Common use of Controller to Controller Clause in Contracts

Controller to Controller. 2.1. The terms of this Condition 2 shall apply: (i) to the processing by either party of Business Contact Details disclosed by the other party in connection with the Contract; and (ii) to the extent that either party acts as a controller in relation to other personal data disclosed by the other party in connection with the Contract (such personal data together with any Business Contact Details processed under the Contract being “Shared Personal Data”). 2.2. In relation to Shared Personal Data disclosed by the Data Discloser, the Data Recipient shall comply with all the obligations imposed on a controller under the Data Protection Legislation, and any material breach of the Data Protection Legislation by one party shall, if not remedied within 30 days of written notice from the other party, give grounds to the other party to terminate the Contract with immediate effect. 2.3. The Data Recipient shall process Business Contact Details disclosed by the Data Discloser for the Agreed Purpose only. 2.4. Each party shall: 2.4.1. ensure that it has satisfied a statutory ground under the Data Protection Legislation permitting it to transfer the Shared Personal Data to the Data Recipient and the Permitted Recipients (in the case of Business Contact Details, for the Agreed Purpose); 2.4.2. ensure that it has delivered to the data subjects such information as is required by Data Protection Legislation including the fact that the Data Discloser is sharing Shared Personal Data with the Data Recipient (or a category of recipients which includes the Data Recipient) and the purposes of the data transfer; 2.4.3. ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including appropriate confidentiality and data security obligations); and 2.4.4. ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Shared Personal Data and against accidental loss or destruction of, or damage to, Shared Personal Data. 2.5. Each party shall assist the other in complying with all applicable requirements of the Data Protection Legislation relevant to Shared Personal Data processed in connection with the Contract. In particular, each party shall: 2.5.1. promptly inform the other party about the receipt of any data subject access request; 2.5.2. provide the other party with reasonable assistance, at the other party’s cost, in complying with any data subject access request; 2.5.3. not disclose or release any Shared Personal Data in response to a data subject access request without first consulting the other party (to the extent possible and legally permitted), provided that such consultation shall not affect and be without prejudice to the party’s ability to respond to the data subject access request within the time period required by Data Protection Legislation; 2.5.4. provide the other party with reasonable co-operation and assistance, at the cost of the other party, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to the relevant personal data; and 2.5.5. notify the other party without undue delay on becoming aware of any breach of the Data Protection Legislation (providing such details as the other party may reasonably request). 2.6. The Data Discloser warrants that to the best of the Data Discloser’s knowledge, the Shared Personal Data it discloses to the Data Recipient is accurate and up to date.