Data Protection, Security and Integrity Clause Samples

Data Protection, Security and Integrity. 8.1 The parties do not envisage that either party will process personal data controlled by the other party in the performance of this agreement. Therefore, neither party shall transfer personal data in its control to the other party for processing on its behalf before the parties have entered into a separate data processing agreement compliant with Applicable Laws in respect of the protection of personal data. 8.2 For the purposes of this clause 8, the terms “personal data”, “processing” and “controlled” shall have the meaning given to them in the General Data Protection Regulation (Regulation (EU) 2016/679 (GDPR) and Data Protection Act 2018.

Data Protection, Security and Integrity. 8.1 If you provide any Personal Data to us for processing as part of the Services, you will ensure that you are entitled to do so and that we may lawfully process that Personal Data on your behalf, as envisaged under this Agreement. Should you breach this obligation then you shall be fully liable to us for any costs, losses, damages, expenses and reasonable legal fees incurred or suffered by us and arising from the breach. As part of your obligations, you shall ensure that you have a suitable privacy policy or other notice in place on your Website and/or within the AI Product to comply with your obligations under Data Protection Legislation. 8.2 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 8 is in addition to, and does not relieve, remove, or replace, a party's obligations under the Data Protection Legislation. 8.3 The parties acknowledge that for the purposes of the Data Protection Legislation, you are the Data Controller and we are the Data Processor in relation to your Personal Data provided to us for processing as part of the Services under this Agreement. 8.4 The parties shall set out in Schedule 3 the scope, nature and purpose of processing, the duration of the processing and the types of personal data (as defined in the Data Protection Legislation “Personal Data”) and categories of Data Subject. 8.5 Without prejudice to the generality of clause 8.2: (a) you will ensure that you have all necessary appropriate consents and notices in place and/or a lawful basis to enable lawful transfer of the Personal Data to us for the duration and purposes of this Agreement; and (b) we shall, in relation to any Personal Data processed in connection with our performance of our obligations under this Agreement: (i) process that Personal Data only on your documented written instructions unless processing is required by any law to which we are subject, in which case we shall, to the extent permitted by law, inform you of that legal requirement before performing the relevant processing; (ii) ensure that we have in place appropriate technical and organisational measures, reviewed and approved by you, which are designed to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of th...

Data Protection, Security and Integrity a. The following definitions apply: i) The terms “data controller”, “data processor”, “data subject”, “personal data” and “processing” bear the respective meanings given them in the Data Protection Act 1998, and “data protection principles” means the eight data protection principles set out in Schedule 1 to that Act; ii) Data includes Personal Data; and iii) Customer Personal Data means any personal data provided by or on behalf of the Customer. b. The Supplier shall: i) only carry out processing of any Customer Personal Data on the Customer’s instructions; ii) implement appropriate technical and organisational measures to protect any Customer Personal Data against unauthorised or unlawful processing and accidental loss or damage; and iii) comply with its obligations under the Data Protection Legislation.

Data Protection, Security and Integrity. 9.1 The Parties shall comply with all requirements of the Data Protection Legislation which are applicable to each of them. This section is in addition to, and does not relieve, remove or replace, the Parties' respective obligations under the Data Protection Legislation. 9.2 Neither Party shall provide to the other Party any Personal Data other than is necessary for administration of this Agreement including sales, billing, customer service and technical support. Customer shall not provide to Supplier any Customer Data. The Supplier shall not be considered a processor of Customer's Personal Data or Customer Data. If Customer sends data to Supplier in connection with Technical Support then Customer shall send only anonymised data. 9.3 Each Party shall ensure that it has all necessary and appropriate consents and notices in place to enable lawful transfer of Personal Data to the other Party for the duration of this Agreement so that receiving Party may fairly and lawfully use, process and transfer the Personal Data for the purpose of administering this Agreement. 9.4 Each Party acknowledges that, in relation to any Personal Data received from the other Party (the sending Party) and processed by the receiving Party: (a) the sending Party is the controller and the receiving Party is the processor for the purposes of the Data Protection Legislation; and (b) the receiving Party shall process that Personal Data only for the administration of and duration of this Agreement and on the sending Party's written instructions unless the receiving Party is required by applicable law to process Personal Data. 9.5 The sending Party will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to the other Party for the duration and for the purpose of this Agreement so that the receiving Party may lawfully use, process and transfer the personal data in accordance with this Agreement. 9.6 The receiving Party shall, in relation to any Personal Data processed in connection with this Agreement: (a) Process that Personal Data only on the written instructions of the sending Party unless the receiving Party is required by law to process the Personal Data; (b) ensure that it has in place commercially reasonable technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm ...

