Data Security, Access, Storage and Retention Sample Clauses

Data Security, Access, Storage and Retention. 11.1 Each Party confirms that it has in place appropriate organisational and technical measures to safeguard information shared as part of this Agreement against accidental or unlawful destruction or loss, alteration, unauthorised disclosure or access, and which provide a level of security appropriate to the nature of the Agreed Data and the risk from processing. This includes but is not limited to data protection policies, staff training and technical and physical access controls. 11.2 The Service Provider agrees to store the Agreed Data securely inside the EU with appropriate measures in place to safeguard the Agreed Data. 11.3 Each Party agrees that only personnel who require access to the Agreed Data will be granted such access. The Agreed Data will be accessible by [insert the details of those staff/roles at the Service Provider who will have access to the Agreed Data]. 11.4 The Parties will not retain the Agreed Data for any longer than necessary and confirm that they have a written policy in place for the retention and secure deletion or destruction of personal data at the end of the retention period. 11.5 Data will not be kept for longer than is necessary. Unrequired data will be deleted as soon as practicable. Some educational records relating to former pupils or employees of the school may be kept for an extended period for legal reasons, but also to enable the provision of references or academic transcripts. Paper documents will be shredded or pulped, and electronic memories scrubbed clean or destroyed, once the data should no longer be retained. 11.6 Parties will immediately notify each other of any data breach in relation to the information being shared as part of this agreement and shall keep a record of such breaches. Where notification to the Information Commissioner’s Office is required or there is a risk to individuals, the notification to the other Party should be made within 24 hours of the Party discovering the breach becoming aware of the breach. 11.7 The Party where the breach occurred shall conduct a full investigation of the breach and the findings of the investigation will be Agreed with the other Party.