Common use of Processing of personal data by the Parties Clause in Contracts

Processing of personal data by the Parties. The processing of personal data by the Parties shall meet the requirements of Regulation (EU) 2018/1725 and be processed solely for the following purposes: Contact with employees and subcontractors in order to collaborate under the Agreement. Both Parties agree each act as Data Controllers with regards to the Processing of Personal Data they each undertake. Each Party represents and warrants that it has provided an appropriate data privacy notice and obtained appropriate consent (if legally required) from the data subjects whose In-Scope Personal Data is being shared with the other Party and that such notice and consent is in accordance with Applicable Laws regarding data protection and allows for the desired use of such In-Scope Personal Data. Should a Party learn that it has provided In-Scope Personal Data that may not be shared pursuant to a consent or notice, such Party is responsible for promptly notifying the other Party so that the affected In-Scope Personal Data can be deleted as required. The Parties agree that the responsibility for complying with any communication addressed to one or both Parties under this Agreement made by a Data Subject exercising one or several of his/her data protection rights under Applicable Laws regarding Data Protection (“Data Subjects Requests”) falls to the Party receiving the Data Subject Request in respect of the personal data held and under the responsibility of that Party as data controller. The Parties agree to cooperate and provide reasonable assistance as is necessary to each other to enable them to (1) comply with Applicable Laws regarding Data Protection, (2) comply with Subject Requests and (3) respond to any other queries or complaints from data subjects. In the event a Party suffers a personal data breach, such Party shall ensure it complies with Applicable Laws regarding Data Protection and, if applicable, complies with any obligations to notify Data Protection Supervisory Authority, data subjects or other regulatory bodies as required by Applicable Law regarding the Personal Data Breach. To the extent the Commission or Participating Member State suffers a personal data breach that (1) has an impact on the services provided under this Agreement or (2) relates to In- Scope Personal Data AstraZeneca shared with the Commission or Participating Member State, the Commission or Participating Member State shall promptly notify AstraZeneca about such personal data breach.