Controller to Processor Sample Clauses
The 'Controller to Processor' clause defines the relationship and responsibilities between a data controller and a data processor in the context of handling personal data. It typically outlines the processor's obligations to act only on the controller's instructions, maintain data security, and assist the controller in complying with data protection laws. This clause ensures that personal data is processed lawfully and securely, clarifying roles and reducing the risk of unauthorized or improper data use.
Controller to Processor. Where one Party acting as a Controller discloses Personal Data to the other Party to Process as a Processor or Subprocessor on its behalf, the Party acting as a Processor or Subprocessor shall:
4.1 Process the Personal Data only in accordance with the Controller’s instructions, unless required to do so by applicable law. Any additional or alternate Processing instructions not contained in this Schedule must be agreed between the Parties in writing, including the costs (if any) associated with complying with such instructions. Neither Party is responsible for determining if the Controller’s instructions are compliant with applicable law. However, if either Party is of the opinion that a Controller instruction infringes applicable Privacy Laws, that Party shall notify the other as soon as reasonably practicable and shall not be required to comply with such infringing instruction. Details of the subject matter of the Processing, its duration, nature and purpose, and the type of Personal Data and data subjects are as specified in the Agreement and Annex 2.
4.2 Process the Personal Data provided by the Controller only to the extent necessary to perform its obligations under the Agreement;
4.3 Not disclose the Personal Data to any third party (other than an Affiliate or Subprocessor) except as necessary and only for the purposes of:
(a) complying with the Controller’s instructions;
(b) complying with this Schedule; or
(c) complying with the law or a binding order of a governmental body. Unless it would violate the law or a binding order of a governmental body, Processor will give the Controller notice of any legal requirement or order referenced in this provision;
4.4 Upon becoming aware of a Personal Data Breach, (i) notify the Controller without undue delay (and in any event within 72 hours); (ii) provide written details of the Personal Data Breach to the extent such information is known or available to the Processor at the time; and (iii) use reasonable efforts to assist the other Party in mitigating where possible, the adverse effects of any Personal Data Breach; and (iv) implement all measures required by Privacy Laws in case of such Personal Data Breach.
4.5 Upon reasonable prior written request, provide the Controller with such information as may be reasonably necessary under applicable law to demonstrate Processor’s compliance with this Schedule;
4.6 Upon reasonable prior notice, provide reasonably requested assistance to the Controller to carry out data...
Controller to Processor. SECTION I
Controller to Processor. The Parties agree that, in accordance with Applicable Data Protection Law, Company is the Controller of the Personal Data transferred by Company to UiPath by using the Services.
Controller to Processor. The Parties agree that, in accordance with the Applicable Data Protection Legislation, UiPath is a controller of Personal Data who entrusts the processing of Personal Data to the Vendor, which acts as a processor. The Personal Data processing shall be performed under and within the Controller’s written instructions.
Controller to Processor. 3.1. The terms of this Condition 3 shall apply to the extent that: (i) the Customer acts as a controller of personal data it discloses to the Supplier in connection with the Contract and the Supplier acts as a processor in relation to the personal data; or (ii) the Customer acts as a processor of personal data it discloses to the Supplier in connection with the Contract and the Supplier acts as a Sub-processor of the Customer in relation to the personal data.
Controller to Processor. You agree to the terms of the Data Processing Addendum set forth at ▇▇▇.▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇ where you are a Controller and the Company is Processor as it pertains to all Reseller Services that are not Registration Services subject to the GDPR.
Controller to Processor. The Parties agree that, in accordance with the Applicable Data Protection Law, the Company is the Controller of the Personal Data transferred by the Company to the Processor by using the Cloud Services.
Controller to Processor. Without prejudice to the meaning afforded to each party under the Data Protection Laws, the intention of the parties is that in respect of any Personal Data Processed by the Contractor under this Contract, the Purchaser shall be the Data Controller and the Contractor shall be a Data Processor.
Controller to Processor. The module two: Transfers Controller to Processor of the EEA Transfer Clauses shall be deemed completed as follows:
i. Optional Clause 7 (“Docking clause”) shall be deemed incorporated.
ii. In Clause 9(a) (“Use of sub-processors”), the parties choose Option 2, 'General Written Authorisation', with a time period subject to Section 3.k.ii. of the DPA.
iii. In Clause 11(a) (“Redress”), optional wording shall not be deemed incorporated.
iv. In Clause 17 (“Governing law”), the parties choose Option 1 and agree that EEA Transfer Clauses shall be governed by the law of the EEA Member State where the data exporter is established.
v. In Clause 18 (“Choice of forum and jurisdiction”), the parties agree that any disputes arising from EEA Transfer Clauses shall be resolved by the courts of the EEA Member State where the data exporter is established.
vi. Annex I.A (“List of parties”) and I.B (“Description of transfer”) shall be deemed completed with the information set out in Section 1.c. of this Annex 4a and in the Annex 1 to this DPA.
vii. Annex I.B (“Description of transfer”) shall be deemed completed with the information set out in Annex 1 to this DPA.
viii. For the purpose of Annex I.C (“Competent supervisory authority”), the competent supervisory authority shall be that of the EEA Member State where the data exporter is established.
ix. If the data exporter is not established in the EEA and personal data sharing under this DPA is subject to the EEA Transfer Clauses by virtue of the extraterritorial application of the GDPR, or an onward transfer, the 1) applicable governing law under Section 2.a.iv.; 2) courts under Section 2.a.v.; and 3) competent authority under Section 2.a.viii of this Annex 4a to the DPA shall be those of the EEA Member State identified in the original EEA Transfer Clauses which the data exporter is subject to. Data exporter shall notify data importer of such EEA Member State upon request.
x. ▇▇▇▇▇ ▇▇ (“Technical and organizational measures”) shall be deemed completed with the information set out in Annex 3 to this DPA.
xi. ▇▇▇▇▇ ▇▇▇ (“List of sub-processors”) shall be deemed completed with the information set out in Annex 2 to this DPA.
Controller to Processor. Where one Party acting as a Controller discloses Personal Data to the other Party to Process as a Processor or Subprocessor on its behalf, the Party acting as a Processor or Subprocessor shall:
4.1 Process the Personal Data only in accordance with the Controller’s instructions, unless required to do so by applicable law. Any additional or alternate Processing instructions not contained in this Schedule must be agreed between the Parties in writing, including the costs (if any) associated with complying with such instructions. Neither Party is responsible for determining if the Controller’s instructions are compliant with applicable law. However, if either Party is of the opinion that a Controller instruction infringes applicable Privacy Laws, that Party shall notify the other as soon as reasonably practicable and shall not be required to comply with such infringing instruction. Details of the subject matter of the Processing, its duration, nature and purpose, and the type of Personal Data and data subjects are as specified in the Agreement and Annex 2.