Scope of Processing. 7.2.1. Supplier will process Personal Data solely to provide Services to LLA and carry out its obligations under the Agreement and LLA’s instructions, which include the Agreement and this DPA. Supplier will not process Personal Data for any other purpose, unless required by applicable law. Supplier will notify LLA if it believes that it cannot follow LLA’s instructions or fulfil its obligations under the Agreement because of a legal obligation to which it is subject, unless Supplier is prohibited by law from making such notification. 7.2.2. Supplier is prohibited from: (a) accessing, retaining, using, or disclosing Personal Data for any purpose other than for the specific business purpose of performing LLA’s documented instructions for the business purposes defined in this Agreement, including accessing, retaining, using, or disclosing the Personal Data for a commercial purpose other than performing LLA’s instructions; or (b) accessing, retaining, using, or disclosing the Personal Data outside of the direct business relationship between the parties as defined in this Agreement. Supplier certifies that it understands these restrictions. 7.2.3. Regardless of the foregoing prohibitions, the parties agree that Supplier may, and LLA instructs Supplier to, process Personal Data for the following activities that are necessary to support the Services: detect data security incidents; protect against fraudulent or illegal activity; effectuate repairs; and maintain or improve the quality of the Services. 7.2.4. Processing any Personal Data outside the scope of the Agreement will require prior written agreement between Supplier and LLA by way of written amendment to the Agreement.
Appears in 4 contracts
Samples: Data Protection Agreement, Data Protection Agreement, Data Protection Agreement
