Common use of Customer Data Clause in Contracts

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality , reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. The customer being a contractor of DSA Airport, the customer shall not own the rights, title and interest in and to the Data which belongs to DSA Airport. 5.2 The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If Data as set out in its Back- Up Policy available at xxx.xxxxxxxxxxxx.xxx or such other website address as may be notified to the Customer utilises the customer service icon provided from time to time, as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties subcontracted by the Supplier to perform services related to Customer Data maintenance and back-party up). 5.3 The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at xxx.xxxxxxxxxxxx.xxx or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 5.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's ’s other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 4.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 4.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via in accordance with such service will be subject to the relevant third party supplier’s Security Policyarchiving procedure. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 4.3 The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except and its Data Protection Policy relating to the extent that the Supplier is entitled to recover privacy and has so recovered an amount (net security of the costs of recovery) equal Customer Data as may be notified to such loss the Customer from the relevant third partytime to time. 5.5 4.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's ’s other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 6.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The 6.2 Where the Customer stores the Customer Data on its own systems, the Customer shall follow its own back-up procedures for such Customer Data and Protean shall have sole no responsibility for any loss, destruction, alteration or disclosure of Customer Data that is held on the securityCustomer’s own systems. 6.3 Where Protean is hosting the Customer Data, Protean shall follow its back-upup procedures for Customer Data (details of which are available on request from Protean) or such other website address as may be notified to the Customer from time to time, archiving and recovery as such procedures may be amended by Protean in its sole discretion from time to time. In the event of any loss or damage to Customer Data. 5.3 If , the Customer utilises Customer’s sole and exclusive remedy shall be for Protean to use reasonable commercial endeavours to restore the customer service icon provided by the Supplier within the Software the Customer acknowledges that any lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through maintained by Protean in accordance with the customer service icon provided within the Software. 5.4 The Supplier back-up procedure described above. Protean shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality contracted by Protean to perform services related to Customer Data maintenance and back-up). 6.4 Protean shall, in connection with supplying the Software), except and Software to the extent that Customer comply with its Privacy and Security Policy relating to the Supplier is entitled to recover privacy and has so recovered an amount (net security of the costs of recovery) equal Customer Data available on request to the Customer and on such loss website address as may be notified to the Customer from the relevant third partytime to time, as such document may be amended from time to time by Protean in its sole discretion. 5.5 6.5 If the Supplier Protean processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Protean shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) 6.5.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services Cloud Service and the Supplier's Xxxxxxx’s other obligations under these Terms and Conditions of Usethis agreement; (d) 6.5.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to Protean so that Protean may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; 6.5.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) the Supplier 6.5.4 Protean shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (f) 6.5.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. 6.6 Without prejudice to clause 4.2, the Customer acknowledges and agrees that: 6.6.1 Protean is reliant upon third party providers in order to supply the Cloud Service; and (g) 6.6.2 Protean shall have no liability to the Customer shall make and maintain all necessary registration applications within all appropriate categories under for any loss (including any loss arising from the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions loss or misuse of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save Data) to the extent that the same Customer which is caused by an act or arises omission of such third party providers. 6.7 The Customer acknowledges and agrees that when using the Software: 6.7.1 it is able to integrate with third party software (such as accounting software) in order to submit and exchange Customer Data; and 6.7.2 it shall indemnify Protean for any claim against Protean by such third party software suppliers arising from the SupplierCustomer’s (or submission and exchange of Customer Data pursuant to clause 6.7.1. 6.8 The Customer hereby gives consent to Protean to allow Protean to collate and use its directorsCustomer Data for Protean’s own marketing and other commercial purposes, employees or sub-contractors’) negligence or breach provided that such Customer Data is anonymised by Protean prior to its use, and such use is subject to Protean’s obligations of its obligations confidentiality under these Terms and Conditions of Useclause 11.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality , reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data as described in the relevant Service Level Agreement or the Supplier’s Hosting Policy (as applicable). The Supplier may, without obligation to the Customer, make such additional backup or archiving arrangements as it sees fit. 5.3 In the event of any loss or damage to Customer Data during the Licence Term, the Customer's sole and exclusive remedy shall have sole responsibility be for the securitySupplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in the relevant Service Level Agreement or the Supplier’s Hosting Policy (as applicable). 5.4 The Supplier shall not be required to maintain, back-up, archiving and recovery protect or retrieve any Customer Data after the expiry of Customer Datathe Licence Term. 5.3 5.5 If the Customer utilises the customer service icon provided by the Supplier within the Software Software, the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third third-party supplier’s Security Policysecurity policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/securityxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 5.6 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 5.7 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 Xxx 0000 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use Use; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 5.8 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, backData as set out in its Back-up, archiving and recovery of Customer Data. 5.3 If Up Policy available at XxxxxXXX.xxx or such other website address as may be notified to the Customer utilises the customer service icon provided as such document may be amended by the Supplier within in its sole discretion from time to time the Software current version of which is set out at Schedule 3 of this Agreement. In the event of any loss or damage to Customer acknowledges that any Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with the Software), except and to the extent that contracted by the Supplier is entitled to recover perform services related to Customer Data maintenance and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyback-up). 5.5 5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy as such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (db) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ec) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fd) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and. (g) 5.5 The Supplier and the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA comply with their respective obligations as are required set out in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions Schedule 4 of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.this Agreement

Customer Data. 5.1 5.1. The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 5.2. The Customer shall have sole responsibility for Supplier shall, in providing the securityServices, back-up, archiving comply with its Privacy and recovery Security Policy relating to the privacy and security of Customer Data. 5.3 If the Customer utilises Data available at xxxxx://xxxxxx.xxx/privacy or such other website address as may be notified to the customer service icon provided Customer from time to time, as such document may be amended from time to time by the Supplier within in its sole discretion. Expressions defined in the Software Privacy and Security policy and used in this agreement shall have the Customer acknowledges that any Customer Data uploaded via such service will be subject to meaning set out in the relevant third party supplier’s Privacy and Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Softwarepolicy. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 5.3. If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) 5.3.1. the Customer undertakes to comply with all acknowledges and agrees that the requirements personal data may be transferred or stored outside of the Data Protection Act 1998 UK in connection with any personal data processed by order to those recipients set out in clause 10 of the Supplier on Suppliers Privacy and Security Policy (“Recipient Processor”) carry out the Customer's behalf when performing its Services and the Supplier’s other obligations under these Terms and Conditions of Use this agreement; (b) 5.3.2. the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's ’s behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) 5.3.3. the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) 5.3.4. the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (f) 5.3.5. each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality , reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data as described in the Service Level Agreement or the Supplier’s Hosting Policy (as applicable). The Supplier may, without obligation to the Customer, make such additional backup or archiving arrangements as it sees fit. 5.3 In the event of any loss or damage to Customer Data during the Licence Term, the Supplier shall have sole responsibility for be under no obligation to retrieve the securityCustomer’s Data from any back-up taken by or on behalf of the Supplier. 5.4 The Supplier shall not be required to maintain, back-up, archiving and recovery protect or retrieve any Customer Data after the expiry of Customer Datathe Licence Term. 5.3 5.5 If the Customer utilises the customer service icon provided by the Supplier within the Software Software, the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third third-party supplier’s Security Policysecurity policy. The Supplier currently utilises the a Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/securityxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 5.6 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 5.7 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 Xxx 0000 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use Use; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 5.8 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 4.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 The Customer shall have sole responsibility for 4.2 Subject to the security, back-up, archiving and recovery obligations of Customer Data. 5.3 If confidentiality in clause 10 the Customer utilises grants the customer service icon provided Supplier and Authorised Users the right to Process the Customer Data in the course of providing the Services and any services ancillary to them 4.3 The Supplier shall, in providing the Services, comply with its Privacy Policy relating to the privacy and security of the Customer Personal Data available at xxx.xxxxxxxxx.xxx or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service in its sole discretion. 4.4 Both parties will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy comply with all applicable requirements of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/securityData Protection Legislation. The Supplier accepts no liability for any Customer This clause 4 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data transferred through the customer service icon provided within the SoftwareProtection Legislation. 5.4 4.5 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party parties acknowledge that: (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recoverya) equal to such loss from the relevant third party. 5.5 If if the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;Legislation. (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions this agreement. 4.6 Without prejudice to the generality of Use; (d) clause 4.4, the Customer shall will ensure that the relevant third parties have been informed of, it has all necessary appropriate consents and have given their consent to, such use, processing and notices in place to enable lawful transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental lossto the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, destruction or damage; andprocess and transfer the personal data in accordance with this agreement on the Customer's behalf. (g) 4.7 Without prejudice to the Customer shall make and maintain all necessary registration applications within all appropriate categories under generality of clause 4.4, the DPA as are required Supplier shall, in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the performance by the Supplier of its obligations under this agreement: (a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer; (b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled: (i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and (iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data (and for these purposes the term "delete" shall mean to put such data beyond use); and (f) maintain complete and accurate records and information to demonstrate its compliance with this clause 4 and immediately inform the Company if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation. 4.8 Each party shall ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Useagainst accidental loss or destruction of, save or damage to, personal data, appropriate to the extent harm that the same is caused by or arises might result from the Supplier’s unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (or its directorsthose measures may include, employees or sub-contractors’) negligence or breach where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its obligations under these Terms systems and Conditions services, ensuring that availability of Useand access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 4.9 Either party may, at any time on not less than 30 days' notice, revise this clause 4 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).

