Common use of Content and Data Protection Clause in Contracts

Content and Data Protection. a. IBM's Data Security and Privacy Principles for IBM Cloud Services (DSP), at xxxx://xxx.xxx.xxx/cloud/data- security, apply for generally available Cloud Service offerings. Specific security features and functions of a Cloud Service may be provided in an Attachment and TDs. Client is responsible to assess the suitability of each Cloud Service for Client's intended use and Content and to take necessary actions to order, enable, or use available data protection features appropriate for the Content being used with a Cloud Service. By using the Cloud Service, Client accepts responsibility for use of the Cloud Services, and acknowledges that it meets Client's requirements and processing instructions to enable compliance with applicable laws. b. IBM will treat all Content as confidential by not disclosing Content except to IBM employees, contractors, and only to the extent necessary to deliver the Cloud Service. c. IBM's Data Processing Addendum at xxxx://xxx.xxx.xxx/dpa and applicable DPA Exhibit(s) apply to personal data contained in Content, if and to the extent: i) the European General Data Protection Regulation (EU/2016/679) (GDPR); or ii) other data protection laws identified at xxxx://xxx.xxx/dpa/dpl apply. d. IBM will return or remove Content from IBM computing resources upon the expiration or cancellation of the Cloud Service, or earlier upon Client's request. IBM may charge for certain activities performed at Client's request (such as delivering Content in a specific format). IBM does not archive Content, however some Content may remain in Cloud Service backup files until expiration of such files as governed by IBM's backup retention practices. e. Upon request by either party, IBM, Client or affiliates of either, will enter into additional agreements as required by law in the prescribed form for the protection of personal or regulated personal data included in Content. The parties agree (and will ensure that of their respective affiliates) that such additional agreements will be subject to the terms of the Agreement.

Content and Data Protection. a. IBM's IBM Data Security and Privacy Principles for IBM Cloud Services (DSP), at xxxx://xxx.xxx.xxx/cloud/data- securityxxxx://xxx.xxx.xxx/cloud/data-security, apply for standard IBM Cloud Services that are generally available Cloud Service offeringsavailable. Specific security features and functions of a an IBM Cloud Service may will be provided described in an the applicable Attachment and TDsor TD. Client is responsible to assess the suitability of each Cloud Service for Client's intended use selecting, ordering, enabling, and Content and to take necessary actions to order, enable, or use using available data protection features appropriate for the Content being used with a Cloud Service. By using the Cloud Service, Client accepts responsibility for to support Client's use of the Cloud Services, . Client is responsible for assessing the suitability of the Cloud Services for the Content and Client's intended use. Client acknowledges that it meets the Cloud Services used meet Client's requirements and processing instructions required to enable compliance comply with applicable laws. b. IBM, its affiliates, and contractors of either, will access and use the Content solely for the purpose of providing and managing the IBM Cloud Service. IBM will treat all Content as confidential by not only disclosing Content except to IBM employees, contractors, and only contractors to the extent necessary to deliver provide the IBM Cloud ServiceServices. c. IBM's Data Processing Addendum at xxxx://xxx.xxx.xxx/dpa and applicable DPA Exhibit(s) apply to personal data contained in Content, if and to the extent: i) the European General Data Protection Regulation (EU/2016/679) (GDPR); or ii) other data protection laws identified at xxxx://xxx.xxx/dpa/dpl apply. d. IBM will return or remove Content from IBM computing resources upon the expiration or cancellation of the Cloud Service, or earlier upon Client's request. IBM may charge for certain activities performed at Client's request (such as delivering Content in a specific format). IBM does not archive Content, however some Content may remain in Cloud Service backup files until expiration of such files as governed by IBM's backup retention practices. e. Upon request by either party, IBM, Client or affiliates of either, will enter into additional agreements as required by law in the prescribed form for the protection of personal or regulated personal data included in Content. The parties agree (and will ensure that of their respective affiliates) that such additional agreements will be subject to the terms of the Agreement. e. For IBM Cloud Services with self-managed features, Client can remove Content at any time. Otherwise, IBM will return or remove Content from IBM computing resources upon the expiration or cancellation of the IBM Cloud Services, or earlier upon Client's request. IBM may charge for certain activities performed at Client's request (such as delivering Content in a specific format). IBM does not archive Content, however some Content may remain in IBM Cloud Services backup files until expiration of such files as governed by IBM's backup retention practices.

