Common use of Confidentiality and Data Protection Clause in Contracts

Confidentiality and Data Protection. 11.1 The Supplier is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier in the disclosure. 11.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from any relevant authority. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 12.1 The Supplier is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 12.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 12.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 12.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 12.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 12.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 12.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 12.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier in the disclosure. 11.6 12.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from any relevant authority. 11.7 12.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 12.1 The Supplier is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 12.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, GDPR and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 12.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 12.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 12.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 12.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 12.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 12.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier in the disclosure. 11.6 12.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from any relevant authority. 11.7 12.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 The Supplier Customer is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 Where the Supplier acts as a personal data processor the Supplier Company confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, GDPR and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 Where the Supplier Company acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the SupplierCompany; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the SupplierCompany. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier Company of the requirement and will co-operate with the Supplier Company in the disclosure. 11.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from any relevant authority. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 7.1 The Supplier Receiving Party undertakes to the Disclosing Party that: 7.1.1 it shall treat and safeguard as private and confidential all Confidential Information; 7.1.2 it shall only use the Confidential Information to the extent that such use is subject necessary for the purposes of performing its obligations or exercising its rights under this Agreement; 7.1.3 it shall not at any time disclose or reveal any part of the Confidential Information to any person other than a Permitted Recipient; 7.1.4 it shall ensure that each Permitted Recipient to whom Confidential Information is to be disclosed is made aware of and observes the terms of this Clause 7.1 as if that person had given the undertakings contained in this Clause 7.1 directly; 7.1.5 it shall immediately upon written request by the Disclosing Party deliver to the Disclosing Party a list of all individuals to whom the Confidential Information has been disclosed. 7.2 The provisions of Clause 7.1 above shall not apply to any Confidential Information to the extent that such Confidential Information 7.2.1 is publicly available or becomes publicly available through no act or omission of the Receiving Party; 7.2.2 was in the possession of the Receiving Party, without restriction as to its disclosure, before receiving it from the Disclosing Party; 7.2.3 is received from a third party (who lawfully acquired it) without restriction as to its disclosure; 7.2.4 was created independently by the Receiving Party, without access to the Confidential Information, as demonstrated by documentary evidence to the reasonable satisfaction of the Disclosing Party; 7.2.5 is required to be disclosed by law or by order of a court of competent jurisdiction or other competent authority provided that (to the extent it is permitted to do so) the Receiving Party gives all reasonable notice of that disclosure to the Disclosing Party. 7.3 The Parties agree to fully comply with all relevant data protection legislation but also acknowledge and agree that no processing of personal data (as defined in relevant data protection legislation) is to take place in furtherance of this Contract unless and until the parties have complied with the provisions of the articles clause 7.4 below. 7.4 Notwithstanding the above, in the event either Party becomes aware of any need for or believes that data processing (as defined in relevant data protection legislation) is to occur by either Party that Party shall notify the General Data Protection Regulations (GDPR) 11.2 Where other with immediate effect and the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will Parties shall ensure that employees no processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and takes place until sufficient data protection impact assessments; processing clauses (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to determined by the relevant Authority) are in place (whether by variation to this Agreement or by way of separate data processor. 11.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for processing agreement) between the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can proveParties: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier in the disclosure. 11.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from any relevant authority. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 The Supplier is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach;’s 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier in the disclosure.securities 11.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from any relevant authority. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 10.1 Except as required by Law, each Partner agrees at all times during the continuance of this Agreement and after its termination to keep confidential all documents or papers which it receives or otherwise acquires in connection with the other and which are marked “Confidential” or similar or information which a reasonable person would be expected to treat as confidential. 10.2 The Supplier Partners shall ensure that all Staff (including temporary employees), agents or contractors of the Partners working within the Partnership Arrangements observe the provisions of Clause 10.1; where Staff or an agent or contractor of a Partner discloses confidential information the relevant Partner shall take such action as is necessary and appropriate, and where possible, to the satisfaction of the Partner affected by such disclosure. 