Common use of Processing of Personal Data Clause in Contracts

Processing of Personal Data. 15.1 Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law. The Parties commit themselves to respect applicable data protection laws and regulations and process Personal Data in accordance with the terms of this Agreement. 15.2 IUCN may share Personal Data of the Consultant and / or Consultant Key Personnel with the Donor and other IUCN partners strictly involved in the implementation of the Project. The Consultant will have the right of access its Personal Data and the right to rectify any such Personal Data held by IUCN. If the Consultant has any queries concerning the processing of Personal Data, it shall address them to IUCN using the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform). 15.3 IUCN may in the course of performance of this Agreement provide the Consultant with Personal Data. The Consultant shall limit access and use of Personal Data to that strictly necessary for the performance of this Agreement and shall adopt all appropriate technical and organizational security measures necessary to preserve the strictest confidentiality and limit access to Personal Data. 15.4 Where the Consultant engages another processor for carrying out specific processing activities on behalf of IUCN, the same data protection obligations as set out in this Agreement and the applicable law shall be imposed on that other processor by way of an agreement. Where that other processor fails to fulfil its data protection obligations, the Consultant shall remain fully liable to IUCN for the performance of that other processor’s obligations. 15.5 Where Personal Data is transferred to a country that has not been deemed to provide an adequate level of protection for Personal Data or to an International Organization within the meaning of Regulation (EU) 2016/679, the Consultant shall ensure that appropriate safeguards in accordance with applicable law are provided. 15.6 The Consultant shall promptly, and in any case within twenty-four (24) hours inform IUCN through the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform), if it determines and/or discloses to a competent public authority and/or affected data subjects that a Personal Data breach has occurred.

Processing of Personal Data. 15.1 Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law1. The Parties commit themselves Data Processor and any person acting under its authority (e.g. personnel, Sub-processors and persons acting under the Sub-processor’s authority) undertake to respect applicable data protection laws and regulations and only process Personal Data in accordance with documented instructions communicated by the terms of Data Controller (Appendix 1). The Data Processor shall only process Personal Data to the extent necessary to fulfill its obligations under this AgreementDPA or Applicable Data Protection Legislation. 15.2 IUCN may share Personal Data of the Consultant and / or Consultant Key Personnel with the Donor and other IUCN partners strictly involved in the implementation of the Project. The Consultant will have the right of access its Personal Data and the right to rectify any such Personal Data held by IUCN2. If the Consultant has any queries concerning services are altered during the term of the Agreement and such altered services involve new or amended processing of Personal Data, it or if the Data Controller’s instructions are otherwise changed or updated, the parties shall address them to IUCN using ensure that Appendix 1 is updated as appropriate before or at the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform)latest in connection with the commencement of such processing or change. 15.3 IUCN may 3. When processing Personal Data under this DPA, the Data Processor shall comply with any and all Applicable Data Protection Legislation and applicable recommendations by competent Data Protection Authorities or other competent authorities and shall keep itself updated on and comply with any changes in such legislation and/or recommendations. The Data Processor shall accept to make any changes and amendments to this DPA that are required under Applicable Data Protection Legislation. 4. The Data Processor shall assist the course Data Controller in fulfilling its legal obligations under Applicable Data Protection Legislation, including but not limited to the Data Controller’s obligation to comply with the rights of performance data subjects and in ensuring compliance with the Data Controller’s obligations relating to the security of this Agreement provide processing (Art. 32 GDPR), the Consultant with notification of a Personal Data Breach (Art 33, 34 GDPR) and the Data Protection Impact Assessment and the prior consultation (Art 35, 36 GDPR), obligation to respond to requests for exercising the data subject's rights to information regarding the processing of its Personal Data. The Consultant Data Processor shall limit access not carry out any act, or omit any act, that would cause the Data Controller to be in breach of Applicable Data Protection Legislation. 5. The Data Processor shall immediately inform the Data Controller of a request, complaint, message, or any other communication received from a competent authority or any other third party regarding the processing of Personal Data covered by this DPA. The Data Processor may not in any way act on behalf of or as a representative of the Data Controller and use may not, without prior instructions from the Data Controller, transfer or in any other way disclose Personal Data or any other information relating to the processing of Personal Data to any third party, unless the Data Processor is required to do so by law. The Data Processor shall assist the Data Controller in an appropriate manner to enable him to respond to such a request, complaint, message or other communication in accordance with Applicable Data Protection Legislation. In particular, the Data Processor shall not publish any submissions, notifications, communications, announcements or press releases in the event of a breach of data protection as defined in section 6.3. In the event the Data Processor, according to applicable laws and regulations, is required to disclose Personal Data that strictly necessary for the performance of this Agreement and shall adopt all appropriate technical and organizational security measures necessary to preserve the strictest confidentiality and limit access to Personal Data. 15.4 Where the Consultant engages another processor for carrying out specific processing activities Data Processor processes on behalf of IUCNthe Data Controller, the same data protection obligations as set out in this Agreement and the applicable law Data Processor shall be imposed on that other processor obliged to inform the Data Controller thereof immediately, unless prohibited by way of an agreement. Where that other processor fails to fulfil its data protection obligations, the Consultant shall remain fully liable to IUCN for the performance of that other processor’s obligationslaw. 15.5 Where Personal Data is transferred to a country that has not been deemed to provide an adequate level of protection for Personal Data or to an International Organization within the meaning of Regulation (EU) 2016/679, the Consultant shall ensure that appropriate safeguards in accordance with applicable law are provided. 15.6 The Consultant shall promptly, and in any case within twenty-four (24) hours inform IUCN through the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform), if it determines and/or discloses to a competent public authority and/or affected data subjects that a Personal Data breach has occurred.

