Common use of DATA PROTECTION AND DISCLOSURE Clause in Contracts

DATA PROTECTION AND DISCLOSURE. The Supplier shall (and shall procure that Supplier’s Staff) comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with this Framework Agreement or under any Call Off Agreement. Where the Supplier is Processing Authority Personal Data, the Supplier shall ensure that it has in place appropriate technical and organisational measures to ensure the Security of the Authority (and to guard against unauthorised or unlawful Processing or accidental loss, destruction of or damage to the Authority Personal Data). The Supplier shall: provide the Authority with such information as the Authority may reasonably request to satisfy itself that the Supplier is complying with its obligations under the DPA: promptly notify the Authority of any breach of the Security measures to be put in place pursuant to this Clause; and ensure that it does not knowingly or negligently do or omit to do anything which places the Authority in breach of its obligations under the DPA; and not cause or permit to be processed, stored, accessed or otherwise transferred outside the European Economic Area any Authority Personal Data supplied to it by the Authority without Approval. INTELLECTUAL PROPERTY RIGHTS AND INDEMNITY Save as granted under this Framework Agreement, neither the Authority, a Contracting Body nor the Supplier shall acquire any right, title or interest in the other’s Intellectual Property Rights. The Supplier shall ensure and procure that the availability, provision and delivery of the services under this Framework Agreement and the Services under any Call Off Agreement shall not infringe any Intellectual Property Right of any third party. With respect to the Supplier’s obligations under this Framework Agreement and any Call Off Agreement, the Supplier warrants and represents that: it owns or has obtained valid licences for all Intellectual Property Rights that are necessary to perform its obligations under this Framework Agreement and/or any Call Off Agreement which may be entered into with the Authority or Other Contracting Bodies and shall maintain the same in full force and effect for the duration of the Term and the duration of any and all Call Off Agreements entered into by it under the Framework Agreement. it has and shall continue to take all steps, in accordance with Good Industry Practice, to prevent the introduction, creation or propagation of any disruptive elements (including any virus, worms and/or trojans, spyware or other malware) into systems, data, software or Authority’s Confidential Information or information that would be deemed “confidential information” in accordance with the terms of any Call Off Agreement (held in electronic form) owned by or under the control of, or used by the Authority and/or Other Contracting Bodies. The Supplier shall during and after the Term indemnify and keep indemnified the Authority and Contracting Body on demand in full from and against all Losses whatsoever arising from, out of, in respect of or incurred by reason of any infringement or alleged infringement (including the defence of such alleged infringement) of any Intellectual Property Right by the: availability, provision or use of the Services (or any parts thereof); and performance of the Supplier’s responsibilities and obligations hereunder. The Supplier shall promptly notify the Authority or Contracting Body if any claim or demand is made or action brought against the Supplier for infringement or alleged infringement of any Intellectual Property Right that may affect the availability, provision or use of the Services (or any Deliverables or parts thereof) and/or the performance of the Supplier’s responsibilities and obligations hereunder. If a claim or demand is made or action brought alleging matters which if proved would constitute a breach of this Clause FW-39. or any Call Off Agreement, or in the reasonable opinion of the Supplier is likely to be made or brought, the Supplier may (subject to the Authority’s prior Approval or in respect of a Call Agreement, subject to the relevant Contracting Body’s prior written approval) at its own expense and at no cost to the Authority or relevant Contracting Body, within a reasonable time either: modify any or all of the affected Services without reducing the performance and functionality of the same, or substitute alternative services of equivalent performance and functionality for any or all of the affected Services, so as to avoid the infringement or the alleged infringement; provided that such action shall not increase the cost or burden on Contracting Bodies; procure a licence to use the affected Services and/or Deliverables on terms that are reasonably acceptable to the Authority or Contracting Body (as applicable); and in relation to the performance of the Supplier’s responsibilities and obligations hereunder, promptly re-perform those responsibilities and obligations. And in the event that the Supplier is unable to comply with Clauses FW-39.6.1 or FW-39.6.2 within twenty (20) Working Days of receipt of the Supplier’s notification, the Authority may terminate the this Contract and the Contracting Body may terminate a Call Off Agreement in accordance with the terms of the Call Off Agreement and the Supplier shall, upon demand, refund the Authority and/or Contracting Body (as the case may be) with all monies paid in respect of the Service and/or Deliverable that is subject to the Claim. Subject to full compliance with the Authority’s branding guidance, the Supplier shall be entitled to use the Authority’s logo exclusively in connection with the provision of the Services during the Term and for no other purpose.

