/Docs/G/Org-JLINC-SISA/Form/0.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray
Ti = STANDARD INFORMATION SHARING AGREEMENT (SISA)
Note = "Rights Holder" is also defined in definitions.
0.1.sec = Between: The rights holder, the entity or natural person setting out the permissions for the processing of personal data. The rights holder shall be either the natural person whose personal data is the subject of this agreement or will be a natural person or entity whose authority to set out the permissions for the processing of personal data is derived from the natural person whose data is being processed or an equivalent legal authority (hereinafter to be referred to as the “{_Rights_Holder}”). And
Note = "Data Custodian" is also defined in definitions.
0.2.sec = The data custodian, a company, or other legal entity operating under the legal name specified, and incorporated or organized under the laws of the country specified, having its registered office and principal place of business at the address specified, and registered with the appropriate governmental authority using the appropriate identifying number specified, where all of the forgoing information has been accurately specified though the {_JLINC_software} (hereinafter to be referred to as the “{_Data_Custodian}”),
0.00.sec = Hereby agree as follows:
0. = [G/Z/paras/s2]
1.Ti = PREAMBLE
1.1.sec = The purpose of this JLINC {_Standard_Information_Sharing_Agreement} is to enable personal data processing to proceed with the ongoing knowledge, consent (where allowable by law) and control of the natural person whose personal data is being processed in the context of the terms, conditions, and policies established by the {_Data_Custodian}. This is accomplished by the various means as described below, and as implemented by software and systems that conform to the {_JLINC_protocol}.
1.2.sec = By entering into this agreement, both parties agree to process personal data as directed by the {_Rights_Holder}, and to ensure that any information sharing agreements entered into with other parties will enforce these terms.
1. = [G/Z/ol/s2]
2.Sec = {Def.Sec}
Def. = [G/Org-JLINC-SISA/Sec/Def/0.md]
3.Ti = SUBJECT MATTER OF THIS INFORMATION SHARING AGREEMENT
3.sec = The subject matter and scope of this agreement is the {_Personal_Data} that is processed by the {_Data_Custodian}.
4.Ti = CONFIDENTIALITY AND PRIVACY
4.sec = Without prejudice to any existing contractual arrangements between the Parties, the {_Data_Custodian} shall treat all {_Personal_Data} as strictly confidential and it shall inform all its employees, agents and/or approved sub-processors engaged in processing the {_Personal_Data} of the confidential nature of the {_Personal_Data}. The {_Data_Custodian} shall ensure that all such persons or parties have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality
5.Sec = {Security.Sec}
Security. = [G/Org-JLINC-SISA/Sec/Security/0.md]
6.Ti = DATA PROCESSING TRANSPARENCY
6.sec = The {_Data_Custodian} shall make available to the {_Rights_Holder}s information about the uses and disclosures, including data transfers to other countries, of the {_Personal_Data} of the {_Rights_Holder}. To the extent commercially feasible, and where not prohibited by law, this information shall be made available in real time through the {_JLINC_protocol}s, software and web services.
7.Ti = INCIDENT AND BREACH NOTIFICATION AND MANAGEMENT
7.1.sec = When the {_Data_Custodian} becomes aware of an incident that impacts the Processing of the {_Personal_Data} that is the subject of the SISA, it shall promptly notify the {_Rights_Holder} about the incident, shall at all times cooperate with the {_Rights_Holder}, and shall follow industry best practices and regulatory guidelines with regard to such incidents, in order to enable the {_Data_Custodian} to perform a thorough investigation into the incident, to formulate a correct response, and to take suitable further steps in respect of the incident.
7.2.sec = The {_Data_Custodian} shall at all times have in place written procedures which enable it to promptly respond to the {_Rights_Holder} about an incident. Where the incident is reasonably likely to require a data breach notification to or by the {_Rights_Holder} under applicable Data Protection Law, the {_Data_Custodian} shall implement its written procedures in such a way that it is in a position to notify the {_Rights_Holder} no later than 48 hours of having become aware of such an incident.
7. = [G/Z/ol/s2]
8.Sec = {Subcontract.Sec}
Subcontract. = [G/Org-JLINC-SISA/Sec/Subcontract/0.md]
9.Ti = RETURNING OR DESTRUCTION OF PERSONAL DATA
9.1.sec = Upon termination of this {_Standard_Information_Sharing_Agreement}, upon the {_Rights_Holder}’s written request, or upon fulfillment of all purposes agreed in the context of the Services whereby no further processing is required, the {_Data_Custodian} shall, at the discretion of the {_Rights_Holder}, either delete, destroy or return all {_Personal_Data} to the {_Rights_Holder} and destroy or return any existing copies.
9.2.sec = The {_Data_Custodian} shall notify all third parties supporting its own processing of the {_Personal_Data} of the termination of the {_Data_Processing} Agreement and shall ensure that all such third parties shall either destroy the {_Personal_Data} or return the {_Personal_Data} to the {_Rights_Holder}, at the discretion of the {_Rights_Holder}.
9. = [G/Z/ol/s2]
10.Ti = LIABILITY AND INDEMNITY
10.sec = The {_Data_Custodian} indemnifies the {_Rights_Holder} and holds the {_Rights_Holder} harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the {_Rights_Holder} and arising directly or indirectly out of or in connection with a breach of this {_Standard_Information_Sharing_Agreement} and/or the Applicable Data Protection Law by the {_Data_Custodian}. The {_Rights_Holder} indemnifies the {_Data_Custodian} and holds the {_Data_Custodian} harmless against all claims, actions, third party claims, losses, damages and expenses incurred by the {_Data_Custodian} and arising directly or indirectly out of or in connection with a breach of this {_Data_Processing} Agreement and/or the Applicable Data Law by the {_Rights_Holder}.
11.Ti = DURATION AND TERMINATION
11.1.sec = This {_Standard_Information_Sharing_Agreement} shall come into effect upon the date of the cryptographically signed exchange of a copy of this SISA between the {_Rights_Holder} and the {_Data_Custodian}.
11.2.sec = Termination or expiration of this {_Standard_Information_Sharing_Agreement} shall not discharge the {_Data_Custodian} from its confidentiality obligations set out above.
11.3.sec = The {_Data_Custodian} shall process {_Personal_Data} until the date of termination of the agreement, unless instructed otherwise by the {_Rights_Holder}, or until such data is returned or destroyed on instruction of the {_Rights_Holder}.
11. = [G/Z/ol/s3]
12.Ti = PRIMACY OF THE SISA
12.sec = In the event of any inconsistency between the provisions of this {_Standard_Information_Sharing_Agreement} and the provisions of any other agreement pertaining to the processing of personal data, the provisions of this {_Standard_Information_Sharing_Agreement} shall prevail, unless specifically overridden by a signed direction from the natural person who is the subject of the {_Personal_Data} or their authorized representative.
13.Ti = ELECTRONIC SIGNATURE
13.sec = This {_Standard_Information_Sharing_Agreement} shall be deemed to be signed with legal effect when both parties to the agreement complete the cryptographic signing portion of the {_JLINC_protocol} and both parties have received a copy of mutually signed agreement. 
00.0.sec =

Appendixes

00.1. = [G/Org-JLINC-SISA/Annex/Notice_to_Users/0.md]
00.2. = [G/Org-JLINC-SISA/Annex/Summary/0.md]
00. = [G/Z/ol/2]
_ = [G/Org-JLINC-SISA/Sec/Def/Link/0.md]
= [G/Z/ol/13]