...
8.13 The Controller may, at any time on not less than 30 Working Days’ notice, revise this clause by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when incorporated by attachment to this Agreement).
8.14 The Parties agree to take account of any guidance issued by the Information Commissioner’s Office. The Controller may on not less than 30 Working Days’ notice to the Processor amend this agreement to ensure that it complies with any guidance issued by the Information Commissioner’s Office.
8.15 The Controller may immediately terminate this Agreement on written notice to the Processor. The Processor may not terminate this Agreement without the written consent of the Controller.
8.16 At the choice of the Controller, the Processor shall return or destroy all personal data to the Controller at the end of the provision of services relating to the processing and delete any existing copies.
8.17 The Processor warrants that it shall:
(i) Process the Personal Data in compliance with Law; and
(ii) take appropriate technical and organisational measures against Data Breach.
8.18 The Processor agrees to indemnify and keep indemnified and defend at its own expense the Controller against all costs, claims, damages or expenses incurred by the Controller or for which the Controller may become liable due to any failure by the Processor or its employees or agents to comply with any of its obligations under this Agreement.
8.19 This Agreement is subject to English law and the exclusive jurisdiction of the English Courts.
8.20 Any variation (change request) to this agreement must be agreed by the Data Controller in advance of the change. This request must be in writing to the data controller and must be authorised in writing back to the Processor before any variation can take place. The authorised officers who can approve, raise, reject or escalate variations to this agreement are detailed in Schedule 3 and can be updated from time to time in writing by either party. Any change that is authorised by the data controller must be acknowledged as a variation to this contract and parties who initially signed this agreement must also resign this agreement. This variation should be dated and clearly detailed within any subsequent agreement. If the variation is rejected and the Processor is unable to continue meeting its obligations as part of this agreement, then this must be escalated to the data controller who has the right to terminate this agreement with immediate effect.
8.21 Day to day management of this contract is undertaken by the parties as detailed in Schedule 3 which can be updated from time to time in writing by either party.
8.22 Where there is a dispute, the aggrieved Party shall notify the other Party in writing of the nature of the dispute with as much detail as possible about the deficient performance of the other party. A representative from senior management of each of the parties (together the "Representatives") shall meet in person or communicate by telephone within five Working Days of the date of the written notification in order to reach an agreement about the nature of the deficiency and the corrective action to be taken by the respective Parties. The Representatives shall produce a report about the nature of the dispute in detail to their respective boards and if no agreement is reached on corrective action, then the chief executives of each Party shall meet in person or communicate by telephone, to facilitate an agreement within five Working Days of a written notice by one to the other. If the dispute cannot be resolved at board level within a further five Working Days, or if the agreed upon completion dates in any written plan of corrective action are exceeded, either party may seek the legal remedies to which it is entitled under this agreement.
8.23 If the Processor listed in this Schedule is taken over, goes out of business or enters administration, then the representative of the Data Controller will decide on the next steps and endeavour to find an alternative data processor for the purposes of this project. However, in the event that there are no alternative Processor(s) (Data Processor(s), all data processing for the purposes of this project will come to an end and all relevant parties listed in this Data Processing Agreement will be notified accordingly.
8.24 The Processor will ensure adequate business continuity services and disaster recovery services are in place and regularly tested. Evidence of this testing will be required as part of the Controller's due diligence.
PART 3 – FURTHER CONTRACTUAL CLAUSES
9. RECORDS
9.1 Each Party shall maintain such records as required by Data Protection Law in respect of its Processing of PKB Data and as may be reasonably necessary to demonstrate its compliance with this Agreement.
10. REVIEW OF THIS AGREEMENT
10.1 The effectiveness of this Agreement shall be reviewed from time to time at such intervals as may be agreed by the Organisation, having consideration to the Permitted Purposes and whether any amendments may be necessary to this Agreement. This review will involve assessing whether:
10.1.1 this Agreement needs to be updated to comply with any amendments to Data Protection Law; and
10.1.2 Personal Data Breaches have been handled in accordance with this Agreement where PKB Data are involved.
11 WARRANTIES
11.1 Each Party represents and warrants to the other Party that:
11.1.1 it has full capacity to enter into and perform this Agreement which has been duly executed by the required corporate action;
11.1.2 entry into and performance of this Agreement does and will not violate or be subject to any restriction in or by any other agreement or obligation.
11.2 the use of PKB Data as permitted by this Agreement does not infringe the rights of any third party.
11.3 Each Party shall notify the other Parties in writing within five (5) Business Days if it receives a “Third Party Communication” including but not limited to:
11.3.1 any communication from the ICo or any other regulatory authority in connection with Personal Data covered by the Part 2 or;
11.3.2 a request from any third party for disclosure of Personal Data covered by this Part 2 where compliance with such request is required or purported to be required by Applicable Law.
12 LIMITATION AND EXCLUSION OF LIABILITY
Each Party’s liability arising out of or in connection with this Agreement, whether in contract, tort (including negligence) or otherwise shall be limited costs incurred by the other parties as a direct result of negligence of the Party, including failure to comply with this Agreement
Each Party is responsible for the cost of remedying any non-compliance with Data Protection Laws determined the responsibility of that Party by this Arrangement. Liability under this Arrangement for each Party is limited to that which arises from a breach of Data Protection Laws.
Any liability arising from processing activity undertaken under this Arrangement shall be determined by the roles and responsibilities of each Party in line with Article 82 of GDPR.
TERMINATION
Without affecting any other right or remedy available to it, either Party may terminate this Agreement with immediate effect by giving written notice to the other Party:
...