PROCESSING SHARED PERSONAL DATA. a) All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Data Processing Addendum. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject. b) A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Data Processing Addendum and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time). c) A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws. d) All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data. e) Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing Addendum, but generally must include: i. Measures to ensure that only authorized individuals for the Purposes of this Data Processing Addendum can access the Shared Personal Data; ii. The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate; iii. The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services; iv. The ability to restore the availability and access to Shared Personal Data in a timely manner; v. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and vi. Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems. f) To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Data Processing Addendum. g) The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Data Processing Addendum is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Data Processing Addendum (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Data Processing Addendum) or under Applicable Laws. h) Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Data Processing Addendum, to the extent caused by the breaching Party’s negligent, willful or intentional acts or omissions. i) The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data. j) The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed. k) The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes. l) A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.
Appears in 8 contracts
Samples: Registry Registrar Agreement, Registry Registrar Agreement, Registry Registrar Agreement
PROCESSING SHARED PERSONAL DATA. a) All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Data Processing Addendum. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject.
b) A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Data Processing Addendum and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time).
c) A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws.
d) All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data.
e) Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing Addendum, but generally must include:
i. Measures to ensure that only authorized individuals for the Purposes of this Data Processing Addendum can access the Shared Personal Data;
ii. The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate;
iii. The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services;
iv. The ability to restore the availability and access to Shared Personal Data in a timely manner;
v. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and
vi. Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems.
f) To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Data Processing Addendum.
g) The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Data Processing Addendum is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Data Processing Addendum (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Data Processing Addendum) or under Applicable Laws.
h) Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Data Processing Addendum, to the extent caused by the cause of the breaching Party’s negligent, willful or intentional acts or omissions.
i) The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data.
j) The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed.
k) The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes.
l) A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.
Appears in 2 contracts
Samples: Registry Registrar Agreement, Registry Registrar Agreement Amendment
PROCESSING SHARED PERSONAL DATA. a) All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Data Processing AddendumAppendix. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject.
b) A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Data Processing Addendum Appendix and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum Appendix upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 xxxxx://xxx-xxx.xxxxxx.xx/legal- content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time).
c) A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws.
d) All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data.
e) Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing AddendumAppendix, but generally must include:
i. Measures to ensure that only authorized individuals for the Purposes of this Data Processing Addendum Appendix can access the Shared Personal Data;
ii. The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate;
iii. The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services;
iv. The ability to restore the availability and access to Shared Personal Data in a timely manner;
v. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and
vi. Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems.
f) To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Data Processing AddendumAppendix.
g) The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Data Processing Addendum Appendix is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Data Processing Addendum Appendix (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Data Processing AddendumAppendix) or under Applicable Laws.
h) Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Data Processing AddendumAppendix, to the extent caused by the cause of the breaching Party’s negligent, willful wilful or intentional acts or omissions.
i) The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data.
j) The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed.
k) The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes.
l) A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.
Appears in 2 contracts
PROCESSING SHARED PERSONAL DATA. a) a. All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Data Processing Addendum. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject.
b) b. A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Data Processing Addendum and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 xxxxx://xxx-xxx.xxxxxx.xx/legal- content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time).
c) c. A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws.
d) d. All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data.
e) e. Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing Addendum, but generally must include:
i. Measures to ensure that only authorized individuals for the Purposes of this Data Processing Addendum can access the Shared Personal Data;
ii. The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate;
iii. The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services;
iv. The ability to restore the availability and access to Shared Personal Data in a timely manner;
v. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and
vi. Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems.
f) f. To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- third-party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Data Processing Addendum.
g) g. The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Data Processing Addendum is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Data Processing Addendum (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Data Processing Addendum) or under Applicable Laws.
h) h. Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Data Processing Addendum, to the extent caused by the breaching Party’s negligent, willful or intentional acts or omissions.
i) The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data.
j) The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed.
k) The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes.
l) A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.and
Appears in 1 contract
Samples: Registry Registrar Agreement
PROCESSING SHARED PERSONAL DATA. a) All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Article 7 related to the Data Processing AddendumProcessing. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject.
b) A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Article 7 related to the Data Processing Addendum and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum Agreement upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time).
c) A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws.
d) All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data.
e) Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing Addendum, herein but generally must include:
i. Measures to ensure that only authorized individuals for the Purposes of this Data the Processing Addendum can access the Shared Personal Data;
ii. The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate;
iii. The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services;
iv. The ability to restore the availability and access to Shared Personal Data in a timely manner;
v. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and
vi. Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems.
f) To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- third-party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Article 7 related to the Data Processing AddendumProcessing.
g) The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Article 7 related to the Data Processing Addendum is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Article 7 related to the Data Processing Addendum (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Article 7 related to the Data Processing AddendumProcessing) or under Applicable Laws.
h) Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Article 7 related to the Data Processing AddendumProcessing, to the extent caused by the cause of the breaching Party’s negligent, willful or intentional acts or omissions.
i) The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data.
j) The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed.
k) The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes.
l) A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.
