{"component": "clause", "props": {"groups": [{"snippet_links": [{"key": "the-parties-will", "type": "clause", "offset": [0, 16]}, {"key": "personal-information", "type": "definition", "offset": [34, 54]}, {"key": "necessary-for", "type": "definition", "offset": [88, 101]}, {"key": "the-process", "type": "clause", "offset": [125, 136]}, {"key": "means-of-processing", "type": "clause", "offset": [168, 187]}, {"key": "both-contracting-parties", "type": "clause", "offset": [234, 258]}, {"key": "meaning-of", "type": "definition", "offset": [318, 328]}, {"key": "section-10", "type": "definition", "offset": [329, 339]}], "size": 1, "snippet": "The Parties will ensure that only personal information is collected which is absolutely necessary for the lawful handling of the process and for which the purposes and means of processing are prescribed by Republic law. For the rest, both contracting parties will observe the principle of data minimisation within the meaning of Section 10 POPIA.", "samples": [{"hash": "efVoFfKfXa3", "uri": "/contracts/efVoFfKfXa3#data-minimisation", "label": "Joint Controllership Agreement", "score": 30.4777832031, "published": true}], "hash": "f7f4e058be9de5e270534be8110efda1", "id": 7}, {"snippet_links": [{"key": "general-principle", "type": "clause", "offset": [5, 22]}, {"key": "card-data", "type": "definition", "offset": [61, 70]}, {"key": "sensitive-data", "type": "definition", "offset": [80, 94]}, {"key": "you-need", "type": "clause", "offset": [100, 108]}, {"key": "personal-data", "type": "definition", "offset": [132, 145]}, {"key": "liability-to-you", "type": "clause", "offset": [164, 180]}, {"key": "store-card", "type": "clause", "offset": [251, 261]}, {"key": "the-user", "type": "clause", "offset": [381, 389]}, {"key": "further-payment", "type": "clause", "offset": [407, 422]}, {"key": "future-use", "type": "clause", "offset": [542, 552]}, {"key": "data-breach", "type": "clause", "offset": [631, 642]}], "size": 18, "snippet": "As a general principle, you should gather and retain no more Card Data or other sensitive data than you need. Holding Card Data and personal data creates a risk of liability to you, and you can reduce that risk by taking and holding less data. If you store Card Data, consider carefully the need to do so: PayPal must refund a payment which lacks its payer\u2019s authorisation, and if the user will authorise a further payment, the user will generally also give you up-to- date Card Data again, so you may have little need to store Card Data for future use. Card Data that you do not have is data that you cannot spill if you suffer a Data Breach.", "samples": [{"hash": "8bqIiY3zvnM", "uri": "/contracts/8bqIiY3zvnM#data-minimisation", "label": "Paypal Online Card Payment Services Agreement", "score": 33.5836791992, "published": true}, {"hash": "3WysjSLHO21", "uri": "/contracts/3WysjSLHO21#data-minimisation", "label": "Online Card Payment Services Agreement", "score": 33.3148345947, "published": true}, {"hash": "lMJ2nNTTFwc", "uri": "/contracts/lMJ2nNTTFwc#data-minimisation", "label": "Online Card Payment Services Agreement", "score": 33.1101150513, "published": true}], "hash": "18c287486a52ae5d3b612b4d48a5443b", "id": 1}, {"snippet_links": [{"key": "general-principle", "type": "clause", "offset": [5, 22]}, {"key": "card-data", "type": "definition", "offset": [61, 70]}, {"key": "sensitive-data", "type": "definition", "offset": [80, 94]}, {"key": "you-need", "type": "clause", "offset": [100, 108]}, {"key": "personal-data", "type": "definition", "offset": [132, 145]}, {"key": "liability-to-you", "type": "clause", "offset": [164, 180]}, {"key": "store-card", "type": "clause", "offset": [251, 261]}, {"key": "the-user", "type": "clause", "offset": [381, 