The Data Controller and the Data Processor Sample Clauses

This clause defines the roles and responsibilities of the Data Controller and the Data Processor in relation to the handling of personal data. It typically specifies which party determines the purposes and means of processing (the Controller) and which party processes data on behalf of the Controller (the Processor). For example, a company (Controller) may engage a third-party service provider (Processor) to manage customer data. The core function of this clause is to ensure legal compliance with data protection laws by clearly allocating duties and accountability between the parties involved in data processing.
POPULAR SAMPLE Copied 2 times
The Data Controller and the Data Processor a. The Data Controller will determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by the Data Processor. The Data Processor will process the Personal Data in accordance with the terms and conditions of the Agreement, this DPA, and any other written instructions from the Data Controller to which the Data Processor has agreed. The Data Processor will limit Personal Data collection, use, retention, and disclosure to activities reasonably necessary and proportionate to achieve the contracted business purposes. b. The Data Processor will only process the Personal Data on documented instructions of the Data Controller in such manner as, and to the extent that, is necessary for the provision of Services, except as may be otherwise required for compliance with applicable laws, including, but not limited to, EU Data Protection Law and the CCPA, save that the Data Processor may process Personal Data in aggregated or anonymised form to evaluate the effectiveness of or means of improving its products and services. The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction from the Data Controller violates EU Data Protection Law or the CCPA. c. The Data Processor will not collect, use, retain, disclose or otherwise make Personal Data available for its own commercial purposes or in a way that does not comply with the CCPA. The Data Processor will not sell the Personal Data. d. The Data Processor will promptly comply with any Data Controller request or instruction requiring Data Processor to provide, amend, transfer, or delete the Personal Data, or to stop, mitigate, or remedy any unauthorized processing. e. The Data Controller represents and warrants that it has all necessary rights to provide the Personal Data to Data Processor for the processing to be performed in relation to the Services. To the extent required, Data Controller is responsible for ensuring that any necessary data subject consents to the processing of Personal Data by Data Processor are obtained and for ensuring that a record of such consents is maintained by the Data Controller. f. If the contracted business purposes of the Agreement require the collection of Personal Data from individuals on Data Controller’s behalf, Data Processor will, with regard to any Personal Data collected from residents of California, provide a CCPA-compliant, Data Controller-approved notice addressing use and collection methods. g. The Data P...
View SourceView Similar (2)
The Data Controller and the Data Processor. 4.1 The Data Controller will determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by the Data Processor. The Data Processor will process the Personal Data only as set forth in Data Controller’s written instructions. 4.2 The Data Processor will only process the Personal Data on documented instructions of the Data Controller in such manner as – and to the extent that – this is appropriate for the provision of the Services, except as required to comply with a legal obligation to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller of that legal obligation before processing, unless that law explicitly prohibits the furnishing of such information to the Data Controller. The Data Processor shall never process the Personal Data in a manner inconsistent with the Data Controller’s documented instructions. The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction infringes EU Data Protection Law or other Union or Member State data protection provisions. 4.3 The Parties have entered into a Service Agreement in order to benefit from the expertise of the Processor in securing and processing the Personal Data for the purposes set out in Section 3.1. The Data Processor shall be allowed to exercise its own discretion in the selection and use of such means as it considers necessary to pursue those purposes, subject to the requirements of this Addendum. 4.4 Data Controller warrants that it has all necessary rights to provide the Personal Data to Data Processor for the Processing to be performed in relation to the Services. To the extent required by EU Data Protection Law, Data Controller is responsible for ensuring that any necessary data subject consents to this Processing are obtained, and for ensuring that a record of such consents is maintained. Should such a consent be revoked by the data subject, Data Controller is responsible for communicating the fact of such revocation to the Data Processor, and Data Processor remains responsible for implementing any Data Controller instruction with respect to the further processing of that Personal Data.
View Source
The Data Controller and the Data Processor. 2.1 The Data Controller will determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by the Data Processor. The Data Processor will process the Personal Data only as set forth in Data Controller’s written instructions. 2.2 The Data Processor will only process the Personal Data on documented instructions of the Data Controller (including with regard to transfers of personal data to a third country or an international organization, unless required to do by Union or Member State law to which the Data Processor is subject) in such manner as, and to the extent that, this is appropriate for the provision of the Services, except as required to comply with a legal obligation to which the Data Processor is subject. In such a case, the Data Processor shall inform the Data Controller of that legal obligation before processing, unless that law explicitly prohibits the furnishing of such information to the Data Controller. The Data Processor shall never process the Personal Data in a manner inconsistent with the Data Controller’s documented instructions. The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction infringes this Regulation or other Union or Member State data protection provisions. 2.3 The Parties have entered into a Service Agreement in order to benefit from the expertise of the Processor in securing and processing the Personal Data for the purposes set out in Annex 2. The Data Processor shall be allowed to exercise its own discretion in the selection and use of such means as it considers necessary to pursue those purposes, subject to the requirements of this Data Processing Addendum. 2.4 Data Controller warrants that it has all necessary rights to provide the Personal Data to Data Processor for the Processing to be performed in relation to the Services. To the extent required by Applicable Data Protection Law, Data Controller is responsible for ensuring that any necessary data subject consents to this Processing are obtained, and for ensuring that a record of such consents is maintained. Should such a consent be revoked by the data subject, Data Controller is responsible for communicating the fact of such revocation to the Data Processor, and Data Processor remains responsible for implementing any Data Controller instruction with respect to the further processing of that Personal Data.
View SourceView Similar (5)
The Data Controller and the Data Processor. 2.1 The Data Controller will determine the scope, purposes, and manner by which the Personal Data may be accessed or processed by the Data Processor. The Data Processor will process the Personal Data in accordance with the Data Controller’s documented instructions, except to the extent required to comply with a legal obligation to which the Data Processor is subject. In such a case, to the extent not prohibited by applicable law, the Data Processor shall inform the Data Controller of the legal obligation before Processing such Personal Data. Except as set forth herein, the Data Processor shall not process the Personal Data in a manner inconsistent with the Data Controller’s documented instructions. The Data Processor shall immediately inform the Data Controller if, in its opinion, an instruction infringes the EU Data Protection Law. 2.2 The Parties have entered into the Service Agreement in order to benefit from the expertise of the Data Processor in securing and Processing the Personal Data for the purposes set out in Appendix 2. The Data Processor shall be allowed to exercise its own discretion in the selection and use of such means as it considers necessary to pursue those purposes, subject to the requirements set forth in this Data Processing Agreement. 2.3 The Data Controller represents and warrants that it has all necessary rights to provide the Personal Data to the Data Processor for the Processing to be performed in connection with the Services. The Data Controller represents and warrants it has obtained all necessary consents from Data Subjects whose Personal Data are Processed by the Data Processor and shall ensure that a record of such consents is maintained. Should any consent be revoked by the Data Subject, the Data Controller shall promptly notify the Data Processor of such revocation, and the Data Processor shall implement the Data Controller’s reasonable instruction with respect to the further Processing of that Personal Data.
View SourceView Similar (4)
The Data Controller and the Data Processor. 2.1 The Parties can act as both Data Processor and Data Controller. 2.2 The Parties guarantee that they will only process the Personal Data in the role of Data Processor based on written instructions from the Data Controller and in such a manner – and insofar – as required for the provision of the services under the Main Agreement, except as required to comply with a legal obligation to which the Data Processor is subject, or to follow instructions issued by the Data Controller. The Data Processor will never process the Personal Data for its own purposes. 2.3 If the Data Processor determines the purposes and the means of processing in contravention of the GDPR and this Data Processing Agreement, the Data Processor will be regarded as the Data Controller. 2.4 More specifically, the Data Controller may give instructions with regard to the retention period of all the Personal Data referred to in Annex 1. 2.5 The Parties conclude the Main Agreement in order to take advantage of one another’s expertise within the collaboration, in the context of the Main Agreement and the processing of Personal Data for the purposes set out in Annex 1. The Data Processor may exercise its own discretion in the selection and use of such means as it deems necessary to pursue those purposes.
View Source