DATA PROTECTION AND DISCLOSURE. The provisions of this Clause FW-24. shall apply during the Term and for such time as the Supplier holds the Authority Personal Data. The Supplier shall (and shall procure that Supplier’s Staff) comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with this Framework Agreement or under any Call Off Agreement. Where the Supplier is Processing Authority Personal Data, Data for the Authority the Supplier shall ensure that it has in place appropriate technical and organisational measures to ensure the Security security of the Authority Personal Data (and to guard against unauthorised or unlawful Processing of the Authority Personal Data and against accidental loss or accidental lossdestruction of, destruction of or damage to to, the Authority Personal Data). The Supplier shall) and: provide the Authority with such information as the Authority may reasonably request to satisfy itself that the Supplier is complying with its obligations under the DPA: ; promptly notify the Authority of any breach of the Security security measures to be put in place pursuant to this Clause; and ensure that it does not knowingly or negligently do or omit to do anything which places the Authority in breach of its obligations under the DPA; and . The Supplier shall: not cause or permit to be processed, stored, accessed or otherwise transferred outside the European Economic Area any Authority Personal Data supplied to it by the Authority without Approval. INTELLECTUAL PROPERTY RIGHTS AND INDEMNITY Save as granted under this Framework Agreement, neither the Authority, a Contracting Body nor the Supplier shall acquire any right, title or interest in the other’s Intellectual Property Rights. The Supplier shall ensure and procure that the availability, provision and delivery prior Approval of the services under this Framework Agreement and the Services under any Call Off Agreement shall not infringe any Intellectual Property Right of any third party. With respect to the Supplier’s obligations under this Framework Agreement and any Call Off AgreementAuthority and, the Supplier warrants and represents that: it owns or has obtained valid licences for all Intellectual Property Rights that are necessary to perform its obligations under this Framework Agreement and/or any Call Off Agreement which may be entered into with where the Authority consents to such processing, storing, accessing or Other Contracting Bodies and shall maintain transfer outside the same European Economic Area, to comply with: the obligations of a Data Controller under the Eighth Data Protection Principle set out in full force and effect for the duration Schedule 1 of the Term and the duration Data Protection Act 1998 by providing an adequate level of protection to any and all Call Off Agreements entered into Authority Personal Data that is so processed, stored, accessed or transferred; any reasonable instructions notified to it by it under the Framework Agreement. it has and shall continue to take all steps, in accordance with Good Industry Practice, to prevent the introduction, creation or propagation of any disruptive elements (including any virus, worms and/or trojans, spyware or other malware) into systems, data, software or Authority’s Confidential Information or information that would be deemed “confidential information” in accordance with the terms of any Call Off Agreement (held in electronic form) owned by or under the control of, or used by the Authority and/or Other Contracting Bodies. The Supplier shall during and after the Term indemnify and keep indemnified the Authority and Contracting Body on demand in full from and against all Losses whatsoever arising from, out of, in respect of or incurred by reason of any infringement or alleged infringement (including the defence of such alleged infringement) of any Intellectual Property Right by the: availability, provision or use of the Services (or any parts thereof); and performance of the Supplier’s responsibilities and obligations hereunder. The Supplier shall promptly notify the Authority or Contracting Body if any claim concerned; or, either incorporate standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) or demand is made or action brought against warrant that that the obligations set out in the Supplier Terms provide Adequate protection for infringement or alleged infringement of any Intellectual Property Right that may affect the availability, provision or use of the Services (or any Deliverables or parts thereof) and/or the performance of the Supplier’s responsibilities and obligations hereunder. If a claim or demand is made or action brought alleging matters which if proved would constitute a breach of this Clause FW-39. or any Call Off Agreement, or in the reasonable opinion of the Supplier is likely to be made or brought, the Supplier may (subject to the Authority’s prior Approval or in respect of a Call Agreement, subject to the relevant Contracting Body’s prior written approval) at its own expense and at no cost to the Authority or relevant Contracting Body, within a reasonable time either: modify any or all of the affected Services without reducing the performance and functionality of the same, or substitute alternative services of equivalent performance and functionality for any or all of the affected Services, so as to avoid the infringement or the alleged infringement; provided that such action shall not increase the cost or burden on Contracting Bodies; procure a licence to use the affected Services and/or Deliverables on terms that are reasonably acceptable to the Authority or Contracting Body (as applicable); and in relation to the performance of the Supplier’s responsibilities and obligations hereunder, promptly re-perform those responsibilities and obligations. And in the event that the Supplier is unable to comply with Clauses FW-39.6.1 or FW-39.6.2 within twenty (20) Working Days of receipt of the Supplier’s notification, the Authority may terminate the this Contract and the Contracting Body may terminate a Call Off Agreement in accordance with the terms of the Call Off Agreement and the Supplier shall, upon demand, refund the Authority and/or Contracting Body (as the case may be) with all monies paid in respect of the Service and/or Deliverable that is subject to the Claim. Subject to full compliance with the Authority’s branding guidance, the Supplier shall be entitled to use the Authority’s logo exclusively in connection with the provision of the Services during the Term and for no other purposePersonal Data.