Customer Data. 5.1 5.1. The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 5.2. The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If Data as set out in its Back- Up Policy available at such website address as may be notified to the Customer utilises the customer service icon provided from time to time, as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the archiving procedure described in its Back- Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-party up). 5.3. The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at such website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 5.4. If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) 5.4.1. the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) 5.4.2. the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) 5.4.3. the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (f) 5.4.4. each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within in the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security PolicyESC Cloud Database. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with contracted by the Software), except and Supplier to perform services related to the extent that upkeep of the ESC Cloud Database). 5.3 The Supplier shall, in providing the Services, comply with its privacy policy relating to the privacy and security of the Customer Data available on the ESC Website or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled in its sole discretion. 5.4 By agreeing to recover these Terms and has so recovered an amount (net of Conditions the costs of recovery) equal Customer agrees to such loss from the relevant third partySuppliers Privacy Policy. 5.5 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) 5.5.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's ’s other obligations under these Terms and Conditions of Usethis agreement; (d) 5.5.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; 5.5.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) 5.5.4 the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (f) 5.5.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 4.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 4.2 The Supplier shall follow its archiving procedures for Customer Data, which include but are not limited to: nightly backups to offsite servers as well as replicated copies to independent onsite servers. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavors to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within in accordance with the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policyarchiving procedure. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with the Software), except and to the extent that contracted by the Supplier is entitled to recover perform services related to Customer Data maintenance and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyback-up). 5.5 4.3 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all acknowledges and agrees that the requirements of the Data Protection Act 1998 in connection with any personal data processed by may be transferred or stored outside the Supplier on state where the Customer's behalf when performing its Customer and the Authorized Users are located in order to carry out the Services and the Supplier’s other obligations under these Terms and Conditions of Use this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational organizational measures against unauthorised unauthorized or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 o The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of all such Customer Data. o The Supplier shall follow its procedures for maintenance of metadata related to Customer Data as set out in its Metadata Maintenance Policy available athttps://xxxxxxxx.xx/xxxxxxxx-xxxxxxxxxxx-xxxxxx or such other website address as may be notified to the Customer Data. 5.2 The Customer shall have sole responsibility for the securityfrom time to time, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer acknowledges that any with available Customer comprehensible metadata to restore the lost or damaged Customer Data uploaded via from the latest version of such service will be subject metadata related to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the procedure described in its Metadata Maintenance Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-party up for which it shall remain fully liable under clause 9). o The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at xxxxx://xxxxxxxx.xx/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net in its sole discretion. o Both parties will comply with all applicable requirements of the costs of recovery) equal to such loss from Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the relevant third party. 5.5 If Data Protection Legislation. o The parties acknowledge that:  if the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 in connection with any Legislation.  Schedule 2 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions categories of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that subject.  the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's ’s other obligations under these Terms and Conditions this agreement. o Without prejudice to the generality of Use; (d) clause 4, the Customer shall will ensure that the relevant third parties have been informed of, it has all necessary appropriate consents and have given their consent to, such use, processing and notices in place to enable lawful transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental lossto the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, destruction or damage; and (g) process and transfer the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier in accordance with this agreement on the Customer's behalf when performing its obligations under these Terms and Conditions of Use’s behalf. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavors to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within in accordance with the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policyarchiving procedure. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at the website assigned to the Customer by the Supplier, or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 5.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all acknowledges and agrees that the requirements of the Data Protection Act 1998 in connection with any personal data processed by may be transferred or stored outside the Supplier on state where the Customer's behalf when performing its Customer and the Authorized Users are located in order to carry out the Services and the Supplier’s other obligations under these Terms and Conditions of Use this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational organizational measures against unauthorised unAuthorized or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 4.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all Customer Data. 5.2 4.2 The Customer acknowledges and agrees that the Customer Data shall have be transferred to and stored by the PaaS Supplier. 4.3 The archiving procedures for Customer Data shall be notified to the Customer by the Supplier. In the event of any loss or damage to Customer Data, the Customer's sole responsibility and exclusive remedy against the Supplier shall be for the security, Supplier to use reasonable commercial endeavours to require the PaaS Supplier to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the PaaS Supplier within in accordance with the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplierPaaS Supplier’s Security Policythen current archiving procedure. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 4.4 The Supplier shall, in providing the Services, comply with its privacy and IT and communications system policies relating to the privacy and security of the Customer Data as such policies may be amended from time to time by the Supplier in its sole discretion. 4.5 If the Supplier and/or the PaaS Supplier processes any personal data on the Customer's behalf when performing its the Supplier’s obligations under these Terms and Conditions of Usethis agreement (including the processing set out in Schedule 6), the parties record their intention that the Customer shall be the data controller and the Supplier and/or PaaS Supplier as appropriate shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA United Kingdom or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier and/or PaaS Supplier as appropriate for the duration and purposes of this agreement so that the Supplier and/or PaaS Supplier as appropriate may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; and (c) the Customer shall ensure that all relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable Data Protection Legislation. 4.6 The Supplier shall, in relation to any personal data processed by it on the Customer’s behalf when performing its obligations under this agreement: (a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer; (b) not transfer any personal data outside of the United Kingdom unless the following conditions are fulfilled: (i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection legislationto any personal data that is transferred; and (iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) at the Supplier shall process written direction of the Customer take all reasonable steps to delete or return personal data to the Customer on termination of the agreement unless required by Applicable Law to store the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time;data; and (f) each maintain complete and accurate records and information to demonstrate its compliance with this clause 4 and immediately inform the Customer if an instruction infringes the Data Protection Legislation. 4.7 Each party shall take ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage; and damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (g) the Customer shall make those measures may include, where appropriate, pseudonymising and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to any personal data processed can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 4.8 The Customer consents to the Supplier on appointing the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the PaaS Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing as a third-party processor of personal data under this agreement. The Supplier confirms that it has entered into a written agreement on that third party's standard terms of business which reflect the Customerrequirements of the Data Protection Legislation. 4.9 Either party may, at any time on not less than 30 days' notice, revise this clause 4 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement). 4.10 Both parties will comply with all applicable requirements of the Data Protection Legislation and acknowledge that this obligation is in addition to, and does not relieve, remove or replace, a party's behalf when performing its obligations or rights under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of UseData Protection Legislation.

Customer Data. 5.1 5.1. The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 5.2. The Supplier shall follow its procedures for maintenance of metadata related to Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If Data as set out in its Metadata Maintenance Policy available at xxxxx://xxxxxxxx.xx/metadata-maintenance-policy or such other website address as may be notified to the Customer utilises the customer service icon provided from time to time, as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer acknowledges that any with available Customer comprehensible metadata to restore the lost or damaged Customer Data uploaded via from the latest version of such service will be subject metadata related to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the procedure described in its Metadata Maintenance Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-party up for which it shall remain fully liable under clause 5.9). 5.3. The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at xxxxx://xxxxxxxx.xx/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net in its sole discretion. 5.4. Both parties will comply with all applicable requirements of the costs of recovery) equal to such loss from Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the relevant third partyData Protection Legislation. 5.5 If 5.5. The parties acknowledge that: (a) if the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;Legislation. (b) Schedule 2 sets out the Customer shall ensure that scope, nature and purpose of processing by the Customer is entitled to transfer Supplier, the relevant duration of the processing and the types of personal data to the Supplier so that the Supplier may lawfully process the personal and categories of data in accordance with these Terms and Conditions of Use on the Customer's behalf;subject. (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions this agreement. 5.6. Without prejudice to the generality of Use; (d) clause 5.4, the Customer shall will ensure that the relevant third parties have been informed of, it has all necessary appropriate consents and have given their consent to, such use, processing and notices in place to enable lawful transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental lossto the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, destruction or damage; andprocess and transfer the personal data in accordance with this agreement on the Customer's behalf. (g) 5.7. Without prejudice to the Customer shall make and maintain all necessary registration applications within all appropriate categories under generality of clause 5.4, the DPA as are required Supplier shall, in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the performance by the Supplier of its obligations under this agreement: (a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer; (b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled: i. the Customer or the Supplier has provided appropriate safeguards in relation to the transfer; ii. the data subject has enforceable rights and effective legal remedies; iii. the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and iv. the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) at the written direction of the Customer, delete or return personal data it can reasonably identify and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data (and for these purposes the term "delete" shall mean to put such data beyond use); and (f) maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation. 5.8. Each party shall ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Useagainst accidental loss or destruction of, save or damage to, personal data, appropriate to the extent harm that the same is caused by or arises might result from the Supplier’s unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (or its directorsthose measures may include, employees or sub-contractors’) negligence or breach where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its obligations systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with (i) Amazon Web Services EMEA SARL or any other member of the Amazon Web Services Group; and (ii) any other third party processor the Supplier considers appropriate to the provision of the Services; as a third-party processor of personal data under these Terms this agreement. The Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business including terms related to the requirements of the Data Protection Legislation. As between the Customer and Conditions the Supplier, the Supplier shall use commercially reasonable efforts to enforce the terms of Useany third-party processor.