Related to The Data Controller and the Data Processor

  • Quality Management System Supplier hereby undertakes, warrants and confirms, and will ensue same for its subcontractors, to remain certified in accordance with ISO 9001 standard or equivalent. At any time during the term of this Agreement, the Supplier shall, if so instructed by ISR, provide evidence of such certifications. In any event, Supplier must notify ISR, in writing, in the event said certification is suspended and/or canceled and/or not continued.

  • CUSTOMER SERVICE FUNCTIONS The Servicer shall handle all Customer inquiries and other Customer service matters according to the same procedures it uses to service Customers with respect to its own charges.

  • Contractor Services Emerald has contracted, on an exclusive basis, with official contractors to provide certain services for the Event. Service companies other than the official contractors will not be allowed to perform any of these exclusive services. Non-exclusive services may be performed by exhibitor-appointed contractors (“EACs”) within certain guidelines. Please refer to the Exhibitor Service Manual for a listing of exclusive services and EAC guidelines.

  • Operator Services Operator Services consist of the following services. (a) Calling card - the Customer dials 0+ or 0 - and provides operator with calling card number for billing purposes. (b) Collect - the Customer dials 0+ or 0 - and asks the operator to bill the call to the called number, provided such billing is accepted by the called number. (c) Third number billed - the Customer dials 0+ or 0- and asks the operator to bill the call to a different number than the calling or called number. (d) Operator assistance - providing local and intraLATA operator assistance for the purposes of: (1) assisting Customers requesting help in completing calls or requesting information on how to place calls; (2) handling emergency calls; (3) handling person-to-person calls. (e) Operator Transfer Service (“OTS”) - calls in which the Customer dials “0”, is connected to an SBC ILLINOIS operator and then requests call routing to an IXC subscribing to OTS. The operator will key the IXC’s digit carrier identification code to route the Customer to the requested IXC’s point of termination. (f) BLV - Service in which operator verifies a busy condition on a line. (g) BLVI - service in which operator, after verifying a busy line, interrupts the call in progress.

  • Verizon OSS Services 8.2.1 Upon request by PNG, Verizon shall provide to PNG Verizon OSS Services. Such Verizon OSS Services will be provided in accordance with, but only to the extent required by, Applicable Law. 8.2.2 Subject to the requirements of Applicable Law, Verizon Operations Support Systems, Verizon Operations Support Systems functions, Verizon OSS Facilities, Verizon OSS Information, and the Verizon OSS Services that will be offered by Verizon, shall be as determined by Verizon. Subject to the requirements of Applicable Law, Verizon shall have the right to change Verizon Operations Support Systems, Verizon Operations Support Systems functions, Verizon OSS Facilities, Verizon OSS Information, and the Verizon OSS Services, from time-to-time, without the consent of PNG. 8.2.3 To the extent required by Applicable Law, in providing Verizon OSS Services to PNG, Verizon will comply with Verizon’s applicable OSS Change Management Guidelines, as such Guidelines are modified from time-to-time, including, but not limited to, the provisions of the Guidelines related to furnishing notice of changes in Verizon OSS Services. Verizon’s OSS Change Management Guidelines will be set out on a Verizon website.