top of page

Events Air 

Data Protection Policy Conference & Events.

Below is a copy of C&E data protection document.These document are subject to change so please check with your manager or the  Abbey Group data protection office - Ray Lowry for any amendments or changes.

 

BETWEEN

  1. Data Controller

       Definition: Refers to the legal entity responsible for the processing of the

        personal data

 

Established at [Registered Address] -“the Data Controller”;

 

 And ​

 

  1. Data Processor

       Definition: Refers to any third party which processes personal data on behalf           of the Data Controller, but is not an employee of the Data Controller.

 at [Abbey Conference & Events, Citygate, 22 Bridge Street Lower, Dublin 8] - “the Data Processor”

 

DEFINITIONS AND INTERPRETATION

The following words and phrases used in this Agreement and the Schedules shall have the following meanings except where the context otherwise requires:

 

 

 

 

 

 

 

 

 

RECITALS

  1. The Data Controller is engaging the services of the Data Processor as its agent for the purpose of [description of intended data processing, e.g. Payroll] – “The Services”.

 

    2.The contract engagement will commence on [Contract Start Date], and will                continue until [Contract End Date].

     3.The contract engagement will involve the processing of the following                        categories of personal data:

  • Categories of personal data

  • Categories of personal data e.g. Personal Information, Banking Information etc.

  • ……

 

       And the following categories of Sensitive Personal Data:

  • Categories of Sensitive Personal Data

  • Categories of Sensitive Personal Data

  • …….

 

     4.In order to perform the Services on the Data Controller’s behalf, the Data                Processor will require access to records in both manual and automated format        containing personal, and in some cases, sensitive personal data.

 

     5.Under the General Data Protection Regulations Acts 2016, a written                       Agreement must be in place between the Data Controller and any organisation       which processes personal data on its behalf, governing the processing of that          data. This Agreement is intended to satisfy that obligation.

 

     6.The parties now wish to enter into this Agreement in order to regulate the             provision, use and processing of Personal Data which the Data Processor will           be processing on behalf of the Data Controller.

 

AGREEMENT

This Agreement shall continue in full force for the duration stated, unless terminated for breach by either party.

 

OBLIGATIONS OF THE DATA CONTROLLER

  • The Data Controller is responsible for the duty of care owed to the personal data.

  • The Data Controller shall authorise the Data Processor to process the personal data in any manner that may reasonably be required in order to provide the Services.

  • The  instructions given  by the  Data  Controller  to  the  Data  Processor  in respect of the Personal Data shall at all times be in accordance with the laws of Ireland.

  • At the Data Controller’s discretion, and within parameters set out below, the Data Controller may authorize the Data Processor to engage the services of sub-contractors in order to provide the Services.

  • [Further specific obligations of the Data Controller].

 

OBLIGATIONS OF THE DATA PROCESSOR

  • The Data Processor will process the Personal Data in compliance with the General Data Protection Regulations Acts 2016

  • The Data Processor undertakes that it shall process the Personal Data strictly in accordance with the Data Controller's instructions for the processing of that personal data.

  • The Data Processor will process the Personal Data for the following purposes only:

    • [Process]

    • [Process] e.g. Registration & Accommodation bookings

  • The Data Processor agrees to execute its obligations in this contract using the following process:

    • [Process]

    • [Process] e.g. Registration & Accommodation bookings

  • The Data Processor and its employees will treat the personal data, and any other information provided by the Data Controller as confidential, and will ensure that access to the Personal Data is limited to only those employees who require access to it for the purpose of the Data Processor carrying out the permitted processing and complying with its obligations under this Agreement.

  • The Data Processor will ensure that only such of its employees who may be required by it to assist it in meeting its obligations under the Agreement shall have access to the Personal Data. The Data Processor will ensure that all such employees have undergone training in the law of data protection, their duty  of  confidentiality  under  contract  and  in  the  care  and  handling  of the Personal Data.

  • The Data Processor will implement the appropriate organizational and technological solutions in order to assist the Data Controller promptly with any and all issues which may arise in relation to the processing of the personal data, including the resolution of any complaints, the detection and reporting of any breach and the timely response to subject access requests which may be received from Data Subjects to whom the Personal Data refers.

data2.PNG
bottom of page