Customer Data. 5.1 4.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 4.2 The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided Data as set out in its back- up policy available on request in writing as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer's sole and exclusive remedy shall be for the Supplier to use reasonable endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through maintained by the customer service icon provided within Supplier in accordance with the Software. 5.4 archiving procedure described in its back-up policy. The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 4.3 The Supplier shall, in providing customer service functionality the Services: (a) comply with all Data Protection Laws in connection with the Software)processing of Customer Data, except the Services and the exercise and performance of its respective rights and obligations under this Contract, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and (b) comply with its privacy and data protection policy as may be updated from time to time by the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partySupplier. 5.5 4.4 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis Contract, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Usethis Contract; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this Contract on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Contract and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 6.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 6.2 Posturite shall, in providing the Products and Professional Services, comply with its Information Security and Data Protection Policy relating to the privacy and security of the Customer Data available at [the Customer’s request], as such document may be amended from time to time by Posturite in its sole discretion. 6.3 The Customer shall have sole responsibility for parties agree that, in respect of the security, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller Data Controller and the Supplier Posturite shall be a Data Processor and shall process the Customer Data in compliance with the obligations of Data Processors under Data Protection Laws. 6.4 The Customer warrants, represents and undertakes, that: 6.4.1 all data processor sourced by the Customer shall comply in all respects, including in terms of its collection, storage and processing (which shall include the Customer providing all of the required fair processing information to, and obtaining all necessary consents from, Data Subjects), with Data Protection Laws; and 6.4.2 all instructions given by it to Posturite in respect of Personal Data shall at all times be in accordance with Data Protection Laws. 6.5 Posturite, as Data Processor, shall: 6.5.1 inform the Customer if Posturite becomes aware of any instruction that, in the Posturite’s opinion, infringes Data Protection Laws, provided that to the maximum extent permitted by mandatory law, Posturite shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities arising from or in connection with any processing in accordance with the Customer's Processing Instructions following the Customer's receipt of that information. 6.5.2 implement and maintain at its own cost and expense, technical and organisational measures, taking into account the nature of the processing, to assist the Customer insofar as is possible in the fulfilment of the Customer’s obligations to respond to Data Subject Requests relating to Customer Data; 6.5.3 refer all Data Subject Requests it receives to the Customer within five Business Days of receipt of the request; 6.5.4 maintain, in accordance with Data Protection Laws binding on Posturite, written records of all categories of processing activities carried out on behalf of the Customer; 6.5.5 subject to condition 6.6.1, ensure that all persons authorised by Posturite to process Customer Data are subject to a binding written contractual obligation to keep the Customer Data confidential (except where disclosure is required in accordance with Applicable Law, in which case Posturite shall, where practicable and not prohibited by Applicable Law, notify the Customer of any such caserequirement before such disclosure); 6.5.6 ensure that each Authorised Sub-Processor shall to the extent applicable, be subject to conditions substantially no less onerous to those conditions contained within this condition 6; in accordance with Data Protection Laws, make available to the Customer such information as is reasonably necessary to demonstrate Posturite’s compliance with the obligations of Data Processors under Data Protection Laws, and allow for and contribute to audits, including inspections, by the Customer (or another auditor mandated by the Customer) for this purpose, subject to the Customer giving Posturite reasonable prior notice of such information request; 6.5.7 notify the Customer (for which email shall suffice) if Posturite adds or removes any Authorised Sub- Processors at least ten (10) days prior to any such change. The Customer acknowledges and agrees that Posturite may object in writing to an appointment of a new Authorised Sub-Processor within five (5) calendar days of such notice. In such event, the parties shall discuss such concerns in good faith with a view to achieving resolution. If this is not possible, the Customer may suspend or terminate the Contract (without prejudice to any fees incurred by the Customer prior to suspension or termination); 6.5.8 in respect of any Personal Data Breach, Posturite shall, without undue delay: (a) notify the Customer undertakes to comply with all the requirements of the any Customer Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;Breach; and (b) provide the Customer with details of the Customer Data Breach; and 6.5.9 Posturite shall either delete or return all the Customer Data to the Customer in such form as the Customer reasonably requests within a reasonable time once processing by Posturite of any Customer Data is no longer required for the purpose of Posturite’s performance of its relevant obligations under the Contract. 6.6 The processing of Personal Data by Posturite to be carried out in accordance with the change control procedure in condition 5.9 and shall comprise the information contained in the Contract Particulars, and may be updated from time to time in accordance with any change control procedure in condition 5.9. 6.7 Posturite shall not: 6.7.1 With the exception of the Authorised Sub-Processors, engage any other party (a ‘Sub-Processor’) for carrying out any processing activities in respect of the Customer Data without the Customer’s written authorisation authorising the appointment of that specific Sub-Processor; or 6.7.2 transfer or store any personal data outside the EEA or the country where the Customer and the Licensed Users are located in order to carry out the Products and Professional Services and Posturite’s other obligations under the Contract. 6.8 The Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Posturite so that the Supplier Posturite may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use the Contract on the Customer's behalf;. (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the 6.9 The Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation;Data Protection Laws. (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each 6.10 Each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the Customer Data or any personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 9.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 9.2 The Supplier shall follow the procedures for Customer shall have sole responsibility for the securityData as set out in applicable Service Option, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided such procedure may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the last available back-up of such Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security PolicyData. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 9.3 The Supplier shall, in providing customer service functionality in connection the Services, comply with its Privacy Policy available on the Software), except and InsightCloud Website or such other website address as may be notified to the extent that Customer from time to time and such policy may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 9.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis Agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) 9.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's ’s other obligations under these Terms and Conditions of Usethis Agreement; (d) 9.4.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this Agreement on the Customer's behalf; 9.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) 9.4.4 the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Agreement and any lawful instructions reasonably given by the Customer from time to time;; and (f) each party 9.4.5 the Supplier shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and. 9.5 On termination of this Agreement, any Service Option or User Subscription (gas the care may be) the Customer shall make and maintain all necessary registration applications within all appropriate categories under have 30 days to request a copy of the DPA as are required in relation to any personal data processed by last back-up of the Customer Data. Thereafter, the Supplier on shall be entitled to destroy the Customer's behalf when performing Customer Data at its obligations under these Terms and Conditions of Usediscretion. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security PolicySupplier. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.3 The Customer acknowledges and agrees that its Customer Data (non-confidential Authorised User answers and Authorised User progress) may be utilised by the Supplier for the proper performance of, and improvement of, the Services, including any third-party providing customer service functionality in connection with the Software)analysis and research, except general metrics and to analytics and general promotional uses. 5.4 To the extent that the Supplier is entitled to recover Customer Data comprises Personal Data and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data such Personal Data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement (Customer Personal Data), the parties record their intention that the Customer shall be the data controller Controller and the Supplier shall be a data processor the Processor of such Customer Personal Data and in any such casethe following provisions apply: (a) the Customer undertakes to both parties shall comply with all the requirements of the Data Protection Act 1998 Laws in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions performance of Use this agreement; (b) the Customer Supplier shall ensure that process the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data Personal Data only in accordance with these Terms this agreement and Conditions any lawful instructions reasonably given by the customer from time to time (unless the Supplier is required by the Data Protection Laws or any other applicable laws to otherwise process the Customer Personal Data, in which case the Supplier shall promptly notify the Customer of Use on this before performing the Customer's behalfprocessing unless those Applicable Laws prohibit the Supplier from doing so; (c) unless otherwise agreed, the Customer acknowledges and agrees that the personal data may Personal Data shall not be transferred or stored outside of the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of UseEuropean Economic Area (EEA); (d) the Customer shall ensure be responsible for ensuring that it is lawfully entitled to transfer the Customer Personal Data to the Supplier, including by giving all necessary notices and/ or obtaining necessary consents, so that the relevant third parties have been informed of, and have given their consent to, such Supplier may use, processing process and transfer as required by all applicable data protection legislationit in accordance with this agreement; (e) taking into account the Supplier shall process state of technical development and the personal data only in accordance with these Terms and Conditions nature of Use and any lawful instructions reasonably given by the Customer from time to time; (f) processing, each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data Customer Personal Data or its accidental loss, alteration, disclosure, destruction or damage; and; (f) the Supplier shall ensure that all persons acting for it with access to Customer Personal Data are informed of the confidential nature of the Customer Personal Data and are subject to a suitable binding obligation to keep the same confidential; (g) the Customer acknowledges and agrees that the Supplier may use third party sub-Processors for the purposes of providing the Services, provided that the Supplier shall make remain fully responsible for the acts and maintain all necessary registration applications within all appropriate categories omissions of such third parties. The Supplier shall inform the Customer of any intended changes concerning the addition or replacement of sub- Processors involved the processing of Customer Personal Data, thereby giving the Customer the opportunity to object to such changes; (h) the Supplier shall assist the Customer in providing Data Subject access and allowing Data Subjects to exercise their rights under the DPA as are required GDPR; (i) the Supplier shall notify the Customer without delay and in any case within seventy-two (72) hours on becoming aware of any breach of Customer Personal Data; (j) the Supplier must assist the Customer in meeting its GDPR obligations in relation to any personal data processed by the Supplier on security of processing, the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing notification of personal data on breaches and data protection impact assessments; and (k) the Customer's behalf when performing Supplier shall maintain complete and accurate records to demonstrate its obligations under these Terms compliance with this clause 5.4 and Conditions of Use, save allow for audits by the Customer to the extent that the same is caused by or arises from verify the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Usecompliance with this clause 5.4. 5.5 All Customer Data will be handled in accordance with the privacy notice referred to in Schedule 1.