DATA PROTECTION AND DISCLOSURE. The provisions of this Clause FW-24 shall apply during the Term and for such time as the Supplier holds the Authority Personal Data. The Supplier shall (and shall procure that Supplier’s Staff) comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with this Framework Agreement or under any Call Off Agreement. Where the Supplier is Processing Authority Personal Data, Data for the Authority the Supplier shall ensure that it has in place appropriate technical and organisational measures to ensure the Security security of the Authority Personal Data (and to guard against unauthorised or unlawful Processing of the Authority Personal Data and against accidental loss or accidental lossdestruction of, destruction of or damage to to, the Authority Personal Data). The Supplier shall) and: provide the Authority with such information as the Authority may reasonably request to satisfy itself that the Supplier is complying with its obligations under the DPA: ; promptly notify the Authority of any breach of the Security security measures to be put in place pursuant to this Clause; and ensure that it does not knowingly or negligently do or omit to do anything which places the Authority in breach of its obligations under the DPA; and . The Supplier shall: not cause or permit to be processed, stored, accessed or otherwise transferred outside the European Economic Area any Authority Personal Data supplied to it by the Authority without Approval. INTELLECTUAL PROPERTY RIGHTS AND INDEMNITY Save as granted under this Framework Agreement, neither the Authority, a Contracting Body nor the Supplier shall acquire any right, title or interest in the other’s Intellectual Property Rights. The Supplier shall ensure and procure that the availability, provision and delivery prior Approval of the services under this Framework Agreement and the Services under any Call Off Agreement shall not infringe any Intellectual Property Right of any third party. With respect to the Supplier’s obligations under this Framework Agreement and any Call Off AgreementAuthority and, the Supplier warrants and represents that: it owns or has obtained valid licences for all Intellectual Property Rights that are necessary to perform its obligations under this Framework Agreement and/or any Call Off Agreement which may be entered into with where the Authority consents to such processing, storing, accessing or Other Contracting Bodies and shall maintain transfer outside the same European Economic Area, to comply with: the obligations of a Data Controller under the Eighth Data Protection Principle set out in full force and effect for the duration Schedule 1 of the Term and the duration Data Protection Act 1998 by providing an adequate level of protection to any and all Call Off Agreements entered into Authority Personal Data that is so processed, stored, accessed or transferred; any reasonable instructions notified to it by it under the Framework Agreement. it has and shall continue to take all steps, in accordance with Good Industry Practice, to prevent the introduction, creation or propagation of any disruptive elements (including any virus, worms and/or trojans, spyware or other malware) into systems, data, software or Authority’s Confidential Information or information that would be deemed “confidential information” in accordance with the terms of any Call Off Agreement (held in electronic form) owned by or under the control of, or used by the Authority and/or Other Contracting Bodies. The Supplier shall during and after the Term indemnify and keep indemnified the Authority and Contracting Body on demand in full from and against all Losses whatsoever arising from, out of, in respect of or incurred by reason of any infringement or alleged infringement (including the defence of such alleged infringement) of any Intellectual Property Right by the: availability, provision or use of the Services (or any parts thereof); and performance of the Supplier’s responsibilities and obligations hereunder. The Supplier shall promptly notify the Authority or Contracting Body if any claim concerned; or, either incorporate standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) or demand is made or action brought against warrant that that the obligations set out in the Supplier Terms provide Adequate protection for infringement or alleged infringement of any Intellectual Property Right that may affect the availability, provision or use of the Services (or any Deliverables or parts thereof) and/or the performance of the Supplier’s responsibilities and obligations hereunder. If a claim or demand is made or action brought alleging matters which if proved would constitute a breach of this Clause FW-39. or any Call Off Agreement, or in the reasonable opinion of the Supplier is likely to be made or brought, the Supplier may (subject to the Authority’s prior Approval or in respect of a Call Agreement, subject to the relevant Contracting Body’s prior written approval) at its own expense and at no cost to the Authority or