Processing of Personal Data. 15.1 Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law. The Parties commit themselves to respect applicable data protection laws and regulations and process Personal Data in accordance with the terms of this Agreement. 15.2 IUCN may share Personal Data of the Consultant and / or Consultant Key Personnel with the Donor and other IUCN partners strictly involved in the implementation of the Project. The Consultant will have the right of access its Personal Data and the right to rectify any such Personal Data held by IUCN. If the Consultant has any queries concerning the processing of Personal Data, it shall address them to IUCN using the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform). 15.3 IUCN may in the course of performance of this Agreement provide the Consultant with Personal Data. The Consultant shall limit access and use of Personal Data to that strictly necessary for the performance of this Agreement and shall adopt all appropriate technical and organizational security measures necessary to preserve the strictest confidentiality and limit access to Personal Data. 15.4 Where the Consultant engages another processor for carrying out specific processing activities on behalf of IUCN, the same data protection obligations as set out in this Agreement and the applicable law shall be imposed on that other processor by way of an agreement. Where that other processor fails to fulfil its data protection obligations, the Consultant shall remain fully liable to IUCN for the performance of that other processor’s obligations. 15.5 Where Personal Data is transferred to a country that has not been deemed to provide an adequate level of protection for Personal Data or to an International Organization within the meaning of Regulation (EU) 2016/679, the Consultant shall ensure that appropriate safeguards in accordance with applicable law are provided. 15.6 The Consultant shall promptly, and in any case within twenty-four (24) hours inform IUCN through the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform), if it determines and/or discloses to a competent public authority and/or affected data subjects that a Personal Data breach has occurred.

