Personal Data - General Provisions Clause Samples

Personal Data - General Provisions. 5.1 In respect of any Personal Data processed by the Franchisee, including CRM Data, the Franchisee agrees that it shall (i) comply with the Data Protection Act and all other legislation relating to the protection and use of personal information (including the Privacy and Electronic Communications (EC Directive) Regulations 2003) (all such legislation collectively being "the Personal Data Legislation") to the extent that such legislation applies to it and (ii) procure that its agents or sub-contractors shall do the same. 5.2 Pursuant to paragraph 5.1, the Franchisee agrees to comply with the Personal Data Legislation in respect of its Processing of CRM Data and in particular, but without limitation, the Franchisee shall: (a) ensure that CRM Data is Processed fairly and lawfully (in accordance with part 1 of Schedule 1 of the Data Protection Act); (b) ensure that CRM Data is obtained only for one or more specified and lawful purposes, and shall not be further Processed in any manner incompatible with that purpose or those purposes (in accordance with part 2 of Schedule 1 of the Data Protection Act); and (c) obtain and maintain all appropriate notifications as required under the Data Protection Act. 5.3 In accordance with its capacity as Data Controller of CRM Data and in accordance with the ensuing obligations under the Data Protection Act: (a) the Franchisee shall procure that any CRM Data Processor which it appoints shall: (i) prior to any disclosure of CRM Data to the CRM Data Processor, enter into written terms between itself and the Franchisee which are equivalent to those contained in this paragraph 5.3; and (ii) Process CRM Data only on behalf of the Franchisee, only for the purpose(s) as defined by the Franchisee and only in accordance with instructions received from the Franchisee from time to time; (b) the Franchisee shall, and shall procure that any CRM Data Processor which it appoints shall, at all times have in place appropriate technical and organisational measures against unauthorised or unlawful processing of CRM Data and against accidental loss or destruction of, or damage to, CRM Data and that such measures shall: (i) reflect the level of harm, damage and /or distress that might be suffered by the Data Subject to whom the CRM Data relates in the event of a breach of the measures as set out herein; and (ii) ensure that only authorised personnel have access to CRM Data and that any persons authorised to have access to CRM Data will respect a...