Common use of CONFIDENTIALITY & DATA PROTECTION Clause in Contracts

CONFIDENTIALITY & DATA PROTECTION. 13.1 Each Party (which for this purpose will include each Party’s employees, agents, representatives and advisors) undertakes that it shall not at any time during the Charter Period and for a period of two (2) years after termination of this Agreement, disclose to any person any confidential information concerning the other Party’s business, affairs, customers, clients or suppliers, or this Agreement (including but not limited to any reports, data or information furnished under this Agreement), except as permitted by Clause 13.2. 13.2 Each Party may disclose the other Party’s confidential information: (a) to its employees, agents, representatives and advisers who need to know such information for the purposes of exercising the Party’s rights or carrying out its obligations under or in connection with this Agreement. Each Party shall ensure that its employees, agents, representatives or advisers to whom it discloses the other Party’s confidential information comply with Clauses 13.1 to 13.3; and (b) as may be required by law, a court of competent jurisdiction or any regulatory or statutory authority. 13.3 Neither Party shall use the other Party’s confidential information for any purpose other than to exercise its rights and perform its obligations under or in connection with this Agreement. 13.4 The provisions of Clauses 13.1 to 13.3 shall not apply to any confidential information that: (a) is or becomes generally available to the public (other than as a result of its disclosure by the receiving Party (including its agents, employees or representatives) in breach of this clause); (b) was available to the receiving Party on a non-confidential basis before disclosure by the disclosing Party; or (c) was, is or becomes available to the receiving Party on a non-confidential basis from a person who, to the receiving Party’s knowledge, is not bound by a confidentiality agreement with the disclosing Party or otherwise prohibited from disclosing the information to the receiving Party. 13.5 Neither Party will acquire any right in the other’s data and/or information. The receiving Party will take all necessary steps to ensure that it will not use nor reproduce any data, information or know-how of the disclosing Party which comes into its possession or control, except as required by this Agreement. 13.6 Each Party shall take all necessary steps to ensure that data and information belonging to the other Party which comes into its possession or control in the course of this Agreement is protected and shall not: (a) use the data or information nor reproduce the data or information in whole or in part in any form except as may be required by this Agreement; (b) disclose the data or information to any third party or persons not authorised by the disclosing Party to receive it, except with the prior written consent of the disclosing Party; or (c) alter, delete, add to or otherwise interfere with the data or information (save where expressly required to do so by the terms of this Agreement and only with the prior consent of the disclosing Party). 13.7 Each Party shall ensure that if it becomes aware of any data security breach it shall immediately take all steps necessary to prevent further breach, and it shall immediately report any such breach of this Clause 13 to the other Party. 13.8 To the extent that any data or information belonging to a disclosing Party that may be processed or accessed by the other Party is personal data within the meaning of any applicable data privacy or personal data legislation, the Parties will comply with all applicable rules and regulations. 13.9 Each Party will indemnify and hold the other Party harmless (and keep it indemnified and held harmless notwithstanding termination of this Agreement) against any and all Losses or damages suffered by the other Party directly as a result of any breach by the indemnifying Party of any of the provisions of this Clause 13. 13.10 This Clause 13 shall survive the termination or expiry of this Agreement.