389]}, {"key": "further-payment", "type": "clause", "offset": [407, 422]}], "size": 3, "snippet": "As a general principle, you should gather and retain no more Card Data or other sensitive data than you need. Holding Card Data and personal data creates a risk of liability to you, and you can reduce that risk by taking and holding less data. If you store Card Data, consider carefully the need to do so: PayPal must refund a payment which lacks its payer\u2019s authorisation, and if the user will authorise a further payment, the user will generally also give you up-to- date Card Data again, so you may have little need to store Card Data for future", "samples": [{"hash": "fu8CTLY8G9a", "uri": "/contracts/fu8CTLY8G9a#data-minimisation", "label": "Online Card Payment Services Agreement", "score": 33.4585151672, "published": true}, {"hash": "4TKuSBO9oyx", "uri": "/contracts/4TKuSBO9oyx#data-minimisation", "label": "Online Card Payment Services Agreement", "score": 27.3600273132, "published": true}, {"hash": "1LsM93mhtta", "uri": "/contracts/1LsM93mhtta#data-minimisation", "label": "Online Card Payment Services Agreement", "score": 27.3600273132, "published": true}], "hash": "da600f17beb97b2e3e5b0d03656fd2aa", "id": 2}, {"snippet_links": [{"key": "to-ensure", "type": "clause", "offset": [38, 47]}, {"key": "the-shared-personal-data", "type": "clause", "offset": [48, 72]}, {"key": "agreed-purposes", "type": "definition", "offset": [112, 127]}, {"key": "data-subjects", "type": "clause", "offset": [175, 188]}, {"key": "the-initiative", "type": "definition", "offset": [211, 225]}, {"key": "the-office", "type": "clause", "offset": [239, 249]}, {"key": "research-services", "type": "definition", "offset": [281, 298]}], "size": 2, "snippet": "The following measures shall be taken to ensure the Shared Personal Data is not irrelevant or excessive for the Agreed Purposes:\n1. the Shared Personal Data shall not include Data Subjects who have opted-out of the Initiative\n2. Data from the Office of National Statistics\u2019 Secure Research Services (SRS) is pseudonymised by ONS", "samples": [{"hash": "ioa2iAKeJ5Y", "uri": "/contracts/ioa2iAKeJ5Y#data-minimisation", "label": "Data Sharing Agreement", "score": 26.6386032104, "published": true}, {"hash": "izyLD13ft90", "uri": "/contracts/izyLD13ft90#data-minimisation", "label": "Data Sharing Agreement", "score": 26.5468864441, "published": true}], "hash": "d0cae0a7e568a76c7296e72cb04c7f66", "id": 3}, {"snippet_links": [{"key": "need-to-know-basis", "type": "definition", "offset": [45, 63]}, {"key": "data-necessary", "type": "clause", "offset": [106, 120]}, {"key": "the-services-agreement", "type": "clause", "offset": [139, 161]}, {"key": "in-order-to", "type": "clause", "offset": [236, 247]}, {"key": "to-ensure", "type": "clause", "offset": [291, 300]}, {"key": "the-shared-personal-data", "type": "clause", "offset": [301, 325]}, {"key": "agreed-purposes", "type": "definition", "offset": [365, 380]}, {"key": "applicable-data-protection-legislation", "type": "definition", "offset": [549, 587]}], "size": 2, "snippet": "7.1 Personal Data will be shared on a strict need to know basis only, and will only comprise the Personal Data necessary to give effect to the Services Agreement;\n7.2 The sharing of the Personal Data is both necessary and proportionate in order to give effect to the Services Agreement;\n7.3 To ensure the Shared Personal Data is not irrelevant or excessive for the Agreed Purposes, Personal Data to be shared shall be limited to that which is necessary to give effect to the Services Agreement, and shall not be held for longer than is permitted by applicable Data Protection Legislation.", "samples": [{"hash": "95Wea89MkUg", "uri": "/contracts/95Wea89MkUg#data-minimisation", "label": "Data Sharing Agreement", "score": 