Data Protection and Data Security. 13.1 In relation to the parties’ rights and obligations under this Agreement, the parties agree, subject to Clause 13.2, that the Servicer is the “controller” and the Cash Manager is the “processor” as defined in the Data Protection Legislation. 13.2 Neither the Cash Manager nor the Servicer shall do, nor cause or permit to be done, anything which may result in a breach of the Data Protection Legislation by the other party. 13.3 Without limiting Clause 13.3, the Cash Manager warrants, represents and undertakes to the Servicer and each member of the RBS Group that in respect of any Personal Data supplied by the Servicer to the Cash Manager, the Cash Manager shall: (A) on behalf of the Servicer carry out Personal Data processing activities necessary for the purposes described in Clause 13.5 below and in processing Personal Data act only on the written instructions of the Servicer. In the event that a legal requirement prevents the Cash Manager from complying with such written instructions (a “Conflicting Requirement”), the Cash Manager shall, unless such Conflicting Requirement prohibits it from doing so promptly inform the Servicer of the relevant Conflicting Requirement, before carrying out the processing activities; (B) take all appropriate technical and organisational measures against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, the Personal Data, including (without limitation) by: (1) taking reasonable steps to ensure the reliability of any employees, officers, independent contractors (and Affiliates of any independent contractors and their staff), agency workers and agents in each case of the Cash Manager and/or its Affiliates and/or of any sub-contractor of any such company engaged in the performance of the Cash Management Services or any part thereof (“Staff”) who have access to the Personal Data; (2) ensuring a level of security appropriate to the nature of the Personal Data and the risks that are presented by its processing; and (3) all such other measures as are required by Data Protection Legislation; (C) ensure that only those Staff of the Cash Manager that need to have access to the Personal Data are given access to the extent necessary to provide the Cash Management Services and only after the relevant Staff have been informed by the Cash Manager of the confidential nature of the Personal Data and such Staff agree in writing to be bound by a duty of confidentiality and comply with the obligations set out in this Clause 13 (Data Protection and Data Security); (D) not publish, disclose or divulge (and ensure that its Staff do not publish, disclose or divulge) any of the Personal Data to any third party, nor allow any third party to process the Personal Data on the Cash Manager’s behalf, unless the Servicer has given its prior written consent. Where the Servicer gives such written consent and the Cash Manager allows a third party to process the Personal Data the Cash Manager shall ensure that the third party is bound by the same data protection obligations that the Cash Manager is subject to under this Clause 13 (Data Protection and Data Security); (E) not transfer, or otherwise permit access to, the Personal Data outside the European Economic Area without the prior written consent of the Servicer; (F) comply with the requirements of Data Protection Legislation at its own expense; (G) provide the Servicer with reasonable cooperation and assistance in connection with its compliance with Data Protection Legislation; (H) notify the Servicer of any complaint or request made in relation to Data Subject rights (including a request made in respect of the Data Subject’s right of access, right to object, right to be provided with fair processing information and his/her rights to rectification and erasure of the data within the statutory response periods) without undue delay (a “Data Subject Request”) and provide the Servicer with full co- operation and assistance in relation to: (1) any such Data Subject Request, including by allowing the Servicer unrestricted access to the Servicer’s data and such other records as the Servicer shall reasonably require, providing the Servicer with full details of any such Data Subject Request and taking such steps as are required by the Servicer in order for the Servicer to comply with the Data Subject Request; and (2) any request from the Servicer requiring the Cash Manager to take reasonable steps to ensure that third parties to whom the Personal Data has been provided by the Cash Manager erase any links to, or copies of, Personal Data in accordance with the requirements of Data Protection Legislation; (I) permit, by not less than 24 hours’ notice, at any time (and immediately by notice if the Servicer reasonably believes there to have been a breach of this Clause 13 (Data Protection and Data Security) or if required by law or a Regulatory Body requires it), the Servicer and/or a third party auditor appointed by the Servicer to access the locations or any data centres from which Cash Management Services are being provided and all other information reasonably required by