CONFIDENTIALITY & DATA PROTECTION. 13.1 14.1 The Parties will keep confidential any and all Confidential Information that they may acquire pursuant to this Agreement. 14.2 Each Party (which for this purpose will include each Party’s employees, agents, representatives and advisors) undertakes that it shall not at any time during the Charter Period and for a period of two (2) years after termination of this Agreement, disclose to any person any confidential information concerning the other Party’s business, affairs, customers, clients or suppliers, or this Agreement (including but not limited to any reports, data or information furnished under this Agreement), except as permitted by Clause 13.2. 13.2 Each Party may disclose the other Party’s confidential information: (a) to its employees, agents, representatives and advisers who need to know such information for the purposes of exercising the Party’s rights or carrying out its obligations under or in connection with this Agreement. Each Party shall ensure that its employees, agents, representatives or advisers to whom it discloses the other Party’s confidential information comply with Clauses 13.1 to 13.3; and (b) as may be required by law, a court of competent jurisdiction or any regulatory or statutory authority. 13.3 Neither Party shall use the other Party’s confidential information Confidential Information for any purpose other than to exercise its rights and perform its obligations under this Agreement. Each Party will ensure that its officers and employees comply with the provisions of this clause 14 and shall be liable for the acts and omissions of its employees and officers. 14.3 The Parties shall comply with the Data Protection Laws applicable to them and shall not, by any act or omission, put the other Party in breach of any of the Data Protection Laws (in so far as such laws are applicable to the other Party) in connection with this Agreement. 13.4 The provisions of Clauses 13.1 to 13.3 shall not apply to any confidential information that: (a) is or becomes generally available to 14.4 To the public (other than extent that the Company acts as a result Processor on behalf of the Customer in its disclosure by capacity as a Controller of Personal Data (“Customer Personal Data”), the receiving Party (including its agents, employees or representatives) in breach of this clause)Company shall; (b) was available to 14.4.1 process the receiving Party on a non-confidential basis before disclosure by the disclosing Party; or (c) was, is or becomes available to the receiving Party on a non-confidential basis from a person who, to the receiving Party’s knowledge, is not bound by a confidentiality agreement Customer Personal Data only in accordance with the disclosing Party or otherwise prohibited from disclosing the information to the receiving Party. 13.5 Neither Party will acquire any right in the other’s data and/or information. The receiving Party will take all necessary steps to ensure that it will not use nor reproduce any data, information or know-how of the disclosing Party which comes into its possession or control, except as required by this Agreement. 13.6 Each Party shall take all necessary steps to ensure that data and information belonging to the other Party which comes into its possession or control in the course of this Agreement is protected and shall not: the Customer’s written instructions (a) use the data or information nor reproduce the data or information in whole or in part in any form except as may be required by this Agreement; (b) disclose the data or information to any third party or persons not authorised by the disclosing Party to receive it, except with the prior written consent of the disclosing Party; or (c) alter, delete, add to or unless otherwise interfere with the data or information (save where expressly required to do so by law, in which case the terms Company shall notify the Company of this Agreement such legal requirements unless prohibited from doing so); 14.4.2 implement appropriate technical and only organisational measures to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and comply with Article 32 GDPR; 14.4.3 take reasonable steps to ensure the prior consent reliability of the disclosing Party). 13.7 Each Party shall personnel with access to Customer Personal Data and ensure that if it becomes such personnel are subject to a statutory or contractual duty of confidential; 14.4.4 inform the Customer as soon as practicable (and in any event within 72 hours) on becoming aware of any actual or potential security risk to the Customer Personal Data; 14.4.5 provide assistance to the Customer in dealing with any data security breach it shall immediately take all steps necessary subject rights laid down in Chapter III GDPR and complying with Articles 32 to prevent further breach36 GDPR, and it shall immediately report any such breach of this Clause 13 to the order, notice, assessment or other Party. 13.8 To the extent that any data or information belonging to a disclosing Party that may be processed or accessed by the other Party is personal data within the meaning instruction of any applicable data privacy supervisory authority; 14.4.6 ensure that all Customer Personal Data is destroyed, deleted or personal data legislation, returned (at the Parties will comply with all applicable rules and regulations. 13.9 Each Party will indemnify and hold Customer’s option) on written request by the other Party harmless (and keep it indemnified and held harmless notwithstanding Customer and/or on termination of this Agreement) against ; 14.4.7 maintain adequate records as required by GDPR and submit such records and other relevant information to the Customer on request to demonstrate its compliance with its obligations under this clause 14.4 and contribute to any and all Losses or damages suffered necessary audits as agreed by the other Party directly as a result parties. 14.5 Where clause 14.4 applies, the Customer agrees that the Company may appoint sub- processors to the extent necessary for the proper performance of the Services, provided that the Company enters into written terms equivalent to those in clause 14.4 and that the Company remains responsible for the acts and omissions of any breach sub-processor. The Company shall notify the Customer of any changes to its sub-processors and give the Customer a reasonable opportunity to object to such changes. 14.6 The Customer acknowledges and agrees that the Customer Personal Data may be transferred or stored outside the UK or European Economic Area (EEA) (including transfers to sub-processors based outside the UK/EEA) if necessary to carry out the Company’s obligations under the Agreement provided that (a) the Company provides and maintains appropriate safeguards as set out in Article 46 GDPR to lawfully transfer the Personal Data to a third country; (b) the data subject has enforceable rights and effective legal remedies; and (c) the Company complies with reasonable instructions notified to it in advance by the indemnifying Party of any Customer with respect to the processing of the provisions of this Clause 13Customer Personal Data. 13.10 This Clause 13 14.7 The Customer acknowledges and agrees that any transfers of Personal Data made by it directly to third parties, including in connection with the OEM Support, shall survive the termination or expiry of this Agreementbe subject to those third parties’ data processing terms and/or privacy policies in force from time to time.

