Data Protection Requirements Clause Samples

Data Protection Requirements. 6.1. The Parties (and their bank payment agents) shall ensure protection of information upon performing Transfers in accordance with CBR Regulation No. 719-P “On requirements to protection of information upon transferring funds and on CBR control of compliance with the requirements to protection of information upon performance of money transfers” dated June 4, 2020”. 6.2. Data protection procedure shall be determined independently by each Party in accordance with the legislation of the Russian Federation and/or foreign legislation applicable to the Party in accordance with clause 6.3 of the Offer. The Company shall specify in its documents: the list and procedure for implementation of organizational measures on data protection and use of technical means of data protection including information on configuration data of technical measures determining their operating conditions; procedure for registration and storage of information in paper and (or) in electronic format confirming implementation of all appropriate organizational and technical measures of data protection. 6.3. Access to the Software shall be performed with the use of personal user accounts. Requirements of password complexity and security requirements set by Software shall be strictly enforced when choosing passwords to user accounts. Software shell be updated regularly. The Parties have an obligation to ensure password protection upon storage and in the course of operation, and ongoing event logging and information securities. 6.4. To protect information upon performing Transfers, the Parties shall use: 6.4.1. means of cryptographic information protection to encrypt protected data while transferring it through publicly available communication channels in accordance with the requirements of legislation, regulations of the Federal Security Service of the Russian Federation and technical documentation for data encryption tools; 6.4.2. cryptographic tools for creation and checking Digital signature with regular updating of private/Digital signature and public/Digital signature verification keys in compliance with applicable legal requirements related to Digital signature (if there are encryption requirements); 6.4.3. Firewalling tools to protect the Software from external network implementing the following functions: ✓ Traffic analysis and filtering in accordance with the firewall rules; ✓ Blocking of connections not complying with the firewall rules; ✓ Blocking of direct connections from externa...

Data Protection Requirements. 2.1 The Parties acknowledge that each Party shall be a Data Controller of the Shared Personal Data. Each Party shall comply with its obligations as a Data Controller under Data Protection Legislation.

Data Protection Requirements. The Parties acknowledge that for the purposes of the Data Protection Legislation, the Employer is the Controller and the Contractor is the Processor. The Contractor processes data only as authorised in Appendix 2 (Schedule of Processing, Personal Data and Data Subjects) by the Employer and may not be determined by the Contractor.

Data Protection Requirements. While using the Product the Customer shall be aware and consider current data protection requirements derived from especially the Regulation (EU) 2016/679 (General Data Protection Regulation). According to the General Data Protection Regulation personal data is all data related to an identified or identifiable person. Further "

Data Protection Requirements. (a) Each Acquired Company is in compliance in all material respects with all Data Protection Requirements to which the Business is subject with respect to the protection and security of Personal Data while such Personal Data was or is in the possession or under the control of such Acquired Company or its authorized Representatives. The execution, delivery and performance of this Agreement by an Acquired Company and the Transactions complies with, and will comply with Data Protection Requirements. Immediately following the applicable Closing Date, each Acquired Company will continue to be permitted to collect, store, Process, use and disclose Personal Data held by an Acquired Company on terms identical in all material respects to those in effect as of the date of this Agreement and to the same extent they would have been able to had the Transactions not occurred. (b) Each Acquired Company has taken commercially reasonable measures to protect the confidentiality, integrity, availability, and security of its IT Assets and to comply with Data Protection Requirements and has, during the past three years, required the same of any vendors or other third parties that Process Personal Data on behalf of the Acquired Companies. The Acquired Companies maintain and test disaster recovery and business continuity plans, maintain contingency planning procedures and facilities, and make and store back-up copies of data, each of which are commercially reasonable and that allow for the continuance of operations in the event of any unplanned interruption in service or unavailability. (c) No written notices have been received by, and no claim, charge or complaint has been made in writing against any Acquired Company alleging a violation of any Data Protection Requirements, and no Proceeding is pending or is Threatened against an Acquired Company relating to such Acquired Company’s collection, use or disclosure of Personal Data. Except as set forth on Schedule 3.12(c), there have not been any actual or written allegations of incidents of Data Security Breaches involving IT Assets or Personal Data while in the possession or under the control of an Acquired Company or, to Parent’s Knowledge, while in the possession or under the control of an authorized Representative of such Acquired Company. The Acquired Companies have no reason to reasonably suspect a Data Security Breach has occurred that would be material to the Acquired Companies and there is no current investigation of a po...

