Common use of Data Protection Policy Clause in Contracts

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process the OIE’s data, on behalf of the OIE. In application of this Agreement, the OIE’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). Obligations of the OIE The OIE, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to the OIE is simply for convenience and does not imply a waiver of any privileges and immunities applicable to the OIE. The OIE nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: xxxxx://xxx.xxx.xxx/privacy-policy/ The OIE undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Obligations of the Service Provider Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from the OIE, including with regard to the location of the hosting and transfers to third countries; informs the OIE before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform the OIE if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of the OIE, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of the OIE, subject to obtaining the OIE's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to the OIE for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps the OIE, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to the OIE (xxx@xxx.xxx ), who shall be responsible for responding to it; notifies the OIE of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxx.xxx ; such notification shall be accompanied by any relevant communication in order to enable the OIE, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists the OIE in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides the OIE with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by the OIE or an auditor chosen by the OIE, and shall contribute to such audits under the conditions referred to below.

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process the OIEWOAH’s data, on behalf of the OIEWOAH. In application of this Agreement, the OIEWOAH’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). Obligations of the OIE The OIEWOAH WOAH, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to the OIE WOAH is simply for convenience and does not imply a waiver of any privileges and immunities applicable to the OIEWOAH. The OIE WOAH nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: xxxxx://xxx.xxx.xxx/privacy-policy/ The OIE Privacy Policy - WOAH - World Organisation for Animal Health WOAH undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Obligations of the Service Provider Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from the OIEWOAH, including with regard to the location of the hosting and transfers to third countries; informs the OIE WOAH before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform the OIE WOAH if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of the OIEWOAH, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of the OIEWOAH, subject to obtaining the OIEWOAH's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to the OIE WOAH for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps the OIEWOAH, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to the OIE (xxx@xxx.xxx WOAH ( xxx@xxxx.xxx), who shall be responsible for responding to it; notifies the OIE W of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxx.xxx xxx@xxxx.xxx; such notification shall be accompanied by any relevant communication in order to enable the OIEWOAH, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists the OIE WOAH in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides the OIE WOAH with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by the OIE WOAH or an auditor chosen by the OIEWOAH, and shall contribute to such audits under the conditions referred to below.

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process the OIEWOAH’s data, on behalf of the OIEWOAH. In application of this Agreement, the OIEWOAH’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). Obligations of the OIE The OIEWOAH WOAH, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to the OIE WOAH is simply for convenience and does not imply a waiver of any privileges and immunities applicable to the OIEWOAH. The OIE WOAH nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: xxxxx://xxx.xxx.xxx/privacy-policy/ The OIE Privacy Policy - WOAH - World Organisation for Animal Health WOAH undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Obligations of the Service Provider Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from the OIEWOAH, including with regard to the location of the hosting and transfers to third countries; informs the OIE WOAH before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform the OIE WOAH if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of the OIEWOAH, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of the OIEWOAH, subject to obtaining the OIEWOAH's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to the OIE WOAH for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps the OIEWOAH, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to the OIE (xxx@xxx.xxx WOAH ( xxx@xxxx.xxx), who shall be responsible for responding to it; notifies the OIE W of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxx.xxx xxx@xxxx.xxx ; such notification shall be accompanied by any relevant communication in order to enable the OIEWOAH, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists the OIE WOAH in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides the OIE WOAH with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by the OIE WOAH or an auditor chosen by the OIEWOAH, and shall contribute to such audits under the conditions referred to below.

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process the OIEWOAH’s data, on behalf of the OIEWOAH. In application of this Agreement, the OIEWOAH’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). Obligations of the OIE The OIEWOAH WOAH, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to the OIE WOAH is simply for convenience and does not imply a waiver of any privileges and immunities applicable to the OIEWOAH. The OIE WOAH nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: xxxxx://xxx.xxx.xxx/privacy-policy/ The OIE Privacy Policy - WOAH - World Organisation for Animal Health WOAH undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Obligations of the Service Provider Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from the OIEWOAH, including with regard to the location of the hosting and transfers to third countries; informs the OIE WOAH before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform the OIE WOAH if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of the OIEWOAH, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of the OIEWOAH, subject to obtaining the OIEWOAH's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to the OIE WOAH for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps the OIEWOAH, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to the OIE WOAH (xxx@xxx.xxx xxx@xxxx.xxx ), who shall be responsible for responding to it; notifies the OIE W of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxx.xxx xxx@xxxx.xxx; such notification shall be accompanied by any relevant communication in order to enable the OIEWOAH, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists the OIE WOAH in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides the OIE WOAH with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by the OIE WOAH or an auditor chosen by the OIEWOAH, and shall contribute to such audits under the conditions referred to below.