CONFIDENTIALITY & DATA PROTECTION. 13.1 Each Party (which for this purpose will include each Party’s employees, agents, representatives and advisors) undertakes 14.1 The parties anticipate that it shall not at any time during the Charter Period and for a period of two may be necessary to provide access to Confidential Information (2as defined below) years after termination of to each other pursuant to this Agreement. As used herein, disclose to any person any confidential information the party disclosing Confidential Information is the "Disclosing Party" and the party receiving the Confidential Information is the "Recipient". In connection therewith, the parties agree as follows: (a) Confidential Information means all information, in whatever form (written, oral or otherwise), concerning the other Party’s business, affairs, customers, clients or suppliers, or this Agreement and the business and affairs of each party (including but not limited to any plans, trade secrets, concepts, know-how, strategies, intentions, ideas, operations, processes, techniques, methodologies, practices, patents, financial information, market opportunities, sales distribution strategies, pricing policies, customers, suppliers, and works of authorship, products, systems and materials such as computer programs, source codes, object codes, software tools, software libraries, system architecture, business process flows, data, diagrams, charts, reports, data specifications, manuals, sketches, inventions and working papers or information furnished under similar materials thereto) that shall have been obtained or received by each party as a result of the discussions leading up to, or the entering into, or the performance of, this Agreement), except as permitted by Clause 13.2. 13.2 Each Party may (b) Without the prior written consent of the Disclosing Party, the Recipient shall not disclose the other PartyConfidential Information, in whole or in part, to any third party. Access to the Confidential Information shall be restricted to the Recipient’s confidential information: (a) to its employees, agents, representatives and advisers who employees with a need to know such information for purposes solely related to the purposes Project and for the implementation of exercising the Party’s rights or carrying out its obligations under or in connection with this Agreement. The Recipient shall make all such employees aware of the confidentiality of the Confidential Information and they shall agree to be bound by the restrictions contained in this section. Without prejudice to the generality of the foregoing, the Recipient will take all such steps as shall from time to time be necessary to ensure compliance by its employees with the provisions of this clause. (c) The Recipient will not, at any time, use the Confidential Information of the Disclosing Party in any fashion, form, or manner (including but not limited to the use of the Confidential Information for its own benefit or the benefit of any third party), except solely in furtherance of the Project and implementation of this Agreement. (d) Confidential Information of the Disclosing Party may not be copied, reproduced or altered, in whole or in part, by the Recipient without the Disclosing Party's prior written consent. (e) Each party will protect the confidentiality of the other's Confidential Information to prevent the unauthorized use, dissemination or publication of such Confidential Information in the same manner it protects the confidentiality of its own confidential information of like kind, but in no event shall either party exercise less than reasonable care in protecting such Confidential Information. (f) Confidential Information disclosed hereunder shall at all times remain the property of the Disclosing Party. No right in or licence to Confidential Information disclosed hereunder is granted by this section. (g) All title rights and intellectual property rights of whatever nature (including but not limited to copyrights, patents, trademarks, registered designs and the right to apply therefor) to the Confidential Information and to the matters referred to therein are vested in the Disclosing Party and its third party suppliers and no rights, interests or licences in any part of the Confidential Information are granted or transferred either expressly or impliedly to the Recipient. The Disclosing Party shall ensure that in its employeessole discretion be entitled to apply in any jurisdiction for any patents, agentstrademarks and designs and applications in respect of any part of the Confidential Information, representatives including without limitation, author certificates, inventor certificates, improvement patents, utility certificates and models and certificates of addition including revisions, renewals, continuation, extensions or advisers reissues thereof. (h) All Confidential Information made available hereunder, including copies of the same in any form, shall be returned to whom it discloses the other Party’s confidential information comply with Clauses 13.1 Disclosing Party or destroyed upon the first to 13.3; and occur of (a) termination of this Agreement or (b) as may request by the Disclosing Party. The Recipient’s obligations under this section shall survive the return or destruction of such Confidential Information. (i) Nothing in this section shall prohibit or limit either party's use of information: (i) previously known to it prior to disclosure; (ii) independently developed by or for it; (iii) acquired by it from a third party which was not under an obligation to the Disclosing Party not to disclose such information; (iv) which is or becomes publicly available through no breach by the Recipient of this clause; or (v) required to be required disclosed by law, an order from a court of competent jurisdiction or in accordance with the requirements of any law or regulatory or statutory authoritybody. 