Processing Run"). For purposes of this Agreement, "Processing" shall mean filling into vials, lyophilizing, inspecting and packaging the Bulk Product in order to produce finished pharmaceutical dosage forms of the Products (the "Finished Product"). The parameters (the "Processing Parameters") under which Akorn shall Process the Bulk Product shall be mutually agreed upon by the Parties at least thirty (30) days prior to the Effective Date and shall be attached hereto as Schedule 2.
PROCESSING OBLIGATIONS. To the extent a Servicing Party Processes any Personal Data on behalf of a Receiving Party in connection with the Services, such Servicing Party agrees as follows:
3.1. The Servicing Party will Process Personal Data solely for the purposes of performing the Services under the Master Agreement.
3.2. The Servicing Party will Process Personal Data solely on the basis of and in compliance with documented instructions issued by Receiving Party from time to time. If applicable law requires the Servicing Party (or, for the avoidance of doubt, any Sub-Processor) to conduct Processing inconsistent with any of the Receiving Party’s instructions, or if the Servicing Party believes that any instruction from the Receiving Party is in violation of, or would result in a violation of applicable law, the Servicing Party will promptly notify the Receiving Party thereof prior to commencing the Processing.
3.3. The Servicing Party will keep all Personal Data confidential and impose legally binding confidentiality and information security obligations on any personnel, contractor, Sub-Processor, or other third party that Process or otherwise have access to Personal Data; such obligations will meet or exceed the requirements set forth in applicable law and will survive the termination of the employment relationship.
3.4. The Servicing Party will not obtain any rights or title to any Personal Data by virtue of providing the Services, and may not determine the purposes for which Personal Data it receives under the Master Agreement may be Processed or otherwise used.
3.5. Where the Servicing Party, in accordance with the Agreement, engages a Sub-Processor for carrying out specific Processing activities, the Servicing Party must enter into a written agreement with the Sub-Processor that imposes the same data protection obligations and restrictions as set forth in this Appendix on the Sub-Processor. Such agreement must provide sufficient guarantees to implement appropriate technical and organizational measures such that the Processing will meet the requirements of applicable law including the Regulation.
3.6. At any time upon the Receiving Party’s request, the Servicing Party will make available a list of all Sub-Processors that Process or may Process Personal Data in connection with the Services. This list shall also specify all geographic locations where Processing by such enumerated Sub-Processors may take place. The Servicing Party will inform Discover of any intended changes con...
PROCESSING OBLIGATIONS. 3.1 The Customer is disclosing Personal Data to the Supplier pursuant to an Agreement for the specific Services and purposes set forth in the Agreement. Except as otherwise expressly provided in the Agreement (i) the Personal Data subject to Processing concerns the Customer’s customers, personnel, vendors and suppliers as provided in connection with the Services, and (ii) the nature of the Processing shall consist of receipt, collection, storage, analysis and reporting of the Personal Data as necessary to perform the Services. The Supplier will Process Personal Data pursuant to the Agreement (including the terms of this DPA) only (a) on behalf of the Customer, (b) in accordance with the Customer’s documented instructions including the instructions documented in the Agreement, and (c) as necessary to perform the Services and deliver the Content and otherwise comply with Applicable Law, including Applicable Data Protection Laws (“Processing Activities”). The Supplier certifies that it will not retain, use, disclose or otherwise Process Personal Data for any other purpose, including any commercial purpose restricted under Applicable Data Protection Laws. The parties have determined that, for the purposes of Applicable Data Protection Laws, (a) the Supplier shall act as processor and the Customer shall be the controller in respect of the Personal Data and Processing Activities; and (b) the Supplier shall Process the Personal Data as a service provider on behalf of the Customer in respect of the Processing Activities. Without prejudice to the generality of the foregoing, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer Personal Data to the Supplier and lawful collection of the same by the Supplier for the duration and purposes of this Agreement.
3.2 The Supplier shall not retain, use, or disclose the Personal Data it receives under an Agreement outside of the direct business relationship between the Supplier and the Customer unless expressly permitted by Applicable Data Protection Laws. The Supplier certifies that it will (a) comply with Applicable Data Protection Laws; and (b) promptly inform the Customer in writing if the Supplier makes a determination that it can no longer meet its obligations under Applicable Data Protection Laws.
3.3 Except as explicitly specified in an Agreement as part of the Services, the Supplier shall not Sell or Share a Consumer’s Personal Data it r...
PROCESSING OBLIGATIONS. Where Retrium processes Customer Personal Data under or in connection with the Agreement, Retrium shall:
I. Unless otherwise required by applicable law, only process such Customer Personal Data as may be necessary to perform its obligations under the Agreement, and only in accordance with Customer’s instructions.
II. Put in place appropriate technical and organizational security measures to protect against unauthorized or unlawful processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data (“Personal Data Breach”).
III. Provide reasonable co-operation to Customer in the event of an inquiry by a supervisory authority relating to Retrium’s processing of Customer Personal Data.
IV. Keep Customer Personal Data confidential and ensure that Retrium staff who have access to Customer Personal Data are subject to appropriate confidentiality obligations.
V. Notify Customer without undue delay after becoming aware of any Personal Data Breach involving Customer Personal Data.
VI. Taking into account the nature of the processing, provide reasonable cooperation and assistance to Customer as Customer may reasonably require to allow Customer to comply with its obligations under Articles 32 - 36 of the GDPR, as applicable, including in relation to data security, data breach notification, data protection impact assessments, prior consultation with supervisory authorities, the fullfilment of data subjects’ rights, and any enquiry, notice or investigation by a supervisory authority.
VII. Save as may be required or permitted by applicable law, delete or return all Customer Personal Data on termination of the Agreement at the written direction of Customer.
VIII. Inform Customer immediately if, in its opinion, the Customer’s processing instructions infringe Data Protection Laws.
PROCESSING OBLIGATIONS. The Contractor shall carry out the order exclusively within the framework of the agreements made and in accordance with the Client's instructions. The Contractor shall not use the data for any other purposes and shall in particular not be entitled to pass them on to third parties. Extracts, copies or duplicates of data or data carriers may only be produced and used without the knowledge of the Client insofar as this is necessary for the execution of the order or to ensure proper data processing or if there is a legal or other obligation to retain data. Any excerpts, copies or duplicates made shall be securely deleted by the Contractor immediately after completion of the processing or use or destroyed in accordance with data protection law, or handed over to the Client. Decisions on the organisation of data processing and on the procedures used that are significant for security shall be agreed with the Client. The Contractor may not provide information to third parties or the data subject or may do so only on the Client's instructions. The Contractor may only provide information to employees of the Client to authorised persons. The Contractor undertakes to only use software, data or data carriers that have been reliably checked for freedom from harmful software in order to avoid the introduction of viruses, etc.
PROCESSING OBLIGATIONS acts as a Data Processor on behalf of the Data Controller in the provision of the Products applicable to the Education Institutions main agreement, these products may include:
PROCESSING OBLIGATIONS. 4.1. Tes acts as a Data Processor on behalf of the Data Controller in the provision of the E-learning Services and MyEduCare platform for the purposes of:
4.1.1. Learning Management System
4.1.2. Customer Relationship Management 4.1.3. Employee Onboarding 4.1.4. Customer setup
