Protected Data Processing Details
Protected Data Processing Details Sample Clauses
Related to Protected Data Processing Details
Data Processing In this clause:
Details of Data Processing (a) Subject matter: The subject matter of the data processing under this DPA is the Customer Data.
Data Processing Agreement The Data Processing Agreement, including the Approved Data Transfer Mechanisms (as defined in the Data Processing Agreement) that apply to your use of the Services and transfer of Personal Data, is incorporated into this Agreement by this reference. Each party will comply with the terms of the Data Processing Agreement and will train its employees on DP Law.
Processing of Customer Personal Data 3.1 UKG will: 3.1.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and 3.1.2 not Process Customer Personal Data other than for the purpose, and in accordance with, the relevant Customer’s instructions as documented in the Agreement and this DPA, unless Processing is required by the Data Protection Laws to which the relevant UKG Processor is subject, in which case UKG to the extent permitted by the Data Protection Laws, will inform Customer of that legal requirement before the Processing of that Customer Personal Data. 3.2 Customer hereby: 3.2.1 instructs UKG (and authorizes UKG to instruct each Subprocessor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory subject to the provisions of this DPA, in each case as reasonably necessary for the provision of the Services and consistent with the Agreement. 3.2.2 warrants and represents that it is and will at all relevant times remain duly and effectively authorized to give the instructions set out in Section 3.2.1 on behalf of each relevant Customer Affiliate; and 3.2.3 warrants and represents that it has all necessary rights in relation to the Customer Personal Data and/or has collected all necessary consents from Data Subjects to Process Customer Personal Data to the extent required by Applicable Law. 3.3 Schedule 1 to this DPA sets out certain information regarding UKG’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR (and equivalent requirements of other Data Protection Laws).
Personal Data Processing 2.1 The Processor shall process Personal Data only on the basis of corresponding recorded orders from the Controller. 2.2 By way of exception, in particular in urgent cases, processing orders from the Data Controller may also be made orally. In this case, the Data Controller shall confirm as soon as possible and in writing, by any appropriate means, the instructions given orally. 2.3 Where the processing concerns the transmission of Personal Data to a third country outside the European Union or to an international organization, the Data Processor shall also comply with the relevant instructions of the Data Controller, unless different legal requirements exist under European Union laws or the laws of the Member State to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller before processing of the legal requirement in question, unless the said law prohibits this kind of information for reasons of substantial public interest. 2.4 The transmission of Personal Data to a third country outside the European Union is prohibited unless the Data Controller has given prior explicit approval to that end, and one of the following conditions is met: • the European Commission has resolved that an adequate level of protection of personal data is ensured in the country the Personal Data is to be transmitted; • the transmission is to be made to the U.S.A.; and the recipient of the Personal Data has acceded to and abides by the Privacy Shield Framework; • the transmission will be governed by the standard data protection clauses issued by the European Commission. 2.5 The Data Processor shall inform the Data Controller immediately upon receipt of the order or as soon as possible if he / she determines that the content of a particular processing order violates the Regulation and / or national law and / or the law of another Member State of the European Union (EU), and / or other provisions of EU law on the protection of Personal Data. 2.6 The Data Processor acknowledges that the Data Controller has full control over her Personal Data and determines any particular feature of the processing to which the Personal Data will be submitted. If the Data Processor ignores the instructions of the Data Controller and determines alone the scope, the means and generally any other matter concerning the processing of Personal Data, she shall render herself the Data Controller for the purposes of implementing the Regulation and the legal framework on the protection of Personal Data. The practical consequence of this is that, in addition to the full responsibility of the Processor towards the Controller, she shall carry the same level of responsibility vis-à-vis the independent supervisory authority (and any other competent state authority) as well as the Natural Persons - Data Subjects of the data being processed.