13.3 Neither (j) In the event either party receives a subpoena or other validly issued administrative or judicial process demanding Confidential Information of the other party, the Recipient shall promptly notify the Disclosing Party and tender to it the defence of such demand. Unless the demand shall have been timely limited, quashed or extended, the Recipient shall thereafter be entitled to comply with such demand to the extent permitted by law. If requested by the party to whom the defence has been tendered, the Recipient shall cooperate (at the expense of the requesting party) in the defence of a demand. (k) The Disclosing Party (including its officers, employees, agents, advisers or consultants) does not make any express or implied representation or warranty as to the accuracy or completeness of the Confidential Information and accepts no responsibility or liability for any inaccuracy or incompleteness of the Confidential Information. (l) Irreparable harm shall be presumed if either party breaches any provision of this section. This section is intended to protect the Confidential Information owned by the Disclosing Party and its proprietary rights. Any misuse of such Confidential Information will cause substantial harm to the business of the Disclosing Party. Accordingly, in the event of a breach or threatened breach of any provision of this section, the Disclosing Party shall use the other Party’s confidential information for any purpose other than be entitled to exercise its rights seek and perform its obtain immediate and permanent injunctive relief to enforce obligations under this section, but nothing herein shall preclude the Disclosing Party from pursuing any other action or in connection with this Agreementremedy. The Recipient agrees to indemnify the Disclosing Party from and against any loss, damage, cost, expense or injuries it may suffer or incur as a result of the breach. 13.4 14.2 The provisions of Clauses 13.1 to 13.3 shall not apply to any confidential information Customer represents and warrants that: (a) is or becomes generally available any Personal Data provided to the public (other than as a result Provider under this Agreement does not infringe the rights, including any data protection rights conferred under the law, of its disclosure by the receiving Party (including its agents, employees person(s) to whom the Personal Data relates to or representatives) in breach of this clause)any third party; (b) was available provision of the Personal Data by the Customer (or any third parties authorised by the Customer) to the receiving Party on a non-confidential basis before disclosure by Provider is in compliance with all applicable laws, including the disclosing PartyPersonal Data Protection Xxx 0000 of Malaysia and any other applicable data protection laws in the Territory; orand (c) was, is the Customer (or becomes available to the receiving Party on a non-confidential basis from a person who, to the receiving Party’s knowledge, is not bound by a confidentiality agreement with the disclosing Party or otherwise prohibited from disclosing the information to the receiving Party. 13.5 Neither Party will acquire any right in the other’s data and/or information. The receiving Party will take all necessary steps to ensure that it will not use nor reproduce any data, information or know-how of the disclosing Party which comes into its possession or control, except as required by this Agreement. 13.6 Each Party shall take all necessary steps to ensure that data and information belonging to the other Party which comes into its possession or control in the course of this Agreement is protected and shall not: (a) use the data or information nor reproduce the data or information in whole or in part in any form except as may be required by this Agreement; (b) disclose the data or information to any third party or persons not authorised by the disclosing Party Customer) has complied with all requirements under applicable laws to receive it, except with enable the prior written consent of Provider to use the disclosing Party; or (c) alter, delete, add to or otherwise interfere with the data or information (save where expressly required to do so by the terms of Personal Data as envisaged under this Agreement and only with the prior consent of the disclosing Party). 13.7 Each Party shall ensure that if it becomes aware of any data security breach it shall immediately take all steps necessary to prevent further breach, and it shall immediately report any such breach of this Clause 13 to the other Party. 13.8 To the extent that any data or information belonging to a disclosing Party that may be processed or accessed by the other Party is personal data within the meaning of any applicable data privacy or personal data legislation, the Parties will comply with all applicable rules and regulations. 13.9 Each Party will indemnify and hold the other Party harmless (and keep it indemnified and held harmless notwithstanding termination of its obligations under this Agreement) against , including any notification and all Losses or damages suffered by the other Party directly as a result of any breach by the indemnifying Party of any of the provisions of this Clause 13consent requirements. 13.10 This Clause 13 shall survive the termination or expiry of this Agreement.

