Data Sharing Provisions Clause Samples
Data Sharing Provisions. 4.1 This paragraph 4 sets out the framework for the sharing of personal data between the parties as controllers. Each party acknowledges that one party (referred to in this clause as the Data Discloser) will regularly disclose to the other party Shared Personal Data collected by the Data Discloser for the Agreed Purposes.
4.2 Where the parties are separate controllers of personal data, they shall each ensure their own respective compliance with the Applicable Data Protection Laws in respect of any personal data shared between them, and any material breach of the Applicable Data Protection Laws by one party shall, if not remedied within 30 days of written notice from the other party, give grounds to the other party to terminate this Agreement with immediate effect.
4.3 Particular obligations relating to data sharing. Each party shall:
4.3.1 ensure that it has all necessary notices and consents and lawful bases in place to enable lawful transfer of the Shared Personal Data to the Permitted Recipients for the Agreed Purposes;
4.3.2 give full information to any data subject whose personal data may be processed under this Agreement of the nature of such processing. This includes giving notice that, on the termination of the Agreement, personal data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors and assignees;
4.3.3 process the Shared Personal Data only for the Agreed Purposes;
4.3.4 not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;
4.3.5 ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less onerous than those imposed by these data sharing provisions;
4.3.6 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data;
4.3.7 not transfer any personal data received from the Data Discloser outside the [UK] OR [EEA] unless the transferor ensures that (i) the transfer is to a country approved under the applicable Data Protection Legislation as providing adequate protection; or (ii) there are appropriate safeguards or binding corporate rules in place pursuant to the applicable Data Protection Legislatio...
Data Sharing Provisions. 4.1 This paragraph 4 sets out the framework for the sharing of personal data between the parties as controllers. Each party acknowledges that one party (referred to in this clause as the Data Discloser) will regularly disclose to the other party Shared Personal Data collected by the Data Discloser for the Agreed Purposes.
Data Sharing Provisions. 3.1. The User acknowledges that the data disclosed to the User by TRAFFIC (the "Data"), including the personal data described at Appendix II, shall be processed strictly for the Permitted Purpose as described in this Agreement (or as otherwise agreed in writing by the Parties).
3.2. The Parties acknowledge that TRAFFIC is a controller of the Data it discloses to the User, and that the User will process the Data as a separate and independent controller strictly for the Permitted Purpose. In no event will the Parties process the Data as joint controllers.
3.3. The User shall not disseminate the Data in its raw or unaggregated form nor make it available to any third party.
3.4. The User shall notify TRAFFIC and await the express permission of TRAFFIC before publishing any output that makes use of the Data, and shall ensure that all resultant analyses are aggregated and the Data anonymised when used externally.
3.5. Each Party shall be individually and separately responsible for complying with the obligations that apply to it as a controller under Applicable Data Protection Law. In particular (and without limitation):
(a) TRAFFIC shall be responsible for complying with all necessary transparency and lawfulness requirements under Applicable Data Protection Law in order to disclose the Data to the User to process for the Permitted Purpose; and
(b) The User shall be separately and independently responsible for complying with Applicable Data Protection Law in respect of its processing of Data it receives from TRAFFIC.
3.6. The User will implement all appropriate technical and organisational measures, including but not limited to adequate authentication, authorisation and access control, to protect the Data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the Data (a "Security Incident").
3.7. The User shall ensure that any person it authorises to process the Data shall be subject to statutory or contractual obligations to treat such Data as confidential.
3.8. The User shall have in place policies (a) that explain procedures for complying with the data protection principles of the GDPR; and (b) for retention and destruction of personal data (including timescales for such retention and destruction). On reasonable request, the User shall make these policies available to be inspected by TRAFFIC.
3.9. With the express written permission of TRAFFIC, the User may, at its election, appoint third party process...