Processing of Sensitive Personal Data Clause Samples
The "Processing of Sensitive Personal Data" clause defines the rules and conditions under which sensitive personal information—such as health records, biometric data, or information revealing racial or ethnic origin—may be collected, used, stored, or shared by the parties involved. Typically, this clause outlines the need for explicit consent from individuals, specifies the security measures required to protect such data, and may restrict processing to only what is strictly necessary for the contract’s purposes. Its core function is to ensure compliance with data protection laws and to safeguard individuals’ privacy by imposing stricter controls on the handling of particularly sensitive information.
POPULAR SAMPLE Copied 1 times
Processing of Sensitive Personal Data. 10.1 This paragraph 10 shall apply to “Sensitive Personal Data” being personal information revealing or concerning (directly or indirectly) racial or ethnic origin, political affiliations or opinions, religious or philosophical beliefs, trade-union membership or membership of other parties, associations or organisations of a religious, philosophical, political or trade- union nature, physical or mental health or condition including addictions, sex life, private life, social aid, the commission or alleged commission of any criminal offence or proceedings in relation thereto, other criminal behaviour or unlawful or objectionable conduct, administrative proceedings and sanctions and other judicial data.
10.2 Any transport of hardware or other physical media containing Sensitive Personal Data may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem.
10.3 Any transfer of Sensitive Personal Data via any telecommunications system or network may only be carried out after such Sensitive Personal Data have been encrypted, using an appropriate encryption algorithm and cryptosystem.
10.4 Each access to Sensitive Personal Data (whether manual or electronic) must be recorded indicating:
(a) the date and time;
(b) the identity of the user;
(c) the file to which the user has had access;
(d) the kind of access (e.g. read only); and
(e) whether the access has been authorised or refused. Such record must be kept for at least two (2) years from the date it is entered. IHS Markit shall make such record available to Customer upon reasonable request and shall additionally submit a summary report of the access record on a monthly basis to Customer.
10.5 Back up copies shall be made of the Sensitive Personal Data and stored at a location which is different to the location where the Sensitive Personal Data are located, such storage to comply with the security requirements set out in these Information Security Terms. If the Sensitive Personal Data is taken off site, it shall be encrypted using an agreed encryption algorithm and cryptosystem.
10.6 Any maintenance on devices that store, or previously stored, Sensitive Personal Data, which requires the media to be removed from site must ensure that data is cleansed, or wiped, using the agreed cleaning process.
Processing of Sensitive Personal Data. To the extent that Vertice processes Sensitive Personal Data and the security measures referred to in this document are deemed to provide insufficient protection, Customer may request that Vertice implement additional security measures.
Processing of Sensitive Personal Data a. Where the transfer involves Sensitive Personal Data, the Data Importer shall apply the specific restrictions and/or additional safeguards described in Annex C to this Agreement.
b. Where the transfer involves Personal Data concerning children or adolescents, the Data Importer shall privi- lege the protection of their superior interests, in accordance with the Convention on the Rights of the Child and other international instruments.
Processing of Sensitive Personal Data a. Where the transfer involves Sensitive Personal Data, the Data Importer shall apply specific restrictions and additional safeguards adapted to the specific nature of the data and the risk involved.
b. These measures may consist of, for example, restricting the personnel permitted to access the Personal Data, special confidentiality agreements, additional security measures (such as Anonymization), and/or additio- nal restrictions related to Onward Transfers.
c. Where the transfer involves Personal Data concerning children or adolescents, the Parties shall privilege the protection of their superior interests, in accordance with the Convention on the Rights of the Child and other international instruments.
Processing of Sensitive Personal Data. Customer agrees that it shall not use the Outreach Services to Process Sensitive Personal Data without Outreach’s explicit and prior written consent.
Processing of Sensitive Personal Data. To the extent that Cisco processes Sensitive Personal Data and the security measures referred to in this document are deemed to provide insufficient protection, Customer may request that Cisco implement additional security measures.
Processing of Sensitive Personal Data. (1) Sensitive Personal Data shall not be Processed unless–
(a) the Data Subject has given an additional written consent to the Processing of this kind of Personal Data;
(b) Processing is necessary for the purposes of carrying out the obligations and specific rights of the Data Controller;
(c) Processing is necessary to protect the vital interests of the Data Subject or of another person where the Data Subject is physically or legally incapable of giving his consent;
(d) Processing is carried out in the course of its legitimate activities with appropriate guarantees by a foundation, association or any other non‐profit‐seeking body on condition that the Processing relates solely to the members of the body or to persons who have regular contact with it in connection with its purposes and that the Personal Data are not disclosed to a Third Party without the consent of the Data Subjects;
(e) the Processing relates to Personal Data which are manifestly made public by the Data Subject, or is necessary for the establishment, exercise or defence of legal claims;
(f) Processing is necessary for compliance with any regulatory or legal obligation to which the Data Controller is subject;
(g) Processing is necessary to uphold the legitimate interests of the Data Controller recognised in the international financial markets, provided the Processing is undertaken in accordance with applicable standards and except where such interests are overridden by compelling legitimate interests of the Data Subject relating to the Data Subject's particular situation;
(h) Processing is necessary to comply with any regulatory, auditing, accounting, anti‐ money laundering or counter terrorist financing obligations that apply to a Data Controller or for the prevention or detection of any crime; or
(i) Processing is required for the purposes of preventive medicine, medical diagnosis, the provision of care or treatment or the management of healthcare services, and where those Personal Data are Processed by a health professional subject under law or rules established by competent bodies to the obligation of confidence or by another person subject to an equivalent obligation.
(2) Subsection (1) shall not apply if–
(a) a permit has been obtained from the Registrar to Process Sensitive Personal Data; and
(b) the Data Controller applies adequate safeguards with respect to the Processing of the Personal Data.
Processing of Sensitive Personal Data. Customer will not submit sensitive personal data to the Outreach Services without written consent from Outreach or agreement from Outreach to enter into a business associate agreement. In such cases, the parties acknowledge that limited special categories of personal data may incidentally be entered by Customer through Customer’s use of the Services in the regular course of business.