Supplier as Data Processor Clause Samples

Supplier as Data Processor. As Data Processor, Supplier will process Personal Data for and on behalf of the Customer that controls the Personal Data. Supplier will process Customer’s Personal Data pursuant to the Data Protection Addendum (DPA) found at ▇▇▇.▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇-▇▇▇▇▇▇ when providing Products and Services subject to Data Protection Laws (as defined in the DPA). Customer represents and warrants that Customer (i) will transfer to Supplier only Personal Data necessary for the performance of the Contract, (ii) has provided notice to and obtained all necessary consents of the data subject or has appropriate legal basis for the processing of personal data in accordance with applicable laws for the transfer and use of Personal Data to Supplier; and (iii) maintains security and safety measures in the transfer and access to Supplier of Personal Data (including de-identification of client or end-user related information unless transfer is necessary in the Contract). Supplier takes reasonable and appropriate measures to safeguard the confidentiality and security of Personal Data and to prevent its unauthorized use or disclosure. Customer can request access to Personal Data that Supplier maintains. To protect privacy of Personal Data, Supplier will take reasonable steps to verify Customer’s or the requesting person’s identity before granting access to or making changes to Personal Data.

Supplier as Data Processor. 1.1. Where, in Table A, the Parties acknowledge that for the purposes of the Data Protection Legislation, the Authority is the Controller and the Supplier is the Processor for the relevant purposes specified in Table A this Clause 1 shall apply. The only Processing that the Supplier is authorised to do is listed in Table A of this Protocol by the Authority and may not be determined by the Supplier. 1.2. The Supplier shall notify the Authority immediately if it considers that any of the Authority’s instructions infringe the Data Protection Legislation. 1.3. The Supplier shall provide all reasonable assistance to the Authority in the preparation of any Data Protection Impact Assessment prior to commencing any Processing. Such assistance may, at the discretion of the Authority, include: 1.3.1. a systematic description of the envisaged Processing operations and the purpose of the Processing; 1.3.2. an assessment of the necessity and proportionality of the Processing operations in relation to the Supplier’s obligations under the Framework Agreement; 1.3.3. an assessment of the risks to the rights and freedoms of Data Subjects; and 1.3.4. the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data. 1.4. The Supplier shall, in relation to any Personal Data Processed in connection with its obligations under the Framework Agreement: 1.4.1. Process that Personal Data only in accordance with Table A, unless the Supplier is required to do otherwise by Law. If it is so required the Supplier shall promptly notify the Authority before Processing the Personal Data unless prohibited by Law; 1.4.2. ensure that it has in place Protective Measures, which are appropriate to protect against a Data Loss Event, which the Authority may reasonably reject (but failure to reject shall not amount to approval by the Authority of the adequacy of the Protective Measures), having taken account of the: i. nature of the data to be protected; ii. harm that might result from a Data Loss Event; iii. state of technological development; and iv. cost of implementing any measures; 1.4.3. ensure that: i. the Staff do not Process Personal Data except in accordance with the Framework Agreement (and in particular Table A); ii. it takes all reasonable steps to ensure the reliability and integrity of any Staff who have access to the Personal Data and ensure that they: (a) are aware of and comply with the Supplier’s duties ...

Supplier as Data Processor. The Parties acknowledge that the Trust is the Data Controller and the Supplier is the Data Processor in respect of any Personal Data Processed under this Contract.

Supplier as Data Processor