Common use of DATA PROTECTION AND DATA PROCESSING Clause in Contracts

DATA PROTECTION AND DATA PROCESSING. 9.1 The Customer and the Supplier acknowledge that for the purposes of General Data Protection Regulation (GDPR), the Customer is the Data Controller and the Supplier is the Data Processor in respect of any Personal Data. 9.2 The Supplier shall process the Personal Data only in accordance with the Customer’s instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised by the Customer. 9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it. 9.4 The Supplier shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Data. 9.5 Each party warrants to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 9.6 The Supplier warrants that, having regard to the state of technological development and the costs of implementing any measures, it will: (a) take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected. (b) take reasonable steps to ensure compliance with those measures. 9.7 Each party agrees to indemnify and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations under this Clause 9. 9.8 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s instructions. 9.9 The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor’s contract: (a) is on terms which are substantially the same as those set out in the Contract; and (b) terminates automatically on termination of the Contract for any reason.

DATA PROTECTION AND DATA PROCESSING. 9.1 11.1 The Customer and the Supplier acknowledge that for the purposes of General the Data Protection Regulation (GDPR)Xxx 0000, the Customer is the Data Controller and the Supplier is the Data Processor data processor in respect of any Personal Data. 9.2 11.2 The Supplier shall process the Personal Data only in accordance with the Customer’s 's instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised by the Customer. 9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it. 9.4 11.3 The Supplier shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Data. 9.5 11.4 Each party warrants to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 9.6 11.5 The Supplier warrants that, having regard to the state of technological development and the costs cost of implementing any measures, it will: (a) 11.5.1 take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (ia) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (iib) the nature of the data to be protected.; and (b) 11.5.2 take reasonable steps to ensure compliance with those measures. 9.7 11.6 Each party agrees to indemnify and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations under this Clause 9clause 11. 9.8 11.7 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s 's instructions. 9.9 11.8 The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor’s 's contract: (a) 11.8.1 is on terms which are substantially the same as those set out in the Contractthis agreement; and (b) 11.8.2 terminates automatically on termination of the Contract this agreement for any reason.

DATA PROTECTION AND DATA PROCESSING. 9.1 7.1. The Customer and the Supplier acknowledge that for the purposes of General the Data Protection Regulation (GDPR), Jersey) Law 2018 the Customer is the Data Controller and the Supplier is the Data Processor data processor in respect of any Personal DataData held. 9.2 7.2. The Supplier shall process the Personal Data only in accordance with the Customer’s instructions from time to time and shall not process the Personal Data for any purposes other purpose than those expressly authorised by the Customer. 9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it. 9.4 The 7.3. Supplier shall take reasonable steps to ensure the reliability confidentiality of all its employees who have access to the Personal Data. 9.5 7.4. Each party warrants to the other that it will process the Personal Data in compliance with all applicable laws, enactmentsregulation, regulations, orders, standards and other similar instrumentsrules. 9.6 7.5. The Supplier warrants that, having regard to the state of technological development and the costs of implementing any measures, it will: (a) 7.5.1. take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) 7.5.1.1. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) 7.5.1.2. the nature of the data to be protected.; and (b) 7.5.1.3. take reasonable steps to ensure compliance with those measures. 9.7 7.6. Each party agrees to indemnify and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations under this Clause 97. 9.8 7.7. The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s instructions. 9.9 7.8. The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor’s contract: (a) 7.8.1. is on terms which are substantially the same as those set out in the ContractAgreement; and (b) 7.8.2. terminates automatically on termination of the Contract Agreement for any reason.

