Protection of Personal Data. 25.1 The Parties agree that they may obtain and have access to personal data for the duration of the Agreement for the fulfilment of the rights and obligations contained herein. In performing the obligations as set out in this Agreement, the Parties shall at all times ensure that:
a) they process data only for the express purpose for which it was obtained;
b) once processed for the purposes for which it was obtained, all data will be destroyed to an extent that it cannot be reconstructed to its original form;
c) data is provided only to authorised personnel who strictly require the personal data to carry out the Parties’ respective obligations under this Agreement;
d) they do not disclose personal data of the other Party, other than in terms of this Agreement;
e) they have all reasonable technical and organisational measures in place to protect all personal data from unauthorised access and/or use;
f) they have appropriate technical and organisational measures in place to safeguard the security, integrity and authenticity of all data in its possession or under its control in terms of this Agreement;
g) such personal data is protected against unauthorised or unlawful processing, accidental loss, destruction or damage, alteration, disclosure or access.
25.2 The Parties agree that if personal data will be processed for additional purposes beyond the original purpose for which it was obtained, explicit consent must be obtained beforehand from those persons whose information will be subject to further processing.
25.3 Should it be necessary for either Party to disclose or otherwise make available the personal data to any third party (including sub-contractors and employees), it may do so only with the prior written permission of the other Party. The Party requiring such permission shall require of all such third parties, appropriate written undertakings to be provided, containing similar terms to that set forth in this clause 25, and dealing with that third party's obligations in respect of its processing of the personal data. Following approval by the other Party, the Party requiring permission agrees that the provisions of this clause 25 shall mutatis mutandis apply to all authorised third parties who process personal data.
25.4 The Parties shall ensure that any persons authorized to process data on their behalf (including employees and third parties) will safeguard the security, integrity and authenticity of all data. Where necessary to meet this requirement...
Protection of Personal Data. The Company shall, in relation to Personal Data: fully comply with all requirements of the PDPA, including the requirements concerning the collection, use and disclosure of Personal Data; process Personal Data only in accordance with the written instructions given by IHiS and to such extent necessary and appropriate for the completion of the Purpose; promptly deal with any enquiry from IHiS relating to the Company’s processing of Personal Data; not transfer or allow the Personal Data to be transferred outside of Singapore, unless expressly instructed or authorised by IHiS; and provide all necessary co-operation and assistance (whether to IHiS or otherwise) to allow access and/or correction of Personal Data in accordance with the PDPA. Without prejudice to Clause 4.1 above, the Company ensure: that any Personal Data belonging to IHiS or its Affiliates which is held by the Company is protected against loss, unauthorised access, use, modification, disclosure or other misuse, and that only authorised personnel have access to that Personal Data; that, to the extent that the Personal Data is no longer required by the Company for legal or business purposes, that Personal Data is destroyed or returned to IHiS in accordance with Clause 5 below; that IHiS is immediately alerted in writing (with full particulars) of any unauthorised access, disclosure or other breach of this Clause 4 and the Company will undertake, as soon as reasonably practicable, all steps to prevent further unauthorised access, disclosure or other breach of this clause (including providing IHiS with such reports or information concerning such steps as and when requested by IHiS); and it keeps itself appraised of any and all notices and circulars which IHiS may from time to time notify to the Company, including without limitation any policies, guidelines, circulars or notices relating to personal data (“PDPA Documentation”), and to perform its duties or discharge its liabilities in connection with the Purpose in a manner which is consistent with the PDPA Documentation, and will not cause IHiS to be in breach of the same. For the purposes of this clause, the Company hereby expressly acknowledges and agrees that it has read the PDPA Documentation and is aware of and will compensate IHiS for any and all potential loss and damage caused to IHiS and/or its Affiliates arising from or in connection with any breach of this clause. Notwithstanding and further to anything stated elsewhere in the NDA, IHiS r...
Protection of Personal Data. 18.1 With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Authority is the Data Controller and that the Contractor is the Data Processor.
18.2 The Contractor shall:
18.2.1 Process the Personal Data only in accordance with instructions from the Authority (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Authority to the Contractor during the Term) and the Contractor shall at the very least comply with the provisions of Schedule E (Information Security) and HM Government Security Framework as updated from time to time;
18.2.2 Process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Goods or Services or as is required by Law or any Regulatory Body;
18.2.3 implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Personal Data and having regard to the nature of the Personal Data which is to be protected and in any event the measures shall not be of a lesser standard than that set out in Schedule E (Information Security);
18.2.4 take reasonable steps to ensure the reliability of any Contractor’s Personnel who have access to the Personal Data;
18.2.5 obtain prior written consent from the Authority in order to transfer the Personal Data to any sub-contractors or affiliates for the provision of the Services;
18.2.6 ensure that all Contractor’s Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this clause 18;
18.2.7 ensure that none of the Contractor’s Personnel publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Authority;
18.2.8 notify the Authority (within five Working Days) if it receives:
18.2.8.1 a request from a Data Subject to have access to that person's Personal Data; or
18.2.8.2 a complaint or request relating to the Authority's obligations under the Data Protection Legislation;
18.2.9 provide the Authority with full co-operation and assistance in relation to any complaint or request made, including by:
18.2.9.1 pr...
Protection of Personal Data. 7.1 With respect to the parties' rights and obligations under this Contract, the parties agree that DFID is the Data Controller and that the Supplier is the Data Processor.
