Where one Party is Controller and the other Party its Processor Sample Clauses

Where one Party is Controller and the other Party its Processor. 14.9.1 Where a Party is a Processor, the only processing that the Processor is authorised to do is listed in Part A Authorised Processing Template of Annex 1Processing Personal Data by the Controller and may not be determined by the Processor. The term “processing” and any associated terms are to be read in accordance with Article 4 of the UK GDPR and EU GDPR (as applicable). 14.9.2 The Processor must notify the Controller immediately if it thinks the Controller's instructions breach the Data Protection Legislation. 14.9.3 The Processor must give all reasonable assistance to the Controller in the preparation of any Data Protection Impact Assessment before starting any processing, which may include, at the discretion of the Controller: 14.9.3.1 a systematic description of the expected processing and its purpose; 14.9.3.2 the necessity and proportionality of the processing operations; 14.9.3.3 the risks to the rights and freedoms of Data Subjects; and 14.9.3.4 the intended measures to address the risks, including safeguards, security measures and mechanisms to protect Personal Data. 14.9.4 The Processor must, in in relation to any Personal Data processed under this Contract: 14.9.4.1 process that Personal Data only in accordance with Part A Authorised Processing Template of Annex 1 – Processing Personal Data unless the Processor is required to do otherwise by Law. If lawful to notify the Controller, the Processor must promptly notify the Controller if the Processor is otherwise required to process Personal Data by Law before processing it. 14.9.4.2 put in place appropriate Protective Measures to protect against a Data Loss Event which must be approved by the Controller.
Sample 1Sample 2Sample 3See All (8)
AutoNDA by SimpleDocs
Where one Party is Controller and the other Party its Processor. Where a Party is a Processor, the only processing that it is authorised to do is listed in Annex 1 (Processing Personal Data) by the Controller. The Processor shall notify the Controller immediately if it considers that any of the Controller’s instructions infringe the Data Protection Legislation. The Processor shall provide all reasonable assistance to the Controller in the preparation of any Data Protection Impact Assessment prior to commencing any Processing. Such assistance may, at the discretion of the Controller, include: a systematic description of the envisaged Processing and the purpose of the Processing; an assessment of the necessity and proportionality of the Processing in relation to the Solution; an assessment of the risks to the rights and freedoms of Data Subjects; and the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data. The Processor shall, in relation to any Personal Data Processed in connection with its obligations under this Agreementt: Process that Personal Data only in accordance with Annex 1 (Processing Personal Data), unless the Processor is required to do otherwise by Law. If it is so required, the Processor shall promptly notify the Controller before Processing the Personal Data unless prohibited by Law; ensure that it has in place appropriate technical and organisational measures which the Controller may reasonably reject (but failure to reject shall not amount to approval by the Controller of the adequacy of the technical and organisational measures) having taken account of the: nature of the data to be protected; harm that might result from a Data Breach; state of technological development; and cost of implementing any measures; ensure that: the Processor Personnel do not Process Personal Data except in accordance with this Agreement (and in particular Annex 1 (Processing Personal Data)); it takes all reasonable steps to ensure the reliability and integrity of any Processor Personnel who have access to the Personal Data and ensure that they are: are aware of and comply with the Processor’s duties under this Fourth Schedule and Clause 24 (Confidential Information); are subject to appropriate confidentiality undertakings with the Processor or any Sub-processor; are informed of the confidential nature of the Personal Data and do not publish, disclose or divulge any of the Personal Data to any third party unless directed in writing to do so by...
Sample 1Sample 2See All (8)
Where one Party is Controller and the other Party its Processor. Where a Party is a Processor, the only Processing that it is authorised to do is listed in Appendix 1 (Processing Personal Data) by the Controller and may not be determined by the Processor. The Term “Processing” and any associated Terms are to be read in accordance with Article 4 of the UK GDPR.
Sample 1Sample 2
Where one Party is Controller and the other Party its Processor. Where a Party is a Processor, the only processing that it is authorised to do is listed in Annex 1 (Processing Personal Data) by the Controller.
Sample 1Sample 2
Where one Party is Controller and the other Party its Processor. 14.9.1 Where a Party is a Processor, the only processing that the Processor is authorised to do is listed in Error! Reference source not found. by the Controller and may not be d etermined by the Processor. The term “processing” and any associated terms are to be read in accordance with Article 4 of the UK GDPR and EU GDPR (as applicable). 14.9.2 The Processor must notify the Controller immediately if it thinks the Controller's instructions breach the Data Protection Legislation. 14.9.3 The Processor must give all reasonable assistance to the Controller in the preparation of any Data Protection Impact Assessment before starting any processing, which may include, at the discretion of the Controller: 14.9.3.1 a systematic description of the expected processing and its purpose; 14.9.3.2 the necessity and proportionality of the processing operations; 14.9.3.3 the risks to the rights and freedoms of Data Subjects; and 14.9.3.4 the intended measures to address the risks, including safeguards, security measures and mechanisms to protect Personal Data. 14.9.4 The Processor must, in in relation to any Personal Data processed under this Contract: 14.9.4.1 process that Personal Data only in accordance with Error! Reference s ource not found. unless the Processor is required to do otherwise by Law. If lawful to notify the Controller, the Processor must promptly notify the Controller if the Processor is otherwise required to process Personal Data by Law before processing it. 14.9.4.2 put in place appropriate Protective Measures to protect against a Data Loss Event which must be approved by the Controller.
Sample 1

