Common use of Controller to Controller Terms Clause in Contracts

Controller to Controller Terms. With respect to the Processing of Personal Data in the context of the Controller Services, each Party agrees that: (a) all Personal Data collected, transferred, and otherwise Processed pursuant to the Agreement will be (or has been) Processed in accordance with Applicable Data Protection Laws as they apply to each Party, respectively; (b) it will, upon request of the respective other Party, provide that other Party with copies of all relevant data protection laws or references to them (where relevant, and not including legal advice); (c) the Processing is limited to that which is reasonably necessary to perform the Services or is otherwise permitted under the applicable Agreement(s); (d) Sub-processors may be appointed to Process Personal Data for the purposes permitted under this Addendum, provided that they provide sufficient guarantees that they will process the Personal Data in a manner that will meet the requirements of Applicable Data Protection Law (including entering into contractual commitments equal to those set out in this Addendum, where applicable); (e) the persons they authorize to Process Personal Data have committed themselves to confidentiality or be under an appropriate statutory or professional obligation of confidentiality; (f) to the extent that a disclosure of Personal Data among the Data Controllers qualifies as a sale under Applicable Data Protection Laws, each Data Controller must comply with the obligations associated with the sale of Personal Data under the relevant Applicable Data Protection Laws; and (g) in the event that either Party receives a request from a Data Subject to exercise any of its rights under Applicable Data Protection Law or any other correspondence, inquiry or complaint received from a Data Subject, Supervisory Authority or other third party in connection with the processing of Personal Data for the Controller Services (collectively, “Correspondence”) then, where such Correspondence relates to processing conducted by the other Party, it shall promptly inform the other Party and the Parties shall cooperate in good faith to respond to such Correspondence and fulfil their respective obligations under Applicable Data Protection Law.

Controller to Controller Terms. With respect 8.1 In relation to any Cepheid Data disclosed to Cepheid for the Permitted Controller Purpose, Customer shall be responsible for complying with all necessary transparency and lawfulness requirements under Applicable Data Protection Law in order to do so, including but not limited to the Processing provision of Personal Data privacy notices provided by Cepheid to Customer from time to time to Patients and/or Authorized Users and obtaining the Patient's consent to Cepheid's processing activities described in the context of privacy notices provided (where appropriate). 8.2 Cepheid shall implement appropriate technical and organisational measures to protect Cepheid Data from and against a Data Breach and as set out in Annex 2. 8.3 Cepheid may, at its election, appoint third party Processors to process Cepheid Data for the Permitted Controller ServicesPurpose, each Party agrees that: provided that such processors: (a) all Personal agree in writing to process Cepheid Data collected, transferred, and otherwise Processed pursuant to the Agreement will be (or has been) Processed in accordance with Applicable Data Protection Laws as they apply to each Party, respectively; Cepheid's documented instructions; (b) it will, upon request of implement appropriate technical and organisational security measures to protect the respective other Party, provide that other Party with copies of all relevant data protection laws or references to them (where relevant, Cepheid Data against a Data Breach; and not including legal advice); (c) the Processing is limited to that which is reasonably necessary to perform the Services or is otherwise permitted under the applicable Agreement(s); (d) Sub-processors may be appointed to Process Personal Data for the purposes permitted under this Addendum, provided that they provide sufficient guarantees that they will process the Personal Cepheid Data in a manner that will meet the requirements of Applicable Data Protection Law (including entering into contractual commitments equal to those set out in this Addendum, where applicable);Law. (e) the persons they authorize to Process Personal Data have committed themselves to confidentiality or be under an appropriate statutory or professional obligation of confidentiality; (f) to the extent that a disclosure of Personal Data among the Data Controllers qualifies as a sale under Applicable Data Protection Laws, each Data Controller must comply with the obligations associated with the sale of Personal Data under the relevant Applicable Data Protection Laws; and (g) in 8.4 In the event that either Party receives a request from a Data Subject to exercise any of its rights under Applicable Data Protection Law or any other correspondence, inquiry enquiry or complaint received from a Data Subject, Supervisory Authority regulator or other third party in connection with ("Correspondence") related to (a) the disclosure of Cepheid Data by Customer to Cepheid for the Permitted Controller Purpose; or (b) the processing of Personal Cepheid Data for the Controller Services (collectively, “Correspondence”) then, where such Correspondence relates to processing conducted by the other Party, it shall promptly inform the other Party giving full details of the same, and the Parties shall cooperate reasonably and in good faith in order to respond to such the Correspondence and fulfil their respective obligations in accordance with any requirements under Applicable Data Protection Law.