10.3 Each Partner shall comply with its statutory obligations under the Data Protection Acts. 10.4 The Council and the CCG shall in relation to information sharing between agencies, having proper regard to the principles of client confidentiality and the Data Protection Xxx 0000 and any policies or protocols that the Partners may agree from time to time should apply to the provision of information and sharing of data for the purposes of this Agreement. 10.5 Each Partner (the “First Partner”) acknowledges that in responding to a request received by any Partner (the “Other Partner”) under the FOIA or the Environmental Information Regulations 2004 (the “EIR”) the Other Partner will be entitled to provide information held by it relating to this Agreement or which otherwise relates to the First Partner. 10.6 The Other Partner shall use reasonable endeavours to notify the First Partner of any request under the FOIA or the EIR and the intention to disclose the information within 10 Working Days (as defined in the FOIA) of receipt of such request. Before disclosing any information, the Other Partner shall consider any representations made by the First Partner within 4 Working Days (as defined in the FOIA) of notification from the Other Partner to the First Partner in accordance with this Clause 8.6. 10.7 The First Partner acknowledges that, if it does not revert to the Other Partner within the period set out in Clause 8.3, or if its representations do not alter the view of the Other Partner that the information should be disclosed, the Other Partner is under a duty to disclose such information provided that the Other Partner shall not disclose any information that is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member statean FOIA exemption. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 10.8 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause First Partner shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier Other Partner in connection with any request received by the disclosure. 11.6 The use of any information may be subject to (and therefore Other Partner under the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause FOIA or the Supplier receives a complaint from any relevant authorityEIR and such co- operation shall be at no cost to the Other Partner. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 The Supplier Each party shall treat as confidential all information obtained from the other pursuant to this Agreement and shall not divulge such information to any person (except to such party’s own employees and then only to those employees who need to know the same) without the other party’s prior written consent provided that this clause shall not extend to information which was rightfully in the possession of such party prior to the commencement of the negotiations leading to this Agreement, which is subject already public knowledge or becomes so at a future date (otherwise than as a result of the breach of this Clause), which is obvious or which is required to be disclosed by law. 11.2 Each party shall ensure that its employees are aware of and comply with the provisions of the articles this Clause. If Simply Outsourced Limited shall appoint any sub- contractor it shall be required to accept an obligation as to confidentiality in like terms to this clause. These obligations as to confidentiality shall survive any termination of the General Data Protection Regulations (GDPR) 11.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member statethis Agreement. 11.3 Where The Customer’s obligations under Clause 3.6(n) to make available information, shall be subject to Simply Outsourced Limited signing such reasonable confidentiality undertakings as may be required by or to protect any third party having any rights in such information prior to the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processorsame being made available. 11.4 The Customer agrees to keep all Confidential Information confidentialSimply Outsourced Limited, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply be entitled to information that include details of the Customer can prove: 11.4.1 Is in any proposal or tender or other publicity material and its agents shall not advertise or generally publicise the public domain otherwise than by existence of this contract with the Customer, for any purpose whatsoever, without the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplierwritten consent. 11.5 The Customer may disclose Confidential Information if required agrees that both during and after the term of this Agreement the Software and any information or material related to do so by lawits design, regulation construction, operation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer use shall promptly inform the Supplier of the requirement and will co-operate with the Supplier be held in the disclosurestrictest confidence and except as provided for in the original licence agreement, shall not be copied nor disclosed to others in whole or in part. 11.6 The use Customer acknowledges that it is the data controller for the purposes of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives Xxx 0000 (the Act) and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Company is the data processor for the purposes of the Act. 11.7 The Customer has failed will obtain all necessary consents from its customers or other originators of data and/or content as appropriate to comply with this Clause or the Supplier receives a complaint Customer’s obligations under the Act, including the consent to transfer personal data to the Company and other third parties as appropriate. 11.8 The Customer will indemnify and keep the Company indemnified from and against any and all liability arising from any relevant authorityfailure to comply with clause 11.7. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 18.1. When managing the Client's data, the Company should act as per the terms of its Privacy Policy, which is in consistence with the important Laws and Regulations for the insurance of individual information.tant 18.2. All instructive material gathered on this site is held by the Company in the strictest certainty. The Supplier is subject Company considers one of its most astounding needs to keep the provisions protection and honesty of the articles individual data of its Clients unblemished, and commits the General Data Protection Regulations (GDPR) 11.2 Where greatest measure of consideration regarding keep the Supplier acts as a personal said data processor securely put away, and also utilized fittingly and just with t the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security approval. All of the data processing;that is gotten from the Client is maneuvered carefully and a suitable level of privacy. (iv) will only engage a sub-processor 18.3. By entering this Agreement, the Client herby gives his/her agree to gather, process as well as generally manage all infinformation gave by the Client including any information which is viewed as touchy with no further necessity to assent.hich 18.4. Prior to going into the prior written consent Agreement, the potential Client gets the privilege to question the revelation of individual infinformation. On the off chance that the Client does not agree to the exposure of individual information, the Company claims all authority toexposure reject section into the Client Agreement and additionally some other Agreement as well as the arrangement of the administratiadministrations to the potential Client. 