Common use of CONFIDENTIALITY AND GDPR Clause in Contracts

CONFIDENTIALITY AND GDPR. 10.1 The Client shall keep confidential the Software and the Documentation or any part thereof and shall not disclose the same to any third party without the prior written consent of INPHASE. 10.2 The client and INPHASE shall keep confidential all information of the other party designated as 'confidential' obtained under or in connection with Agreement and shall not divulge the same to any third party without prior written consent of the other party. 10.3 The provisions of this Clause shall not apply to :- (i) any information in the public domain otherwise than by breach of this Agreement. (ii) information in the possession of the receiving party thereof before divulgence as aforesaid. (iii) information obtained from a third party who is free to divulge the same. 10.4 The client and INPHASE shall divulge confidential information only to those employees who are directly involved in the activities of this Agreement or use of the Software and shall ensure that such employees are aware of and comply with these obligations as to confidentiality. 10.5 The obligations of both parties as to disclosure and confidentiality shall come into effect on the signing of the Agreement and shall continue in force notwithstanding the termination of the Agreement. 10.6 INPHASE shall comply with any requirements under the General Data Protection Regulation and Data Protection Act 2018 and shall duly observe all obligations under the data protection laws, which arise in connection with the Agreement. 10.7 No personal data or special category data is anticipated to be processed in relation to this Agreement. Notwithstanding the general obligation in condition 10.6 and this clause where INPHASE is processing Personal Information as a Data Processor for the Client who acts as the data controller, INPHASE shall ensure that it has in place appropriate technical and contractual measures to ensure the security of Personal Information (and to guard against unauthorised or unlawful processing of the Personal Information and against accidental loss or destruction of, or damage to, the Personal Information) in compliance with GDPR and Data Protection Act 2018. INPHASE will (i) only act on the written instructions of the Client as controller (unless required by law to act without such instructions); (ii) ensure that people processing the data are subject to a duty of confidence; (iii) take appropriate measures to ensure the security of processing; (iv) only engage a sub-processor with the prior consent of the data controller and a written contract; (v) assist the data controller in providing subject access and allowing data subjects to exercise their rights under the GDPR; (vi) assist the data controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments; (vii) delete or return all personal data to the controller as requested at the end of the contract; and (viii) submit to audits and inspections, provide the controller with information it needs to ensure that they are both meeting their Article 28 obligations; (ix) tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state; (x) promptly notify the Client of any breach of the security measures required to be put in place pursuant to condition 10.7; and (xi) ensure it does not knowingly or negligently do or omit to do anything which places the Client in breach of the Client’s obligations under data protection laws, where any INPHASE services time required shall be subject to charges payable by the Client at the standard rate.