Data Protection Requirements. 2.1 The ME shall comply with the Data Protection Legislation or other relevant data protection legislation or regulatory provisions at all times and shall procure that no action or inaction of the ME shall put MedCo in breach of the Data Protection Legislation when Processing data. in connection with this Agreement.: 2.2 Without prejudice to clause 2.1 of this Schedule, the ME shall ensure that: 2.2.1 any Personal Data: 2.2.1.1 has been obtained and transferred to MedCo in accordance with the Data Protection Legislation; and 2.2.1.2 is accurate and up to date. 2.2.2 prior to the transfer to MedCo of Personal Data, it has: 2.2.2.1 provided the Data Subjects of the Personal Data with a Privacy Policy on its own behalf and on behalf of MedCo that allows MedCo to Process the relevant Personal Data; and 2.2.2.2 referred Data Subjects to MedCo's Privacy Policy at ▇▇▇.▇▇▇▇▇.▇▇▇.▇▇ for information on how MedCo will Process the relevant Personal Data. 2.2.3 implements and maintains appropriate technical and organisational measures to preserve the confidentiality and integrity of the Personal Data and prevent any unlawful Processing or disclosure or damage, taking into account the state of the art, the costs of implementation, the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of the Data Subjects (the "Security Measures");

Data Protection Requirements. Seller warrants that, with respect to any personal data that may be processed in connection with this Order, it will duly observe its obligations under all applicable privacy and data protection laws, regulations and directives (“Data Protection Requirements”), including if applicable the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and any successor thereto. Seller shall implement administrative, physical and technical safeguards to protect any personal data that may be processed in connection with this Order. Such safeguards shall be no less rigorous than accepted industry practices, and Supplier shall ensure that all such safeguards comply with applicable Data Protection Requirements, as well as the terms and conditions of this Order.

Data Protection Requirements. Except as has not had and would not reasonably be expected to have, individually or in the aggregate, a Company Material Adverse Effect, since January 1, 2020, (i) neither the Company nor any of its Subsidiaries, nor, to the Knowledge of the Company, any other Person, has received any notice or other communication from any Governmental Authority or other Person regarding any violation of, or failure to comply with, any Data Protection Requirements by the Company or any of its Subsidiaries; (ii) there is not currently pending and, to the Knowledge of the Company, there has not been any Legal Proceeding against any Company or any of its Subsidiaries alleging any violation of, or failure to comply with, any Data Protection Requirements; (iii) neither the Company nor any of its Subsidiaries has: (A) conducted any unauthorized access, interception, monitoring or recording of any electronic communications in breach of applicable Data Protection Requirements; (B) received requests from any Governmental Authority or other Person to disclose confidential information related to customers and/or confidential information related to Company Products; (C) provided or been compelled to provide any Governmental Authority or other Person with direct access to IT Assets or information related to customers; or (D) had employees in any jurisdiction forced to provide access to confidential information or IT Assets outside normal legal process; and (iv) neither the Company nor any of its Subsidiaries is currently subject to any Data Protection Requirements or other legal obligations that, following the Closing, would, in their current forms, prohibit the Company or any of its Subsidiaries from receiving or using Personal Information in the manner in which the Company and its Subsidiaries receive and use Personal Information prior to the Closing.

Data Protection Requirements. Google will apply reasonable and appropriate technical and organizational measures designed to meet the data minimization and purpose limitation principles consistent with Article 5 of the GDPR to all Service Data.