Protecting Personal Data Clause Samples

Protecting Personal Data. Personal Data must be secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction or damage. We will develop, implement and maintain safeguards appropriate to our size, scope and business, our available resources, the amount of Personal Data that we own or maintain on behalf of others and identified risks (including use of encryption and Pseudonymisation where applicable). We will regularly evaluate and test the effectiveness of those safeguards to ensure security of our Processing of Personal Data. You are responsible for protecting the Personal Data we hold. You must implement reasonable and appropriate security measures against unlawful or unauthorised Processing of Personal Data and against the accidental loss of, or damage to, Personal Data. You must exercise particular care in protecting Special Categories of Personal Data and Criminal Convictions Data from loss and unauthorised access, use or disclosure. You must follow all procedures and technologies we put in place to maintain the security of all Personal Data from the point of collection to the point of destruction. You may only transfer Personal Data to third-party service providers who agree to comply with the required policies and procedures and who agree to put adequate measures in place, as requested. You must maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows: (a) Confidentiality means that only people who have a need to know and are authorised to use the Personal Data can access it; (b) Integrity means that Personal Data is accurate and suitable for the purpose for which it is processed; and (c) Availability means that authorised users are able to access the Personal Data when they need it for authorised purposes. You must comply with and not attempt to circumvent the administrative, physical and technical safeguards we implement and maintain in accordance with the GDPR and relevant standards to protect Personal Data.

Protecting Personal Data. ● Personal data will be recorded, processed, transferred and made available as stipulated in the Trust’s Data Protection (UK GDPR) Policy. The policy is available on request or can be viewed online at ▇▇▇▇▇://▇▇▇▇.▇▇▇▇▇▇▇/our-policies. This policy complies with UK General Data Protection Regulation (UK GDPR).

Protecting Personal Data. RECEIVING PARTY or Subsidiaries or Affiliates of RECEIVING PARTY may, in connection with this Agreement, collect Personal Data in relation to PROVIDING PARTY and PROVIDING PARTY’s employees, directors and other officers involved in providing Corporate Services hereunder. Such Personal Data may be collected from PROVIDING PARTY, its employees, its directors, its officers, or from other (for example, published) sources; and some limited personal data may be collected indirectly at RECEIVING PARTY’s (or Subsidiaries or Affiliates of RECEIVING PARTY’s) locations from monitoring devices or by other means (e.g., telephone logs, closed circuit TV and door entry systems). Nothing in this Section 8.5(c) obligates PROVIDING PARTY or PROVIDING PARTY’s employees, directors or other officers to provide Personal Data requested by RECEIVING PARTY. RECEIVING PARTY or the Subsidiaries or Affiliates of RECEIVING PARTY may use and disclose any such data disclosed by PROVIDING PARTY solely for purposes connected with this Agreement (including monitoring the security of data and other assets) and for the relevant purposes specified in the data privacy policy of the Subsidiary of RECEIVING PARTY (a copy of which is available on request.) RECEIVING PARTY will maintain the same level of protection for Personal Data collected from PROVIDING PARTY (and PROVIDING PARTY’s employees, directors and officers, as appropriate) as RECEIVING PARTY maintains with its own Personal Data, and will implement appropriate administrative, physical and technical measures to protect the personal data collected from PROVIDING PARTY and PROVIDING PARTY’s employees, directors and other officers against accidental or unlawful destruction or accidental loss, alternation, unauthorized disclosure or access.

Protecting Personal Data. Personal data will be recorded, processed, transferred and made available according to the Data Protection Act 1998 and due regard will be made of the General Data Protection Regulations when they come into force.