18.5. The Client may whenever pull back his/her assent, regardless the Client comprehends and agrees that in the event that he/xxxxxx pulls back his/her assent, the Company should have the privilege to instantly end the Agreement as well as administrations gave. Such ask for should be given to the Company in composing through Client's enrolled email address.n 18.6. The Company should utilize sensible undertakings to guard Client's own information; be that as it may, transmission of data controller and only engage with such under a written contract to comply with Article 28 by means of the GDPR;Internet as well as innovation frameworks isn't generally totally secure. Any transmission of the Client's informationframeworks might be at Client's own particular hazard and the Company should have no risk at all. (v) 18.7. The Client comprehends and agrees that the Company will assist the keep any data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation having a pl ace as well as connection to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier in the disclosure. 11.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from Client asplace per any relevant authoritystatutory least. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 18.1. When managing the Client's data, the Company should act as per the terms of its Privacy Policy, which is in consistence with the important Laws and Regulations for the insurance of individual information.tant 18.2. All instructive material gathered on this site is held by the Company in the strictest certainty. The Supplier is subject Company considers one of its most astounding needs to keep the provisions protection and honesty of the articles individual data of its Clients unblemished, and commits the General Data Protection Regulations (GDPR) 11.2 Where greatest measure of consideration regarding keep the Supplier acts as a personal said data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless securely put away, and also utilized fittingly and just with tthe required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security approval. All of the data processing;that is gotten from the Client is maneuvered carefully and a suitable level of privacy. (iv) will only engage a sub-processor 18.3. By entering this Agreement, the Client herby gives his/her agree to gather, process as well as generally manage all infinformation gave by the Client including any information which is viewed as touchy with no further necessity to assent.hich 18.4. Prior to going into the prior written consent Agreement, the potential Client gets the privilege to question the revelation of individual infinformation. On the off chance that the Client does not agree to the exposure of individual information, the Company claims all authority toexposure reject section into the Client Agreement and additionally some other Agreement as well as the arrangement of the administratiadministrations to the potential Client. 18.5. The Client may whenever pull back his/her assent, regardless the Client comprehends and agrees that in the event that he/sheull pulls back his/her assent, the Company should have the privilege to instantly end the Agreement as well as administrations gave. Such ask for should be given to the Company in composing through Client's enrolled email address.n 18.6. The Company should utilize sensible undertakings to guard Client's own information; be that as it may, transmission of data controller and only engage with such under a written contract to comply with Article 28 by means of the GDPR;Internet as well as innovation frameworks isn't generally totally secure. Any transmission of the Client's informationframeworks might be at Client's own particular hazard and the Company should have no risk at all. (v) 18.7. The Client comprehends and agrees that the Company will assist the keep any data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation having a pl ace as well as connection to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier in the disclosure. 11.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from Client asplace per any relevant authoritystatutory least. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 10.1 Except as required by Law, each Partner agrees at all times during the continuance of this Agreement and after its termination to keep confidential all documents or papers which it receives or otherwise acquires in connection with the other and which are marked “Confidential” or similar or information which a reasonable person would be expected to treat as confidential. 10.2 The Supplier Partners shall ensure that all Staff (including temporary employees), agents or contractors of the Partners working within the Partnership Arrangements observe the provisions of Clause 10.1; where Staff or an agent or contractor of a Partner discloses confidential information the relevant Partner shall take such action as is necessary and appropriate, and where possible, to the satisfaction of the Partner affected by such disclosure. 10.3 Each Partner shall comply with its statutory obligations under the Data Protection Acts. 10.4 The Council and the CCG shall in relation to information sharing between agencies, having proper regard to the principles of client confidentiality and the Data Protection Xxx 0000 and any policies or protocols that the Partners may agree from time to time should apply to the provision of information and sharing of data for the purposes of this Agreement. 10.5 Each Partner (the “First Partner”) acknowledges that in responding to a request received by any Partner (the “Other Partner”) under the FOIA or the Environmental Information Regulations 2004 (the “EIR”) the Other Partner will be entitled to provide information held by it relating to this Agreement or which otherwise relates to the First Partner. 10.6 The Other Partner shall use reasonable endeavours to notify the First Partner of any request under the FOIA or the EIR and the intention to disclose the information within 10 Working Days (as defined in the FOIA) of receipt of such request. Before disclosing any information, the Other Partner shall consider any representations made by the First Partner within 4 Working Days (as defined in the FOIA) of notification from the Other Partner to the First Partner in accordance with this Clause 8.6. 