Common use of Customer Data Clause in Contracts

Customer Data. The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved by the Customer. To the extent that the Customer Data is held and/or Processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format (if any) specified in this Call Off Contract and in any event as specified by the Customer from time to time in writing. To the extent that Customer Data is held and/or Processed by the Supplier, the Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). The Supplier shall ensure that any system on which the Supplier holds any Customer Data which is protectively marked shall be accredited using such accreditation policy or system as specified by the Customer (such as the HMG Security Policy Framework and Information Assurance Policy, taking into account guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems, and/or relevant HMG Information Assurance Standard(s), as in force from time to time) and, where the Call Off Contract Period exceeds one year, the Supplier shall review such accreditation status at least once in each year to assess whether material changes have occurred which could alter the original accreditation decision. If any such changes have occurred then the Supplier shall resubmit such system for accreditation. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a Supplier's Default so as to be unusable, the Customer may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of the Customer Data to the extent and in accordance with the BCDR Plan and the Supplier shall do so as soon as practicable but in accordance with the time period notified by the Customer; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in the BCDR Plan. If at any time the Supplier suspects or has reason to believe that the Customer Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. The Supplier shall, at all times during and after the Call Off Contract Period, indemnify the Customer and keep the Customer fully indemnified against all Losses incurred by, awarded against or agreed to be paid by the Customer at any time (whether before or after the making of a demand pursuant to the indemnity hereunder) arising from any breach of the Supplier's obligations under this Clause 30.3 except and to the extent that such liabilities have resulted directly from the Customer's instructions.

Customer Data. 20.4.1 The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. . 20.4.2 The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved expressly authorised in writing by the Customer. . 20.4.3 To the extent that the Customer Data is held and/or Processed processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format specified in this Contract (if any) specified in this Call Off Contract and in any event as specified by the Customer from time to time in writing. . 20.4.4 To the extent that Customer Data is held and/or Processed processed by the Supplier, the Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. . 20.4.5 The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). Policy. 20.4.6 The Supplier shall ensure that any system on which the Supplier holds any Customer Data which is protectively marked shall be accredited using such accreditation policy or system as specified by the Customer HMG IA Standard Number 2 (such as the HMG Security Policy Framework and Information Assurance Policy, taking into account guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems, and/or relevant HMG Information Assurance Standard(s), as in force from time to time) and, where the Call Off Contract Period exceeds one year, (a copy of which is available at [ ]) and the Supplier shall review such accreditation status at least once in each calendar year to assess whether material changes have occurred which could alter the original accreditation decision. If any such changes have occurred then the Supplier shall resubmit such system for accreditation. . 20.4.7 If the Customer Data is corrupted, lost or sufficiently degraded as a result of a the Supplier's Default so as to be unusable, the Customer may: : 20.4.7.1 require the Supplier (at the Supplier's expense) to restore or procure the restoration of the Customer Data to the extent and in accordance with the BCDR Plan and the Supplier shall do so as soon as practicable but in accordance with the time period notified by the Customer; and/or and/or 20.4.7.2 itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in the BCDR Plan. . 20.4.8 If at any time the Supplier suspects or has reason to believe that the Customer Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. The Supplier shall, at all times during and after the Call Off Contract Period, indemnify the Customer and keep the Customer fully indemnified against all Losses incurred by, awarded against or agreed to be paid by the Customer at any time (whether before or after the making of a demand pursuant to the indemnity hereunder) arising from any breach of the Supplier's obligations under this Clause 30.3 except and to the extent that such liabilities have resulted directly from the Customer's instructions.

