Data Protection Act 2002 Data Processor Contract
Memorandum of Agreement
For the purposes of paragraphs 17 to 20 of Schedule 1 to the Data Protection Act 2002, this agreement was made
on 000000000000000000000000000000000000000000000000000000000000000 between 000000000000000000000000000000000000000000000000000000000000000
hereinafter referred to as the Data Controller
and 000000000000000000000000000000000000000000000000000000000000000000..
hereinafter referred to as the Data Processor
Definitions
For the purposes of this agreement the following terms shall have the same meaning and interpretation as set out in the Data Protection Act 2002
"The Supervisor" ;"Data Controller"; "Data Processor" ;"Personal Data" or "personal data"; "Data Subject"; "Processing" or "processing"; "Sensitive Personal Data" Warranties of the Data Controller
The Data Controller, having chosen the Data Processor to process personal data on its behalf, warrants that:
the Personal Data has been collected and processed in accordance with the Data Protection Act 2002 and
the processing of personal data has been notified to the Supervisor as required under the Data Protection Act 2002. 2. Undertakings of the Data Controller
The Data Controller will take such actions as are necessary to ensure it has fulfilled, and will continue to fulfil, the warranties set out in Clause 1. 3. Warranties of the Data Processor. The Data Processor, having agreed to process personal data on behalf of the Data Controller, warrants that it has:
In place appropriate technical and organisational measures against accidental or unlawful destruction or accidental loss, alteration, unauthorised disclosure or access and adequate security programs and procedures to ensure that unauthorised persons will not have access to the data processing equipment used to process the personal data, and that any persons it authorises to have access to the personal data will respect and maintain the confidentiality and security of the personal data;
appropriate security measures, which reflect the nature of the personal data and the level of harm that might be suffered by a Data Subject as a result of unauthorised access or disclosure of personal data.
Undertakings of the Data Processor.
The Data Processor undertakes to:
act only on the instructions of the Data Controller
do such actions as are necessary to ensure it has fulfilled, and will continue to fulfil, the warranties set out in Section 3;
provide a Data Subject the rights of access, correction, blocking, suppression or deletion available to such an individual under the Data Protection Act 2002;
submit its data processing facilities, data files and documentation needed for processing to auditing and / or certification by the Data Controller (or other duly qualified auditors of inspection authorities not reasonably objected to by the Data Processor and approved by the Data Controller to ascertain compliance with the warranties and undertakings in this agreement);
comply with any changes in applicable laws. In the event it is unable to do so, it shall forthwith notify the Data Controller and the Data Controller shall be entitled to terminate this agreement, unless the parties have agreed or forthwith agree to take such steps as shall enable the Data Processor to so comply.
Indemnities
The Data Controller and the Data Processor will indemnify each other and hold each other harmless from any cost, charge, damages, expense or loss resulting from its breach of any of the provisions of this agreement.
Termination
In the event of termination of this agreement, the Data Processor must return all personal data and all copies of the personal data, the subject of these Clauses to the Data Controller forthwith or, at the Data Controller00 choice, will destroy all copies of the same and certify to the Data Controller that it has done so, unless the Data Processor is prevented by law from destroying all or part of such data, in which event the data will be kept confidential and will not be processed for any purpose.
The Data Processor irrevocably agrees with the Data Controller that, if so requested by the Data Controller or the Supervisor, it will allow the Data Controller or the Supervisor access to its establishment to verify that this has been done or will allow access for this purpose by any duly authorised representative of the Data Controller.
Governing Law This agreement shall be governed by the laws of the Isle of Man
Signatures of Agreement
Signed 00000000000000000000000000
on behalf of 000000000000000000000000000000000000., the Data Controller
on the 000000.. day of 000000000000000 200000.
Signed 00000000000000000000000000
on behalf of 000000000000000000000000000000000000., the Data Processor
on the 000000.. day of 000000000000000 200000.

filetype:doc
file time: 2008-02-16
file size:41472
Click Here To Download...