Controller to Processor Transfers Clause Samples
The 'Controller to Processor Transfers' clause governs how personal data is transferred from a data controller to a data processor, ensuring that such transfers comply with applicable data protection laws. Typically, this clause outlines the obligations of the processor to process data only on the controller's instructions, maintain appropriate security measures, and assist the controller in fulfilling data subject rights. Its core function is to ensure that personal data remains protected and that both parties understand their responsibilities, thereby reducing the risk of non-compliance and safeguarding individuals' privacy.
Controller to Processor Transfers. 6.1 This Section 6 applies to the extent that Transferor acts as a Controller of the Covered Data and Recipient acts as a Processor.
6.2 Recipient will Process Covered Data only on behalf of and under the written instructions of Transferor, unless Processing is required to comply with applicable law or otherwise permitted under Data Protection Laws.
6.3 Recipient shall not: (i) sell or share (including as those terms are defined in the Data Protection Laws) Covered Data, save as otherwise permitted in this DPA; (ii) retain, use, or disclose Covered Data outside of the direct business relationship between the Parties; and (iii) combine Covered Data with Personal Data that Recipient receives from or on behalf of another person or persons, or collects from its own interaction with the Data Subject, other than as permitted by Data Protection Laws.
6.4 Recipient shall promptly notify Transferor of any request received from a Data Subject to assert their rights in relation to Covered Data under Data Protection Laws (a "Data Subject Request"). Recipient shall not respond to any Data Subject Requests and shall provide Transferor with reasonable assistance as necessary for Transferor to fulfil its obligation under Data Protection Laws to respond to Data Subject Requests.
6.5 Transferor grants Recipient general authorization to engage any of the Sub-processors listed in Paragraph C of the Data Processing Details, as amended from time to time in accordance with section 6.5(b) below (the "Authorized Sub-processors"), to Process Covered Data.
(a) Recipient shall enter into a written agreement with each Sub-processor imposing data protection obligations that are no less protective of Covered Data than Recipient's obligations under this DPA, and shall remain liable for each Sub-processor’s compliance with the obligations under this DPA.
(b) Recipient will provide Transferor with at least thirty (30) days’ notice of any proposed changes to the Authorized Sub-processors. Transferor shall notify Recipient if it objects to the proposed change to the Authorized Sub-processors.
6.6 Recipient shall:
(a) notify Transferor if in its opinion any instruction does not comply with Data Protection Laws;
(b) provide Transferor with information to enable Transferor to conduct and document any data protection assessments required under Data Protection Laws;
(c) provide Transferor with any information requested by Transferor as reasonably necessary to demonstrate Recipient's compliance wi...
Controller to Processor Transfers. SECTION I