the Servicer in order to establish whether the Cash Manager has complied with its obligations under this Clause 13 (Data Protection and Data Security); (J) amend, update, delete or supplement, any Personal Data forthwith if the Servicer so requests in order to comply with Data Protection Legislation; (K) if there is a Personal Data Breach, or if the Cash Manager identifies any imminent risk of a Personal Data Breach, notify the Servicer within 24 hours (providing all such details as the Servicer may reasonably request) and take all steps to mitigate or avoid such Personal Data Breach; (L) assist the Servicer with the making of any mandatory notifications to those government departments and regulatory, statutory and other bodies, entities and committees which, whether under statute, rule, regulation, code of practice or otherwise, are entitled to regulate, investigate or influence the matters relating to the security of data, personal data and privacy (“Regulatory Bodies”) and/or affected individuals in the event of a Personal Data Breach; (M) upon expiry or termination of this Agreement for any reason or when requested in writing so to do: (1) redeliver all records of the Servicer’s data (or the relevant part thereof) to the Servicer without charge within fourteen (14) days in such a format as the Servicer may require or; and/or (2) if so requested by the Servicer, irretrievably delete the Personal Data (or the relevant part thereof), including any copies thereof, instead of delivering that Personal Data to the Servicer (except to the extent that the Cash Manager is required by law to retain copies of the Personal Data); (N) without prejudice to the generality of Clause 13.3(B)(3) above, use encryption technology on all mobile devices used to share and/or transport Personal Data, such technology to be appropriate to the nature of the Personal Data and the harm that could result from unauthorised processing of such Personal Data. 13.4 The Cash Manager shall indemnify, and keep indemnified, the Servicer and each member of the RBS Group for all losses, damage, costs, fines or expenses (including legal expenses) incurred or suffered by them relating to any failure by the Cash Manager to comply with its obligations in this Clause 13 (Data Protection and Data Security) and/or any breach by the Cash Manager of any Data Protection Legislation and/or any act or omission of the Cash Manager in relation to the Servicer’s data which puts the Servicer and/or any member of the RBS Group in breach of its obligations under the Data Protection Legislation or in breach of its obligations to any Regulatory Body or under any other applicable law or regulation. 13.5 The Personal Data processing to be carried out under this Agreement is described below: Subject matter of the processing Information regarding the Mortgage Loans and Related Security and the relevant Borrowers and any guarantors in relation thereto, processed for the purpose of performing the Cash Management Services, including, without limitation, to enable the Cash Manager to prepare the Quarterly Investor Report. Types of personal data being processed Information relating to the Mortgage Loans and Related Security and the relevant Borrowers and any guarantors in relation thereto, including, without limitation, details of payments made under the Mortgage Loans, arrears under the Mortgage Loans and access to contact details of the Borrowers. Categories of individuals whose data is being processed Individual persons who are Borrowers or guarantors in respect of the Mortgage Loans. Types of data processing to be carried out Analysis of payments and other activities in respect of the Mortgage Loans to enable the Cash Manager to prepare the Quarterly Investor Report. Purpose of the data processing To enable the Cash Manager to prepare the Quarterly Investor Report in accordance with the provisions of this Agreement. Duration of processing The term of this Agreement.
Appears in 1 contract
Sources: Cash Management Agreement
Data Protection and Data Security. 13.1 In 12.1 The Parties acknowledge their respective duties under the DPA and shall give all reasonable assistance to each other where appropriate or necessary to comply with such duties.
12.2 Each Party in performing its obligations in relation to the parties’ rights Interim Service and obligations the Operational Service under this Agreement, :
12.2.1 shall create and keep up to date such records as it is reasonable and prudent to create including providing details to the parties agree, subject other Party of how that other Party‟s obligations are being performed;
12.2.2 shall keep the records stored electronically in accordance with statutory requirements and appropriate guidance in relation to Clause 13.2, storing the records;
12.2.3 shall take reasonable steps to ensure the security of all records at all times and safeguard the records from unauthorised access or tampering;
12.2.4 shall ensure that the Servicer a comprehensive recovery system is the “controller” and the Cash Manager is the “processor” as defined in place in the Data Protection Legislation.