32.3789482117, "published": true}, {"hash": "fymfjnGXBSr", "uri": "/contracts/fymfjnGXBSr#data-minimisation", "label": "Data Sharing Agreement", "score": 32.2132720947, "published": true}], "hash": "f258f7fbfb2a7e93535f21cf2f0e3100", "id": 4}, {"snippet_links": [{"key": "data-collected", "type": "clause", "offset": [32, 46]}, {"key": "number-of", "type": "definition", "offset": [61, 70]}, {"key": "the-purpose", "type": "clause", "offset": [220, 231]}], "size": 2, "snippet": "minimise the amount of personal data collected, minimise the number of privacy stakeholders and people to whom personal data is disclosed, offer as default non-privacy invasive options, and delete personal data whenever the purpose for processing has expired.", "samples": [{"hash": "rzYxJfS2v5", "uri": "/contracts/rzYxJfS2v5#data-minimisation", "label": "Fp7 Grant Agreement", "score": 26.2447967529, "published": true}], "hash": "dae876b7466571ad2a810ae1fadb8d0b", "id": 5}, {"snippet_links": [{"key": "in-relation-to", "type": "clause", "offset": [78, 92]}, {"key": "purposes-for-which", "type": "clause", "offset": [97, 115]}, {"key": "process-personal-data", "type": "definition", "offset": [150, 171]}, {"key": "your-job-duties", "type": "clause", "offset": [188, 203]}, {"key": "for-any-reason", "type": "clause", "offset": [250, 264]}, {"key": "data-collected", "type": "clause", "offset": [423, 437]}, {"key": "intended-purposes", "type": "definition", "offset": [471, 488]}, {"key": "specified-purposes", "type": "definition", "offset": [558, 576]}, {"key": "in-accordance-with", "type": "definition", "offset": [606, 624]}, {"key": "the-company", "type": "definition", "offset": [625, 636]}, {"key": "data-retention", "type": "clause", "offset": [639, 653]}], "size": 2, "snippet": "9.1 Personal Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed.\n9.2 You may only Process Personal Data when performing your job duties requires it. You cannot Process Personal Data for any reason unrelated to your job duties.\n9.3 You may only collect Personal Data that you require for your job duties: do not collect excessive data. Ensure any Personal Data collected is adequate and relevant for the intended purposes.\n9.4 You must ensure that when Personal Data is no longer needed for specified purposes, it is deleted or anonymised in accordance with the Company's data retention guidelines.", "samples": [{"hash": "4DLno7DM6S8", "uri": "/contracts/4DLno7DM6S8#data-minimisation", "label": "Data Protection Policy", "score": 30.6795291901, "published": true}], "hash": "b30071bd4731fc268b926e8c5764cb45", "id": 6}, {"snippet_links": [{"key": "processing-of-personal-information", "type": "definition", "offset": [27, 61]}, {"key": "purpose-and", "type": "clause", "offset": [124, 135]}, {"key": "legitimate-purpose", "type": "definition", "offset": [147, 165]}], "size": 1, "snippet": "14.1. We will restrict the processing of Personal Information to data which is sufficient for the fulfilment of the primary purpose and applicable legitimate purpose for which it was collected.", "samples": [{"hash": "byjGh5ASuLf", "uri": "/contracts/byjGh5ASuLf#data-minimisation", "label": "Data Protection Agreement", "score": 24.7481174469, "published": true}], "hash": "6760d6ca4f80ce6e58fe97b1fe0c22ec", "id": 8}, {"snippet_links": [{"key": "in-relation-to", "type": "clause", "offset": [74, 88]}, {"key": "purposes-for-which", "type": "clause", "offset": [93, 111]}, {"key": "process-personal-data", "type": "definition", "offset": [151, 172]}, {"key": "for-any-reason", "type": "clause", "offset": [261, 275]}, {"key": "your-job-duties", "type": "clause", "offset": [373, 388]}, {"key": "data-collected", "type": "clause", "offset": [441, 455]}, {"key": "intended-purposes", "type": "definition", "offset": [489, 