Principles for Processing Clause Samples
The "Principles for Processing" clause defines the fundamental rules and standards that govern how personal data or information must be handled within an organization or under a contract. Typically, this clause outlines requirements such as lawfulness, fairness, transparency, data minimization, accuracy, and security in the collection, use, and storage of data. For example, it may require that only necessary data is collected and that it is kept up to date and protected against unauthorized access. The core function of this clause is to ensure that data processing activities are conducted responsibly and in compliance with applicable data protection laws, thereby safeguarding individuals' rights and reducing the risk of misuse or breaches.
Principles for Processing. The parties represent and warrant that all personal data will be collected and further processed in accordance with the provisions of this DPA Part C and the data protection laws, in particular, but not limited to, the principles for the processing of personal data pursuant to Art. 5 para. 1
Principles for Processing. Each Controller will observe the following principles to govern its Processing of Personal Data contained in Registration Data and Customer data, except as required by applicable laws or regulations. Personal Data SHALL:
1.1. only be Processed lawfully, fairly, and in a transparent manner in relation to the Registered Name Holders and other data subjects (“lawfulness, fairness, and transparency”);
1.2. be obtained only for specified, explicit, and legitimate purposes, and SHALL NOT be further Processed in any manner incompatible with those purposes (“purpose limitation”);
1.3. be adequate, relevant, and not excessive in relation to the purposes for which they are Processed (“data minimization”);
1.4. be accurate and, if necessary, kept current, as appropriate to the purposes for which they are Processed (“accuracy”);
1.5. not be kept in a form that permits identification of the Registered Name Holder and other data subjects for longer than necessary for the permitted purposes (“storage limitation”); and
1.6. be Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (“integrity and confidentiality”). Each ProviderController SHALL be responsible for, and be able to demonstrate compliance with principles (1.1) to (1.6) (“accountability”). The Provider SHALL inform ICANN immediately if such Provider (i) cannot abide by the Processing principles outlined in Section 1 of this Appendix, or (ii) receives a complaint by a Registered Name Holder or other data subject that the Provider has failed to abide by such principles.
Principles for Processing. Each Controller will observe the following principles to govern its Processing of Personal D ata contained in Registration Data and Customer data, except as required by applicable
1.1. only be Processed lawfully, fairly, and in a transparent manner in relation to the Registered Name Holders and other data subjects (“lawfulness, fairness, and transparency”);
1.2. be obtained only for specified, explicit, and legitimate purposes, and SHALL NOT b e further Processed in any manner incompatible with those purposes (“purpose
1.3. be adequate, relevant, and not excessive in relation to the purposes for which they are Processed (“data minimization”);
1.4. be accurate and, if necessary, kept current, as appropriate to the purposes for
1.5. not be kept in a form that permits identification of the Registered Name Holder and other data subjects for longer than necessary for the permitted purposes (“storage limitation”); and
1.6. be Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorized or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical or organizational principles outlined in Section 1 of this Appendix, or (ii) receives a complaint by a Registered Name Holder or other data subject that the Provider has failed to abide by