13.2 Neither the Cash Manager nor the Servicer shall do, nor cause event of partial or permit to be done, anything which may result in a breach complete failure of the Mobilising System;
12.2.5 shall retain Personal Data Protection Legislation by for such purposes as shall be necessary to meet statutory and operational needs but no longer than is necessary for these purposes;
12.2.6 shall register under the other party.
13.3 Without limiting Clause 13.3, the Cash Manager warrants, represents and undertakes DPA to the Servicer and each member of the RBS Group that in respect of any Personal Data supplied by the Servicer to the Cash Manager, the Cash Manager shall:
(A) on behalf of the Servicer carry out Personal Data processing activities necessary full extent required for the purposes described of this Agreement and maintain such registration to comply in Clause 13.5 below and in processing Personal Data act only on full with the written instructions provisions of the Servicer. In the event that a legal requirement prevents the Cash Manager from complying DPA and to procure compliance by relevant officers, agents and employees with such written instructions (a “Conflicting Requirement”), the Cash Manager shall, unless such Conflicting Requirement prohibits it from doing so promptly inform the Servicer of the relevant Conflicting Requirement, before carrying out the processing activitiesthis Clause 12;
(B) 12.2.7 shall take all reasonable steps to ensure that its officers, employees, agents and sub-contractors have the appropriate technical and organisational measures in place against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by the Personal DataParty and its officers, including (without limitation) by:
(1) taking employees, agents and sub-contractors and that it has taken, or will take at all material times all reasonable steps to ensure the reliability of any of its officers, employees, officers, independent contractors (agents and Affiliates of any independent contractors and their staff), agency workers and agents in each case of the Cash Manager and/or its Affiliates and/or of any sub-contractor of any such company engaged in the performance of the Cash Management Services or any part thereof (“Staff”) who contractors which will have access to personal data processed as part of the Personal DataInterim Service and the Operational Service;
(2) ensuring a level 12.2.8 undertakes that it will act only on the instructions of security appropriate the other Party in relation to the nature processing of any personal data made available by or on behalf of that other Party in connection with the Interim Service and the Operational Service (or otherwise);
12.2.9 undertakes that it will only obtain, hold, process, use, store and disclose Personal Data as is necessary to perform its obligations under this Agreement and that such data will be held, processed, used, stored and disclosed only in accordance with the risks that are presented by its processingDPA and any other applicable Law; and
(3) all such 12.2.10 undertakes to allow the other measures as are required by Data Protection Legislation;
(C) ensure that only those Staff of the Cash Manager that need to have Party access to the Personal Data are given access any relevant premises on reasonable notice to the extent necessary inspect its procedures, technical and organisational measures.