Appears in 1 contract
Samples: Registrar Agreement
PROCESSING SHARED PERSONAL DATA. a) All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Data Processing Addendum. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject.
b) A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Data Processing Addendum and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time). Those Standard Contractual Clauses are attached hereto and incorporated herein as Annex 2: Standard Contractual Clauses. For purposes of the RRA, the Registrar assumes and agrees to the obligations of the “Data Importer” as defined and set forth in the Standard Contractual Clauses and the Registry assumes and agrees to the obligations of the defined “Data Exporter” in the Standard Contractual Clauses. The Parties explicitly agree to be bound by the terms of the Standard Contractual Clauses as if they had separately signed them in each instance for the respective Data Importer and Data Exporter.
c) A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws.
d) All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data.
e) Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing Addendum, but generally must include:
i. Measures to ensure that only authorized individuals for the Purposes of this Data Processing Addendum can access the Shared Personal Data;
ii. The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate;
iii. The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services;
iv. The ability to restore the availability and access to Shared Personal Data in a timely manner;
v. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and
vi. Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems.
f) To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Data Processing Addendum.
g) The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Data Processing Addendum is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Data Processing Addendum (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Data Processing Addendum) or under Applicable Laws.
h) Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Data Processing Addendum, to the extent caused by the cause of the breaching Party’s negligent, willful or intentional acts or omissions.
i) The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data.
j) The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed.
k) The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes.
l) A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.
Appears in 1 contract
Samples: Data Processing Addendum
PROCESSING SHARED PERSONAL DATA. a) All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Data Processing Addendum. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject.
b) A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Data Processing Addendum and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 xxxxx://xxx-xxx.xxxxxx.xx/legal- content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time). Those Standard Contractual Clauses are attached hereto and incorporated herein as Annex 2: Standard Contractual Clauses. For purposes of the RRA, the Registrar assumes and agrees to the obligations of the “Data Importer” as defined and set forth in the Standard Contractual Clauses and the Registry assumes and agrees to the obligations of the defined “Data Exporter” in the Standard Contractual Clauses. The Parties explicitly agree to be bound by the terms of the Standard Contractual Clauses as if they had separately signed them in each instance for the respective Data Importer and Data Exporter.
c) A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws.
d) All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data.
e) Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing Addendum, but generally must include:
i. Measures to ensure that only authorized individuals for the Purposes of this Data Processing Addendum can access the Shared Personal Data;
ii. The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate;
iii. The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services;
iv. The ability to restore the availability and access to Shared Personal Data in a timely manner;
v. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and
vi. Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems.
f) To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- third-party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Data Processing Addendum.
g) The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Data Processing Addendum is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Data Processing Addendum (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Data Processing Addendum) or under Applicable Laws.
h) Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Data Processing Addendum, to the extent caused by the cause of the breaching Party’s negligent, willful or intentional acts or omissions.
i) The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data.
j) The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed.
k) The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes.
l) A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.
Appears in 1 contract
Samples: Registry Registrar Agreement
PROCESSING SHARED PERSONAL DATA. a) All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Data Processing Addendum. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject.
b) . A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Data Processing Addendum and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time).
c) . A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws.
d) . All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data.
e) . Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing Addendum, but generally must include:
i. : Measures to ensure that only authorized individuals for the Purposes of this Data Processing Addendum can access the Shared Personal Data;
ii. ; The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate;
iii. ; The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services;
iv. ; The ability to restore the availability and access to Shared Personal Data in a timely manner;
v. ; A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and
vi. and Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems.
f) . To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- third-party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Data Processing Addendum.
g) . The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Data Processing Addendum is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Data Processing Addendum (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Data Processing Addendum) or under Applicable Laws.
h) . Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Data Processing Addendum, to the extent caused by the cause of the breaching Party’s negligent, willful or intentional acts or omissions.
i) . The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data.
j) . The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed.
k) . The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes.
l) . A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.
Appears in 1 contract
PROCESSING SHARED PERSONAL DATA. a) All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Data Processing Addendum. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject.
b) A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Data Processing Addendum and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 xxxxx://xxx-xxx.xxxxxx.xx/legal- content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time).
c) A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws.
d) All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data.
e) Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing Addendum, but generally must include:
i. Measures to ensure that only authorized individuals for the Purposes of this Data Processing Addendum can access the Shared Personal Data;
ii. The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate;
iii. The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services;
iv. The ability to restore the availability and access to Shared Personal Data in a timely manner;
v. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and
vi. Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems.
f) To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Data Processing Addendum.
g) The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Data Processing Addendum is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Data Processing Addendum (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Data Processing Addendum) or under Applicable Laws.
h) Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Data Processing Addendum, to the extent caused by the cause of the breaching Party’s negligent, willful or intentional acts or omissions.
i) The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data.
j) The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed.
k) The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes.
l) A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.