10.7 The First Partner acknowledges that, if it does not revert to the Other Partner within the period set out in Clause 8.3, or if its representations do not alter the view of the Other Partner that the information should be disclosed, the Other Partner is under a duty to disclose such information provided that the Other Partner shall not disclose any information that is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member statean FOIA exemption. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 10.8 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause First Partner shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier Other Partner in connection with any request received by the disclosure. 11.6 The use of any information may be subject to (and therefore Other Partner under the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause FOIA or the Supplier receives a complaint from any relevant authorityEIR and such co-operation shall be at no cost to the Other Partner. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 The Supplier is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-co- operate with the Supplier in the disclosure. 11.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from any relevant authority. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 7.1 Except as required by Xxx, each Partner agrees at all times during the continuance of this Agreement and after its termination to keep confidential all documents or papers which it receives or otherwise acquires in connection with the other and which are marked “Confidential” or similar or information which a reasonable person would be expected to treat as confidential. 7.2 The Supplier Partners shall ensure that all Staff (including temporary employees), agents or contractors of the Partners working within the Partnership Arrangements observe the provisions of Clause 7.1; where Staff or an agent or contractor of a Partner discloses confidential information the relevant Partner shall take such action as is necessary and appropriate, and where possible, to the satisfaction of the Partner affected by such disclosure. 7.3 Each Partner shall comply with its statutory obligations under the Data Protection Acts. 7.4 The Council and the CCG shall in relation to information sharing between agencies, having proper regard to the principles of client confidentiality and the Data Protection Xxx 0000 and any policies or protocols that the Partners may agree from time to time should apply to the provision of information and sharing of data for the purposes of this Agreement. 7.5 Each Partner (the “First Partner”) acknowledges that in responding to a request received by any Partner (the “Other Partner”) under the FOIA 2000 or the Environmental Information Regulations 2004 (the “EIR”) the Other Partner will be entitled to provide information held by it relating to this Agreement or which otherwise relates to the First Partner. 7.6 The Other Partner shall use reasonable endeavours to notify the First Partner of any request under the FOIA or the EIR and the intention to disclose the information within 10 Working Days (as defined in the FOIA) of receipt of such request. Before disclosing any information, the Other Partner shall consider any representations made by the First Partner within 4 Working Days (as defined in the FOIA) of notification from the Other Partner to the First Partner in accordance with this Clause 7.6. 7.7 The First Partner acknowledges that, if it does not revert to the Other Partner within the period set out in Clause 7.3, or if its representations do not alter the view of the Other Partner that the information should be disclosed, the Other Partner is under a duty to disclose such information provided that the Other Partner shall not disclose any information that is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member statean FOIA Exemption. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 7.8 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause First Partner shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier Other Partner in connection with any request received by the disclosure. 11.6 The use of any information may be subject to (and therefore Other Partner under the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause FOIA or the Supplier receives a complaint from any relevant authorityEIR and such co- operation shall be at no cost to the Other Partner. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 The Supplier 13.1. All information relating to an Agency Worker is confidential and subject to the Data Protection Laws and is provided solely for the purpose of providing work–finding services to the Hirer. Such information must not be used for any other purpose nor divulged to any third party and the Hirer undertakes to abide by the provisions of the articles Data Protection Laws in receiving and processing the data at all times. 13.2. Buzzhire undertakes to keep confidential all Relevant Terms and Conditions that the Hirer discloses to Buzzhire and not to use such information except for the purpose of compliance with the Agency Workers Regulations (including, for the avoidance of doubt and without limitation, when dealing with any request for information or complaint made by any Agency Worker or any AWR Claim). 13.4. Information relating to Buzzhire’ business which is capable of being confidential must be kept confidential and not divulged to any third party, except information which is kept in the public domain. 13.5. The following definitions shall apply in the remainder of this clause 13: 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003/2426) as amended. 13.6. The provisions set out in this clause 13 sets out the framework for the sharing of personal data between the parties as data controllers. Each party acknowledges that one party (the Data Discloser) will regularly disclose to the other party (the Data Recipient) Shared Personal Data collected by the Data Discloser for the Agreed Purposes. 13.7. Each party shall comply with all the obligations imposed on a controller under the Data Protection Legislation. 