Common use of CUSTOMER DATA AND DATA PROTECTION Clause in Contracts

CUSTOMER DATA AND DATA PROTECTION. 16.1. The Customer or the End User, as applicable, shall retain all rights, title and interest in its Customer Data, including all intellectual property rights therein. 16.2. Customer, not STRATIO, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data (and without limiting the foregoing, Customer shall ensure that it obtains all consents necessary to allow STRATIO to use Customer Data as permitted herein). 16.3. STRATIO shall use commercially reasonable efforts to maintain the security and integrity of the STRATIO Platform and Customer Data. 16.4. To the maximum extent permitted by law, STRATIO is not responsible before the Customer for unauthorized access to Customer Data or the unauthorized use of any Products unless such access is due to STRATIO’s gross negligence or willful misconduct. 16.5. The Customer is responsible for the use of all Services by any person to whom the Customer has given access to such Services, even if the Customer did not authorize such use. 16.6. Customer agrees and acknowledges that any Customer Data in STRATIO’s possession may be irretrievably deleted if Customer’s payments are 90 (ninety) days or more past due. 16.7. Customer hereby grants STRATIO a non-exclusive license to copy, reproduce, store, distribute, export, adapt, edit and translate Customer Data to the extent reasonably required for the performance of STRATIO’s obligations under the Contract. 16.8. Notwithstanding anything to the contrary, the Customer further acknowledges and agrees that: a) STRATIO may use and modify (but not disclose) Customer Data for the purposes of i. providing the Services to the Customer ii. testing, improving and operating STRATIO’s Services, and

CUSTOMER DATA AND DATA PROTECTION. 16.1. The Customer or the End User, as applicable, shall retain 6.1 Datatank acknowledges that all rights, title and interest in its Customer Data, including all intellectual property rights thereinto the Customer Data is owned exclusively by the Customer. 16.26.2 Datatank and the Customer acknowledge that for the purposes of the Data Protection Act 2018, the Customer is the data controller and Datatank is the data processor of any Customer Data. 6.3 Datatank shall: 6.3.1. process the Customer Data only to the extent, and in such a manner, as is necessary for the purposes specified in this Agreement and in accordance with the Customer’s written instructions from time to time ; 6.3.2. process the Customer Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments; 6.3.3. take appropriate organisational, physical and technical safeguards against the unauthorised or unlawful processing of Customer Data and against the accidental loss or destruction of, or damage to, Customer Data to ensure compliance with the seventh data protection principle. 6.3.4. shall promptly comply with any request from the Customer requiring Datatank to amend, transfer or delete the Customer Data; 6.3.5. ensure that access to the Customer Data is limited to those employees who need access to the Customer Data to meet Datatank' obligations under this Agreement; and in the case of any access by any employee, such part or parts of the Customer Data as is strictly necessary for performance of that employee's duties; 6.3.6. take reasonable steps to ensure the reliability of any of Datatank' employees who have access to the Customer Data; 6.3.7. not STRATIOdisclose the Customer Data to any Data Subject or to a third party other than at the request of the Customer or as provided for in this Agreement; 6.3.8. notify the Customer immediately if it becomes aware of any unauthorised or unlawful processing, loss of, damage to or destruction of the Customer Data., Datatank will use commercially reasonable efforts to correct the Customer’s Data or restore the Customer’s Data as quickly as possible; 6.4 The Customer acknowledges and agrees that it is the Customer’s obligation to inform third parties of the use, processing, or transfer of Customer Data or Customer Data and to ensure that such third parties have given their consent to such use, processing, and transfer as required by all applicable data protection legislation. 6.5 The Customer shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, appropriateness and intellectual property ownership or right to use copyright of all Customer Data. 6.6 Data (Storage: The Customer acknowledges that the technical processing and without limiting the foregoing, Customer shall ensure that it obtains all consents necessary to allow STRATIO to use storage of Customer Data as permitted herein). 16.3is fundamental to the provision of the service. STRATIO shall use commercially reasonable efforts Customer expressly consents to maintain Datatank storage of Customer Data and the security back-up of that data onto various media in order to ensure the availability and integrity of the STRATIO Platform and Customer Data. 16.4. To the maximum extent permitted by law, STRATIO is not responsible before the Customer for unauthorized access to Customer Data or the unauthorized use of any Products unless such access is due to STRATIO’s gross negligence or willful misconduct. 16.5Service. The Customer is responsible for the use of all Services by any person to whom the Customer has given access to such Services, even if the Customer did not authorize such use. 16.6. Customer agrees and acknowledges that any Customer Data in STRATIO’s possession may be irretrievably deleted if Customer’s payments are 90 (ninety) days or more past due. 16.7. Customer hereby grants STRATIO Datatank a limited non-exclusive license non-transferable licence to copy, reproduce, store, distributerecord, exporttransmit, adaptmaintain, edit and translate display, view, print or otherwise use Customer Data to the extent reasonably required for the performance of STRATIO’s obligations under the Contract. 16.8. Notwithstanding anything necessary to the contrary, the Customer further acknowledges and agrees that: a) STRATIO may use and modify (but not disclose) Customer Data for the purposes of i. providing provide the Services to the Customer. The Customer iiagrees that the licence to store and maintain Customer Data shall survive the termination of this Agreement for a maximum of 180 days. 6.7 Transmission of Data: The Customer acknowledges that the technical processing of Customer’s Electronic Communications is fundamentally necessary for Customer’s use of the Service. testingThe Customer expressly consents to Datatank interception and storage of Electronic Communications and/or Customer Data and/or Customer Data, improving and operating STRATIOCustomer acknowledges and understands that Customer’s ServicesElectronic Communication will involve transmission over the Internet, andand over various networks, only part of which may be owned and/or operated by Datatank. Customer acknowledges that Electronic Communications may be accessed by unauthorised parties when communicated over the Internet, network communication facilities, tele hone or other electronic means. The Customer agrees that Datatank is not responsible for any Electronic Communications and/or Customer Data and/or Customer Data which is delayed, lost, altered, intercepted or stored during the transmission of any data whatsoever across networks not owned and/or operated by Datatank, including, but not limited to, the Internet and Customer’s local network.

