PROCESSOR SPECIFIC OBLIGATIONS Clause Samples
PROCESSOR SPECIFIC OBLIGATIONS. 3.1 Where IPSX processes Protected Data on behalf of the Counterparty, IPSX shall:
3.1.1. (and shall ensure that any person acting under its authority who has access to Protected Data) process the Protected Data only in accordance with IPSX’s Privacy Notice, the Agreement and this Appendix and Annex 1 (Data Processing Details) (which may be updated from time to time by written agreement of the parties), (“Processing Instructions”); and
3.1.2. immediately inform the Counterparty of any requirement under applicable law that would require IPSX to process the Protected Data other than only on the Processing Instructions, or if any Counterparty instruction does not comply with DP Laws.
PROCESSOR SPECIFIC OBLIGATIONS. 3.1 Where IPSX processes Protected Data on behalf of the Counterparty, IPSX shall:
3.1.1. (and shall ensure that any person acting under its authority who has access to Protected Data) process the Protected Data only in accordance with IPSX’s Privacy Notice, the Agreement and this Appendix and Annex 1 (Data Processing Details) (which may be updated from time to time by written agreement of the parties), (“Processing Instructions”); and
3.1.2. immediately inform the Counterparty of any requirement under applicable law that would require IPSX to process the Protected Data other than only on the Processing Instructions, or if any Counterparty instruction does not comply with DP Laws.
3.2 IPSX shall implement and maintain appropriate technical and organisational measures for the processing of Protected Data by or on behalf of IPSX:
3.2.1. to meet or exceed the requirements of DP Laws and protect the rights of Data Subjects; and
3.2.2. to ensure a level of security in respect of Protected Data appropriate to the risks of the processing, in particular to protect against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Protected Data.
3.3 Without affecting the effectiveness of paragraph 3.2.2, IPSX shall, in respect of all Protected Data comply with the requirements regarding security set out in DP Laws, and in this Agreement.
3.4 If IPSX is to process Protected Data with a Sub-Processor, then IPSX shall appoint the Sub- Processor under a binding written contract (“Processor Contract”) which imposes the same data protection obligations as are contained in this Agreement on the Sub-Processor, including under paragraph 3.2, and this paragraph 3.4 for engaging another Processor.
3.5 IPSX shall:
3.5.1. promptly on request by the Counterparty give details of any Processor Contract to the Counterparty; and
3.5.2. where a Sub-Processor does not comply with its data protection obligations in accordance with the Processor Contract, remain fully liable to the Counterparty for that Sub-Processor’s obligations.
3.6 IPSX shall:
3.6.1. ensure that IPSX Personnel processing Protected Data have signed agreements requiring them to keep Protected Data confidential;
3.6.2. take all reasonable steps to ensure the reliability of IPSX Personnel processing Protected Data; and
3.6.3. ensure that IPSX Personnel receive adequate training on compliance with this Schedule and DP Laws.
3.7 IPSX shall put in place and maintain appropriate technica...