Data Privacy – Professional Services Agreement
“Personal Data” refers to information relating to an identified or identifiable individual made available by one party, its personnel or any other individual to the other party in connection with this agreement.
7.2.1 Each of the parties is responsible for complying with any obligations applying respectively to each of the parties under applicable privacy laws and regulations (“Laws”).
7.2.2 Neither party will request Personal Data beyond what is necessary to fulfill the purpose(s) for which it is requested. The purpose(s) for requesting Personal Data shall be reasonable. Each of the parties will agree in advance as to the type of Personal Data which is required to be made available.
7.3 Security Safeguards
7.3.1 Each of the parties acknowledges that it is solely responsible for determining and communicating to the other the appropriate technological, physical and organizational security measures required to protect Personal Data.
7.3.2 Each of the parties will ensure that Personal Data is protected in accordance with the security safeguards communicated by the other.
7.3.3 Each of the parties will ensure that any third party to whom Personal Data is transferred is bound by the applicable terms of these provisions.
7.3.4 Additional or different services required to comply with the Laws will be deemed a request for new services.
7.4 Use – Each of the parties agrees that Personal Data will only be used, accessed, managed, transferred, disclosed to third parties or otherwise processed to fulfill the purpose(s) for which it was made available.
7.5 Access Requests
7.5.1 Each of the parties agrees to reasonably cooperate with the other in connection with access requests for Personal Data.
7.5.2 Each of the parties agrees to reimburse the other for any reasonable charges incurred in providing each other assistance.
7.5.3 Each of the parties agrees to amend Personal Data only upon receiving instructions to do so from the other party, its personnel or any other individual.
7.6 Retention – Each of the parties will promptly return to the other or destroy all Personal Data which is no longer necessary to fulfill the purpose(s) for which it was made available, unless otherwise instructed by the other party, its personnel or any other individual or required by law.