Protecting Personal Data. The school will collect personal information about you fairly and will let you know how the school and DCC will use it. The school will use information about pupils to further curriculum, professional and managerial activities in accordance with the business of the school and will contact the parents or guardians, if it is necessary, to pass information beyond the school or DCC. For other members of the community the school will tell you in advance if it is necessary to pass the information on to anyone else other than the school and DCC. The school will hold personal information on its systems for as long as you remain a member of the school community and remove it in the event of your leaving, or until it is no longer required for the legitimate function of the school. We will ensure that all personal information supplied is held securely, in accordance with the policies and practices of Durham County Council and as defined by the Data Protection Act 1998. You have the right to view the personal information that the school holds about you and to have any inaccuracies corrected. Pupil instruction in responsible and safe use should precede any Internet access and all pupils must sign up to the Acceptable Use Agreement for pupils and abide by the school’s online rules. These online rules will also be displayed clearly in all networked rooms. As well as this, all staff will read and sign the School Acceptable Use Policy before using any school ICT resources. The school will maintain a current record of all staff and pupils who are granted access to the school’s electronic communications. All visitors to the school site who require access to the schools network or internet access will be asked to read and sign an Acceptable Use Policy. Parents will be informed that pupils will be provided with supervised Internet access appropriate to their age and ability. When considering access for vulnerable members of the school community (such as with children with special education needs) the school will make decisions based on the specific needs and understanding of the pupil(s).

Protecting Personal Data. Personal Data must be secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction or damage. We will develop, implement and maintain safeguards appropriate to our size, scope and business, our available resources, the amount of Personal Data that we own or maintain on behalf of others and identified risks. You are responsible for protecting the Personal Data we hold. You must implement reasonable and appropriate security measures against unlawful or unauthorised Processing of Personal Data and against the accidental loss of, or damage to, Personal Data. You must exercise particular care in protecting Special Categories of Personal Data from loss and unauthorised access, use or disclosure. You must follow all procedures and technologies we put in place to maintain the security of all Personal Data from the point of collection to the point of destruction. You may only transfer Personal Data to third-party service providers who agree to comply with the required policies and procedures and who agree to put adequate measures in place, as requested. You must maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows: (a) Confidentiality means that only people who have a need to know and are authorised to use the Personal Data can access it. (b) Integrity means that Personal Data is accurate and suitable for the purpose for which it is processed. (c) Availability means that authorised users are able to access the Personal Data when they need it for authorised purposes.

Protecting Personal Data. NORESCO processes personal data as described in our privacy notices at ▇▇▇▇▇▇▇.▇▇▇. The Parties will comply with applicable data privacy laws governing personal data processed in connection with this Agreement, including the California Consumer Privacy Act (CCPA), and take all reasonable commercial and legal steps to protect personal data. If CITY provides NORESCO with personal data, CITY will ensure that it has the legal right to do so, including notifying the individuals whose personal data is shared. If a party collects or processes personal data from California residents under this Agreement, such party is a “Service Provider” under the CCPA, and will not sell or exchange such personal data for anything of value.

Protecting Personal Data. Personal Data must be secured by appropriate technical and organisational measures against unauthorised or unlawful Processing, and against accidental loss, destruction or damage. We will develop, implement and maintain safeguards appropriate to our size, scope and business, our available resources, the amount of Personal Data that we own or maintain on behalf of others and identified risks (including use of encryption and Pseudonymisation where applicable). We will regularly evaluate and test the effectiveness of those safeguards to ensure security of our Processing of Personal Data. We will maintain data security by protecting the confidentiality, integrity and availability of the Personal Data, defined as follows:

Protecting Personal Data. The school will ensure personal data is recorded, processed, transferred and made available according to the Data Protection Act 2018 (Business Manager main contact). • Staff will ensure they properly log-off from a computer terminal after accessing personal data. During inactivity devices should be ‘locked’ • Passwords should be secure (8 characters long, combination of upper/lowercase letters/numbers. • External hard drives should be encrypted. • School laptops and devices should not be shared with friends or friends. • Staff will not remove personal or sensitive data from the school premises without ensuring such data is kept secure, using encrypted devices only. Passwords for cloud services (eg Scholar Pack / Otrack) • School iPads must be set up with the school staff passcode to ensure data protection. • The school website/app will not include the personal details, including individual e-mail addresses or full names, of pupils. • A generic contact form will be used for all enquiries received through the school website which will forward messages to the office. • Individual staff email addresses may be published on the class pages/school app • All content included on the school website, school app and social media posts will be checked by the SLT. • The content of the website will be composed in such a way that individual pupils cannot be clearly identified. • Staff and pupils should not post school-related content on any external website without seeking permission first. An inappropriate website is accessed unintentionally by a child, young person or member of staff.