Customer Data. 5.1 6.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 6.2 Posturite shall, in providing the Products and Professional Services, comply with its Information Security and Data Protection Policy relating to the privacy and security of the Customer Data available at the Customer’s request, as such document may be amended from time to time by Posturite in its sole discretion. 6.3 The Customer shall have sole responsibility for parties agree that, in respect of the security, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller Data Controller and the Supplier Posturite shall be a Data Processor and shall process the Customer Data in compliance with the obligations of Data Processors under Data Protection Laws. 6.4 The Customer warrants, represents and undertakes, that: 6.4.1 all data processor sourced by the Customer shall comply in all respects, including in terms of its collection, storage and processing (which shall include the Customer providing all of the required fair processing information to, and obtaining all necessary consents from, Data Subjects), with Data Protection Laws; and 6.4.2 all instructions given by it to Posturite in respect of Personal Data shall at all times be in accordance with Data Protection Laws. 6.5 Posturite, as Data Processor, shall: 6.5.1 inform the Customer if Posturite becomes aware of any instruction that, in the Posturite’s opinion, infringes Data Protection Laws, provided that to the maximum extent permitted by mandatory law, Posturite shall have no liability howsoever arising (whether in contract, tort (including negligence) or otherwise) for any losses, costs, expenses or liabilities arising from or in connection with any processing in accordance with the Customer's Processing Instructions following the Customer's receipt of that information. 6.5.2 implement and maintain at its own cost and expense, technical and organisational measures, taking into account the nature of the processing, to assist the Customer insofar as is possible in the fulfilment of the Customer’s obligations to respond to Data Subject Requests relating to Customer Data; 6.5.3 refer all Data Subject Requests it receives to the Customer within five Business Days of receipt of the request; 6.5.4 maintain, in accordance with Data Protection Laws binding on Posturite, written records of all categories of processing activities carried out on behalf of the Customer; 6.5.5 subject to condition 6.6.1, ensure that all persons authorised by Posturite to process Customer Data are subject to a binding written contractual obligation to keep the Customer Data confidential (except where disclosure is required in accordance with Applicable Law, in which case Posturite shall, where practicable and not prohibited by Applicable Law, notify the Customer of any such caserequirement before such disclosure); 6.5.6 ensure that each Authorised Sub-Processor shall to the extent applicable, be subject to conditions substantially no less onerous to those conditions contained within this condition 6; in accordance with Data Protection Laws, make available to the Customer such information as is reasonably necessary to demonstrate Posturite’s compliance with the obligations of Data Processors under Data Protection Laws, and allow for and contribute to audits, including inspections, by the Customer (or another auditor mandated by the Customer) for this purpose, subject to the Customer giving Posturite reasonable prior notice of such information request; 6.5.7 notify the Customer (for which email shall suffice) if Posturite adds or removes any Authorised Sub- Processors at least ten (10) days prior to any such change. The Customer acknowledges and agrees that Posturite may object in writing to an appointment of a new Authorised Sub-Processor within five (5) calendar days of such notice. In such event, the parties shall discuss such concerns in good faith with a view to achieving resolution. If this is not possible, the Customer may suspend or terminate the Contract (without prejudice to any fees incurred by the Customer prior to suspension or termination); 6.5.8 in respect of any Personal Data Breach, Posturite shall, without undue delay: (a) notify the Customer undertakes to comply with all the requirements of the any Customer Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;Breach; and (b) provide the Customer with details of the Customer Data Breach; and 6.5.9 Posturite shall either delete or return all the Customer Data to the Customer in such form as the Customer reasonably requests within a reasonable time once processing by Posturite of any Customer Data is no longer required for the purpose of Posturite’s performance of its relevant obligations under the Contract. 6.6 The processing of Personal Data by Posturite to be carried out in accordance with the change control procedure in condition 5.9 and shall comprise the information contained in the Contract Particulars, and may be updated from time to time in accordance with any change control procedure in condition 5.9. 6.7 Posturite shall not: 6.7.1 With the exception of the Authorised Sub-Processors, engage any other party (a ‘Sub-Processor’) for carrying out any processing activities in respect of the Customer Data without the Customer’s written authorisation authorising the appointment of that specific Sub-Processor; or 6.7.2 transfer or store any personal data outside the EEA or the country where the Customer and the Licensed Users are located in order to carry out the Products and Professional Services and Posturite’s other obligations under the Contract. 6.8 The Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Posturite so that the Supplier Posturite may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use the Contract on the Customer's behalf;. (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the 6.9 The Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation;Data Protection Laws. (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each 6.10 Each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the Customer Data or any personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, backData as set out in its Back-up, archiving and recovery of Customer Data. 5.3 If Up Policy available at Xxxx-xx.xxx or such other website address as may be notified to the Customer utilises the customer service icon provided as such document may be amended by the Supplier within in its sole discretion from time to time the Software current version of which is set out at Schedule 3 of this Agreement. In the event of any loss or damage to Customer acknowledges that any Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with the Software), except and to the extent that contracted by the Supplier is entitled to recover perform services related to Customer Data maintenance and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyback-up). 5.5 5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy as such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (db) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ec) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fd) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 4.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 4.2 The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, backData as set out in its Back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided Up Policy available on request in writing as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back- up). 4.3 The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at xxxx://xxx.xxxxxx00.xxx or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 4.4 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Sisense processes Customer Data, including personal data about any natural person (“Personal Data”, which may also be referred to as “personally identifiable information” or “personal information” by applicable laws), as a “data processor” acting on behalf of the Customer (who will be the “data controller” of such data). 4.1.1. Sisense shall own process such Personal Data in accordance with the Data Processing Addendum in effect at the time of this Agreement available at xxxxx://xxxxx.xxxxxxx.xxx/rs/601-OXE-081/images/Data-Processing-Addendum.pdf (the “DPA”). Sisense may update the DPA from time to time in its reasonable discretion, provided there is no material degradation to the overall protections set forth in the DPA. In the event of any conflict between the terms and conditions of this Agreement and the DPA, the terms and conditions of the DPA will govern. 4.1.2. Customer represents and warrants that: (a) it and its Users have all the necessary rights, title licenses, consents, waivers and interest in permissions to allow Sisense: (i) to store, process and to all of deliver the Customer Data and shall have sole responsibility for otherwise provide the legality Services and operate the Product on behalf of Customer; (ii) to use any Customer Data provided to or collected by the Product according to Customer’s instructions; and (iii) to receive, reliabilitytransfer and process any Customer Data from or to any third party according to Customer’s instructions, integritywhether by application program interface (“API”), accuracy and quality file transfer protocol or other data transfer method; (b) neither Customer nor its Users, nor any of their respective users, will use the applicable Product or any of the Customer Data. 5.2 The Customer shall have Services in a way or for any purpose that infringes or misappropriates any third party’s intellectual property rights or other proprietary rights; and (c) if Sisense considers, in its sole responsibility for the securitydiscretion, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy breaches any of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any requirements set forth in this Section, or may subject Sisense to material adverse risks, and Sisense requests that such Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the removed or amended, then Customer as a result of or arising will withdraw such Customer Data from the destruction, alteration, applicable Product or disclosure of any amend such Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partySisense’s satisfaction. 5.5 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Customer . For the avoidance of doubt, the Company shall have sole responsibility for no right or interest in the security, back-up, archiving and recovery of Customer Data. 5.3 If 5.2 In the event of any loss or damage to Customer utilises Data, the customer service icon provided Customer's sole and exclusive remedy shall be for the Company to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security PolicyCompany. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier Company shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 5.3 The Company shall use commercially reasonable endeavours to maintain the confidentiality of the Customer’s Data and shall not disclose or use this without the Customer’s express consent. 5.4 If the Supplier Company processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Company shall be a data processor and in any such case: (a) the Customer undertakes to comply with all acknowledges and agrees that the requirements of the Data Protection Act 1998 in connection with any personal data processed by may be transferred or stored outside the Supplier on EEA in order to carry out the Customer's behalf when performing its Services and the Company’s other obligations under these Terms and Conditions of Use this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Company so that the Supplier Company may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier Company shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and. (g) 5.5 Upon termination of the Agreement for whatever reason, the Customer shall make and maintain all necessary registration applications within all appropriate categories under be entitled to an export of the DPA as are required in relation to any personal data processed Customer Data then held by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of UseCompany. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 5.1. The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 5.2. The Supplier shall follow its procedures for maintenance of metadata related to Customer shall have sole responsibility for the Data as set out in its Privacy and Security Policy available at xxxxx://xxxxxxxx.xx/privacy- security, back-up, archiving and recovery of Customer Data. 5.3 If policy or such other website address as may be notified to the Customer utilises the customer service icon provided from time to time, as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer acknowledges that any with available Customer comprehensible metadata to restore the lost or damaged Customer Data uploaded via from the latest version of such service will be subject metadata related to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the procedure described in its Metadata Maintenance Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up for which it shall remain fully liable under clause 5.9). 5.3. The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at xxxxx://xxxxxxxx.xx/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net in its sole discretion. 5.4. Both parties will comply with all applicable requirements of the costs of recovery) equal to such loss from Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the relevant third partyData Protection Legislation. 5.5 If 5.5. The parties acknowledge that: (a) if the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;Legislation. (b) Schedule 2 sets out the Customer shall ensure that scope, nature and purpose of processing by the Customer is entitled to transfer Supplier, the relevant duration of the processing and the types of personal data to the Supplier so that the Supplier may lawfully process the personal and categories of data in accordance with these Terms and Conditions of Use on the Customer's behalf;subject. (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Authorized Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions this agreement. 5.6. Without prejudice to the generality of Use; (d) clause 5.4, the Customer shall will ensure that the relevant third parties have been informed of, it has all necessary appropriate consents and have given their consent to, such use, processing and notices in place to enable lawful transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental lossto the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, destruction or damage; andprocess and transfer the personal data in accordance with this agreement on the Customer's behalf. (g) 5.7. Without prejudice to the Customer shall make and maintain all necessary registration applications within all appropriate categories under generality of clause 5.4, the DPA as are required Supplier shall, in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the performance by the Supplier of its obligations under this agreement: (a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer; (b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled: (i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and (iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) at the written direction of the Customer, delete or return personal data it can reasonably identify and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data (and for these purposes the term "delete" shall mean to put such data beyond use); and (f) maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation. 5.8. Each party shall ensure that it has in place appropriate technical and organisational measures to protect against unauthorized or unlawful processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Useagainst accidental loss or destruction of, save or damage to, personal data, appropriate to the extent harm that the same is caused by or arises might result from the Supplier’s unauthorized or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (or its directorsthose measures may include, employees or sub-contractors’) negligence or breach where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its obligations under these Terms systems and Conditions services, ensuring that availability of Useand access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with

Customer Data. 5.1 ‌ 5.1. The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 5.2. The Supplier shall follow its procedures for maintenance of metadata related to Customer shall have sole responsibility for the Data as set out in its Privacy and Security Policy available at xxxxx://xxxxxxxx.xx/privacy- security, back-up, archiving and recovery of Customer Data. 5.3 If policy or such other website address as may be notified to the Customer utilises the customer service icon provided from time to time, as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer acknowledges that any with available Customer comprehensible metadata to restore the lost or damaged Customer Data uploaded via from the latest version of such service will be subject metadata related to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the procedure described in its Metadata Maintenance Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up for which it shall remain fully liable under clause 5.9). 5.3. The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at xxxxx://xxxxxxxx.xx/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net in its sole discretion. 5.4. Both parties will comply with all applicable requirements of the costs of recoveryData Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.‌ 5.5. The parties acknowledge that: (a) equal to such loss from the relevant third party. 5.5 If if the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;Legislation. (b) Schedule 2 sets out the Customer shall ensure that scope, nature and purpose of processing by the Customer is entitled to transfer Supplier, the relevant duration of the processing and the types of personal data to the Supplier so that the Supplier may lawfully process the personal and categories of data in accordance with these Terms and Conditions of Use on the Customer's behalf;subject. (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions this agreement. 5.6. Without prejudice to the generality of Use; (d) clause 5.4, the Customer shall will ensure that the relevant third parties have been informed of, it has all necessary appropriate consents and have given their consent to, such use, processing and notices in place to enable lawful transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental lossto the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, destruction or damage; andprocess and transfer the personal data in accordance with this agreement on the Customer's behalf. (g) 5.7. Without prejudice to the Customer shall make and maintain all necessary registration applications within all appropriate categories under generality of clause 5.4, the DPA as are required Supplier shall, in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the performance by the Supplier of its obligations under this agreement: (a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer; (b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled: (i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and (iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;‌ (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) at the written direction of the Customer, delete or return personal data it can reasonably identify and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data (and for these purposes the term "delete" shall mean to put such data beyond use); and (f) maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation. 5.8. Each party shall ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Useagainst accidental loss or destruction of, save or damage to, personal data, appropriate to the extent harm that the same is caused by or arises might result from the Supplier’s unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (or its directorsthose measures may include, employees or sub-contractors’) negligence or breach where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its obligations systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with‌ (i) Amazon Web Services EMEA SARL or any other member of the Amazon Web Services Group; and (ii) any other third party processor the Supplier considers appropriate to the provision of the Services; as a third-party processor of personal data under these Terms this agreement. The Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business including terms related to the requirements of the Data Protection Legislation. As between the Customer and Conditions the Supplier, the Supplier shall use commercially reasonable efforts to enforce the terms of Useany third-party processor.