Client Information Protected Health Information in any form including without limitation, Electronic Protected Health Information or Unsecured Protected Health Information (herein “PHI”);
Student Information In the course of providing services during the term of the contract, certain personnel of Consultant may have access to student education records that are subject to the Family Educational Rights and Privacy Act (FERPA), 20 U.S.C. 1232g, et seq. and the regulations promulgated there under. Such information confidential and is therefore protected. To the extent that Consultant’s personnel require access to “education records” to perform Services pursuant to this Agreement, such personnel are deemed a “school official,” as each of these terms are defined under FERPA. Consultant agrees that it shall not use education records for any purpose other than in the performance of this contract. Except as required by law, Consultant shall not disclose or share education records with any third party unless permitted by the terms of the contract or to subcontractors who have agreed to maintain the confidentiality of the education records to the same extent required of Consultant under this contract. For the avoidance of doubt, District will be responsible for obtaining any necessary consents from students or parents pursuant to FERPA to provide the information to Consultant. In the event any person(s) seek to access protected education records, whether in accordance with FERPA or other Federal or relevant State law or regulations, the Consultant will immediately inform the District of such request in writing if allowed by law or judicial and/or administrative order. Consultant shall not provide direct access to such data or information or respond to individual requests. Consultant shall only retrieve such data or information upon receipt of, and in accordance with, written directions by the District and shall only provide such data and information to the District. It shall be District’s sole responsibility to respond to requests for data or information received by Vendor regarding District data or information. Should Consultant receive a court order or lawfully issued subpoena seeking the release of such data or information, Consultant shall provide immediate notification to the District of its receipt of such court order or lawfully issued subpoena and shall immediately provide the District with a copy of such court order or lawfully issued subpoena prior to releasing the requested data or information, if allowed by law or judicial and/or administrative order. If Consultant experiences a security breach concerning any education record covered by this contract, then Consultant will immediately notify the District and take immediate steps to limit and mitigate such security breach to the extent possible. The parties agree that any breach of the confidentiality obligation set forth in the contract may, at District’s discretion, result in cancellation of further consideration for contract award and the eligibility for Consultant to receive any information from District for a period of not less than five (5) years. In addition, Consultant agrees to indemnify and hold the District harmless for any loss, cost, damage or expense suffered by the District, including but not limited to the cost of notification of affected persons, as a direct result of the unauthorized disclosure of education records. Upon termination of Agreement, Consultant shall return and/or destroy all data or information received from the District upon, and in accordance with, direction from the District. Consultant shall not retain copies of any data or information received from the District once the District has directed Consultant as to how such information shall be returned to the District and/or destroyed. Furthermore, Consultant shall ensure that they dispose of any and all data or information received from the District in a District-approved manner that maintains the confidentiality of the contents of such records (e.g. shredding paper records, erasing and reformatting hard drives, erasing and/or physically destroying any portable electronic devices).
Patient Information Each Party agrees to abide by all laws, rules, regulations, and orders of all applicable supranational, national, federal, state, provincial, and local governmental entities concerning the confidentiality or protection of patient identifiable information and/or patients’ protected health information, as defined by any other applicable legislation in the course of their performance under this Agreement.
Account Information Disclosure We will disclose information to third parties about your account or the transfers you make:
CONTRACT INFORMATION 1. The State of Arkansas may not contract with another party: a. Upon default, to pay all sums to become due under a contract. b. To pay damages, legal expenses or other costs and expenses of any party. c. To conduct litigation in a place other than Pulaski County, Arkansas d. To agree to any provision of a contract; which violates the laws or constitution of the State of Arkansas. 2. A party wishing to contract with the State of Arkansas should: a. Remove any language from its contract which grants to it any remedies other than: i. The right to possession. ii. The right to accrued payments. iii. The right to expenses of de-installation. iv. The right to expenses of repair to return the equipment to normal working order, normal wear and tear excluded. v. The right to recover only amounts due at the time of repossession and any unamortized nonrecurring cost as allowed by Arkansas Law. b. Include in its contract that the laws of the State of Arkansas govern the contract. c. Acknowledge that contracts become effective when awarded by the State Procurement Official.
