Data Protection and Data Breach Sample Clauses
Data Protection and Data Breach a) The parties acknowledge that where Kineo processes personal data in connection with this Agreement, it is a processor of the Customer, who is the controller. The subject-matter of the data processing is the performance of the Services. Annex 1 sets out the nature, duration and purposes of the processing, the types of personal data Kineo processes and the categories of data subjects whose personal data is processed.
b) Kineo shall:
i. process the personal data only in accordance with documented instructions from the Customer. If Kineo is required to process the personal data for any other purpose by applicable laws to which Kineo is subject, Kineo will inform the Customer of this requirement first, unless such law(s) prohibit this on important grounds of public interest. It is acknowledged by the parties that Kineo shall be permitted to anonymise the personal data for the purposes of providing statistical analysis and consulting services without breach of this requirement.
ii. at all times comply with applicable Data Protection Legislation and Privacy Laws and notify the Customer immediately if, in Kineo’s opinion, an instruction for the processing of personal data given by the Customer infringes applicable Data Protection Legislation and/or Privacy Laws;
c) Kineo shall ensure that personnel required to access the personal data are subject to a binding duty of confidentiality in respect of such personal data.
d) Kineo shall assist the Customer, always taking into account the nature of the processing:
i. by appropriate technical and organisational measures and in so far as is possible, in fulfilling the Customer’s obligations to respond to requests from data subjects exercising their rights; and
ii. in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR, taking into account the information available to Kineo.
e) Kineo shall implement and maintain appropriate technical and organisational measures to protect the personal data against unauthorised or unlawful processing and against accidental loss, destruction, damage, theft, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful processing, accidental loss, destruction, damage or theft of the personal data and having regard to the nature of the personal data which is to be protected.
f) In the event of a suspected breach affecting the confidentiality, integrity or availability of personal data takes place,...