Data Protection, Security and Integrity. The following definitions apply:

Data Protection, Security and Integrity. 12.1 If Client provides any Personal Data to 4 Roads for processing as part of the Services, Client will ensure that it is entitled to do so and that 4 Roads may lawfully process that Personal Data on Client’s behalf, as envisaged under this Agreement, and should Client breach this obligation then the Client shall be liable to 4 Roads for any costs, losses, damages, expenses and reasonable legal fees incurred or suffered by 4 Roads and arising from that breach. 12.2 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 12 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation. 12.3 The parties acknowledge that for the purposes of the Data Protection Legislation, the Client is the Data Controller and 4 Roads is the Data Processor in relation to the Client’s Personal Data provided to 4 Roads for processing as part of the Services. 12.4 The parties shall agree in a SOW the scope, nature and purpose of processing by 4 Roads, the duration of the processing and the types of personal data (as defined in the Data Protection Legislation “Personal Data”) and categories of Data Subject. 12.5 The Client will ensure that: 12.5.1 where it wishes to rely on the consent of the Data Subject to process Personal Data which is captured via software or webpages designed by 4 Roads as part of the Services, that it will be responsible for ensuring the software and webpages contain sufficient information and are of sufficient clarity to obtain the Data Subject consent in accordance with applicable laws; 12.5.2 it provides direction to 4 Roads in relation to the form of any necessary cookie notice that is required to obtain the consent prior to use of non-essential cookies and similar tracking technologies; and 12.5.3 it provides 4 Roads with its technical security requirements relating to the design and hosting of any database to be developed by 4 Roads for the Client that will store Personal Data. 12.6 Without prejudice to the generality of clause 12.5: 12.6.1 the Client will ensure that it has all necessary appropriate consents and notices in place and/or a lawful basis to enable lawful transfer of the Personal Data to 4 Roads for the duration and purposes of this MSA; and

Data Protection, Security and Integrity. 17.1 Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 17 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation. 17.2 The parties acknowledge that: (a) where ETL processes any personal data on the Client’s behalf when performing its obligations under this agreement, the Client is the data controller and ETL is the data processor for the purposes of the Data Protection Legislation (where Data Controller and Data Processor have the meanings as defined in the Data Protection Legislation). (b) the personal data may be transferred or stored outside the EEA or the country where the Client is located in order to carry out the Software Support Service and ETL’s other obligations under this agreement. 17.3 Without prejudice to the generality of clause 17.2, the Client will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Personal Data to ETL for the duration and purposes of this agreement so that ETL may lawfully use, process and transfer the Personal Data in accordance with and to the extent required under this Agreement on the Client’s behalf. 17.4 Without prejudice to the generality of clause 17.2, ETL shall, in relation to any Personal Data processed in connection with the performance by ETL of its obligations under this agreement: (a) process that Personal Data only in accordance with this Agreement or on the written instructions of the Client, unless ETL is required by the laws of any member of the European Union or by the laws of the European Union applicable to ETL to process Personal Data (Applicable Laws). Where ETL is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, ETL shall promptly notify the Client of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit ETL from so notifying the Client; (b) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of i...