506]}, {"key": "the-employee-must", "type": "clause", "offset": [508, 525]}, {"key": "in-accordance-with", "type": "definition", "offset": [628, 646]}, {"key": "the-employer", "type": "clause", "offset": [647, 659]}, {"key": "data-retention", "type": "clause", "offset": [662, 676]}], "size": 1, "snippet": "Personal Data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed. The employee may only Process Personal Data when performing their job duties requires it. The employee cannot Process Personal Data for any reason unrelated to their job duties. The employee may only collect Personal Data that they require for your job duties: do not collect excessive data. Ensure any Personal Data collected is adequate and relevant for the intended purposes. The employee must ensure that when Personal Data is no longer needed for speci\ufb01ed purposes, it is deleted or anonymised in accordance with the employer\u2019s data retention guidelines.", "samples": [{"hash": "eVIllDCDSq1", "uri": "/contracts/eVIllDCDSq1#data-minimisation", "label": "Working Rule Agreement", "score": 21.3381252289, "published": true}], "hash": "d263fba764e5bd8d603749abe1f254bd", "id": 9}, {"snippet_links": [{"key": "personal-data", "type": "definition", "offset": [33, 46]}], "size": 1, "snippet": "Process and store only necessary personal data.", "samples": [{"hash": "3R95uJ8WMC0", "uri": "/contracts/3R95uJ8WMC0#data-minimisation", "label": "Data Processing Agreement", "score": 33.7454528809, "published": true}], "hash": "f86d63fbb835d5f23a515de0917503c9", "id": 10}], "next_curs": "CloSVGoVc35sYXdpbnNpZGVyY29udHJhY3RzcjYLEhZDbGF1c2VTbmlwcGV0R3JvdXBfdjU2IhpkYXRhLW1pbmltaXNhdGlvbiMwMDAwMDAwYQyiAQJlbhgAIAA=", "clause": {"children": [], "size": 34, "parents": [["definitions", "Definitions"], ["eterminal", "eTerminal"], ["website-payments-pro", "Website Payments Pro"], ["information-security-and-confidentiality", "INFORMATION SECURITY AND CONFIDENTIALITY"], ["privacy-standard", "Privacy Standard"]], "title": "Data minimisation", "id": "data-minimisation", "related": [["data-mining", "Data Mining", "Data Mining"], ["presentation-of-potential-target-businesses", "Presentation of Potential Target Businesses", "Presentation of Potential Target Businesses"], ["cfr-part-200-procurement", "CFR PART 200 Procurement", "CFR PART 200 Procurement"], ["transit-traffic", "Transit Traffic", "Transit Traffic"], ["data-use", "Data Use", "Data Use"]], "related_snippets": [], "updated": "2025-07-10T04:27:38+00:00", "also_ask": ["What are the essential elements to include for effective data minimisation clauses?", "How can data minimisation obligations be strategically limited or expanded during negotiations?", "What are the most common pitfalls or ambiguities that undermine enforceability of data minimisation clauses?", "How do data minimisation requirements differ across key jurisdictions (e.g., EU vs. US)?", "What standards do courts apply to assess compliance with data minimisation obligations in litigation?"], "drafting_tip": "Limit data collection to what is strictly necessary to reduce privacy risks; specify retention periods to ensure compliance; require regular reviews to maintain data relevance.", "explanation": "The Data Minimisation clause requires that only the minimum amount of personal data necessary for a specific purpose is collected, processed, and retained. In practice, this means organizations must assess their data collection practices to ensure they do not gather excessive or irrelevant information, and must regularly review and delete data that is no longer needed. This clause helps protect individuals' privacy by reducing the risk of unnecessary data exposure and ensures compliance with data protection regulations."}, "json": true, "cursor": ""}}