7.2 The Supplier shall:
7.2.1 process the Personal Data only in accordance with instructions from DFID (which may be specific instructions or instructions of a general nature as set out in this Contract or as otherwise notified by DFID to the Supplier during the Term);
7.2.2 process the Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body;
7.2.3 implement appropriate technical and organisational measures to protect the Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction or damage to the Personal Data and having regard to the nature of the Personal Data which is to be protected;
7.2.4 take reasonable steps to ensure the reliability of any Supplier’s Personnel who have access to the Personal Data;
7.2.5 obtain prior written consent from DFID in order to transfer the Personal Data to any Sub- contractors or Affiliates for the provision of the Services;
7.2.6 ensure that all Supplier’s Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this clause 7;
7.2.7 ensure that none of Supplier’s Personnel publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by DFID;
7.2.8 notify DFID (within two Working Days) if it receives:
7.2.8.1 a request from a Data Subject to have access to that person's Personal Data; or
7.2.8.2 a complaint or request relating to DFID’s obligations under the Data Protection Legislation;
7.2.9 provide DFID with full cooperation and assistance in relation to any complaint or request made, including by:
7.2.9.1 providing DFID with full details of the complaint or request;
7.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with DFID’s instructions;
7.2.9.3 providing DFID with any Personal Data it holds in relation to a Data Subject (within the timescales required by DFID); and
7.2.9.4 providing DFID with any information reque...
Protection of Personal Data. With respect to the Parties' rights and obligations under this Contract, the Parties agree that the Authority is the Data Controller and that the Contractor is the Data Processor.
Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client is the Data Controller and that the Solicitor is the Data Processor in relation to the Client’s Personal Data. The Solicitor shall: Process the Client’s Personal Data only in accordance with instructions from the Client (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client to the Solicitor during the term of the Contract); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff who have access to the Client’s Personal Data; obtain the Client’s prior written approval in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors for the provision of the Contract Services; ensure that all members of the Solicitor’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; ensure that none of the Solicitor’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; notify the Client within five (5) Working Days if the Solicitor receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person; or a complaint or request relating to the Client's obligations under the Data Protection Legislation; provide the Client with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Data, including by: providing the Client with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with t...
Protection of Personal Data. 12.1 The Parties agree that the Authority is the Data Controller and that the Contractor is the Data Processor for the purposes of this Contract.
12.2 The Contractor shall:
12.2.1 Process the Personal Data only in accordance with instructions from the Authority in order to meet its contractual obligations or as required by law,;
12.2.2 implement appropriate technical and organisational measures to protect the Personal Data;
12.2.3 take reasonable steps to ensure the reliability of any Contractor’s Personnel including applicable vetting and security checks and ensure that all Contractor’s Personnel are informed of the confidential nature of the Personal Data and comply with the obligations set out in this clause;
12.2.4 not Process Personal Data outside the European Economic Area without the prior written consent of the Authority and, where the Authority consents to a transfer, to comply with the applicable statutory requirements and any reasonable instructions notified to it by the Authority.
12.3 The Contractor shall comply at all times with the applicable data protection legislation and shall not perform its obligations under this Contract in such a way as to cause the Authority to breach any of its obligations under that legislation.
Protection of Personal Data. 24.5.1 Where any Personal Data are Processed in connection with the exercise of the Parties’ rights and obligations under this Framework Agreement, the Parties acknowledge that the Authority is the Data Controller and that the Supplier is the Data Processor.
Protection of Personal Data. Where any Personal Data are Processed in connection with the exercise of the Parties’ rights and obligations under this Framework Agreement, the Parties acknowledge that the Fund is the Data Controller and that the Supplier is the Data Processor. The Supplier shall: Process the Personal Data only in accordance with instructions from the Fund to perform its obligations under this Framework Agreement; ensure that at all times it has in place appropriate technical and organisational measures to guard against unauthorised or unlawful Processing of the Personal Data and/or accidental loss, destruction, or damage to the Personal Data; not disclose or transfer the Personal Data to any third party or Supplier Personnel unless necessary for the provision of the Goods and/or Services and, for any disclosure or transfer of Personal Data to any third party, obtain the prior written consent of the Fund (save where such disclosure or transfer is specifically authorised under this Framework Agreement); take reasonable steps to ensure the reliability and integrity of any Supplier Personnel who have access to the Personal Data and ensure that the Supplier Personnel: are aware of and comply with the Supplier’s duties under this Clause 22.5.2 and Clause 22.2 (Confidentiality); are informed of the confidential nature of the Personal Data and do not publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by the Fund or as otherwise permitted by this Framework Agreement; and have undergone adequate training in the use, care, protection and handling of personal data (as defined in the DPA); notify the Fund within five (5) Working Days if it receives: from a Data Subject (or third party on their behalf) a Data Subject Access Request (or purported Data Subject Access Request), a request to rectify, block or erase any Personal Data or any other request, complaint or communication relating to the Fund's obligations under the DPA; any communication from the Information Commissioner or any other regulatory authority in connection with Personal Data; or a request from any third party for disclosure of Personal Data where compliance with such request is required or purported to be required by Law; provide the Fund with full cooperation and assistance (within the timescales reasonably required by the Fund) in relation to any complaint, communication or request made (as referred to at Clause 22.5.2(e), including by promptly providing: t...
Protection of Personal Data. 4.4.1 Processing of personal data by the contracting authority
