Add to collection(s) Add to saved
  1. Social Science
  2. Law
  3. Contract Law
Uploaded by Ярослав Києнко

Data Transfer Agreement sample

advertisement 
DATA PROTECTION AGREEEMENT
This agreement (“Data Protection Agreement” or “DPA”) is made between: Client Firm XXXX (“Client”),
and
(Supplier Name) _______________________________________________________________
(“Supplier”),
(Supplier Address)
_______________________________________________________________________;
Each a Party and together the Parties.
DEFINITIONS
Affiliate shall mean any parent or sister company of the same group as a Party having common
ultimate ownership.
Data Breach means any breach of the Supplier’s obligations under this DPA, other loss, destruction,
damage of, or compromise to the Relevant Personal Data or any other event relating to Relevant
Personal Data which falls within the definition of ‘personal data breach’ set out in Data Protection Law
(including but not necessarily limited to, effective 25 th May 2018, Article 4(12) of the GDPR).
Data Protection Law means the Directive and/or all other relevant applicable laws from time to time in
place concerning the Processing of Relevant Personal Data relating to persons. For the avoidance of
doubt, Data Protection Laws shall also include effective 25 th May 2018 the GDPR.
Data Subject shall have the meaning given to it under Data Protection Laws. It may include (but is not
necessarily limited to) Client’s (and or any Client Affiliates’) representatives and end users, such as
employees, job applicants, contractors, partners, and customers.
Directive shall mean EC Data Protection Directive (Directive 95/46/EC) as amended from time to time,
including any national enacting legislation thereto.
EEA means the European Economic Area, European Union, Switzerland and the United Kingdom.
Effective Date means commencement of the services from Supplier (and/or its Affiliate(s)) to Client
(and/or its Affiliate(s)).
GDPR means the General Data Protection Regulation (Regulation (EU) 2016/679) as amended from
time to time.
Personal Data shall have the meaning given to it under Data Protection Laws. It may include (but is
not
necessarily limited to) personal contact information such as name, home address, home telephone or
mobile number, fax number, email address, and passwords; information concerning family, lifestyle and
social circumstances including age, date of birth, marital status, number of children and name(s) of
spouse and/or children; employment details including employer name, job title and function,
employment history, salary and other benefits, job performance and other capabilities,
education/qualification, identification numbers, social security details and business contact details;
financial details; goods, marketing and services provided; and technical identifiers such as IP address.
Personnel means in respect of a party to this DPA, that Party’s employees, officers, agents, and/or
authorised representatives.
The terms Processing (and its derivatives), Data Controller, Data Processor, and Data Subject
Access Request shall, where used in this Agreement, have the meanings given to them under Data
Protection Laws.
Relevant Personal Data means any Personal Data for which Client (and/or any Affiliate of Client) is a
Data Controller and for which the Supplier (and/or any Affiliate and/or sub-contractor of the Supplier) is
the Data Processor.
Statutory Processor Obligations means the contractual obligations which a Data Controller is
required to impose on a Data Processor under Article 28(3) GDPR.
Statutory Request means a request by a Data Subject, relevant data protection authority (including
as relevant the data protection authorities of the EU Member States) or court or other relevant authority
of a competent and relevant jurisdiction to exercise a statutory right in relation to Relevant Personal
Data and/or any Processing thereof. For the avoidance of doubt this shall include but shall not be
limited to Data Subject Access Requests and investigation/enforcement measures by data protection
authorities.
1.
USE OF DATA
1.1
The Supplier shall at all times treat Relevant Personal Data in a manner compatible with Data
Protection Laws. Unless Client requires otherwise in writing, the Supplier shall:
(a)
process Relevant Personal Data only in accordance with the instructions of Client or the Data
Subject or (where not subject to instructions of Client/Data Subject) as otherwise set out in
this DPA; and
(b)
only undertake Processing of Relevant Personal Data for legitimate purposes if and to the
extent reasonably required to enable the Supplier to provide the contracted services under a
written, lawful agreement with the relevant Data Subject or Client or a Client Affiliate or perform
Supplier’s other obligations under this DPA.
1.2
In conformance with Article 28(3)(g) GDPR at the end of provision of services relating to
processing of Relevant Personal Data, or upon receipt of a written request from Client if earlier,
the Supplier will destroy such of the Relevant Personal Data in its possession in such a way
as to render the Relevant Personal Data irrecoverable by any means, after having returned or
provided all Relevant Personal Data to Client or its representatives if so requested by Client.
2.
SHARING AND SECURITY OF DATA
2.1
In relation to Relevant Personal Data, Supplier shall ensure that it (a) maintains security of
Relevant Personal Data; and (b) prevents unauthorised or unlawful access to or Processing
of Relevant Personal Data and accidental loss or destruction of, or damage to, Relevant
Personal Data.
2
Related documents
«MyCompanyName» «MyCompanyAddrBlock» «LetterDate»
«MyCompanyName» «MyCompanyAddrBlock» «LetterDate»
Your attention is brought to the following: Any material
Your attention is brought to the following: Any material
Power Point Presentation
Power Point Presentation
Acknowledgement of Temporary Work Assignment
Acknowledgement of Temporary Work Assignment
Download
advertisement