relevant Contracting Body, within a reasonable time either: modify any or all of the affected Services without reducing the performance and functionality of the same, or substitute alternative services of equivalent performance and functionality for any or all of the affected Services, so as to avoid the infringement or the alleged infringement; provided that such action shall not increase the cost or burden on Contracting Bodies; procure a licence to use the affected Services and/or Deliverables on terms that are reasonably acceptable to the Authority or Contracting Body (as applicable); and in relation to the performance of the Supplier’s responsibilities and obligations hereunder, promptly re-perform those responsibilities and obligations. And in the event that the Supplier is unable to comply with Clauses FW-39.6.1 or FW-39.6.2 within twenty (20) Working Days of receipt of the Supplier’s notification, the Authority may terminate the this Contract and the Contracting Body may terminate a Call Off Agreement in accordance with the terms of the Call Off Agreement and the Supplier shall, upon demand, refund the Authority and/or Contracting Body (as the case may be) with all monies paid in respect of the Service and/or Deliverable that is subject to the Claim. Subject to full compliance with the Authority’s branding guidance, the Supplier shall be entitled to use the Authority’s logo exclusively in connection with the provision of the Services during the Term and for no other purposePersonal Data.

DATA PROTECTION AND DISCLOSURE. The Supplier shall (and shall procure that Supplier’s Staff) comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with this Framework Agreement or under any Call Off Agreement. Where the Supplier is Processing Authority Personal Data or Other Contracting Bodies’ Personal Data, the Supplier shall ensure that it has in place appropriate technical and organisational measures to ensure the Security security of the Authority and Other Contracting Bodies’ Personal Data (and to guard against unauthorised or unlawful Processing or accidental loss, destruction of or damage to the Authority Personal Data and the Other Contracting Bodies’ Personal Data). The Supplier shall: provide the Authority and/or Other Contracting Body with such information as the Authority and/or Other Contracting Body may reasonably request to satisfy itself that the Supplier is complying with its obligations under the DPA: ; promptly notify the Authority and/or Other Contracting Body of any breach of the Security security measures to be put in place pursuant to this Clause; and ensure that it does not knowingly or negligently do or omit to do anything which places the Authority and/or Other Contracting Body in breach of its obligations under the DPA; and . not cause or permit to be processed, stored, accessed or otherwise transferred outside the European Economic Area any Authority Personal Data or Other Contracting Body Personal Data supplied to it by the Authority or Other Contracting Body without Approval. INTELLECTUAL PROPERTY RIGHTS AND INDEMNITY Save as granted under this Framework Agreement, neither the Authority, a Contracting Body the Customer nor the Supplier shall acquire any right, title or interest in the other’s 's Intellectual Property Rights. The Supplier shall ensure and procure that the availability, provision and delivery of the services under this Framework Agreement and the Services under any Call Off Agreement Agreement’ shall not infringe any Intellectual Property Right Rights of any third party. With respect to the Supplier’s 's obligations under this Framework Agreement and any Call Off Agreement, the Supplier warrants and represents that: it owns or has obtained valid licences for all Intellectual Property Rights that are necessary to perform its obligations under this Framework Agreement and/or any Call Off Agreement which may be entered into with the Authority or Other Contracting Bodies and shall maintain the same in full force and effect for the duration of the Term and the duration of any and all Call Off Agreements entered into by it under the Framework Agreement. it has and shall continue to take all steps, in accordance with Good Industry Practice, to prevent the introduction, creation or propagation of any disruptive elements (including any virus, worms and/or trojans, spyware or other malware) into systems, data, software or Authority’s Confidential Information or information that would be deemed “confidential information” in accordance with the terms of any Call Off Agreement (held in electronic form) owned by or under the control of, or used by the Authority and/or Other Contracting Bodies. The Supplier shall during and after the Term indemnify and keep indemnified the Authority and Contracting Body on demand in full from and against all Losses whatsoever arising from, out of, in respect of or incurred by reason of any infringement or alleged infringement (including the defence of such alleged infringement) of any Intellectual Property Right by the: availability, provision or use of the Services (or any parts thereof); and performance of the Supplier’s responsibilities and obligations hereunder. The Supplier shall promptly notify the Authority or Contracting Body if any claim or demand is made or action brought against the Supplier for infringement or alleged infringement of any Intellectual Property Right that may affect the availability, provision or use of the Services (or any Deliverables or parts thereof) and/or the performance of the Supplier’s responsibilities and obligations hereunder. If a claim or demand is made or action brought alleging matters which if proved would constitute a breach of this Clause FW-39. or any Call Off Agreement, or in the reasonable opinion of the Supplier is likely to be made or brought, the Supplier may (subject to the Authority’s prior Approval or in respect of a Call Agreement, subject to the relevant Contracting Body’s prior written approval) at its own expense and at no cost to the Authority or relevant Contracting Body, within a reasonable time either: modify any or all of the affected Services without reducing the performance and functionality of the same, or substitute alternative services of equivalent performance and functionality for any or all of the affected Services, so as to avoid the infringement or the alleged infringement; provided that such action shall not increase the cost or burden on Contracting Bodies; procure a licence to use the affected Services and/or Deliverables on terms that are reasonably acceptable to the Authority or Contracting Body (as applicable); and in relation to the performance of the Supplier’s responsibilities and obligations hereunder, promptly re-perform those responsibilities and obligations. And in the event that the Supplier is unable to comply with Clauses FW-39.6.1 or FW-39.6.2 within twenty (20) Working Days of receipt of the Supplier’s notification, the Authority may terminate the this Contract and the Contracting Body may terminate a Call Off Agreement in accordance with the terms of the Call Off Agreement and the Supplier shall, upon demand, refund the Authority and/or Contracting Body (as the case may be) with all monies paid in respect of the Service and/or Deliverable that is subject to the Claim. Subject to full compliance with the Authority’s branding guidance, the Supplier shall be entitled to use the Authority’s logo exclusively in connection with the provision of the Services during the Term and for no other purpose.

DATA PROTECTION AND DISCLOSURE. The Supplier shall (and shall procure that Supplier’s Staff) comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with this Framework Agreement or under any Call Call-Off Agreement. Where the Supplier is Processing Authority Personal Data or Other Contracting Bodies’ Personal Data, the Supplier shall ensure that it has in place appropriate technical and organisational measures to ensure the Security security of the Authority and Other Contracting Bodies’ Personal Data (and to guard against unauthorised or unlawful Processing or accidental loss, destruction of or damage to the Authority Personal Data and the Other Contracting Bodies’ Personal Data). The Supplier shall: provide the Authority and/or Other Contracting Body with such information as the Authority and/or Other Contracting Body may reasonably request to satisfy itself that the Supplier is complying with its obligations under the DPA: DPA including; to promptly notify the Authority and/or Other Contracting Body of any breach of the Security security measures to be put in place pursuant to this Clause; and to ensure that it does not knowingly or negligently do or omit to do anything which places the Authority and/or Other Contracting Body in breach of its obligations under the DPA; DPA and not to cause or permit to be processed, stored, accessed or otherwise transferred outside the European Economic Area any Authority Personal Data or Other Contracting Body Personal Data supplied to it by the Authority or Other Contracting Body without Approval. INTELLECTUAL PROPERTY RIGHTS AND INDEMNITY Save as granted under this Framework Agreement, neither the Authority, a Contracting Body the Customer nor the Supplier shall acquire any right, title or interest in the other’s 's Intellectual Property Rights. The Supplier shall ensure and procure that the availability, provision and delivery of the services under this Framework Agreement and the Services under any Call Call-Off Agreement Agreement’ shall not infringe any Intellectual Property Right Rights of any third party. With respect to the Supplier’s 's obligations under this Framework Agreement and any Call Call-Off Agreement, the Supplier warrants and represents that: it owns or has obtained valid licences for all Intellectual Property Rights that are necessary to perform its obligations under this Framework Agreement and/or any Call Call-Off Agreement which may be entered into with the Authority or Other Contracting Bodies and shall maintain the same in full force and effect for the