Controller to Controller Terms Sample Clauses
The "Controller to Controller Terms" clause defines the rules and responsibilities that apply when two or more parties, each acting as independent data controllers, share personal data with one another. This clause typically outlines how each party will handle, process, and protect the shared data, ensuring compliance with applicable data protection laws such as the GDPR. For example, it may specify requirements for data security, data subject rights, and notification obligations in the event of a data breach. The core function of this clause is to clarify the respective obligations of each controller, thereby reducing legal uncertainty and ensuring that personal data is managed responsibly between independent organizations.
Controller to Controller Terms. With respect to the Processing of Personal Data in the context of the Controller Services, each Party agrees that:
(a) all Personal Data collected, transferred, and otherwise Processed pursuant to the Agreement will be (or has been) Processed in accordance with Applicable Data Protection Laws as they apply to each Party, respectively;
(b) it will, upon request of the respective other Party, provide that other Party with copies of all relevant data protection laws or references to them (where relevant, and not including legal advice);
(c) the Processing is limited to that which is reasonably necessary to perform the Services or is otherwise permitted under the applicable Agreement(s);
(d) Sub-processors may be appointed to Process Personal Data for the purposes permitted under this Addendum, provided that they provide sufficient guarantees that they will process the Personal Data in a manner that will meet the requirements of Applicable Data Protection Law (including entering into contractual commitments equal to those set out in this Addendum, where applicable);
(e) the persons they authorize to Process Personal Data have committed themselves to confidentiality or be under an appropriate statutory or professional obligation of confidentiality;
(f) to the extent that a disclosure of Personal Data among the Data Controllers qualifies as a sale under Applicable Data Protection Laws, each Data Controller must comply with the obligations associated with the sale of Personal Data under the relevant Applicable Data Protection Laws; and
(g) in the event that either Party receives a request from a Data Subject to exercise any of its rights under Applicable Data Protection Law or any other correspondence, inquiry or complaint received from a Data Subject, Supervisory Authority or other third party in connection with the processing of Personal Data for the Controller Services (collectively, “Correspondence”) then, where such Correspondence relates to processing conducted by the other Party, it shall promptly inform the other Party and the Parties shall cooperate in good faith to respond to such Correspondence and fulfil their respective obligations under Applicable Data Protection Law.
Controller to Controller Terms. Where OpenPayd and Customer process the Shared Data as independent controllers under or otherwise in connection with the Terms, the provisions set out this Section 5 will apply to the processing of Shared Data, in addition to Section 4 Basic terms. In case of any conflict between the provisions in Section 4 and in Section 5, Section 5 will prevail.
5.1. Customer represents and warrants to OpenPayd that it has a lawful ground to disclose all Shared Data under or in connection with the Terms.
5.2. Customer and OpenPayd each acknowledge and agree that it acts as independent data controller, or the equivalent under Data Protection Law in relation to the Shared Data it processes under or in connection with the Terms. Each shall comply with its respective obligations under the Data Protection Law.
5.3. Customer and OpenPayd shall each ensure that access to Shared Data is limited to Customer’s or the OpenPayd’s staff, who have a reasonable need to access Shared Data to enable Customer and OpenPayd to perform its respective duties under the Terms.
5.4. If Customer or OpenPayd receive or become aware of any of the following, it shall notify without any undue delay the other Party of: (i) any breach of security or unauthorised access to Disclosed Personal Data without undue delay after becoming aware of such incident; and (ii) any complaint, inquiry or request from a data subject or data protection authority regarding Shared Data, unless such notice is prohibited by applicable law.
5.5. Customer and OpenPayd shall refrain from notifying or responding to any data subject or data protection authority on behalf of the other Party unless (i) specifically requested to do so by the other Party in writing or (ii) if required by the Data Protection Law.
5.6. Each Party acknowledges and agrees that the other Party, at its sole discretion, may disclose any Shared Data or other transaction-related information to the relevant regulatory authorities or to third parties in order to perform their obligations under the Terms and/or legal/regulatory obligations under the relevant law, including but not limited to anti- money laundering, fraud monitoring, sanctions, or as may otherwise be required by the relevant law or court order, for which the other Party shall be notified in advance that such disclosure has been made, if permitted by law. Furthermore, such disclosure may be made without a prior notice to any regulatory authority that exercises regulatory or supervisory authority ...