12.3 The Parties shall use all reasonable efforts to provide the Cash Management Services and only after the relevant Staff have been informed by the Cash Manager of the confidential nature of the Personal Data and such Staff agree in writing to be bound by a duty of confidentiality and comply with the obligations set out in this Clause 13 (Data Protection and Data Security);
(D) not publish, disclose or divulge (and ensure that its Staff do not publish, disclose or divulge) any of the Personal Data to any third party, nor allow any third party to process the Personal Data on the Cash Manager’s behalf, unless the Servicer has given its prior written consent. Where the Servicer gives such written consent and the Cash Manager allows a third party to process the Personal Data the Cash Manager shall ensure that the third party is bound by the same data protection obligations that the Cash Manager is subject to under this Clause 13 (Data Protection and Data Security);
(E) not transfer, or otherwise permit access to, the Personal Data outside the European Economic Area without the prior written consent of the Servicer;
(F) comply with the requirements of Data Protection Legislation at its own expense;
(G) provide the Servicer with reasonable cooperation and assistance in connection with its compliance with Data Protection Legislation;
(H) notify the Servicer of any complaint or request made in relation to Data Subject rights (including a request made in respect of the Data Subject’s right of access, right to object, right to be provided with fair processing information and his/her rights to rectification and erasure of the data within the statutory response periods) without undue delay (a “Data Subject Request”) and provide the Servicer with full co- operation and assistance in relation to:
(1) any such Data Subject Request, including by allowing the Servicer unrestricted access to the Servicer’s data and such assist each other records as the Servicer shall reasonably require, providing the Servicer with full details of any such Data Subject Request and taking such steps as are required by the Servicer in order for the Servicer to comply with the Data Subject Request; and
(2) DPA. The Parties shall assist each other in complying with subject access requests served on either Party under Section 7 of the DPA and the Parties shall consult with each other prior to the disclosure of any request from the Servicer requiring the Cash Manager to take reasonable steps to ensure that third parties to whom the Personal Data has been provided by the Cash Manager erase any links to, or copies of, Personal Data in accordance with the requirements relation to such requests.
12.4 WSCC undertakes that in respect of Data Protection Legislation;
(I) permit, by not less than 24 hours’ notice, at any time (and immediately by notice if the Servicer reasonably believes there to have been a breach of this Clause 13 (Data Protection and Data Security) or if required by law or a Regulatory Body requires it), the Servicer and/or a third party auditor appointed by the Servicer to access the locations or any data centres from which Cash Management Services are being provided and all other information reasonably required by the Servicer in order to establish whether the Cash Manager has complied with its obligations under this Clause 13 (Data Protection and Data Security);
(J) amend, update, delete or supplement, any Personal Data forthwith if the Servicer so requests in order to comply with Data Protection Legislation;
received by it (K) if there is a Personal Data Breach, or if the Cash Manager identifies any imminent risk of a Personal Data Breach, notify the Servicer within 24 hours (providing all such details as the Servicer may reasonably request) and take all steps to mitigate or avoid such Personal Data Breach;
(L) assist the Servicer with the making of any mandatory notifications to those government departments and regulatory, statutory and other bodies, entities and committees which, whether under statute, rule, regulation, code of practice or otherwise, are entitled to regulate, investigate or influence the matters relating to the security of data, personal data and privacy (“Regulatory Bodies”) and/or affected individuals in the event of a Personal Data Breach;
(M) upon expiry or termination of this Agreement for any reason or when requested in writing so to do:
(1) redeliver all records of the Servicer’s data (or the relevant part thereof) to the Servicer without charge within fourteen (14) days in such a format as the Servicer may require or; and/or
(2) if so requested by the Servicer, irretrievably delete the Personal Data (or the relevant part thereof), including any copies thereof, instead of delivering that Personal Data to the Servicer (except to the extent that the Cash Manager is required by law to retain copies of the Personal Data);
(N) without prejudice to the generality of Clause 13.3(B)(3) above, use encryption technology on all mobile devices used to share and/or transport Personal Data, such technology to which shall normally be appropriate to the nature of the Personal Data and the harm that could result from unauthorised processing of such Personal Data.
13.4 The Cash Manager shall indemnify, and keep indemnified, the Servicer and each member of the RBS Group for all losses, damage, costs, fines or expenses (including legal expenses) incurred or suffered by them relating to any failure by the Cash Manager to comply with its obligations in this Clause 13 (Data Protection and Data Security) and/or any breach by the Cash Manager of any Data Protection Legislation and/or any act or omission of the Cash Manager in relation to the Servicer’s data which puts the Servicer and/or any member of the RBS Group in breach of its obligations under the Data Protection Legislation or in breach of its obligations to any Regulatory Body or under any other applicable law or regulation.
