Processing of a Grievance It is recognized and accepted by the Union and the Employer that the processing of grievances as hereinafter provided is limited by the job duties and responsibilities of the employees and shall therefore be accomplished during normal working hours only when consistent with such employee duties and responsibilities. The aggrieved employee and a Union representative shall be allowed a reasonable amount of time without loss of pay when a grievance is investigated and presented to the Employer during normal working hours provided that the employee and the Union representative have notified and received the approval of the designated supervisor who has determined that such absence is reasonable and would not be detrimental to the work programs of the Employer.
Processing of Customer Personal Data 3.1 UKG will:
3.1.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and
3.1.2 not Process Customer Personal Data other than for the purpose, and in accordance with, the relevant Customer’s instructions as documented in the Agreement and this DPA, unless Processing is required by the Data Protection Laws to which the relevant UKG Processor is subject, in which case UKG to the extent permitted by the Data Protection Laws, will inform Customer of that legal requirement before the Processing of that Customer Personal Data.
3.2 Customer hereby:
3.2.1 instructs UKG (and authorizes UKG to instruct each Subprocessor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory subject to the provisions of this DPA, in each case as reasonably necessary for the provision of the Services and consistent with the Agreement.
3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instructions set out in Section 3.2.1 on behalf of each relevant Customer Affiliate; and
3.2.3 warrants and represents that it has all necessary rights in relation to the Customer Personal Data and/or has collected all necessary consents from Data Subjects to Process Customer Personal Data to the extent required by Applicable Law.
3.3 Schedule 1 to this DPA sets out certain information regarding UKG’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR (and equivalent requirements of other Data Protection Laws).
Processing of Deposit files The use of compression is recommended in order to reduce electronic data transfer times, and storage capacity requirements. Data encryption will be used to ensure the privacy of registry escrow data. Files processed for compression and encryption will be in the binary OpenPGP format as per OpenPGP Message Format -‐ RFC 4880, see Part A, Section 9, reference 3 of this Specification. Acceptable algorithms for Public-‐key cryptography, Symmetric-‐key cryptography, Hash and Compression are those enumerated in XXX 0000, not marked as deprecated in OpenPGP IANA Registry, see Part A, Section 9, reference 4 of this Specification, that are also royalty-‐free. The process to follow for the data file in original text format is:
(1) The XML file of the deposit as described in Part A, Section 9, reference 1 of this Specification must be named as the containing file as specified in Section 5 but with the extension xml.
(2) The data file(s) are aggregated in a tarball file named the same as (1) but with extension tar.
(3) A compressed and encrypted OpenPGP Message is created using the tarball file as sole input. The suggested algorithm for compression is ZIP as per XXX 0000. The compressed data will be encrypted using the escrow agent’s public key. The suggested algorithms for Public-‐key encryption are Elgamal and RSA as per XXX 0000. The suggested algorithms for Symmetric-‐key encryption are TripleDES, AES128 and CAST5 as per XXX 0000.
(4) The file may be split as necessary if, once compressed and encrypted, it is larger than the file size limit agreed with the escrow agent. Every part of a split file, or the whole file if not split, will be called a processed file in this section.
(5) A digital signature file will be generated for every processed file using the Registry Operator’s private key. The digital signature file will be in binary OpenPGP format as per RFC 4880 Section 9, reference 3, and will not be compressed or encrypted. The suggested algorithms for Digital signatures are DSA and RSA as per XXX 0000. The suggested algorithm for Hashes in Digital signatures is SHA256.
(6) The processed files and digital signature files will then be transferred to the Escrow Agent through secure electronic mechanisms, such as, SFTP, SCP, HTTPS file upload, etc. as agreed between the Escrow Agent and the Registry Operator. Non-‐electronic delivery through a physical medium such as CD-‐ROMs, DVD-‐ROMs, or USB storage devices may be used if authorized by ICANN.
(7) The Escrow Agent will then validate every (processed) transferred data file using the procedure described in Part A, Section 8 of this Specification.