DATA PROTECTION AND DATA PROCESSING. 9.1 27.1. The Customer Client and the Supplier Clearvision acknowledge that for the purposes of General the Data Protection Regulation (GDPR)Legislation, the Customer Client is the Data Controller and the Supplier Clearvision is the Data Processor in respect of any Personal the Client Data. 9.2 The Supplier 27.2. Clearvision shall process the Personal Client Data only in accordance with the Customer’s Client's instructions from time to time and shall not process the Personal Client Data for any purposes other than those expressly authorised by the CustomerClient. 9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it. 9.4 The Supplier 27.3. Clearvision shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Client Data. 9.5 27.4. Each party Party warrants to the other that it will process the Personal Client Data in compliance with all applicable lawsApplicable Law, enactments, regulations, orders, standards and other similar instruments. 9.6 The Supplier 27.5. Clearvision warrants that, having regard to the state of technological development and the costs cost of implementing any measures, it will: (a) 27.5.1. take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Client Data and against the accidental loss or destruction of, or damage to, Personal Client Data to ensure a level of security appropriate to: (i) 27.5.1.1. the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) 27.5.1.2. the nature of the data to be protected. (b) 27.5.2. take reasonable steps to ensure compliance with those measures. 9.7 27.6. Each party Party agrees to indemnify and keep indemnified and defend at its own expense the other party Party against all costs, claims, damages or expenses incurred by the other party Party or for which the other party Party may become liable due to any failure by the first party Party or its employees employees, consultants, subcontractors or agents to comply with any of its obligations under this Clause 9Agreement. 9.8 27.7. The Customer Client acknowledges that the Supplier Clearvision is reliant on the Customer Client for direction as to the extent to which the Supplier Clearvision is entitled to use and process the Personal Client Data. Consequently, the Supplier Clearvision will not be liable for any claim brought by a Data Subject arising from any action or omission by the SupplierClearvision, to the extent that such action or omission resulted directly from the Customer’s Client's instructions. 9.9 The Supplier 27.8. Clearvision may authorise a third party (subcontractor) to process the Personal Client Data (“Data Processing Subcontractor”) provided that the subcontractor’s Data Processing Subcontractor's contract: (a) 27.8.1. is on terms which are substantially the same as those set out in the Contractthis Agreement; and (b) 27.8.2. terminates automatically on termination of the Contract this Agreement for any reason.

DATA PROTECTION AND DATA PROCESSING. 9.1 The 15.1 Each party collects and processes personal data concerning the other party’s employees for the purpose of contract and relationship management in its capacity as a controller and in relation to such personal data that party will comply with the all of its obligations under the Data Protection Legislation. 15.2 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case shall: 15.2.1 process personal data only on the written instructions of the Customer and the Supplier acknowledge Customer agrees that for this agreement shall constitute the purposes of General Data Protection Regulation (GDPR), the Customer is the Data Controller and Customer’s written instructions. If the Supplier is the Data Processor in respect of required by any Personal Data. 9.2 The Supplier shall Applicable Laws to process the Personal Data only in accordance with the Customer’s instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised by the Customer. 9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it. 9.4 The Supplier shall take reasonable steps to ensure the reliability of all its employees who have access personal data it shall, to the Personal Data.extent legally permitted, notify the Customer before doing so; 9.5 Each party warrants to the other that it will process the Personal Data 15.2.2 have in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 9.6 The Supplier warrants that, having regard to the state of technological development and the costs of implementing any measures, it will: (a) take place appropriate technical and organisational measures to protect against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: to (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and damage and (ii) the nature of the data to be protected.; and (b) take reasonable steps to ensure compliance with those measures. 9.7 Each party agrees to indemnify 15.2.3 not engage another processor without prior specific or general written authorisation of the Customer and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations under this Clause 9. 9.8 The Customer acknowledges without ensuring that the same data protection obligations as set out in this agreement are imposed on that other processor and the Supplier is reliant on shall remain fully liable to the Customer for direction as performance of the other processor’s obligations to the extent the other processor fails to which fulfil their data protection obligations. 15.2.4 ensure that personnel who have access to or process personal data are under contractual or statutory obligations to keep the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from personal data confidential; 15.2.5 at the Customer’s instructions.cost, assist the Customer to respond to any request from a data subject; 9.9 The Supplier may authorise 15.2.6 notify the Customer without undue delay of a third party personal data breach (subcontractor) which has the meaning given to process the Personal Data provided that the subcontractor’s contract: (a) is on terms which are substantially the same as those set out it in the ContractData Protection Legislation) and, at the Customer’s cost, provide reasonable assistance to the Customer complying with its obligations pursuant to Articles 32 to 36 of GDPR; 15.2.7 at the written direction of the Customer, delete or return personal data to the Customer on termination of this agreement unless the Customer is required by law to store the personal data; and (b) terminates automatically on termination of 15.2.8 make available to the Contract Customer all information reasonably necessary to demonstrate compliance with this clause, and, at the Customer’s cost, allow for any reasonaudits conducted by the Customer or its designated auditor.

DATA PROTECTION AND DATA PROCESSING. 9.1 13.1 The Customer and the Supplier acknowledge that for the purposes of General the Data Protection Regulation (GDPR)Act 2018, the Customer is the Data Controller and the Supplier is the Data Processor data processor in respect of any Personal Data. 9.2 13.2 The Supplier shall process the Personal Data only in accordance with the Customer’s 's instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised by the Customer. 9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it. 9.4 13.3 The Supplier shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Data. 9.5 13.4 Each party warrants to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 9.6 13.5 The Supplier warrants that, having regard to the state of technological development and the costs cost of implementing any measures, it will: (a) take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected.; and (b) take reasonable steps to ensure compliance with those measures. 9.7 13.6 Each party agrees to indemnify and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations under this Clause 9clause. 9.8 13.7 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s 's instructions. 9.9 13.8 The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor’s 's contract: (a) is on terms which are substantially the same as those set out in the Contractthis agreement; and (b) terminates automatically on termination of the Contract this agreement for any reason.