Controller to Controller Terms. With respect 8.1 In relation to any Cepheid Data disclosed to Cepheid for the Permitted Controller Purpose, Customer shall be responsible for complying with all necessary transparency and lawfulness requirements under Applicable Data Protection Law in order to do so, including but not limited to the Processing provision of Personal Data privacy notices provided by Cepheid to Customer from time to time to patients and/or Authorized Users and obtaining the patient's consent to Cepheid's processing activities described in the context of privacy notices provided (where appropriate). 8.2 Cepheid shall implement appropriate technical and organisational measures to protect Cepheid Data from and against a Data Breach and as set out in Annex 2. 8.3 Cepheid may, at its election, appoint third party Processors to process Cepheid Data for the Permitted Controller ServicesPurpose, each Party agrees that: provided that such processors: (a) all Personal agree in writing to process Cepheid Data collected, transferred, and otherwise Processed pursuant to the Agreement will be (or has been) Processed in accordance with Applicable Data Protection Laws as they apply to each Party, respectively; Cepheid's documented instructions; (b) it will, upon request of implement appropriate technical and organisational security measures to protect the respective other Party, provide that other Party with copies of all relevant data protection laws or references to them (where relevant, Cepheid Data against a Data Breach; and not including legal advice); (c) the Processing is limited to that which is reasonably necessary to perform the Services or is otherwise permitted under the applicable Agreement(s); (d) Sub-processors may be appointed to Process Personal Data for the purposes permitted under this Addendum, provided that they provide sufficient guarantees that they will process the Personal Cepheid Data in a manner that will meet the requirements of Applicable Data Protection Law (including entering into contractual commitments equal to those set out in this Addendum, where applicable);Law. (e) the persons they authorize to Process Personal Data have committed themselves to confidentiality or be under an appropriate statutory or professional obligation of confidentiality; (f) to the extent that a disclosure of Personal Data among the Data Controllers qualifies as a sale under Applicable Data Protection Laws, each Data Controller must comply with the obligations associated with the sale of Personal Data under the relevant Applicable Data Protection Laws; and (g) in 8.4 In the event that either Party receives a request from a Data Subject to exercise any of its rights under Applicable Data Protection Law or any other correspondence, inquiry enquiry or complaint received from a Data Subject, Supervisory Authority regulator or other third party in connection with ("Correspondence") related to (a) the disclosure of Cepheid Data by Customer to Cepheid for the Permitted Controller Purpose; or (b) the processing of Personal Cepheid Data for the Controller Services (collectively, “Correspondence”) then, where such Correspondence relates to processing conducted by the other Party, it shall promptly inform the other Party giving full details of the same, and the Parties shall cooperate reasonably and in good faith in order to respond to such the Correspondence and fulfil their respective obligations in accordance with any requirements under Applicable Data Protection Law.

Controller to Controller Terms. With respect to the Processing of Personal Data in the context of the Controller Services, each Party agrees that: (a) all Personal Data collected, transferred, and otherwise Processed pursuant to the Agreement will be (or has been) Processed in accordance with Applicable Data Protection Laws as they apply to each Party, respectively; (b) it will, upon request of the respective other Party, provide that other Party with copies of all relevant data protection laws or references to them (where relevant, and not including legal advice); (c) the Processing is limited to that which is reasonably necessary to perform the Services or is otherwise permitted under the applicable Agreement(s); (dc) Sub-processors may be appointed to Process Personal Data for the purposes permitted under this Addendum, provided that they provide sufficient guarantees that they will process the Personal Data in a manner that will meet the requirements of Applicable Data Protection Law (including entering into contractual commitments equal to those set out in this Addendum, where applicable); (ed) the persons they authorize to Process Personal Data have committed themselves to confidentiality or be under an appropriate statutory or professional obligation of confidentiality; (fe) to the extent that a disclosure of Personal Data among the Data Controllers qualifies as a sale under Applicable Data Protection Laws, each Data Controller must comply with the obligations associated with the sale of Personal Data under the relevant Applicable Data Protection Laws; and (gf) in the event that either Party receives a request from a Data Subject to exercise any of its rights under Applicable Data Protection Law or any other correspondence, inquiry or complaint received from a Data Subject, Supervisory Authority or other third party in connection with the processing of Personal Data for the Controller Services (collectively, “Correspondence”) then, where such Correspondence relates to processing conducted by the other Party, it shall promptly inform the other Party and the Parties shall cooperate in good faith to respond to such Correspondence and fulfil their respective obligations under Applicable Data Protection Law.