13.5 The Personal Data processing to be carried out under this Agreement is described below: Subject matter of the processing Information regarding the Mortgage Loans and Related Security and the relevant Borrowers and any guarantors in relation thereto, processed for the purpose of performing responding to incidents) from the Cash Management Services, including, without limitation, to enable Joint Control that it shall hold such Personal Data as a Data Processor and will only use such Personal Data for the Cash Manager to prepare the Quarterly Investor Report. Types of personal data being processed Information relating to the Mortgage Loans and Related Security and the relevant Borrowers and any guarantors in relation thereto, including, without limitation, details of payments made under the Mortgage Loans, arrears under the Mortgage Loans and access to contact details of the Borrowers. Categories of individuals whose data is being processed Individual persons who are Borrowers or guarantors purpose for which it has been sent by ESFA.
12.5 ESFA agrees that in respect of Personal Data inherited by it from WSCC from the Mortgage Loans. Types Commencement Date that it shall hold such Personal Data as Data Processor and will only use such data as is necessary for the running of data processing to be carried out Analysis of payments and other activities in the Joint Control.
12.6 In respect of new Personal Data received by the Mortgage Loans to enable Joint Control from the Cash Manager to prepare Commencement Date the Quarterly Investor Report. Purpose Parties mutually agree that ESFA will be the Data Controller and a Data Processor.
12.7 This Clause 12 shall survive the termination or expiry of the data processing To enable the Cash Manager to prepare the Quarterly Investor Report Agreement howsoever caused and shall continue thereafter in accordance with the provisions of this Agreement. Duration of processing The term of this Agreementfull force and effect.
Appears in 1 contract
Sources: Inter Authority Agreement
Data Protection and Data Security. 13.1 In 12.1 The Parties acknowledge their respective duties under the DPA and shall give all reasonable assistance to each other where appropriate or necessary to comply with such duties.
12.2 Each Party in performing its obligations in relation to the parties’ rights Interim Service and obligations the Operational Service under this Agreement, :
12.2.1 shall create and keep up to date such records as it is reasonable and prudent to create including providing details to the parties agree, subject other Party of how that other Party’s obligations are being performed;
12.2.2 shall keep the records stored electronically in accordance with statutory requirements and appropriate guidance in relation to Clause 13.2, storing the records;
12.2.3 shall take reasonable steps to ensure the security of all records at all times and safeguard the records from unauthorised access or tampering;
12.2.4 shall ensure that the Servicer a comprehensive recovery system is the “controller” and the Cash Manager is the “processor” as defined in place in the Data Protection Legislation.
13.2 Neither the Cash Manager nor the Servicer shall do, nor cause event of partial or permit to be done, anything which may result in a breach complete failure of the Mobilising System;
12.2.5 shall retain Personal Data Protection Legislation by for such purposes as shall be necessary to meet statutory and operational needs but no longer than is necessary for these purposes;
12.2.6 shall register under the other party.