Data Protection Policy. In the context of the performance of the Services covered by the Agreement, the Service Provider is required to process the OIEWOAH’s data, on behalf of the OIEWOAH. In application of this Agreement, the OIEWOAH’s data includes personal data which are processed as described in the Schedule C Description of the processing of personal data. To the extent applicable to the framework of the Services, each Party thus undertakes to comply with the regulations applicable to it relating to the protection of personal data and, in the case of the Service Provider, including those arising from the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR). Obligations of the OIE The OIEWOAH WOAH, as an intergovernmental organisation is not subject to the GDPR. Any reference to terms commonly used under data protection legislation in relation to the OIE WOAH is simply for convenience and does not imply a waiver of any privileges and immunities applicable to the OIEWOAH. The OIE WOAH nevertheless guarantees that any personal data are processed in compliance with its privacy policy available on its website: xxxxx://xxx.xxx.xxx/privacy-policy/ The OIE Privacy Policy - WOAH - World Organisation for Animal Health WOAH undertakes to document, in writing, any instructions concerning the processing of personal data by the Service Provider. Obligations of the Service Provider Service Provider declares that it provides sufficient guarantees as to the implementation of the appropriate technical and organizational measures referred to in this clause, so that the processing operations fully complies with the requirements of the regulations on the protection of personal data. It is expressly agreed that the Service Provider: processes personal data only for the purpose(s) of this Agreement; may only process the personal data on documented instruction from the OIEWOAH, including with regard to the location of the hosting and transfers to third countries; informs the OIE WOAH before processing if the Service Provider is legally required to transfer personal data to a third party; this obligation does not apply if the law prohibits such information on important grounds of public interest; immediately inform the OIE WOAH if, in its opinion, an instruction infringes regulations on the protection of personal data; guarantees the confidentiality of the personal data processed under this Agreement; ensures that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; takes into account, with regard to the Services it provides on behalf of the OIEWOAH, the principles of data protection from the design stage and by default (privacy by design, and by default); may subcontract all or part of the processing activities carried out on behalf of the OIEWOAH, subject to obtaining the OIEWOAH's prior and specific written authorisation; must ensure that its own data processor complies with the obligations of this Agreement and that this data processor provides the same sufficient guarantees as to the implementation of appropriate technical and organizational measures so that the processing meets the requirements of the regulations on the protection of personal data; is fully liable to the OIE WOAH for the performance by its data processor of its obligations, in particular when the latter does not fulfil its obligations with regard to the protection of personal data; helps the OIEWOAH, through appropriate technical and organizational measures, insofar as this is possible, to fulfil its obligation to comply with the requests of the persons concerned concerning their rights (rights of access, rectification, erasure and objection, restriction of processing, data portability, not to be the subject of an automated individual decision (including profiling); in this respect, in the event of direct receipt by the Service Provider of such a request, it is agreed that the latter shall immediately forward the request to the OIE (xxx@xxx.xxx WOAH ( xxx@xxxx.xxx ), who shall be responsible for responding to it; notifies the OIE W of any personal data breach, without delay and at the latest twenty-four (24) hours, after becoming aware of it, by e-mail at xxx@xxx.xxx xxx@xxxx.xxx ; such notification shall be accompanied by any relevant communication in order to enable the OIEWOAH, if necessary, to notify such breach as it sees fit. The description of the nature of the breach shall include the categories and approximate number of persons concerned by the breach and the categories and approximate number of data records concerned; description of the likely consequences of the breach; and description of the measures taken or proposed by the Service Provider to be taken to remedy the breach. assists the OIE WOAH in carrying out data protection impact assessments, and in implementing its own appropriate technical and organizational measures to ensure a level of security appropriate to the risk; declares that it keeps a register of processing operations in accordance with data protection regulations; provides the OIE WOAH with all the information necessary to demonstrate compliance with its obligations and to allow audits, including inspections, to be carried out by the OIE WOAH or an auditor chosen by the OIEWOAH, and shall contribute to such audits under the conditions referred to below.