CONFIDENTIALITY & DATA PROTECTION. 13.1 Each 19.1 The Parties shall at all times each comply with the Data Protection Legislation and shall in connection with this Agreement enter into a Data Protection Agreement. 19.2 Subject to clause 19.3, each Party (which for this purpose will include each Party’s employees, agents, representatives and advisors) undertakes that it shall not at any time during the Charter Period and for a period of two (2) years after termination of this Agreement, disclose to any person any confidential information concerning keep the other Party’s business, affairs, customers, clients Confidential Information confidential and shall not: 19.2.1 use such Confidential Information except for the purpose of performing its rights and obligations under or suppliers, in connection with this agreement; or 19.2.2 disclose such Confidential Information in whole or this Agreement (including but not limited in part to any reports, data or information furnished under this Agreement)third Party, except as expressly permitted by Clause 13.2this clause 19. 13.2 Each 19.3 The obligation to maintain confidentiality of Confidential Information does not apply to any Confidential information: 19.3.1 which the other Party confirms in writing is not required to be treated as Confidential Information; 19.3.2 which is obtained from a third party who is lawfully authorised to disclose such information without any obligation of confidentiality; 19.3.3 which a Party is required to disclose by judicial, administrative, governmental or regulatory process in connection with any action, suit, proceedings or claim or otherwise by Applicable Law, including the FOIA or the EIRs; 19.3.4 which is in or enters the public domain other than through any disclosure prohibited by this Agreement; 19.3.5 which a Party can demonstrate was lawfully in its possession prior to receipt from the other Party; or 19.3.6 which is disclosed by the Parties on a confidential basis to any central government or regulatory body. 19.4 A Party may disclose the other Party’s confidential information: (a) Confidential Information to those of its employees, agents, representatives and advisers Representatives who need to know such information Confidential Information for the purposes of exercising performing or advising on the Party’s rights or carrying out its obligations under or this agreement, provided that: 19.4.1 it informs such Representatives of the confidential nature of the Confidential Information before disclosure; 19.4.2 it procures that its Representatives shall, in connection relation to any Confidential Information disclosed to them, comply with the obligations set out in this clause as if they were a Party to this Agreement. Each Party shall ensure that its employees, agents, representatives or advisers to whom it discloses the other Party’s confidential information comply with Clauses 13.1 to 13.3; and (b) as may be required by law19.4.3 and at all times, a court it is liable for the failure of competent jurisdiction or any regulatory or statutory authorityRepresentatives to comply with the obligations set out in this clause 19.4. 13.3 19.5 The provisions of this clause 21 shall apply during the continuance of the Agreement and indefinitely after its expiry or termination. 19.6 Neither Party shall use enter into issue any media release publicity concerning or affecting matters under this Agreement unless previously agreed in advance with the other Party’s confidential information for any purpose other than to exercise its rights and perform its obligations under at Strategic Director level or in connection with this Agreementabove. 13.4 The provisions 19.7 Subject to clause 19.8 any formal statements or communications to Employees and/or members of Clauses 13.1 to 13.3 the Parties concerning matters under this Agreement shall be agreed between the Parties in advance. 19.8 Clause 19.7 does not apply to any confidential information that: (a) is the circulation of minutes, the routine reporting of decisions or becomes generally available to the public (other than as a result of its disclosure by the receiving Party (including its agents, employees or representatives) in breach of this clause); (b) was available to the receiving Party on a non-confidential basis before disclosure by the disclosing Party; or (c) was, is or becomes available to the receiving Party on a non-confidential basis from a person who, to the receiving Party’s knowledge, is not bound by a confidentiality agreement with the disclosing Party or otherwise prohibited from disclosing the information to the receiving Party. 13.5 Neither Party will acquire any right in the other’s data and/or information. The receiving Party will take all necessary steps to ensure that it will not use nor reproduce any data, requests for information or know-how of the disclosing Party which comes into its possession or control, except as required by this Agreementaction to be taken. 13.6 Each Party shall take all necessary steps to ensure that data and information belonging to the other Party which comes into its possession or control in the course of this Agreement is protected and shall not: (a) use the data or information nor reproduce the data or information in whole or in part in any form except as may be required by this Agreement; (b) disclose the data or information to any third party or persons not authorised by the disclosing Party to receive it, except with the prior written consent of the disclosing Party; or (c) alter, delete, add to or otherwise interfere with the data or information (save where expressly required to do so by the terms of this Agreement and only with the prior consent of the disclosing Party). 13.7 Each Party shall ensure that if it becomes aware of any data security breach it shall immediately take all steps necessary to prevent further breach, and it shall immediately report any such breach of this Clause 13 to the other Party. 13.8 To the extent that any data or information belonging to a disclosing Party that may be processed or accessed by the other Party is personal data within the meaning of any applicable data privacy or personal data legislation, the Parties will comply with all applicable rules and regulations. 13.9 Each Party will indemnify and hold the other Party harmless (and keep it indemnified and held harmless notwithstanding termination of this Agreement) against any and all Losses or damages suffered by the other Party directly as a result of any breach by the indemnifying Party of any of the provisions of this Clause 13. 13.10 This Clause 13 shall survive the termination or expiry of this Agreement.