Processing of Personal Data. 15.1 Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law1. The Parties commit themselves Data Processor and any person acting under its authority (e.g. personnel, Sub- processors and persons acting under the Sub- processor’s authority) undertake to respect applicable data protection laws and regulations and only process Personal Data in accordance with documented instructions communicated by the terms of Data Controller (Appendix 1). The Data Processor shall only process Personal Data to the extent necessary to fulfill its obligations under this AgreementDPA or Applicable Data Protection Legislation. 15.2 IUCN may share Personal Data of the Consultant and / or Consultant Key Personnel with the Donor and other IUCN partners strictly involved in the implementation of the Project. The Consultant will have the right of access its Personal Data and the right to rectify any such Personal Data held by IUCN2. If the Consultant has any queries concerning services are altered during the term of the Agreement and such altered services involve new or amended processing of Personal Data, it or if the Data Controller’s instructions are otherwise changed or updated, the parties shall address them to IUCN using ensure that Appendix 1 is updated as appropriate before or at the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform)latest in connection with the commencement of such processing or change. 15.3 IUCN may 3. When processing Personal Data under this DPA, the Data Processor shall comply with any and all Applicable Data Protection Legislation and applicable recommendations by competent Data Protection Authorities or other competent authorities and shall keep itself updated on and comply with any changes in such legislation and/or recommendations. The Data Processor shall accept to make any changes and amendments to this DPA that are required under Applicable Data Protection Legislation. 4. The Data Processor shall assist the course Data Controller in fulfilling its legal obligations under Applicable Data Protection Legislation, including but not limited to the Data Controller’s obligation to comply with the rights of performance data subjects and in ensuring compliance with the Data Controller’s obligations relating to the security of this Agreement provide processing (Art. 32 GDPR), the Consultant with notification of a Personal Data Breach (Art 33, 34 GDPR) and the Data Protection Impact Assessment and the prior consultation (Art 35, 36 GDPR), obligation to respond to requests for exercising the data subject's rights to information regarding the processing of its Personal Data. The Consultant Data Processor shall limit access not carry out any act, or omit any act, that would cause the Data Controller to be in breach of Applicable Data Protection Legislation. 5. The Data Processor shall immediately inform the Data Controller of a request, complaint, message, or any other communication received from a competent authority or any other third party regarding the processing of Personal Data covered by this DPA. The Data Processor may not in any way act on behalf of or as a representative of the Data Controller and use may not, without prior instructions from the Data Controller, transfer or in any other way disclose Personal Data or any other information relating to the processing of Personal Data to any third party, unless the Data Processor is required to do so by law. The Data Processor shall assist the Data Controller in an appropriate manner to enable him to respond to such a request, complaint, message or other communication in accordance with Applicable Data Protection Legislation. In particular, the Data Processor shall not publish any submissions, notifications, communications, announcements or press releases in the event of a breach of data protection as defined in section 6.3. In the event the Data Processor, according to applicable laws and regulations, is required to disclose Personal Data that strictly necessary for the performance of this Agreement and shall adopt all appropriate technical and organizational security measures necessary to preserve the strictest confidentiality and limit access to Personal Data. 15.4 Where the Consultant engages another processor for carrying out specific processing activities Data Processor processes on behalf of IUCNthe Data Controller, the same data protection obligations as set out in this Agreement and the applicable law Data Processor shall be imposed on that other processor obliged to inform the Data Controller thereof immediately, unless prohibited by way of an agreement. Where that other processor fails to fulfil its data protection obligations, the Consultant shall remain fully liable to IUCN for the performance of that other processor’s obligationslaw. 15.5 Where Personal Data is transferred to a country that has not been deemed to provide an adequate level of protection for Personal Data or to an International Organization within the meaning of Regulation (EU) 2016/679, the Consultant shall ensure that appropriate safeguards in accordance with applicable law are provided. 15.6 The Consultant shall promptly, and in any case within twenty-four (24) hours inform IUCN through the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform), if it determines and/or discloses to a competent public authority and/or affected data subjects that a Personal Data breach has occurred.

Processing of Personal Data. 15.1 Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law1. The Parties commit themselves Data Processor and any person acting under its authority (e.g. personnel, Sub-processors and persons acting under the Sub-processor’s authority) undertake to respect applicable data protection laws and regulations and only process Personal Data in accordance with documented instructions communicated by the terms of Data Controller (Appendix 1). The Data Processor shall only process Personal Data to the extent necessary to fulfill its obligations under this AgreementDPA or Applicable Data Protection Legislation. 15.2 IUCN may share Personal Data of the Consultant and / or Consultant Key Personnel with the Donor and other IUCN partners strictly involved in the implementation of the Project. The Consultant will have the right of access its Personal Data and the right to rectify any such Personal Data held by IUCN2. If the Consultant has any queries concerning services are altered during the term of the Agreement and such altered services involve new or amended processing of Personal Data, it or if the Data Controller’s instructions are otherwise changed or updated, the parties shall address them to IUCN using ensure that Appendix 1 is updated as appropriate before or at the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform)latest in connection with the commencement of such processing or change. 15.3 IUCN may 3. When processing Personal Data under this DPA, the Data Processor shall comply with any and all Applicable Data Protection Legislation and applicable recommendations by competent Data Protection Authorities or other competent authorities and shall keep itself updated on and comply with any changes in such legislation and/or recommendations. The Data Processor shall accept to make any changes and amendments to this DPA that are required under Applicable Data Protection Legislation. 4. The Data Processor shall assist the course Data Controller in fulfilling its legal obligations under Applicable Data Protection Legislation, including but not limited to the Data Controller’s obligation to comply with the rights of performance data subjects and in ensuring compliance with the Data Controller’s obligations relating to the security of this Agreement provide processing (Art. 32 GDPR), the Consultant with notification of a Personal Data Breach (Art 33, 34 GDPR) and the Data Protection Impact Assessment and the prior consultation (Art 35, 36 GDPR), obligation to respond to requests for exercising the data subject's rights to information regarding the processing of its Personal Data. The Consultant Data Processor shall limit access not carry out any act, or omit any act, that would cause the Data Controller to be in breach of Applicable Data Protection Legislation. 5. The Data Processor shall immediately inform the Data Controller of a request, complaint, message, or any other communication received from a competent authority or any other third party regarding the processing of Personal Data covered by this DPA. The Data Processor may not in any way act on behalf of or as a representative of the Data Controller and use may not, without prior instructions from the Data Controller, transfer or in any other way disclose Personal Data or any other information relating to the processing of Personal Data to any third party, unless the Data Processor is required to do so by law. The Data Processor shall assist the Data Controller in an appropriate manner to enable it to respond to such a request, complaint, message or other communication in accordance with Applicable Data Protection Legislation. In particular, the Data Processor shall not publish any submissions, notifications, communications, announcements or press releases in the event of a breach of data protection as defined in section 6.3. In the event the Data Processor, according to applicable laws and regulations, is required to disclose Personal Data that strictly necessary for the performance of this Agreement and shall adopt all appropriate technical and organizational security measures necessary to preserve the strictest confidentiality and limit access to Personal Data. 15.4 Where the Consultant engages another processor for carrying out specific processing activities Data Processor processes on behalf of IUCNthe Data Controller, the same data protection obligations as set out in this Agreement and the applicable law Data Processor shall be imposed on that other processor obliged to inform the Data Controller thereof immediately, unless prohibited by way of an agreement. Where that other processor fails to fulfil its data protection obligations, the Consultant shall remain fully liable to IUCN for the performance of that other processor’s obligationslaw. 15.5 Where Personal Data is transferred to a country that has not been deemed to provide an adequate level of protection for Personal Data or to an International Organization within the meaning of Regulation (EU) 2016/679, the Consultant shall ensure that appropriate safeguards in accordance with applicable law are provided. 15.6 The Consultant shall promptly, and in any case within twenty-four (24) hours inform IUCN through the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform), if it determines and/or discloses to a competent public authority and/or affected data subjects that a Personal Data breach has occurred.