Appears in 1 contract
Samples: Registry Registrar Agreement
PROCESSING SHARED PERSONAL DATA. a) All Parties agree that they are responsible for Processing of Shared Personal Data in accordance with Applicable Laws and this Article 9 related to the Data Processing AddendumProcessing. The Parties shall fully cooperate with each other to the extent necessary to effectuate corrections, amendments, restrictions or deletions of Personal Data as required by Applicable Laws and/or at the request of any Data Subject.
b) A Party may only transfer Shared Personal Data relating to EU individuals to outside of the European Economic Area (“EEA”) (or if such Shared Personal Data is already outside of the EEA, to any third party also outside the EEA), in compliance with the terms of this Article 9 related to the Data Processing Addendum and the requirements of Applicable Laws, the latter including any relevant Adequacy Decision of the European Commission or the use of EU ‘Standard Contractual Clauses’. Where Standard Contractual Clauses for data transfers between EU and non-EU countries are required to be executed between the Parties, they may be found and downloaded, to be incorporated herein as part of this Data Processing Addendum Agreement upon execution, at xxxxx://xxx-xxx.xxxxxx.xx/legal-content/en/TXT/?uri=CELEX%3A32010D0087 (or such link location as may be updated from time to time).
c) A Party must immediately notify the other Party and ICANN if, in its opinion, ICANN’s instructions or requirements under Applicable Agreements infringes any Applicable Laws.
d) All Shared Personal Data must be treated as strictly confidential and a Party must inform all its employees or approved agents engaged in processing the Shared Personal Data of the confidential nature of the Shared Personal Data, and ensure that all such persons or parties have signed an appropriate confidentiality agreement to maintain the confidence of the Shared Personal Data.
e) Where a Party Processes Shared Personal Data, it acknowledges and agrees that it is responsible for maintaining appropriate organizational and security measures to protect such Shared Personal Data in accordance with all Applicable Laws. Appropriate organizational and security measures are further enumerated in Section 5 of this Data Processing Addendum, herein but generally must include:
i. Measures to ensure that only authorized individuals for the Purposes of this Data the Processing Addendum can access the Shared Personal Data;
ii. The pseudonymisation and encryption of the Shared Personal Data, where necessary or appropriate;
iii. The ability to ensure continued confidentiality, integrity, availability and resilience of its processing systems and services;
iv. The ability to restore the availability and access to Shared Personal Data in a timely manner;
v. A process for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing of Shared Personal Data; and
vi. Measures to identify vulnerabilities with regard to the processing of Shared Personal Data in its systems.
f) To the extent that the Receiving Party contracts with any subcontractor, vendor or other third- third-party to facilitate its performance under the Applicable Agreements, it must enter into a written agreement with such third party to ensure such party also complies with the terms of this Article 9 related to the Data Processing AddendumProcessing.
g) The Party which employs a sub-processor, vendor or other third-party to facilitate its performance under this Article 9 related to the Data Processing Addendum is and will remain fully liable for any such third party’s acts where such party fails to fulfill its obligations under this Article 9 related to the Data Processing Addendum (or similar contractual arrangement put in place to impose equivalent obligations on the third party to those incumbent on the Receiving Party under this Article 9 related to the Data Processing AddendumProcessing) or under Applicable Laws.
h) Each Party will, at its expense, defend, indemnify and hold the other Party harmless from and against all claims, liabilities, costs and expenses arising from or relating to (i) a Data Security Breach, (ii) breach of Applicable Laws, and (iii) breach of this Article 9 related to the Data Processing AddendumProcessing, to the extent caused by the cause of the breaching Party’s negligent, willful or intentional acts or omissions.
i) The Parties shall, in respect of Shared Personal Data, ensure that their privacy notices are clear and provide sufficient information to Data Subjects in order for them to understand what of their Personal Data is included in Shared Personal Data, the circumstances in which it will be shared, the purposes for the Personal Data sharing and either the identity with whom the Personal Data is shared or a description of the type of organization that will receive the Shared Personal Data.
j) The Parties undertake to inform Data Subjects of the Purposes for which it will process the Shared Personal Data and provide all of the information that it must provide in accordance with Applicable Laws, to ensure that the Data Subjects understand how their Personal Data will be Processed.
k) The Shared Personal Data must not be irrelevant or excessive with regard to the Purposes.
l) A Party shall, subject to the instructions of the Data Subject, ensure that Shared Personal Data is accurate. Where any Party becomes aware of inaccuracies in Shared Personal Data, they will, where necessary, notify the other Parties, to enable the timely rectification of such data.
Appears in 1 contract
Samples: Registry Registrar Agreement