Customer Data. 23.4.1 The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. . 23.4.2 The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise expressly Approved by the Customer. . 23.4.3 To the extent that the Customer Data is held and/or Processed processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format specified in this Contract (if any) specified in this Call Off Contract and in any event as specified by the Customer from time to time in writing. . 23.4.4 To the extent that Customer Data is held and/or Processed processed by the Supplier, the Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. . 23.4.5 The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). Policy. 23.4.6 [The Supplier shall ensure that any system on which the Supplier holds any Customer Data which is protectively marked shall be accredited using such accreditation policy or system as specified by the Customer (such as the HMG [Security Policy Framework and Information Assurance IA Policy, taking into account guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems, and/or relevant ] [HMG IA Standard Number 2 (Risk Management and Accreditation of Information Assurance Standard(sSystems), as in force from time to time) and, where the Call Off Contract Period exceeds one year, ] and the Supplier shall review such accreditation status at least once in each year calendar Year to assess whether material changes have occurred which could alter the original accreditation decision. If any such changes have occurred then the Supplier shall resubmit such system for accreditation.] [Guidance: delete 23.4.6 if there is no critical data involved. If above clause is retained the following definitions will need to be added IA Policy, Risk Management and Accreditation of Information Systems.] 23.4.7 If the Customer Data is corrupted, lost or sufficiently degraded as a result of a the Supplier's Default so as to be unusable, the Customer may: : 23.4.7.1 require the Supplier (at the Supplier's expense) to restore or procure the restoration of the Customer Data to the extent and in accordance with the BCDR Plan and the Supplier shall do so as soon as practicable but in accordance with the time period notified by the Customer; and/or and/or 23.4.7.2 itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in the BCDR Plan. . 23.4.8 If at any time the Supplier suspects or has reason to believe that the Customer Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. The Supplier shall, at all times during and after the Call Off Contract Period, indemnify the Customer and keep the Customer fully indemnified against all Losses incurred by, awarded against or agreed to be paid by the Customer at any time (whether before or after the making of a demand pursuant to the indemnity hereunder) arising from any breach of the Supplier's obligations under this Clause 30.3 except and to the extent that such liabilities have resulted directly from the Customer's instructions.

Customer Data. The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise Approved expressly authorised in writing by the Customer. To the extent that the Customer Data is held and/or Processed processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format specified in this Contract (if any) specified in this Call Off Contract and in any event as specified by the Customer from time to time in writing. To the extent that Customer Data is held and/or Processed processed by the Supplier, the Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any)Policy. The Supplier shall ensure that any system on which the Supplier holds any Customer Data which is protectively marked shall be accredited using such accreditation policy or system as specified by the Customer HMG IA Standard Number 2 (such as the HMG Security Policy Framework and Information Assurance Policy, taking into account guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems, and/or relevant HMG Information Assurance Standard(s), as in force from time to time) and, where the Call Off Contract Period exceeds one year, (a copy of which is available at [ ]) and the Supplier shall review such accreditation status at least once in each calendar year to assess whether material changes have occurred which could alter the original accreditation decision. If any such changes have occurred then the Supplier shall resubmit such system for accreditation. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a the Supplier's Default so as to be unusable, the Customer may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of the Customer Data to the extent and in accordance with the BCDR Plan and the Supplier shall do so as soon as practicable but in accordance with the time period notified by the Customer; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in the BCDR Plan. If at any time the Supplier suspects or has reason to believe that the Customer Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. The Supplier shall, at all times during and after the Call Off Contract Period, indemnify the Customer and keep the Customer fully indemnified against all Losses incurred by, awarded against or agreed to be paid by the Customer at any time (whether before or after the making of a demand pursuant to the indemnity hereunder) arising from any breach of the Supplier's obligations under this Clause 30.3 except and to the extent that such liabilities have resulted directly from the Customer's instructions.