Processing of Personal Data. 15.1 16.1 Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law. The Parties commit themselves to respect applicable data protection laws and regulations and process Personal Data in accordance with the terms of this Agreement. 15.2 IUCN 16.2 The Secretariat may share Personal Data of the Consultant and / or Consultant Key Personnel with the Donor and other IUCN Secretariat partners strictly involved in the implementation of the Project. The Consultant will have the right of access its Personal Data and the right to rectify any such Personal Data held by IUCNthe Secretariat. If the Consultant has any queries concerning the processing of Personal Data, it shall address them to IUCN the Secretariat using the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform). 15.3 IUCN 16.3 The Secretariat may in the course of performance of this Agreement provide the Consultant with Personal Data. The Consultant shall limit access and use of Personal Data to that strictly necessary for the performance of this Agreement and shall adopt all appropriate technical and organizational security measures necessary to preserve the strictest confidentiality and limit access to Personal Data. 15.4 16.4 Where the Consultant engages another processor for carrying out specific processing activities on behalf of IUCNthe Secretariat, the same data protection obligations as set out in this Agreement and the applicable law shall be imposed on that other processor by way of an agreement. Where that other processor fails to fulfil its data protection obligations, the Consultant shall remain fully liable to IUCN the Secretariat for the performance of that other processor’s obligations. 15.5 16.5 Where the Secretariat’s Personal Data is transferred to a country that has not been deemed to provide an adequate level of protection for Personal Data or to an International Organization within the meaning of Regulation (EU) 2016/679, the Consultant shall ensure that appropriate safeguards in accordance with applicable law are provided. 15.6 16.6 The Consultant shall promptly, and in any case within twentyforty-four eight (2448) hours inform IUCN the Secretariat through the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform), if it determines and/or discloses to a competent public authority and/or affected data subjects that a Personal Data breach has occurred.

Processing of Personal Data. 15.1 16.1 Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law. The Parties commit themselves to respect applicable data protection laws and regulations and process Personal Data in accordance with the terms of this Agreement. 15.2 IUCN may share Personal Data of the Consultant and / or Consultant Key Personnel with the Donor and other IUCN partners strictly involved in the implementation of the Project. The Consultant will have the right of access its Personal Data and the right to rectify any such Personal Data held by IUCN. If the Consultant has any queries concerning the processing of Personal Data, it shall address them to IUCN using the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform). 15.3 IUCN 16.2 Secretariat may in the course of performance of this Agreement provide the Consultant with Personal Data. The Consultant shall limit access and use Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law. 16.3 Any processing of Personal Data to that strictly necessary for shall be done in accordance with the performance terms of this the Agreement and the applicable law. In particular, it shall adopt all be processed in a manner that ensures the security of the Personal Data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and or organizational security measures necessary to preserve the strictest confidentiality and limit access to Personal Datameasures. 15.4 16.4 Where the Consultant engages another processor for carrying out specific processing activities on behalf of IUCNSecretariat, the same data protection obligations as set out in this Agreement and the applicable law shall be imposed on that other processor by way of an agreement. Where that other processor fails to fulfil its data protection obligations, the Consultant shall remain fully liable to IUCN Secretariat for the performance of that other processor’s obligations. 15.5 16.5 Where Secretariat’s Personal Data is transferred to a country that has not been deemed to provide an adequate level of protection for Personal Data or to an International Organization within the meaning of Regulation (EU) 2016/679, the Consultant shall ensure that appropriate safeguards in accordance with applicable law are provided. 15.6 16.6 The Consultant shall promptly, and in any case within twentyforty-four eight (2448) hours inform IUCN Secretariat through the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform), if it determines and/or discloses to a competent public authority and/or affected data subjects that a Personal Data breach has occurred.