Customer Data. 5.1 5.1. The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 5.2. The Supplier shall follow its procedures for maintenance of metadata related to Customer shall have sole responsibility for the Data as set out in its Privacy and Security Policy available at xxxxx://xxxxxxxx.xx/privacy- security, back-up, archiving and recovery of Customer Data. 5.3 If policy or such other website address as may be notified to the Customer utilises the customer service icon provided from time to time, as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavors to provide the Customer acknowledges that any with available Customer comprehensible metadata to restore the lost or damaged Customer Data uploaded via from the latest version of such service will be subject metadata related to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the procedure described in its Metadata Maintenance Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up for which it shall remain fully liable under clause 5.9). 5.3. The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at xxxxx://xxxxxxxx.xx/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net in its sole discretion. 5.4. Both parties will comply with all applicable requirements of the costs of recovery) equal to such loss from Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the relevant third partyData Protection Legislation. 5.5 If 5.5. The parties acknowledge that: (a) if the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;Legislation. (b) Schedule 2 sets out the Customer shall ensure that scope, nature and purpose of processing by the Customer is entitled to transfer Supplier, the relevant duration of the processing and the types of personal data to the Supplier so that the Supplier may lawfully process the personal and categories of data in accordance with these Terms and Conditions of Use on the Customer's behalf;subject. (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Authorized Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions this agreement. 5.6. Without prejudice to the generality of Use; (d) clause 5.4, the Customer shall will ensure that the relevant third parties have been informed of, it has all necessary and have given their consent to, such use, processing appropriate consents and notices in place to enable lawful transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental lossto the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, destruction or damage; andprocess and transfer the personal data in accordance with this agreement on the Customer's behalf. (g) 5.7. Without prejudice to the Customer shall make and maintain all necessary registration applications within all appropriate categories under generality of clause 5.4, the DPA as are required Supplier shall, in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the performance by the Supplier of its obligations under this agreement: (a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer; (b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled: (i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and (iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) in accordance with clause 14.1 (b), delete or return personal data on termination of the agreement unless required by Applicable Law to store the personal data (and for these purposes the term "delete" shall mean to put such data beyond use); and (f) maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation. 5.8. Each party shall ensure that it has in place appropriate technical and organizational measures to protect against unauthorized or unlawful processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Useagainst accidental loss or destruction of, save or damage to, personal data, appropriate to the extent harm that the same is caused by or arises might result from the Supplier’s unauthorized or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (or its directorsthose measures may include, employees or sub-contractors’) negligence or breach where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its obligations under these Terms systems and Conditions services, ensuring that availability of Useand access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organizational measures adopted by it). 5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, backData as set out in its Back-up, archiving and recovery of Customer Data. 5.3 If Up Policy as may be notified to the Customer utilises the customer service icon provided from time to time, as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back- up). 5.3 The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 5.4 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis Agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Usethis Agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this Agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (fd) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 6.1 The Supplier shall follow its archiving procedures for Customer shall own all rights, title and interest Data as set out in and its [Back-Up Policy] available at xxxxx://Xxxxxxxxxxxxxxx.xxxxxxxxx.xxx/support/home or such other website address as may be notified to all of the Customer Data and shall have sole responsibility for the legality from time to time], reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through maintained by the customer service icon provided within Supplier in accordance with the Software. 5.4 archiving procedure described in its [Back-Up Policy]. The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 6.2 The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its [Privacy and Security Policy] relating to the extent that privacy and security of the Customer Data available at xxxxx://Xxxxxxxxxxxxxxx.xxxxxxxxx.xxx/support/home or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 6.3 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis Framework Agreement, the parties Parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the 6.3.1 The Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's ’s other obligations under these Terms and Conditions of Usethis Framework Agreement; (d) 6.3.2 The Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this Framework Agreement on the Customer’s behalf; 6.3.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) 6.3.4 the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Framework Agreement and any lawful instructions reasonably given by the Customer from time to time;; and (f) 6.3.5 each party Party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 4.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 4.2 The Supplier shall follow its standard archiving procedures for Customer Data. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policyin accordance with its standard archiving procedure. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with contracted by the SoftwareSupplier to perform services related to Customer Data maintenance and back-up), except and to the extent . 4.3 The Customer acknowledges that the Supplier is entitled to recover and has so recovered an amount (net does not, as part of its operations in providing the Services, collect personal data for its own purposes. All data collected as a result of the costs use of recovery) equal the Services is stored anonymously by the Supplier. However, the Supplier shall, in providing the Services, comply with its legal and statutory obligations relating to such loss from the privacy and security of any personal data provided by the Customer’s service users. Anonymised data may be used by the Supplier to improve its services or for general dissemination of anonymised analysis to the relevant third partyindustry and to Customers. 5.5 4.4 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Useobligations, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all acknowledges and agrees that the requirements of the Data Protection Act 1998 in connection with any personal data processed by may be transferred or stored outside the Supplier on EEA in order to carry out the CustomerServices and the Supplier's behalf when performing its obligations under these Terms and Conditions of Use other obligations; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use terms on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use terms, the Agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 4.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 4.2 The Customer shall have sole responsibility acknowledges that IMImobile will use Customer Data solely to the extent necessary for the securityperformance of the Service and will obtain no rights in such data by virtue of its use under this Agreement. 4.3 The Customer acknowledges that, back-upexcept as agreed between the parties in writing, archiving and recovery of IMImobile may periodically delete Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer 4.4 IMImobile will process User Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the this Agreement. The Customer shall be the data controller and the Supplier IMImobile shall be a data processor and in any such caseand: (a) the Customer undertakes acknowledges and agrees that the User Data may be transferred or stored outside the EEA or the country where the Customer and the Users are located in order to comply with all carry out the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its Service and IMImobile’s other obligations under these Terms and Conditions of Use this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data User Data to the Supplier IMImobile so that the Supplier IMImobile may lawfully use, process and transfer the personal data User Data in accordance with these Terms and Conditions of Use this Agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (fd) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data User Data or its accidental loss, destruction or damage; and (ge) the Customer shall make parties agree to enter in to and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed abide by the Supplier on terms of the Customer's behalf when performing its obligations under these Terms and Conditions of Usedata processing agreement attached at Appendix A to this Agreement. 5.6 4.5 The Customer shall indemnify acknowledges and keep indemnified consents that IMImobile may be required to disclose User Data to Regulatory Bodies, the Supplier against all actionspolice or Channels (who in turn may disclose such User Data to Regulatory Bodies or the police). The Customer also acknowledges and consents that IMImobile may disclose User Data to Channels for Channels’ own use. The Customer hereby confirms that it, proceedings and its Licensees, costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or have the necessary permissions in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations order to grant such consent under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Usethis clause 4.5.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality , reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data as described in the Service Level Agreement or the Supplier’s Hosting Policy (as applicable). The Supplier may, without obligation to the Customer, make such additional backup or archiving arrangements as it sees fit. 5.3 In the event of any loss or damage to Customer Data during the Licence Term, the Supplier shall have sole responsibility for be under no obligation to retrieve the securityCustomer’s Data from any back- up taken by or on behalf of the Supplier. 5.4 The Supplier shall not be required to maintain, back-up, archiving and recovery protect or retrieve any Customer Data after the expiry of Customer Datathe Licence Term. 5.3 5.5 If the Customer utilises the customer service icon provided by the Supplier within the Software Software, the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third third-party supplier’s Security Policysecurity policy. The Supplier currently utilises the a Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/securityxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 5.6 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 5.7 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 Xxx 0000 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use Use; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 5.8 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within in accordance with the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policyarchiving procedure. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at xxxxx://xxxxx-xxxxxx.xxx/privacy-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 5.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's ’s other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security PolicySupplier. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 5.3 The Supplier shall, in providing the Services, comply with its Privacy Policy relating to the privacy and security of the Customer Data available at xxx.xxxxxxxxxxxxx.xx.xx or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (fd) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and. (g) the 5.5 The Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by acknowledges that the Supplier on and its Licensors collect and use anonymised aggregate data relating to its customers’ use of the Customer's behalf when performing its obligations under these Terms and Conditions of UseServices. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The operation of the Platform and the provision of the Services require the Company to monitor, analyze and process data from the Customer’s online store platform and any other data provided or made accessible by the Customer (the “Customer Data”). Processing of Customer Data. Customer shall upload to the Platform the Customer Data, as to allow the Company to provide the Services. The Customer shall own agrees that the Company will collect, monitor, store, analyze, process and use the Customer Data, on the Customer's behalf, in order to provide the Services. As between Company and Customer, the Intellectual Property Rights (as such term is defined below) and all rightsother right, title and interest of any nature in and to all of the Customer Data Data, which may be stored on the Company’s database, are and shall have sole responsibility remain the exclusive property of Customer and its licensors. The Company shall be considered granted a non-revocable, non-exclusive, assignable, sub-licensable, royalty-free and fully paid up license to use the Customer Data, in order to provide the Services. For the avoidance of doubt, the Company shall not be responsible for the legality , reliability, integrity, accuracy and quality any failure or delay that is attributable to Customer's late delivery of the Customer Data. 5.2 . Except as set forth herein, nothing in this Agreement shall be construed as transferring any right, title or interests in the Customer Data to the Company or any third party. To the extent that the Customer Data includes personally identifiable information (as such term is defined under applicable law), the Customer hereby instructs the Company (and authorizes Company to instruct its sub-processors) to: (i) process Customer Data as reasonably necessary for the provision of the Services; and (ii) transfer such Customer Data, at the Company's discretion, to jurisdictions other than those of the Customer's operations. With respect to the processing of the Customer Data, the Company shall: (i) taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk involved in such processing; (ii) ensure that all individuals who engage in the processing of Customer Data on its behalf are subject to confidentiality undertakings; (iii) taking into account the nature of the processing, assist the Customer in exercising data subjects' rights under applicable data protection laws; (iv) inform Customer without undue delay of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed by the Company on behalf of the Customer; and (iv) either delete, anonymize or return all Customer Data to Customer upon termination of the Order or this Agreement, unless applicable law requires storage of the personal data. Customer hereby authorizes Company to appoint sub-processors, as necessary for the Customer Data processing activities under this Agreement. The Customer shall have sole responsibility for the securityaccuracy, back-up, archiving quality and recovery legality of Customer Data. 5.3 If the Customer utilises Data and the customer service icon provided means by the Supplier within the Software the which Customer acknowledges acquired such personal data. Customer warrants and undertakes that any Customer Data uploaded via such service will be subject has been collected, processed and transferred to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data Company in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Uselaws. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The ODS shall follow its standard archiving procedures for Customer Data in force from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for ODS to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, archiving and recovery up of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any such Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policymaintained by ODS in accordance with those archiving procedures. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier ODS shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by SAP or any other third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with the Software), except and contracted by ODS to perform maintenance services related specifically to the extent that the Supplier is entitled to recover and has so recovered an amount (net Customer Data of the costs of recovery) equal to such loss from the relevant third partyCustomer). 5.5 5.3 ODS shall, in providing the Services, comply with its Privacy Policy relating to the privacy and security of the Customer Data available at [INSERT WEB ADDRESS] or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by ODS in its sole discretion. 5.4 If the Supplier ODS processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier ODS shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierODS's other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to ODS so that ODS may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier ODS shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to 5.5 To the extent that SAP processes any Customer Data, the same Customer acknowledges and agrees that such processing is caused undertaken by or arises from SAP and its subcontractors in accordance with its SAP Personal Data Processing Agreement and that Customer shall be bound by and abide by the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Usesame.