13.8. Each party shall: 13.8.1 ensure that it has all necessary consents and notices in place to enable lawful transfer of the Shared Personal Data to the Data Recipient for the Agreed Purposes; 13.8.2 give full information to any data subject whose personal data may be processed under these Terms of the nature such processing. This includes giving notice that, on the termination of these Terms, personal data relating to them may be retained by or, as the case may be, transferred to one or more of the Permitted Recipients, their successors and assignees; 13.8.3 process the Shared Personal Data only for the Agreed Purposes; 13.8.4 not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients; 13.8.5 ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less demanding than those imposed by these Terms; 13.8.6 ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data; and 13.8.7 not transfer any personal data outside of the European Economic Area unless the transferor: (a) complies with the provisions of Article 26 of the General Data Protection Regulations Regulation (GDPRin the event the third party is a joint controller); and 11.2 Where the Supplier acts as a personal data processor the Supplier confirms (b) ensures that they: (i) will only act the transfer is to a country approved by the European Commission as providing adequate protection pursuant to Article 45 of the General Data Protection Regulation; (ii) there are appropriate safeguards in place pursuant to Article 46 of the General Data Protection Regulation; or (iii) one of the derogations for specific situations in Article 49 of the General Data Protection Regulation applies to the transfer. 13.9. Each party shall assist the other in complying with all applicable requirements of the Data Protection Legislation. In particular, each party shall: 13.9.1 consult with the other party about any notices given to data subjects in relation to the Shared Personal Data; 13.9.2 promptly inform the other party about the receipt of any data subject access requests; 13.9.3 provide the other party with reasonable assistance in complying with any data subject access request; 13.9.4 not disclose or release any Shared Personal Data in response to a data subject access request without first consulting the other party wherever possible; 13.9.5 assist the other party, at the cost of the other party, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; 13.9.6 notify the other party without undue delay on becoming aware of any breach of the Data Protection Legislation; and 13.9.7 at the written instructions direction of the controller (Data Discloser, delete or return Shared Personal Data and copies thereof to the Data Discloser on termination of these Terms unless required by law to act without such instructions);store the personal data. 13.10. Each party shall indemnify the other against all liabilities, costs, expenses, damages and losses (iiincluding but not limited to any direct, indirect or consequential losses, loss of profit, loss of reputation and all interest, penalties and legal costs (calculated on a full indemnity basis) will ensure that employees processing and all other reasonable professional costs and expenses) suffered or incurred by the data are subject to a duty indemnified party arising out of confidence; (iii) will take appropriate measures to ensure or in connection with the security breach of the data processing; Data Protection Legislation by the indemnifying party, its employees or agents (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processingClient this shall also include reference to any Third Party), provided that the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data indemnified party gives to the controller as requested at indemnifier prompt notice of such claim, full information about the end of the contract; (viii) will make available all information necessary and submit circumstances giving rise to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPRit, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 Is reasonable assistance in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate dealing with the Supplier in the disclosureclaim and sole authority to manage, defend and/or settle it. 11.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from any relevant authority. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.

Confidentiality and Data Protection. 11.1 The Supplier is subject to the provisions of the articles of the General Data Protection Regulations (GDPR) 11.2 Where the Supplier acts as a personal data processor the Supplier confirms that they: (i) will only act on the written instructions of the controller (unless required by law to act without such instructions); (ii) will ensure that employees processing the data are subject to a duty of confidence; (iii) will take appropriate measures to ensure the security of the data processing; (iv) will only engage a sub-processor with the prior written consent of the data controller and only engage with such under a written contract to comply with Article 28 of the GDPR; (v) will assist the data controller in providing subject access and allow data subjects to exercise their rights under the GDPR; (vi) will assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) will delete or return all personal data to the controller as requested at the end of the contract; (viii) will make available all information necessary and submit to audit and inspection to demonstrate compliance with obligations laid down by Article 28 of the GDPR, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state. 11.3 Where the Supplier acts as the data controller it requires the provisions of 12.2 to be adhered to by the relevant data processor. 11.4 The Customer agrees to keep all Confidential Information confidential, to disclose it only to its employees that need to know it and to use it exclusively for the purposes contemplated by this Agreement. This Clause shall not apply to information that the Customer can prove: 11.4.1 Is in the public domain otherwise than by the Customer’s breach; 11.4.2 It already had in its possession prior to obtaining the information directly or indirectly from the Supplier; or 11.4.3 A third party subsequently disclosed to the Customer free of restrictions on disclosure and use. This Clause shall survive for three (3) years from when the Customer acquired that Confidential Information from the Supplier. 11.5 The Customer may disclose Confidential Information if required to do so by law, regulation or rules of a securities exchange or other regulatory authority, but only to the extent of the relevant requirement. The Customer shall promptly inform the Supplier of the requirement and will co-operate with the Supplier in the disclosure. 11.6 The use of any information may be subject to (and therefore the Customer shall comply with) the General Data Protection regulations, EU Data Protection Directives and The Telecommunications (Data Protection and Privacy) Regulations 1999.The Supplier reserves the right to withhold Calling Line Identification if it believes that the Customer has failed to comply with this Clause or the Supplier receives a complaint from any relevant authority. 11.7 Our Privacy Policy describes the types of information we may hold under this contract and why this information is held. Our Privacy Policy is disclosed on our website and may be updated from time to time.