Order Processing Any order by you for the purchase of shares of the respective Funds through us shall be accepted at the time when it is received by us (or any clearing house agency that we may designate from time to time), and at the offering and sale price next determined, unless rejected by us or the respective Funds. In addition to the right to reject any order, the Funds have reserved the right to withhold shares from sale temporarily or permanently. We will not accept any order from you that is placed on a conditional basis or subject to any delay or contingency prior to execution. The procedures relating to the handling of orders shall be subject to instructions that we shall forward from time to time to all members of the Selling Group. The shares purchased will be issued by the respective Funds only against receipt of the purchase price, in collected New York or Los Angeles Clearing House funds subject to deduction of all concessions on such sale (reallowance of any concessions to which you are entitled on purchases at net asset value will be paid through our direct purchase concession system). If payment for the shares purchased is not received within three days after the date of confirmation the sale may be cancelled forthwith, by us or by the respective Funds, without any responsibility or liability on our part or on the part of the Funds, and we and/or the respective Funds may hold you responsible for any loss, expense, liability or damage, including loss of profit suffered by us and/or the respective Funds, resulting from your delay or failure to make payment as aforesaid.
Processing of Personal Data 1.1. With regard to the Processing of Personal Data, You are the controller and determine the purposes and means of Processing of Personal Data You provide to Us (“Controller”) and You appoint Us as a processor (“Processor”) to process such Personal Data (hereinafter, “Data”) on Your behalf (hereinafter, “Processing”).
1.2. The details of the type and purpose of Processing are defined in the Exhibits attached hereto. Except where the DPA stipulates obligations beyond the Term of the Agreement, the duration of this DPA shall be the same as the Agreement Term.
1.3. You shall be solely responsible for compliance with Your obligations under the applicable Data Protection Laws, including, but not limited to, the lawful disclosure and transfer of Personal Data to Us by upload of source data into the Cloud Service or otherwise.
1.4. Processing shall include all activities detailed in this Agreement and the instructions issued by You. You may, in writing, modify, amend, or replace such instructions by issuing such further instructions to the point of contact designated by Us. Instructions not foreseen in or covered by the Agreement shall be treated as requests for changes. You shall, without undue delay, confirm in writing any instruction issued orally. Where We believe that an instruction would be in breach of applicable law, We shall notify You of such belief without undue delay. We shall be entitled to suspend performance on such instruction until You confirm or modify such instruction.
1.5. We shall ensure that all personnel involved in Processing of Customer Data and other such persons as may be involved in Processing shall only do so within the scope of the instructions. We shall ensure that any person Processing Customer Data is subject to confidentiality obligations similar to the confidentiality terms of the Agreement. All such confidentiality obligations shall survive the termination or expiration of such Processing.
Data Processing Agreement The Data Processing Agreement, including the Approved Data Transfer Mechanisms (as defined in the Data Processing Agreement) that apply to your use of the Services and transfer of Personal Data, is incorporated into this Agreement by this reference. Each party will comply with the terms of the Data Processing Agreement and will train its employees on DP Law.
Sub-processing 11.1 The data importer shall not subcontract any of its processing operations performed on behalf of the data exporter under the Clauses without the prior written consent of the data exporter. Where the data importer subcontracts its obligations under the Clauses, with the consent of the data exporter, it shall do so only by way of a written agreement with the sub-processor which imposes the same obligations on the sub- processor as are imposed on the data importer under the Clauses. Where the sub-processor fails to fulfil its data protection obligations under such written agreement the data importer shall remain fully liable to the data exporter for the performance of the sub-processor’s obligations under such agreement.
11.2 The prior written contract between the data importer and the sub-processor shall also provide for a third-party beneficiary clause as laid down in Clause 3 for cases where the data subject is not able to bring the claim for compensation referred to in paragraph 1 of Clause 6 against the data exporter or the data importer because they have factually disappeared or have ceased to exist in law or have become insolvent and no successor entity has assumed the entire legal obligations of the data exporter or data importer by contract or by operation of law. Such third-party liability of the sub-processor shall be limited to its own processing operations under the Clauses.
11.3 The provisions relating to data protection aspects for sub-processing of the contract referred to in paragraph 1 shall be governed by the law of the Member State in which the data exporter is established, namely ........................................
11.4 The data exporter shall keep a list of sub-processing agreements concluded under the Clauses and notified by the data importer pursuant to Clause 5(j), which shall be updated at least once a year. The list shall be available to the data exporter’s data protection supervisory authority.
Processing operations The personal data transferred will be subject to the following basic processing activities (please specify):
Account Information The account balance and transaction history information may be limited to recent account information involving your accounts. Also, the availability of funds for transfer or withdrawal may be limited due to the processing time for any ATM deposit transactions and our Funds Availability Policy.