CUSTOMER DATA AND DATA PROTECTION. 16.1. The Customer or the End User, as applicable, shall retain all rights, title and interest in its Customer Data, including all intellectual property rights therein. 16.2. Customer, not STRATIO, shall have sole responsibility for the accuracy, quality, integrity, legality, reliability, appropriateness, and intellectual property ownership or right to use of all Customer Data (and without limiting the foregoing, Customer shall ensure that it obtains all consents necessary to allow STRATIO to use Customer Data as permitted herein). 16.3. STRATIO shall use commercially reasonable efforts to maintain the security and integrity of the STRATIO Platform and Customer Data. 16.4. To the maximum extent permitted by law, STRATIO is not responsible before the Customer for unauthorized access to Customer Data or the unauthorized use of any Products unless such access is due to STRATIO’s gross negligence or willful misconduct. 16.5. The Customer is responsible for the use of all Services by any person to whom the Customer has given access to such Services, even if the Customer did not authorize such use. 16.6. Customer agrees and acknowledges that any Customer Data in STRATIO’s possession may be irretrievably deleted if Customer’s payments are 90 (ninety) days or more past due. 16.7. Customer hereby grants STRATIO a non-exclusive license to copy, reproduce, store, distribute, export, adapt, edit and translate Customer Data to the extent reasonably required for the performance of STRATIO’s obligations under the Contract. 16.8. Notwithstanding anything to the contrary, the Customer further acknowledges and agrees that: a) STRATIO may use and modify (but not disclose) Customer Data for the purposes of i. providing the Services to the Customer ii. testing, improving and operating STRATIO’s Services, andand iii. generating Aggregated Data; b) STRATIO may freely use and make available Aggregated or made anonymous Data for STRATIO’s business purposes. 16.9. Under the Contract, each Party will further have access to certain personal data from the other Party and its representatives, being that data processed on the basis of legitimate interests pursued by both Parties, for the purposes of the process of signature and management of the Contract as well as compliance with any applicable legal obligations. The personal data shall be stored while the contractual relationship between the Parties is in place and/or for the additional period deemed necessary in order to comply with the time limits provided by law and/or defend rights and interests in court proceedings. Both parties shall ensure to the data subjects the rights foreseen in the General Data Protection Regulation or any other applicable data protection regulations.