Related to Where one Party is Controller and the other Party its Processor

  • Sub-processors 7.1 bookinglab shall not subcontract any processing of the Customer Personal Data to any Sub-Processor except as authorised by the Customer in accordance with this paragraph 7. The Customer consents to bookinglab engaging Sub-Processors to process the Data provided that: (i) bookinglab provides at least 30 days' prior notice of the addition of any subcontractor (including details of the processing it performs or will perform) (“Sub-Processor Notice”); and (ii) bookinglab complies with paragraphs 7.4 and 7.5 of this Appendix. 7.2 The Customer hereby consents to bookinglab’s use of the Sub-Processors listed at xxx.xxxxxxxxxx.xx.xx/xxxxxx which shall be maintained and updated when any Sub-Processor is added or removed in accordance with this paragraph 7. 7.3 If within 30 days of receipt of a Sub-Processor Notice the Customer notifies bookinglab in writing of its refusal to consent to bookinglab’s appointment of a Sub-Processor on reasonable grounds relating to the protection of Customer Personal Data, then either: (i) bookinglab will not appoint the Sub-Processor; or (ii) if bookinglab does appoint the Sub-Processor, the Customer may elect to terminate the Agreement without penalty or cost to either party save that any portion of the fees paid in advance in respect of Services not yet delivered as at the effective date of termination shall be refunded to the Customer. If after 30 days from receipt of the Sub-Processor Notice the Customer has not indicated its refusal of the appointment of a Sub-Processor in accordance with this paragraph, then the Customer is deemed to have given its consent and bookinglab shall be entitled to appoint the relevant Sub-Processor with immediate effect. 7.4 If bookinglab appoints a Sub-Processor, bookinglab shall ensure that: (a) such Sub-Processor shall only process Customer Personal Data in order to perform one or more of bookinglab's obligations under this Agreement; and (b) it enters into a written agreement or other legally enforceable terms with that Sub-Processor prior to any processing by the Sub-Processor, requiring the Sub-Processor to: (i) process Customer Personal Data only in accordance with the written instructions of bookinglab or the Customer; and (ii) comply with data protection obligations equivalent in all material respects to those imposed on bookinglab under this Appendix. 7.5 Notwithstanding the appointment of a Sub-Processor, bookinglab is responsible and liable to the Customer for any processing by the Sub-Processor in breach of this Appendix.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!