Processing of Personal Data. 15.1 16.1 Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law. The Parties commit themselves to respect applicable data protection laws and regulations and process Personal Data in accordance with the terms of this Agreement. 15.2 IUCN 16.2 The Secretariat may share Personal Data of the Consultant and / or Consultant Key Personnel with the Donor and other IUCN Secretariat’s partners strictly involved in the implementation of the Project. The Consultant will have the right of access its Personal Data and the right to rectify any such Personal Data held by IUCNthe Secretariat. If the Consultant has any queries concerning the processing of Personal Data, it shall address them to IUCN Secretariat using the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform)... 15.3 IUCN 16.3 The Secretariat may in the course of performance of this Agreement provide the Consultant with Personal Data. The Consultant shall limit access and use of Personal Data to that strictly necessary for the performance of this Agreement and shall adopt all appropriate technical and organizational security measures necessary to preserve the strictest confidentiality and limit access to Personal Data. 15.4 16.4 Where the Consultant engages another processor for carrying out specific processing activities on behalf of IUCNthe Secretariat, the same data protection obligations as set out in this Agreement and the applicable law shall be imposed on that other processor by way of an agreement. Where that other processor fails to fulfil its data protection obligations, the Consultant shall remain fully liable to IUCN the Secretariat for the performance of that other processor’s obligations. 15.5 16.5 Where the Secretariat’s Personal Data is transferred to a country that has not been deemed to provide an adequate level of protection for Personal Data or to an International Organization within the meaning of Regulation (EU) 2016/679, the Consultant shall ensure that appropriate safeguards in accordance with applicable law are provided. 15.6 16.6 The Consultant shall promptly, and in any case within twentyforty-four eight (2448) hours inform IUCN the Secretariat through the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform), if it determines and/or discloses to a competent public authority and/or affected data subjects that a Personal Data breach has occurred.

Processing of Personal Data. 15.1 16.1 Personal Data is any information relating to an identified or identifiable individual, unless otherwise defined under applicable law. The Parties commit themselves to respect applicable data protection laws and regulations and process Personal Data in accordance with the terms of this Agreement. 15.2 IUCN 16.2 Secretariat may share Personal Data of the Consultant and / or Consultant Key Personnel with the Donor and other IUCN Secretariat partners strictly involved in the implementation of the Project. The Consultant will have the right of access its Personal Data and the right to rectify any such Personal Data held by IUCNSecretariat. If the Consultant has any queries concerning the processing of Personal Data, it shall address them to IUCN Secretariat using the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform). 15.3 IUCN 16.3 Secretariat may in the course of performance of this Agreement provide the Consultant with Personal Data. The Consultant shall limit access and use of Personal Data to that strictly necessary for the performance of this Agreement and shall adopt all appropriate technical and organizational security measures necessary to preserve the strictest confidentiality and limit access to Personal Data. 15.4 16.4 Where the Consultant engages another processor for carrying out specific processing activities on behalf of IUCNSecretariat, the same data protection obligations as set out in this Agreement and the applicable law shall be imposed on that other processor by way of an agreement. Where that other processor fails to fulfil its data protection obligations, the Consultant shall remain fully liable to IUCN Secretariat for the performance of that other processor’s obligations. 15.5 16.5 Where Secretariat’s Personal Data is transferred to a country that has not been deemed to provide an adequate level of protection for Personal Data or to an International Organization within the meaning of Regulation (EU) 2016/679, the Consultant shall ensure that appropriate safeguards in accordance with applicable law are provided. 15.6 16.6 The Consultant shall promptly, and in any case within twentyforty-four eight (2448) hours inform IUCN Secretariat through the online form located at (xxxxx://xxxxxxx.xxxx.xxx/dataprotection/requestform), if it determines and/or discloses to a competent public authority and/or affected data subjects that a Personal Data breach has occurred.