Content and Data Protection. a. IBM's Data Security and Privacy Principles for IBM Cloud Services (DSP), at xxxx://xxx.xxx.xxx/cloud/data- security, apply for generally available Cloud Service offerings. Specific security features and functions of a Cloud Service may be provided in an Attachment and TDs. Client is responsible to assess the suitability of each Cloud Service for Client's intended use and Content and to take necessary actions to order, enable, or use available data protection features appropriate for the Content being used with a Cloud Service. By using the Cloud Service, Client accepts responsibility for use of the Cloud Services, and acknowledges that it meets Client's requirements and processing instructions to enable compliance with applicable laws. b. IBM will treat all Content as confidential by not disclosing Content except to IBM employees, contractors, and only to the extent necessary to deliver the Cloud Service. c. IBM's Data Processing Addendum at xxxx://xxx.xxx.xxx/dpa and applicable DPA Exhibit(s) apply to personal data contained in Contentand prevail over any conflicting terms of the Agreement, if and to the extent: i) extent the European General Data Protection Regulation (EU/2016/679) (GDPR); or ii) other applies to personal data protection laws identified at xxxx://xxx.xxx/dpa/dpl applycontained in Content. d. IBM will return or remove Content from IBM computing resources upon the expiration or cancellation of the Cloud Service, or earlier upon Client's request. IBM may charge for certain activities performed at Client's request (such as delivering Content in a specific format). IBM does not archive Content, however some Content may remain in Cloud Service backup files until expiration of such files as governed by IBM's backup retention practices. e. Upon request by either party, IBM, Client or affiliates of either, will enter into additional agreements as required by law in the prescribed form for the protection of personal or regulated personal data included in Content. The parties agree (and will ensure that of their respective affiliates) that such additional agreements will be subject to the terms of the Agreement.

Content and Data Protection. a. IBM's Data Security and Privacy Principles for IBM Cloud Services (DSP), at xxxx://xxx.xxx.xxx/cloud/data- xxxx://x xx.xxx.xxx/xxxxx/xxxx- security, apply for generally available Cloud Service offerings. Specific security features and functions of a Cloud Service may be provided in an Attachment and TDs. Client is responsible to assess the suitability of each Cloud Service for Client's intended use and Content and to take necessary actions to order, enable, or use available data protection features appropriate for the Content being used with w ith a Cloud Service. By using the Cloud Service, Client accepts responsibility for use of the Cloud Services, and acknowledges acknow ledges that it meets Client's requirements and processing instructions to enable compliance with w ith applicable laws.law s. b. IBM will w ill treat all Content as confidential by not disclosing Content except to IBM employees, contractorscontr actors, and only to the extent necessary to deliver the Cloud Service. c. IBM's Data Processing Addendum at xxxx://xxx.xxx.xxx/dpa xxxx://x xx.xxx.xxx/xxx and applicable DPA Exhibit(s) apply to personal data contained in Contentand prevail over any conflicting terms of the Agreement, if and to the extent: i) extent the European General Data Protection Regulation (EU/2016/679) (GDPR); or ii) other applies to personal data protection laws identified at xxxx://xxx.xxx/dpa/dpl applycontained in Content. d. IBM will w ill return or remove Content from IBM computing resources upon the expiration or cancellation of the Cloud Service, or earlier upon Client's request. IBM may charge for certain activities performed at Client's request (such as delivering Content in a specific format). IBM does not archive Content, however how ever some Content may remain in Cloud Service backup files until expiration of such files as governed by IBM's backup retention practices. e. Upon request by either party, IBM, Client or affiliates of either, will w ill enter into additional agreements as required by law in the prescribed form for the protection of personal or regulated personal data included in Content. The parties agree (and will w ill ensure that of their respective affiliates) that such additional agreements will w ill be subject to the terms of the Agreement.