Customer Data. 5.1 7.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 7.2 The Customer shall have sole responsibility for the security, back-up, archiving and recovery Supplier will ensure that there are regular back ups of Customer Data. 5.3 If . In the event of any loss or damage to Customer utilises the customer service icon provided Data caused by the Supplier, the Customer's sole and exclusive remedy shall be for the Supplier within to use reasonable commercial endeavours to restore the Software the Customer acknowledges that any lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through maintained by the customer service icon provided within the Software. 5.4 Supplier. The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with contracted by the SoftwareSupplier to perform services related to Customer Data maintenance and back-up). If recovery of Customer Data is required as a result of an issue resulting from the Customer, except and the Supplier will use all reasonable endeavours to restore the extent lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier provided that the Supplier is entitled to recover and has so recovered an amount (net of Customer pays the costs of Supplier’s reasonable additional Fees for such recovery) equal to such loss from the relevant third party. 5.5 7.3 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis Contract, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) 7.3.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Usethis Contract; (d) 7.3.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this Contract on the Customer's behalf; 7.3.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) 7.3.4 the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Contract and any lawful instructions reasonably given by the Customer from time to time;; and (f) 7.3.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving and security procedures and policies for Customer shall have sole responsibility for Data in accordance with good industry practice. In the securityevent of any loss or damage to Customer Data within the reasonable control of the Supplier, the Supplier will use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, up of such Customer Data maintained by the Supplier in accordance with its archiving and recovery of Customer Dataprocedures. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that unless the parties otherwise expressly agree in writing the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's ’s other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; (c) the Customer shall ensure that all relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time; (fe) each party the Supplier shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (gf) where required to do so by the Customer the Supplier shall enter into any model clauses under EU law and/or any other legal arrangements reasonably required by the Customer to enable the Customer to comply with data protection laws applicable to it from time to time in relation to the Supplier’s provision of the Services to it (Additional DP Requirements). Where the Supplier’s compliance with the Additional DP Requirements shall materially increase the Supplier’s costs in providing the Services the Supplier in consultation with the Customer shall be entitled to make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation a reasonable additional charge to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Usecover such costs. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 3.1 The Customer Supplier shall own all rights, title and interest in and to all of promptly notify the Customer Data and shall have sole responsibility for the legality , reliability, integrity, accuracy and quality in writing of any actual or suspected loss or damage to the Customer Data. 5.2 The . In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, back-up, archiving and recovery Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest backup of such Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or unauthorised access to or disclosure of any Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 3.2 Each party undertakes that it shall comply with the DPA and all applicable changes in law, including any third-party providing customer service functionality in connection with subsequent legislation that may amend and/or supersede the Software)DPA, except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the this agreement. The parties record their intention acknowledge that the European General Data Protection Regulation (GDPR) shall apply during the term of this agreement. The parties agree that they shall enter into such variation of this agreement and execute such additional documentation and make any required changes to the Services as is reasonably required to reflect their obligations under the GDPR and in order for the Supplier to provide the Services in a manner that would allow the Customer to be compliant with the GDPR, based on the Customer’s obligations as a Data Controller and the Supplier’s obligations as a Data Processor or each party’s obligations as a Data Controller, as applicable. 3.3 The Customer shall be the data controller Data Controller, and the parties acknowledge that the Supplier shall will be a acting as Data Processor in respect of all data processor and processing activities in any such caserelation to Customer Personal Data that the Supplier carries out under this agreement. 3.4 The Supplier undertakes to the Customer that: (a) it shall process the Customer undertakes to comply Personal Data, including updating, correcting and deleting such Customer Personal Data, only in accordance with all this agreement and the requirements written instructions of the Data Protection Act 1998 Customer and to the extent, and in connection such a manner, as is reasonably necessary to supply the Services in accordance with this agreement or as is required by any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use applicable law; (b) in respect of Customer Personal Data which is in the possession or under the control of the Supplier, it shall implement appropriate technical and organisational measures to protect this Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms Personal Data against unauthorised or unlawful processing and Conditions of Use on the Customer's behalfaccidental loss, destruction, damage, alteration or disclosure; (c) the it shall not (and shall ensure that its Representatives do not) publish, disclose or divulge any Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Personal Data to any third party, nor allow any third party to process Customer and the Authorised Users are located in order to carry out the Services and Personal Data on the Supplier's other obligations under these Terms and Conditions behalf, without the prior written consent of Usethe Customer; (d) it shall not transfer Customer Personal Data outside the Customer shall ensure that European Economic Area without the relevant third parties have been informed of, and have given their prior written consent to, such use, processing and transfer as required by all applicable data protection legislationof the Customer; (e) it shall take reasonable steps to ensure the Supplier shall process the personal reliability of any employee, agent or sub-contractor who has access to Customer Data, and ensure all employees, agents and sub-contractors undergo training on data only in accordance with these Terms protection and Conditions of Use and any lawful instructions reasonably given by the Customer from time to timeinformation security; (f) each party it shall take appropriate technical and organisational measures against unauthorised or unlawful processing of use reasonable endeavours to assist the personal data or its accidental loss, destruction or damageCustomer at the Customer's cost with any subject access request that the Customer receives relating to Customer Personal Data processed by the Supplier under this agreement; and (g) it shall use reasonable endeavours to assist the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation responding to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Useregulatory requirements. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 6.1 The Customer shall own all rights, title and interest in and to all of the Customer Profile Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Profile Data. 5.2 6.2 The Service Provider shall follow its archiving procedures for Customer Data (Customer Profile Data and Customer Submitted Data) performing daily-automated back-ups of the entire member data as described in Schedule 3 below. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Service Provider to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security PolicyService Provider. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier Service Provider shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Service Provider to perform services related to Customer Data maintenance and back-up). 6.3 The Service Provider shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that the Supplier is entitled to recover privacy and has so recovered an amount (net security of the costs of recovery) equal to such loss from the relevant third party.Customer Data as required by all applicable General Data Protection Regulation (Regulation EU 2016/679 “GDPR”); 5.5 6.4 If the Supplier Service Provider processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Service Provider shall be a data processor (as agreed and defined in the Data Protection Agreement signed between the two parties and included as Annex 1 to this main contract) and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Service Provider so that the Supplier Service Provider may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (db) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ec) the Supplier Service Provider agrees that the personal data may not be transferred or stored outside the client’s chosen data storage region in order to carry out the Services and the Service Provider’s other obligations under this agreement; (d) the Service Provider shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. (f) Regardless of the agreement documents’ application hierarchy, Appendix 1 (Data Protection Agreement annex) will always be primarily applied in matters concerning data protection. 6.5 The Service Provider undertakes that the Services will be performed in accordance with the Documentation and with reasonable skill and care. 6.6 The undertaking at clause 6.5 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to the Service Provider's instructions, or modification or alteration of the Services by any party other than the Service Provider or the Service Provider's duly authorised contractors or agents. If the Services do not conform with the foregoing undertaking, Service Provider will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer's sole and exclusive remedy for any breach of the undertaking set out in clause 6.5. Notwithstanding the foregoing, the Service Provider: (a) does not warrant that the Customer's use of the Services will be uninterrupted or error- free; nor that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer's requirements; and (gb) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities. 6.7 This agreement shall make not prevent the Service Provider from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this agreement. 6.8 The Service Provider warrants that it has and will maintain all necessary registration applications within all appropriate categories under licences, consents, and permissions necessary for the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach performance of its obligations under these Terms and Conditions of Usethis agreement.

