In the present relationship, context will dictate on who should be the Data Controller and Data Processor and each party acknowledges the role assigned and accordingly will act consistently with such premise and will obtain the necessary consent, in order to process the Personal Data.
In such a case:-
- Each party shall comply with its obligation(s) as either a Data Controller or Data Processor.
- Where the Personal Data is required to be transferred or stored outside of the EU or where a server is located, whether by either Party or both, the transmitting or transferring party or parties shall additionally comply with the requirement of the relevant data protection legislation in the target jurisdiction where the personal data in transmitted or transferred.
- In the event the target jurisdiction does not have any data protection legislation in place or in force, or the standard of protection provided by the target jurisdiction’s data protection legislation are less than equivalent to the requirements of the Data Protection Law, the provision of the Data Protection Law shall automatically apply and the parties shall additionally undertake all reasonable precautions and due diligence to ensure that (i) data processor in the target jurisdiction shall comply with all the requirements of the act; and the Personal Data is not processed in any way which contrives the Data Protection Law.
- That the processing, including the transfer itself, of the personal data has been and will continue to be carried out in accordance with the relevant provision of the applicable Data Protection Law.
- That after the assessment of the requirements of the applicable Data Protection Law, the security measures are appropriate to protect Personal Data against accidental or unlawful destruction or, accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of Personal Data over a network, and against all other unlawful forms of processing, and that these measures ensure a level of security appropriate to the risks presented by the processing and the nature of Personal Data to be protected having regard to the state of technology and the cost of implementation.
- A Party shall ensure that the relevant third parties have been informed of, and given their consent to, such use, processing, and transfer as required by all applicable data protection legislation.
- Personal Data may be disclosed to law enforcement, regulatory or other government agencies, or to other Third Parties, in each case to comply with legal, regulatory or national security obligations or request.
Changes to the Privacy
For questions, comments or concerns about handling of Personal Data, please contact us