Content and Data Protection. a. IBM's Data Security Content consists of all data, software, and Privacy Principles for IBM Cloud Services (DSP)information that Client or its authorized users provides, at xxxx://xxx.xxx.xxx/cloud/data- security, apply for generally available Cloud Service offerings. Specific security features and functions of a Cloud Service may be provided in an Attachment and TDs. Client is responsible to assess the suitability of each Cloud Service for Client's intended use and Content and to take necessary actions to order, enableauthorizes access to, or use available data protection features appropriate for inputs to the Content being used with a Cloud Service. By using Use of the Cloud Service will not affect Client's existing ownership or license rights in such Content. IBM and its contractors, and subprocessors may access and use the Content solely for the purpose of providing and managing the Cloud Service, Client accepts responsibility for use of the Cloud Services, and acknowledges that it meets Client's requirements and processing instructions to enable compliance with applicable lawsunless otherwise described in a TD. b. IBM will treat Client is responsible for obtaining all Content as confidential by not disclosing Content except necessary rights and permissions to IBM employees, contractorsenable, and only grants such rights and permissions to, IBM, and its contractors and subprocessors to the extent necessary to deliver use, provide, store and process Content in the Cloud Service. c. . This includes Client making necessary disclosures and obtaining consent, if required, before providing individuals' information, including personal or other regulated information in such Content. If any Content could be subject to governmental regulation or may require security measures beyond those specified by IBM for an offering, Client will not input, provide, or allow such Content unless specifically permitted in the terms of the relevant TD or unless IBM has otherwise first agreed in writing to implement additional security and other measures. IBM's Data Processing Addendum at xxxx://xxx.xxx.xxx/dpa xxxx://xxx.xxx/dpa (DPA) and applicable DPA Exhibit(s) apply to personal data contained in Contentand supplement the Agreement, if and to the extent: i) extent the European General Data Protection Regulation (EU/2016/679) (GDPR); ) applies to personal data contained in Content. c. Upon request by either party, IBM, Client or iitheir affiliates will enter into additional agreements as required by law in the prescribed form for the protection of personal or regulated personal data included in Content. The parties agree (and will ensure that their respective affiliates agree) other data protection laws identified at xxxx://xxx.xxx/dpa/dpl applythat such additional agreements will be subject to the terms of the Agreement. d. IBM will return or remove Content from IBM computing resources upon the expiration or cancellation of the Cloud Service, or earlier upon Client's request. IBM may charge for certain activities performed at Client's request (such as delivering Content in a specific format). IBM does not archive Content, however some Content may remain in Cloud Service backup files until expiration of such files as governed by IBM's backup retention practices. e. Upon request Each Cloud Service is designed to protect Content as described in the Agreement. IBM's Data Security and Privacy Principles for IBM Cloud Services (DSP), at xxxx://xxx.xxx.xxx/cloud/data-security, apply for generally available Cloud Service offerings or as described in the applicable TD. IBM will treat all Content as confidential by either partynot disclosing Content except to IBM employees, IBMcontractors, and subprocessors, and only to the extent necessary to deliver the Cloud Service, unless otherwise specified in a TD. Specific security features and functions of a Cloud Service may be provided in an Attachment and TDs. Client is responsible to assess the suitability of each Cloud Service for Client's intended use and Content. By using the Cloud Service, Client or affiliates of either, acknowledges that it meets Client's requirements and processing instructions. f. Client acknowledges that i) IBM may modify the DSP from time to time at IBM's sole discretion and ii) such modifications will enter into additional agreements as required by law in the prescribed form for the protection of personal or regulated personal data included in Contentsupersede prior versions. The parties agree (and will ensure that intent of their respective affiliates) that such additional agreements any modification to the DSP will be subject to i) improve or clarify existing commitments, ii) maintain alignment to current adopted standards and applicable laws, or iii) provide additional commitments. No modification to the terms DSP will materially degrade the security of the Agreementa Cloud Service.