Customer Data. The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise expressly Approved by the Customer. To the extent that the Customer Data is held and/or Processed processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format specified in this Contract (if any) specified in this Call Off Contract and in any event as specified by the Customer from time to time in writing. To the extent that Customer Data is held and/or Processed processed by the Supplier, the Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any). The Supplier shall ensure that any system on which the Supplier holds any Customer Data which is protectively marked shall be accredited using such accreditation policy or system as specified by the Customer (such as the HMG Security Policy Framework and Information Assurance Policy, taking into account guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems, and/or relevant HMG Information Assurance Standard(s), as in force from time to time) and, where the Call Off Contract Period exceeds one year, the Supplier shall review such accreditation status at least once in each year to assess whether material changes have occurred which could alter the original accreditation decision. If any such changes have occurred then the Supplier shall resubmit such system for accreditation. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a the Supplier's Default so as to be unusable, the Customer may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of the Customer Data to the extent and in accordance with the BCDR Plan and the Supplier shall do so as soon as practicable but in accordance with the time period notified by the Customer; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in the BCDR Plan. If at any time the Supplier suspects or has reason to believe that the Customer Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. The Supplier shall, at all times during and after the Call Off Contract Period, indemnify the Customer and keep the Customer fully indemnified against all Losses incurred by, awarded against or agreed to be paid by the Customer at any time (whether before or after the making of a demand pursuant to the indemnity hereunder) arising from any breach of the Supplier's obligations under this Clause 30.3 except and to the extent that such liabilities have resulted directly from the Customer's instructions.

Customer Data. The Supplier shall not delete or remove any proprietary notices contained within or relating to the Customer Data. The Supplier shall not store, copy, disclose, or use the Customer Data except as necessary for the performance by the Supplier of its obligations under this Call Off Contract or as otherwise expressly Approved by the Customer. To the extent that the Customer Data is held and/or Processed processed by the Supplier, the Supplier shall supply that Customer Data to the Customer as requested by the Customer and in the format specified in this Contract (if any) specified in this Call Off Contract and in any event as specified by the Customer from time to time in writing. To the extent that Customer Data is held and/or Processed processed by the Supplier, the Supplier shall take responsibility for preserving the integrity of Customer Data and preventing the corruption or loss of Customer Data. The Supplier shall ensure that any system on which the Supplier holds any Customer Data, including back-up data, is a secure system that complies with the Security Policy and the Security Management Plan (if any)ISO27001 standards. The Supplier shall ensure that any system on which the Supplier holds any Customer Data which is protectively marked shall be accredited using such accreditation policy or system as specified by the Customer HMG IA Standard Number 2 (such as the HMG Security Policy Framework and Information Assurance Policy, taking into account guidance issued by the Centre for Protection of National Infrastructure on Risk Management and Accreditation of Information Systems, and/or relevant HMG Information Assurance Standard(s), as in force from time to time) and, where the Call Off Contract Period exceeds one year, and the Supplier shall review such accreditation status at least once in each year calendar Year to assess whether material changes have occurred which could alter the original accreditation decision. If any such changes have occurred then the Supplier shall resubmit such system for accreditation. Unless specified otherwise within the Contract, the Supplier shall perform secure back-ups of all Customer Data and shall ensure that up-to-date back-ups are stored off-site in accordance with the Business Continuity Plan. The Supplier shall ensure that such back-ups are available to the Customer at all times upon request and are delivered to the Customer at no less than on three (3) Monthly intervals. If the Customer Data is corrupted, lost or sufficiently degraded as a result of a the Supplier's Default so as to be unusable, the Customer may: require the Supplier (at the Supplier's expense) to restore or procure the restoration of the Customer Data to the extent and in accordance with the BCDR Plan and the Supplier shall do so as soon as practicable but in accordance with the time period notified by the Customer; and/or itself restore or procure the restoration of Customer Data, and shall be repaid by the Supplier any reasonable expenses incurred in doing so to the extent and in accordance with the requirements specified in the BCDR Plan. If at any time the Supplier suspects or has reason to believe that the Customer Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Supplier shall notify the Customer immediately and inform the Customer of the remedial action the Supplier proposes to take. The Supplier shall, at all times during and after the Call Off Contract Period, indemnify the Customer and keep the Customer fully indemnified against all Losses incurred by, awarded against or agreed to be paid by the Customer at any time (whether before or after the making of a demand pursuant to the indemnity hereunder) arising from any breach of the Supplier's obligations under this Clause 30.3 except and to the extent that such liabilities have resulted directly from the Customer's instructions.