Customer Data. 5.1 4.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 4.2 The Supplier shall follow its archiving procedures for Customer Data. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavors to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within in accordance with the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policyarchiving procedure. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 4.3 The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at the website assigned to the Customer by the Supplier, or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 4.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all acknowledges and agrees that the requirements of the Data Protection Act 1998 in connection with any personal data processed by may be transferred or stored outside the Supplier on state where the Customer's behalf when performing its Customer and the Authorized Users are located in order to carry out the Services and the Supplier’s other obligations under these Terms and Conditions of Use this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational organizational measures against unauthorised unAuthorized or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Customer shall have sole Supplier retains primary responsibility for taking at least every twenty four hours and maintaining backups (for seven days) of the securityCustomer Data and shall take regular backups to protect against data loss, back-up, archiving and recovery of Customer Datacorruption or other damage. 5.3 If the The Supplier shall follow its archiving procedures for Customer utilises the customer service icon provided Data as set out in its Privacy Policy, as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the archiving procedure described in its Privacy Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.4 On termination of this agreement, the Supplier may destroy or otherwise dispose of any third-party providing customer service functionality of the Customer Data in connection with its possession unless the Software)Supplier receives, except and no later than ten days after the effective date of the termination of this agreement, a written request for the delivery to the extent Customer of the then most recent archive of the Customer Data. The Supplier shall use reasonable commercial endeavours to deliver the archive to the Customer within 30 days of its receipt of such a written request, provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall pay all reasonable expenses incurred by the Supplier is entitled to recover and has so recovered an amount (net in returning or disposing of the costs of recovery) equal to such loss from the relevant third partyCustomer Data. 5.5 If The Customer hereby grants to the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that a non-exclusive licence to use the Customer shall be Data for the data controller and purposes of internal software improvements, including for the Supplier shall be a data processor and in any such case: (a) purpose of optimising the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed Services provided by the Supplier on the Customer's behalf when performing its obligations under these Terms by way of comparisons across any and Conditions all Customer projects. The Supplier undertakes not to release details of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, projects arising from such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Useimprovements. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 5.1. The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 5.2. The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If Data (available at such website address as may be notified to the Customer utilises the customer service icon provided from time to time), as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer's sole and exclusive remedy shall be for the Supplier to use reasonable endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through maintained by the customer service icon provided within Supplier in accordance with the Software. 5.4 archiving procedure described above. The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back- up). 5.3. The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except and its privacy policy relating to the extent that privacy and security of the Customer Data available at [INSERT WEB ADDRESS] or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 5.4. If the Supplier processes Processes any personal data Personal Data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller Data Controller and the Supplier shall be a data processor Data Processor and in any such case: (a) 5.4.1. the Customer undertakes to comply with all the requirements Supplier shall not transfer any Personal Data outside of the Data Protection Act 1998 in connection with any personal data processed by United Kingdom without the Supplier on prior written consent of the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) 5.4.2. the Customer shall ensure that the Customer is entitled to transfer the relevant personal data Personal Data to the Supplier so that the Supplier may lawfully process use, Process and transfer the personal data Personal Data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) 5.4.3. the Customer shall ensure that the relevant third parties have been informed of, and where appropriate have given their consent to, such use, processing Processing, and transfer as required by all applicable data protection legislationData Protection Legislation; (e) 5.4.4. the Supplier shall process Process the personal data Personal Data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time; (f) 5.4.5. each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing Processing of the personal data Personal Data or its accidental loss, destruction or damage; 5.4.6. the Supplier shall ensure that persons authorised to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; 5.4.7. the Supplier shall ensure at all times it has in place appropriate technical and organisational measures to guard against unauthorised or unlawful Processing of the Personal Data and/or accidental loss, destruction or damage to the Personal Data and to enable the Customer to comply with its obligations under Article 32 of the GDPR; 5.4.8. the Supplier shall not engage another sub Data Processor to undertake any Processing of any Personal Data without the prior written authorisation of the Customer. Where such authorisation is granted by the Customer, the Supplier shall ensure that it enters into a contract with that sub Data Processor on the same or equivalent terms as are set out in this clause 5.4; 5.4.9. the Supplier shall assist the Customer by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to Subject Access Requests, as well as providing all assistance and cooperation as the Customer may require to investigate or deal with any such Subject Access Requests; 5.4.10. insofar as this is possible given the nature of Processing and the information available to the Supplier, the Supplier shall assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR; 5.4.11. the Supplier shall notify the Customer of any Personal Data Breach within 24 hours of its occurrence, along with all supporting facts and information sufficient to allow the Customer to make any required report(s) to any relevant Data Subjects, the Information Commissioner or other regulatory or governmental body or bodies to which it is subject; 5.4.12. at the choice of the Customer, the Supplier shall delete or return all the Personal Data to the Customer after the end of the provision of Services, and delete existing copies, unless the Supplier has a statutory duty to retain that Personal Data; and (g) 5.4.13. the Supplier shall make available to the Customer, following a request for such, all information necessary to demonstrate compliance with the obligations laid down in the Data Protection Legislation and allow for and contribute to audits, including inspections, conducted by the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed or another auditor mandated by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 5.5. The Customer provisions of this clause 5 shall indemnify apply during the continuance of the agreement and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing indefinitely after its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Usetermination.

Customer Data. 5.1 6.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The 6.2 Iplicit shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy available at xxx.xxxxxxx.xxx/xxxxxxxx or such other website address as may be notified to the Customer from time to time, as such document may be amended by Iplicit in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall have sole responsibility be for Iplicit to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, archiving and recovery up of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any such Customer Data uploaded via such service will be subject to maintained by Iplicit in accordance with the relevant third party supplier’s Security archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier Iplicit shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 6.3 Iplicit shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data available at xxx.xxxxxxx.xxx/xxxxxxxx or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by Iplicit in its sole discretion. 6.4 If the Supplier Iplicit processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Iplicit shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's Iplicit’s other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to Iplicit so that Iplicit may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier Iplicit shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 (a) The Customer agrees to promptly provide all information (“Customer Data”) reasonably required by the Service Provider to provide the Services. The Customer shall own ensure that all rightsCustomer Data is provided to the Service Provider in the correct format. (b) The Customer designates the following employee, title officer or director as its contact person and interest authorizes the Service Provider to rely on any instructions and/or information provided to the Service Provider by such contact person on behalf of the Customer: Name of contact person: Email Address: Phone Number: _ (c) The Customer shall deliver the Customer Data to the Service Provider through the Service Provider’s secure client portal at xxx.xxxxxxx.xx/xxxxxxxxx unless otherwise requested by the Service Provider in writing. (d) In the event the Customer fails to provide the Customer Data to the Service Provider in the correct format, the Customer agrees to pay the Service Provider $175/hour in addition to the Fee for the Service Provider to reformat the Customer Data into the correct format. The Customer agrees that it shall also be responsible for paying any penalties and/or fees incurred for any late filing of information returns which resulted from the Customer providing the Customer Data in an incorrect format. (e) All Customer Data is and shall remain the sole and exclusive property of the Customer. The Service Provider agrees to all use the Customer Data for the sole purpose of providing the Services. (f) Upon completion of the Services, the Service Provider shall retain a copy of the Customer Data for 60 days or until receiving the Customer’s request in writing to delete the data, whichever comes first. At this time, the Service Provider shall: (i) Provide the Customer with an archive containing all: Customer Data; System Database(s); Preview & Final Report(s); XML File(s) and shall have sole responsibility for XML Submission Confirmation(s) (ii) Delete all Customer Data from its servers (iii) Delete the legality data archive from its servers on Customer confirmation of receipt or by May 31st of the current season, reliability, integrity, accuracy and quality whichever comes first (iv) Return to the Customer all physical copies of the Customer Data., if any 5.2 The Customer shall have sole responsibility (v) Retain for the security, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such caserecords: (aA) the Customer undertakes to comply with all the requirements Copies of the System Database(s) purged of all Recipient Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;all Customer Data other than: Business Number(s); Mailing Address; Certification and/or Contact Name(s) and XML Submission History (bB) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing Copies of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.XML Submission Confirmation(s)

Customer Data. 5.1 15.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall (except as otherwise expressly stated in this clause 15) have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The 15.2 Target shall back up the Customer shall have sole responsibility for the security, Data stored on Target’s systems in accordance with Target’s standard back-up, archiving and recovery of Customer Dataup procedures in place from time to time. 5.3 15.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier Target processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis Agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Target shall be a data processor and in any such case: (a) the Customer undertakes to each party shall comply with all the requirements of its obligations under the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use (Act); (b) Target shall process the Customer’s personal data only in accordance with the terms of this Agreement and any lawful instructions reasonably given by the Customer from time to time; (c) Target shall not transfer or store the Customer’s personal data outside the EEA without the prior written consent of the Customer; (d) Target shall not transfer the Customer’s personal data to any third party (including any sub-contractor or sub-processor) without the prior written consent of the Customer, provided that the Customer consents to the transfer and subsequent processing of personal data to the Approved Third Parties for the purposes listed in schedule 8; (e) Target shall, and shall procure that the Approved Third Parties shall, when processing personal data, take the technical and organisational measures described in schedule 10, insofar as applicable to the Services; and (f) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Target (including by obtaining all necessary consents) so that the Supplier Target may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this Agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer 15.4 For the purposes of clause 15.3, the terms “data controller”, “data processor” and “personal data” shall indemnify and keep indemnified have the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or meanings given to them in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of UseAct.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The . Subject to clause Error: Reference source not found, the Supplier shall ensure that the Customer Data is backed up each Business Day. In the event of any loss of or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavours to retrieve the back-up, archiving and recovery of Customer Data. 5.3 If up from the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policyprevious Business Day. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with the Software), except and to the extent that contracted by the Supplier is entitled to recover perform services related to Customer Data maintenance and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 back-up. If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis Agreement, unless otherwise agreed by the parties record their intention that parties, the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) : the Customer undertakes to comply with all acknowledges and agrees that the requirements personal data may be transferred or stored outside of the Data Protection Act 1998 EEA or the country where the Customer and the Authorised Users are located in connection with any personal data processed by order to carry out the Supplier on Services and the Customer's behalf when performing its Supplier’s other obligations under these Terms and Conditions of Use ; (b) this Agreement; the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this Agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) ; the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) transfer; the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Agreement and any lawful instructions reasonably given by the Customer from time to time; (f) ; and each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) . For the purposes of this clause 4, the terms "data processor", "data controller", "personal data" and "process" shall have the meaning given to them in the Data Protection Xxx 0000. The Customer acknowledges that the Services may enable or assist it to access the website content of third parties via third-party websites and that it does so solely at its own risk. The Supplier makes no representation or commitment and shall have no liability or obligation whatsoever in relation to the content or use of, or correspondence with, any such third-party website, or any transactions completed, and any contract entered into by the Customer, with any such third party. Any contract entered into and any transaction completed via any third-party website is between the Customer and the relevant third party, and not the Supplier. The Supplier recommends that the Customer refers to the third party’s website terms and conditions and privacy policy prior to using the relevant third-party website. The Supplier does not endorse or approve any third-party website nor the content of any of the third-party website made available via the Services. The Customer shall make and shall procure that all Authorised Users shall: provide the Supplier with all necessary access to such information as may be required by the Supplier in connection with the Services, including but not limited to Customer Data and security access information; comply with all applicable laws and regulations with respect to its activities under this Agreement; carry out all other Customer responsibilities set out in this Agreement in a timely and efficient manner. In the event of any delays in the Customer’s provision of such assistance as agreed by the parties, the Supplier may adjust any agreed timetable or delivery schedule as reasonably necessary; ensure that the Authorised Users use the Services in accordance with the terms and conditions of this Agreement and shall be responsible for any Authorised User’s breach of this Agreement; obtain and maintain all necessary registration applications within all appropriate categories licences, consents and permissions necessary for the Supplier, its Suppliers and agents to perform their obligations under this Agreement, including without limitation the DPA Services; use as are required in relation its web browser Microsoft Internet Explorer version 6 (or such other web browser as the Supplier from time to time recommends to the Customer) and comply with any personal data processed request to upgrade its web browser made by the Supplier on within 60 days of receiving such request; be solely responsible for procuring and maintaining its network connections and telecommunications links from its systems to the Supplier’s data centres, and for all problems, conditions, delays, delivery failures and all other loss or damage arising from or relating to the Customer's behalf when performing network connections or telecommunications links or caused by the internet; and ensure that its obligations under these Terms network and Conditions of Use. 5.6 systems comply in all other respects with such specifications as the Supplier shall provide from time to time. The Customer shall indemnify use all reasonable endeavours to not, and keep indemnified shall ensure any Authorised User uses all reasonable endeavours to not: access, store, distribute or transmit any Viruses, or any material during the course of its use of the Services that: is unlawful, harmful, threatening, defamatory, obscene, infringing, harassing or racially or ethnically offensive; facilitates illegal activity; depicts sexually explicit images; promotes unlawful violence; is discriminatory based on race, gender, colour, religious belief, sexual orientation, disability, or any other illegal activity; or causes damage or injury to any person or property, and the Supplier against all actionsreserves the right, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on without liability to the Customer's behalf when performing its obligations under these Terms , to disable the Customer’s access to any material that breaches the provisions of this clause; The Customer shall not, and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.shall not allow any Authorised User to:

Customer Data. 5.1 ‌ 5.1. The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 5.2. The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If Data (available at such website address as may be notified to the Customer utilises the customer service icon provided from time to time), as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer's sole and exclusive remedy shall be for the Supplier to use reasonable endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through maintained by the customer service icon provided within Supplier in accordance with the Software. 5.4 archiving procedure described above. The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back- up). 5.3. The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except and its privacy policy relating to the extent that privacy and security of the Customer Data available at [INSERT WEB ADDRESS] or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 5.4. If the Supplier processes Processes any personal data Personal Data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller Data Controller and the Supplier shall be a data processor Data Processor and in any such case:case:‌ (a) 5.4.1. the Customer undertakes to comply with all the requirements Supplier shall not transfer any Personal Data outside of the Data Protection Act 1998 in connection with any personal data processed by United Kingdom without the Supplier on prior written consent of the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) 5.4.2. the Customer shall ensure that the Customer is entitled to transfer the relevant personal data Personal Data to the Supplier so that the Supplier may lawfully process use, Process and transfer the personal data Personal Data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) 5.4.3. the Customer shall ensure that the relevant third parties have been informed of, and where appropriate have given their consent to, such use, processing Processing, and transfer as required by all applicable data protection legislationData Protection Legislation; (e) 5.4.4. the Supplier shall process Process the personal data Personal Data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time; (f) 5.4.5. each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing Processing of the personal data Personal Data or its accidental loss, destruction or damage; 5.4.6. the Supplier shall ensure that persons authorised to Process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; 5.4.7. the Supplier shall ensure at all times it has in place appropriate technical and organisational measures to guard against unauthorised or unlawful Processing of the Personal Data and/or accidental loss, destruction or damage to the Personal Data and to enable the Customer to comply with its obligations under Article 32 of the GDPR; 5.4.8. the Supplier shall not engage another sub Data Processor to undertake any Processing of any Personal Data without the prior written authorisation of the Customer. Where such authorisation is granted by the Customer, the Supplier shall ensure that it enters into a contract with that sub Data Processor on the same or equivalent terms as are set out in this clause 5.4; 5.4.9. the Supplier shall assist the Customer by implementing appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of the Customer's obligation to respond to Subject Access Requests, as well as providing all assistance and cooperation as the Customer may require to investigate or deal with any such Subject Access Requests; 5.4.10. insofar as this is possible given the nature of Processing and the information available to the Supplier, the Supplier shall assist the Customer in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the GDPR; 5.4.11. the Supplier shall notify the Customer of any Personal Data Breach within 24 hours of its occurrence, along with all supporting facts and information sufficient to allow the Customer to make any required report(s) to any relevant Data Subjects, the Information Commissioner or other regulatory or governmental body or bodies to which it is subject; 5.4.12. at the choice of the Customer, the Supplier shall delete or return all the Personal Data to the Customer after the end of the provision of Services, and delete existing copies, unless the Supplier has a statutory duty to retain that Personal Data; and (g) 5.4.13. the Supplier shall make available to the Customer, following a request for such, all information necessary to demonstrate compliance with the obligations laid down in the Data Protection Legislation and allow for and contribute to audits, including inspections, conducted by the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed or another auditor mandated by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 5.5. The Customer provisions of this clause 5 shall indemnify apply during the continuance of the agreement and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing indefinitely after its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Usetermination.

Customer Data. 5.1 6.1 The Customer shall own all rights, title and interest in and to all of the Customer Profile Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Profile Data. 5.2 6.2 The Service Provider shall follow its archiving procedures for Customer Data (Customer Profile Data and Customer Submitted Data) performing daily-automated back-ups of the entire member data as described in Schedule 3 below. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Service Provider to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security PolicyService Provider. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier Service Provider shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Service Provider to perform services related to Customer Data maintenance and back-up). 6.3 The Service Provider shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that the Supplier is entitled to recover privacy and has so recovered an amount (net security of the costs of recovery) equal to such loss from the relevant third party.Customer Data as required by all applicable General Data Protection Regulation (Regulation EU 2016/679 “GDPR”); 5.5 6.4 If the Supplier Service Provider processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis Agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Service Provider shall be a data processor (as agreed and defined in the Data Protection Agreement signed between the two parties and included as Annex 1 to this main contract) and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Service Provider so that the Supplier Service Provider may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this Agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (db) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ec) the Supplier Service Provider agrees that the personal data may not be transferred or stored outside the client’s chosen data storage region in order to carry out the Services and the Service Provider’s other obligations under this Agreement; (d) the Service Provider shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and. (gf) Regardless of the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required Agreement documents’ application hierarchy, Appendix 1 (Data Protection Agreement annex) will always be primarily applied in relation to any personal matters concerning data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Useprotection. 5.6 6.5 The Customer shall indemnify Service Provider undertakes that the Services will be performed both by it and keep indemnified the Supplier against all actionsits duly authorised contractors, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of assigns or agents in connection accordance with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms Documentation and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms with reasonable skill and Conditions of Usecare.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Customer A [ ] data backup strategy will be implemented to ensure availability of data. Data backups shall have sole responsibility only be kept for the security, back-up, archiving and recovery up to [ ] days. Any data loss can be recovered by restoration of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier backups within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy[ -day] retention period. The Supplier currently utilises shall as far as possible perform the Fresh Desk applicationrestoration within [ ] hours upon request. For a copy In the event of any loss or damage to Customer Data, the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Customer’s sole and exclusive remedy shall be for the Supplier accepts no liability for any to use reasonable commercial endeavours to restore the lost or damaged Customer Data transferred through from the customer service icon provided within latest back-up of such Customer Data maintained by the Software. 5.4 Supplier. The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with the Software), except and to the extent that contracted by the Supplier is entitled to recover perform services related to Customer Data maintenance and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyback-up). 5.5 5.3 [Not used.] 5.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) 5.4.1 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's ’s behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) 5.4.2 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) 5.4.3 the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (f) 5.4.4 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall archive Customer Data daily between 10:00 pm to 4:00 am UK time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer DataData maintained by the Supplier. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that those third parties sub- contracted by the Supplier is entitled to recover perform services related to Customer Data maintenance and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyback-up). 5.5 5.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all acknowledges and agrees that the requirements of the Data Protection Act 1998 in connection with any personal data processed by may be transferred or stored outside the Supplier on country where the Customer's behalf when performing its Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under these Terms and Conditions of Use this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 5.1. The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 5.2. The Supplier shall follow its procedures for maintenance of metadata related to Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If Data as set out in its Metadata Maintenance Policy available at xxxxx://xxxxxxxx.xx/metadata-maintenance-policy or such other website address as may be notified to the Customer utilises the customer service icon provided from time to time, as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer acknowledges that any with available Customer comprehensible metadata to restore the lost or damaged Customer Data uploaded via from the latest version of such service will be subject metadata related to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the procedure described in its Metadata Maintenance Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see xxxxx://xxxxxxxxx.xxx/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-party up for which it shall remain fully liable under clause 5.9). 5.3. The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data available at xxxxx://xxxxxxxx.xx/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net in its sole discretion. 5.4. Both parties will comply with all applicable requirements of the costs of recovery) equal to such loss from Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the relevant third partyData Protection Legislation. 5.5 If 5.5. The parties acknowledge that: (a) if the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;Legislation. (b) Schedule 2 sets out the Customer shall ensure that scope, nature and purpose of processing by the Customer is entitled to transfer Supplier, the relevant duration of the processing and the types of personal data to the Supplier so that the Supplier may lawfully process the personal and categories of data in accordance with these Terms and Conditions of Use on the Customer's behalf;subject. (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions this agreement. 5.6. Without prejudice to the generality of Use; (d) clause 5.4, the Customer shall will ensure that the relevant third parties have been informed of, it has all necessary appropriate consents and have given their consent to, such use, processing and notices in place to enable lawful transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental lossto the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, destruction or damage; andprocess and transfer the personal data in accordance with this agreement on the Customer's behalf. (g) 5.7. Without prejudice to the Customer shall make and maintain all necessary registration applications within all appropriate categories under generality of clause 5.4, the DPA as are required Supplier shall, in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the performance by the Supplier of its obligations under this agreement: (a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer; (b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled: (i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and (iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) at the written direction of the Customer, delete or return personal data it can reasonably identify and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data (and for these purposes the term "delete" shall mean to put such data beyond use); and (f) maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation. 5.8. Each party shall ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Useagainst accidental loss or destruction of, save or damage to, personal data, appropriate to the extent harm that the same is caused by or arises might result from the Supplier’s unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (or its directorsthose measures may include, employees or sub-contractors’) negligence or breach where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its obligations under these Terms systems and Conditions services, ensuring that availability of Useand access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with