Controller to Controller Terms. With respect 8.1 In relation to any Cepheid Data disclosed to Cepheid for the Permitted Controller Purpose, User shall be responsible for complying with all necessary transparency and lawfulness requirements under Applicable Law in order to do so, including but not limited to the Processing provision of Personal Data privacy notices provided by Cepheid to User from time to time to Patients and/or Authorized Users and obtaining the Patient’s consent to ▇▇▇▇▇▇▇’s processing activities described in the context of privacy notices provided (where appropriate). 8.2 Cepheid shall implement appropriate technical and organisational measures to protect Cepheid Data from and against a Data Breach and as set out in Annex 2. 8.3 Cepheid may, at its election, appoint third party Processors to process Cepheid Data for the Permitted Controller ServicesPurpose, each Party agrees that: provided that such processors: (a) all Personal agree in writing to process Cepheid Data collected, transferred, and otherwise Processed pursuant to the Agreement will be (or has been) Processed in accordance with Applicable Data Protection Laws as they apply to each Party, respectively; Cepheid’s documented instructions; (b) it will, upon request of implement appropriate technical and organisational security measures to protect the respective other Party, provide that other Party with copies of all relevant data protection laws or references to them (where relevant, Cepheid Data against a Data Breach; and not including legal advice); (c) the Processing is limited to that which is reasonably necessary to perform the Services or is otherwise permitted under the applicable Agreement(s); (d) Sub-processors may be appointed to Process Personal Data for the purposes permitted under this Addendum, provided that they provide sufficient guarantees that they will process the Personal Cepheid Data in a manner that will meet the requirements of Applicable Data Protection Law (including entering into contractual commitments equal to those set out in this Addendum, where applicable);Law. (e) the persons they authorize to Process Personal Data have committed themselves to confidentiality or be under an appropriate statutory or professional obligation of confidentiality; (f) to the extent that a disclosure of Personal Data among the Data Controllers qualifies as a sale under Applicable Data Protection Laws, each Data Controller must comply with the obligations associated with the sale of Personal Data under the relevant Applicable Data Protection Laws; and (g) in 8.4 In the event that either Party receives a request from a Data Subject to exercise any of its rights under Applicable Data Protection Law or any other correspondence, inquiry enquiry or complaint received from a Data Subject, Supervisory Authority regulator or other third party in connection with the processing of Personal Data for the Controller Services (collectively, “Correspondence”) then, where such Correspondence relates related to (a) the disclosure of Cepheid Data by User to Cepheid for the Permitted Controller Purpose; or (b) the processing conducted of Cepheid Data by the other Party, it shall promptly inform the other Party giving full details of the same, and the Parties shall cooperate reasonably and in good faith in order to respond to such the Correspondence and fulfil their respective obligations in accordance with any requirements under Applicable Data Protection Law. 8.5 To the extent that the transfer of Cepheid Data is a Restricted Transfer it shall be subject to the appropriate Standard Contractual Clauses as set out in the Annexes. 8.6 The Parties shall not participate in (nor permit any processor or sub-processor to participate in) any other Restricted Transfer of Cepheid Data (whether as an exporter or an importer of Cepheid Data) unless the Restricted Transfer is made in full compliance with Applicable Law and pursuant to Standard Contractual Clauses implemented between the relevant exporter and importer of Cepheid Data.