DATA PROTECTION AND DATA PROCESSING. 9.1 10.1 The Customer and the Supplier acknowledge that for the purposes of General the Data Protection Regulation (GDPR)Legislation, the Customer is the Data Controller and the Supplier is the Data Processor data processor in respect of any Personal Data. 9.2 10.2 The Supplier shall process the Personal Data only in accordance with the Customer’s 's instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised by the Customer. 9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it. 9.4 10.3 The Supplier shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Data. 9.5 10.4 Each party warrants to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 9.6 10.5 The Supplier warrants that, having regard to the state of technological development and the costs cost of implementing any measures, it will: (a) 10.5.1 take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) 10.5.1.1 the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) 10.5.1.2 the nature of the data to be protected.; and (b) 10.5.2 take reasonable steps to ensure compliance with those measures. 9.7 10.6 Each party agrees to indemnify and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations under this Clause 9clause 10. 9.8 10.7 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s 's instructions. 9.9 10.8 The Supplier may authorise a third party (subcontractorsub-contractor) to process the Personal Data provided that the subcontractor’s sub-contractor's contract: (a) 10.8.1 is on terms which are substantially the same as those set out in the Contractthis agreement; and (b) 10.8.2 terminates automatically on termination of the Contract this agreement for any reason.

DATA PROTECTION AND DATA PROCESSING. 9.1 ‌ 10.1 The Customer and the Supplier acknowledge that for the purposes of General the Data Protection Regulation (GDPR)Legislation, the Customer is the Data Controller and the Supplier is the Data Processor data processor in respect of any Personal Data. 9.2 10.2 The Supplier shall process the Personal Data only in accordance with the Customer’s 's instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised by the Customer. 9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it. 9.4 10.3 The Supplier shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Data. 9.5 10.4 Each party warrants to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 9.6 10.5 The Supplier warrants that, having regard to the state of technological development and the costs cost of implementing any measures, it will: (a) 10.5.1 take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) 10.5.1.1 the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) 10.5.1.2 the nature of the data to be protected.; and (b) 10.5.2 take reasonable steps to ensure compliance with those measures. 9.7 10.6 Each party agrees to indemnify and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations under this Clause 9clause 10. 9.8 10.7 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s 's instructions. 9.9 10.8 The Supplier may authorise a third party (subcontractorsub-contractor) to process the Personal Data provided that the subcontractor’s sub-contractor's contract: (a) 10.8.1 is on terms which are substantially the same as those set out in the Contractthis agreement; and (b) 10.8.2 terminates automatically on termination of the Contract this agreement for any reason.

DATA PROTECTION AND DATA PROCESSING. 9.1 13.1 The Customer and the Supplier acknowledge that for the purposes of General the Data Protection Regulation (GDPR)Act 1998, the Customer is the Data Controller and the Supplier is the Data Processor data processor in respect of any Personal Data. 9.2 13.2 The Supplier shall process the Personal Data only in accordance with the Customer’s 's instructions from time to time and shall not process the Personal Data for any purposes other than those expressly authorised by the Customer. 9.3 The Supplier will take all reasonable measures to ensure they adhere to its obligations under Articles 30 and 32 of GDPR taking into account the information that the Data controller has made available to it. 9.4 13.3 The Supplier shall take reasonable steps to ensure the reliability of all its employees who have access to the Personal Data. 9.5 13.4 Each party warrants to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 9.6 13.5 The Supplier warrants that, having regard to the state of technological development and the costs cost of implementing any measures, it will: (a) take appropriate technical and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected.; and (b) take reasonable steps to ensure compliance with those measures. 9.7 13.6 Each party agrees to indemnify and keep indemnified and defend at its own expense the other party against all costs, claims, damages or expenses incurred by the other party or for which the other party may become liable due to any failure by the first party or its employees or agents to comply with any of its obligations under this Clause 9clause. 9.8 13.7 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s 's instructions. 9.9 13.8 The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor’s 's contract: (a) is on terms which are substantially the same as those set out in the Contractthis agreement; and (b) terminates automatically on termination of the Contract this agreement for any reason.