13.3 Without limiting Clause 13.3, the Cash Manager warrants, represents and undertakes DPA to the Servicer and each member of the RBS Group that in respect of any Personal Data supplied by the Servicer to the Cash Manager, the Cash Manager shall:
(A) on behalf of the Servicer carry out Personal Data processing activities necessary full extent required for the purposes described of this Agreement and maintain such registration to comply in Clause 13.5 below and in processing Personal Data act only on full with the written instructions provisions of the Servicer. In the event that a legal requirement prevents the Cash Manager from complying DPA and to procure compliance by relevant officers, agents and employees with such written instructions (a “Conflicting Requirement”), the Cash Manager shall, unless such Conflicting Requirement prohibits it from doing so promptly inform the Servicer of the relevant Conflicting Requirement, before carrying out the processing activitiesthis Clause 12;
(B) 12.2.7 shall take all reasonable steps to ensure that its officers, employees, agents and sub-contractors have the appropriate technical and organisational measures in place against unauthorised or unlawful processing of the Personal Data and against accidental loss or destruction of, or damage to, Personal Data held or processed by the Personal DataParty and its officers, including (without limitation) by:
(1) taking employees, agents and sub-contractors and that it has taken, or will take at all material times all reasonable steps to ensure the reliability of any of its officers, employees, officers, independent contractors (agents and Affiliates of any independent contractors and their staff), agency workers and agents in each case of the Cash Manager and/or its Affiliates and/or of any sub-contractor of any such company engaged in the performance of the Cash Management Services or any part thereof (“Staff”) who contractors which will have access to personal data processed as part of the Personal DataInterim Service and the Operational Service;
(2) ensuring a level 12.2.8 undertakes that it will act only on the instructions of security appropriate the other Party in relation to the nature processing of any personal data made available by or on behalf of that other Party in connection with the Interim Service and the Operational Service (or otherwise);
12.2.9 undertakes that it will only obtain, hold, process, use, store and disclose Personal Data as is necessary to perform its obligations under this Agreement and that such data will be held, processed, used, stored and disclosed only in accordance with the risks that are presented by its processingDPA and any other applicable Law; and
(3) all such 12.2.10 undertakes to allow the other measures as are required by Data Protection Legislation;
(C) ensure that only those Staff of the Cash Manager that need to have Party access to the Personal Data are given access any relevant premises on reasonable notice to the extent necessary inspect its procedures, technical and organisational measures.
12.3 The Parties shall use all reasonable efforts to provide the Cash Management Services and only after the relevant Staff have been informed by the Cash Manager of the confidential nature of the Personal Data and such Staff agree in writing to be bound by a duty of confidentiality and comply with the obligations set out in this Clause 13 (Data Protection and Data Security);
(D) not publish, disclose or divulge (and ensure that its Staff do not publish, disclose or divulge) any of the Personal Data to any third party, nor allow any third party to process the Personal Data on the Cash Manager’s behalf, unless the Servicer has given its prior written consent. Where the Servicer gives such written consent and the Cash Manager allows a third party to process the Personal Data the Cash Manager shall ensure that the third party is bound by the same data protection obligations that the Cash Manager is subject to under this Clause 13 (Data Protection and Data Security);
(E) not transfer, or otherwise permit access to, the Personal Data outside the European Economic Area without the prior written consent of the Servicer;
(F) comply with the requirements of Data Protection Legislation at its own expense;
(G) provide the Servicer with reasonable cooperation and assistance in connection with its compliance with Data Protection Legislation;
(H) notify the Servicer of any complaint or request made in relation to Data Subject rights (including a request made in respect of the Data Subject’s right of access, right to object, right to be provided with fair processing information and his/her rights to rectification and erasure of the data within the statutory response periods) without undue delay (a “Data Subject Request”) and provide the Servicer with full co- operation and assistance in relation to:
(1) any such Data Subject Request, including by allowing the Servicer unrestricted access to the Servicer’s data and such assist each other records as the Servicer shall reasonably require, providing the Servicer with full details of any such Data Subject Request and taking such steps as are required by the Servicer in order for the Servicer to comply with the Data Subject Request; and
(2) DPA. The Parties shall assist each other in complying with subject access requests served on either Party under Section 7 of the DPA and the Parties shall consult with each other prior to the disclosure of any request from the Servicer requiring the Cash Manager to take reasonable steps to ensure that third parties to whom the Personal Data has been provided by the Cash Manager erase any links to, or copies of, Personal Data in accordance with the requirements relation to such requests.
