Common use of Data Controllers Clause in Contracts

Data Controllers. The Parties agree that if they are Controllers or Joint Controllers in relation to Personal Data processed under the Contract (“Contract Data”) they shall determine their respective obligations under the Data Protection Legislation (either independently (as Controllers) or by means of an arrangement between them (as Joint Controllers) and provide such reasonable co-operation and assistance to each other as may be necessary under that arrangement. The Parties agree that, as Controllers, or Joint Controllers, they shall each comply with the obligations imposed on a Controller (and Joint Controller where appropriate) by the Data Protection Legislation and, subject to the arrangements agreed in accordance with clause 25.10: Each party will be responsible for responding to : a request from the Data Subject received by them to exercise their rights under the Data Protection Legislation in respect of the Contract Data. Each party agrees to provide reasonable assistance to the other party as is necessary for the receiving party to comply with such a request; a Personal Data Breach notified to them in respect of the Contract Data whether actual or suspected; and (iii) correspondence from the Information Commissioner’s Office in relation to the Contract Data all in line with their own procedures however it is also acknowledged that the parties will provide each other with reasonable assistance in responding to any such correspondence. In the event that either party intends to notify the Information Commissioner’s Office regarding a Personal Data Breach in relation to the Contract Data then the notifying party shall, without undue delay (and in any event within 48 hours where possible), notify the other party about the actual or suspended Personal Data Breach and shall implement any measures necessary to restore the security of compromised Personal Data. The parties will ensure that: (i) all relevant fair Processing notices have been made available to relevant Data Subjects in relation to the Contract Data in accordance with Data Protection Legislation; and (ii) such fair Processing notices are sufficient in scope to enable their Personal Data to be Processed by the parties as Controllers or by both parties as Joint Controllers in connection with the Services and in accordance with Data Protection Legislation. Where Contract Data is to be transferred outside the European Economic Area (or, following the withdrawal of the United Kingdom from the European Union, outside the United Kingdom) the party transferring the Contract Data is responsible for implementing such measures that are necessary to ensure that any such transfers have adequate protections in place as set out in the Data Protection Legislation. Each party shall use appropriate technical and organisational measures to ensure appropriate security of the Contract Data, including protection against unauthorised or unlawful processing of the Contract Data and against accidental loss or destruction of, or damage to, the Contract Data No term of this Contract or any Funded Placements awarded thereunder, whether expressed or implied, shall preclude the Council from making public, if required under the Freedom of Information (Scotland) Act 2002 (referred to in this condition as “FOISA”) or the Environmental Information (Scotland) Regulations 2004 (referred to in this condition as “EIRs”) or both any information held relating to the Contract or any Funded Placement awarded thereunder. The Provider acknowledges that the Council is subject to the requirements of the FOISA and the EIRs and shall assist and cooperate with the Council to the extent reasonably necessary to enable the Council to comply with its information disclosure obligations under FOISA and EIRs. Further, the Council may share any information with any other relevant government regulators or law enforcement agencies. Under FOISA and EIRs anyone has a right to access any information held by the Council unless an exemption applies. Receipt of any material marked “confidential” or equivalent should not be taken to mean that the Council accepts any duty of confidence. The Council’s interpretation of FOISA and EIRs and any exemptions therein will be final and conclusive between the Parties. The Provider shall and shall procure that its Sub-Contractors shall: transfer to the Authorised Officer any request for information related to the Contract or any Funded Placement awarded thereunder that it receives as soon as practicable and in any event within three (3) Working Days of receiving a request for information; provide the Authorised Officer with a copy of all information in its possession, or power in the form that the Council requires within five (5) Working Days (or such other period as the Council may specify) of the Council’s request; and provide all necessary assistance as reasonably requested by the Authorised Officer to enable the Council to respond to the request for information within the time for compliance set out in section 10 of FOISA or regulation 5 of EIRs. The Council: shall consult with the Provider to inform the Council’s decisions regarding any exemptions as they may relate to any Commercially Sensitive Information; and may consult with the Provider to inform the Council’s decisions regarding other exemptions, but the Council shall be responsible for determining in its absolute discretion and notwithstanding any other provision in this Contract or any Funded Placement awarded thereunder or any other agreement whether the Commercially Sensitive Information and / or any other information is exempt from disclosure in accordance with the provisions of FOISA or EIRs. In no event shall the Provider respond directly to a request for information unless expressly authorised to do so by the Authorised Officer in writing.