12.4 WSCC undertakes that in respect of Data Protection Legislation;
(I) permit, by not less than 24 hours’ notice, at any time (and immediately by notice if the Servicer reasonably believes there to have been a breach of this Clause 13 (Data Protection and Data Security) or if required by law or a Regulatory Body requires it), the Servicer and/or a third party auditor appointed by the Servicer to access the locations or any data centres from which Cash Management Services are being provided and all other information reasonably required by the Servicer in order to establish whether the Cash Manager has complied with its obligations under this Clause 13 (Data Protection and Data Security);
(J) amend, update, delete or supplement, any Personal Data forthwith if the Servicer so requests in order to comply with Data Protection Legislation;
received by it (K) if there is a Personal Data Breach, or if the Cash Manager identifies any imminent risk of a Personal Data Breach, notify the Servicer within 24 hours (providing all such details as the Servicer may reasonably request) and take all steps to mitigate or avoid such Personal Data Breach;
(L) assist the Servicer with the making of any mandatory notifications to those government departments and regulatory, statutory and other bodies, entities and committees which, whether under statute, rule, regulation, code of practice or otherwise, are entitled to regulate, investigate or influence the matters relating to the security of data, personal data and privacy (“Regulatory Bodies”) and/or affected individuals in the event of a Personal Data Breach;
(M) upon expiry or termination of this Agreement for any reason or when requested in writing so to do:
(1) redeliver all records of the Servicer’s data (or the relevant part thereof) to the Servicer without charge within fourteen (14) days in such a format as the Servicer may require or; and/or
(2) if so requested by the Servicer, irretrievably delete the Personal Data (or the relevant part thereof), including any copies thereof, instead of delivering that Personal Data to the Servicer (except to the extent that the Cash Manager is required by law to retain copies of the Personal Data);
(N) without prejudice to the generality of Clause 13.3(B)(3) above, use encryption technology on all mobile devices used to share and/or transport Personal Data, such technology to which shall normally be appropriate to the nature of the Personal Data and the harm that could result from unauthorised processing of such Personal Data.
13.4 The Cash Manager shall indemnify, and keep indemnified, the Servicer and each member of the RBS Group for all losses, damage, costs, fines or expenses (including legal expenses) incurred or suffered by them relating to any failure by the Cash Manager to comply with its obligations in this Clause 13 (Data Protection and Data Security) and/or any breach by the Cash Manager of any Data Protection Legislation and/or any act or omission of the Cash Manager in relation to the Servicer’s data which puts the Servicer and/or any member of the RBS Group in breach of its obligations under the Data Protection Legislation or in breach of its obligations to any Regulatory Body or under any other applicable law or regulation.
13.5 The Personal Data processing to be carried out under this Agreement is described below: Subject matter of the processing Information regarding the Mortgage Loans and Related Security and the relevant Borrowers and any guarantors in relation thereto, processed for the purpose of performing responding to incidents) from the Cash Management Services, including, without limitation, to enable Joint Control that it shall hold such Personal Data as a Data Processor and will only use such Personal Data for the Cash Manager to prepare the Quarterly Investor Report. Types of personal data being processed Information relating to the Mortgage Loans and Related Security and the relevant Borrowers and any guarantors in relation thereto, including, without limitation, details of payments made under the Mortgage Loans, arrears under the Mortgage Loans and access to contact details of the Borrowers. Categories of individuals whose data is being processed Individual persons who are Borrowers or guarantors purpose for which it has been sent by ESFA.
12.5 ESFA agrees that in respect of Personal Data inherited by it from WSCC from the Mortgage Loans. Types Commencement Date that it shall hold such Personal Data as Data Processor and will only use such data as is necessary for the running of data processing to be carried out Analysis of payments and other activities in the Joint Control.
12.6 In respect of new Personal Data received by the Mortgage Loans to enable Joint Control from the Cash Manager to prepare Commencement Date the Quarterly Investor Report. Purpose Parties mutually agree that ESFA will be the Data Controller and a Data Processor.
12.7 This Clause 12 shall survive the termination or expiry of the data processing To enable the Cash Manager to prepare the Quarterly Investor Report Agreement howsoever caused and shall continue thereafter in accordance with the provisions of this Agreement. Duration of processing The term of this Agreementfull force and effect.
Appears in 1 contract
Sources: Inter Authority Agreement