duration of the Term and the duration of any and all Call Call-Off Agreements entered into by it under the Framework Agreement. it has and shall continue to take all steps, in accordance with Good Industry Practice, to prevent the introduction, creation or propagation of any disruptive elements (including any virus, worms and/or trojans, spyware or other malware) into systems, data, software or Authority’s Confidential Information or information that would be deemed “confidential information” in accordance with the terms of any Call Off Agreement (held in electronic form) owned by or under the control of, or used by the Authority and/or Other Contracting Bodies. The Supplier shall during and after the Term indemnify and keep indemnified the Authority and Contracting Body on demand in full from and against all Losses whatsoever arising from, out of, in respect of or incurred by reason of any infringement or alleged infringement (including the defence of such alleged infringement) of any Intellectual Property Right by the: availability, provision or use of the Services (or any parts thereof); and performance of the Supplier’s responsibilities and obligations hereunder. The Supplier shall promptly notify the Authority or Contracting Body if any claim or demand is made or action brought against the Supplier for infringement or alleged infringement of any Intellectual Property Right that may affect the availability, provision or use of the Services (or any Deliverables or parts thereof) and/or the performance of the Supplier’s responsibilities and obligations hereunder. If a claim or demand is made or action brought alleging matters which if proved would constitute a breach of this Clause FW-39. or any Call Off Agreement, or in the reasonable opinion of the Supplier is likely to be made or brought, the Supplier may (subject to the Authority’s prior Approval or in respect of a Call Agreement, subject to the relevant Contracting Body’s prior written approval) at its own expense and at no cost to the Authority or relevant Contracting Body, within a reasonable time either: modify any or all of the affected Services without reducing the performance and functionality of the same, or substitute alternative services of equivalent performance and functionality for any or all of the affected Services, so as to avoid the infringement or the alleged infringement; provided that such action shall not increase the cost or burden on Contracting Bodies; procure a licence to use the affected Services and/or Deliverables on terms that are reasonably acceptable to the Authority or Contracting Body (as applicable); and in relation to the performance of the Supplier’s responsibilities and obligations hereunder, promptly re-perform those responsibilities and obligations. And in the event that the Supplier is unable to comply with Clauses FW-39.6.1 or FW-39.6.2 within twenty (20) Working Days of receipt of the Supplier’s notification, the Authority may terminate the this Contract and the Contracting Body may terminate a Call Off Agreement in accordance with the terms of the Call Off Agreement and the Supplier shall, upon demand, refund the Authority and/or Contracting Body (as the case may be) with all monies paid in respect of the Service and/or Deliverable that is subject to the Claim. Subject to full compliance with the Authority’s branding guidance, the Supplier shall be entitled to use the Authority’s logo exclusively in connection with the provision of the Services during the Term and for no other purpose.

DATA PROTECTION AND DISCLOSURE. The provisions of this Clause FW-6.37 shall apply during the Term and for such time as the Supplier holds the Authority Personal Data. The Supplier shall (and shall procure that Supplier’s Staff) comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with this Framework Agreement or under any Call Off Agreement. Where the Supplier is Processing Authority Personal Data, Data for the Authority the Supplier shall ensure that it has in place appropriate technical and organisational measures to ensure the Security security of the Authority Personal Data (and to guard against unauthorised or unlawful Processing of the Authority Personal Data and against accidental loss or accidental lossdestruction of, destruction of or damage to to, the Authority Personal Data). The Supplier shall) and: provide the Authority with such information as the Authority may reasonably request to satisfy itself that the Supplier is complying with its obligations under the DPA: ; promptly notify the Authority of any breach of the Security security measures to be put in place pursuant to this Clause; and ensure that it does not knowingly or negligently do or omit to do anything which places the Authority in breach of its obligations under the DPA; and . The Supplier shall: not cause or permit to be processed, stored, accessed or otherwise transferred outside the European Economic Area any Authority Personal Data supplied to it by the Authority without Approval. INTELLECTUAL PROPERTY RIGHTS AND INDEMNITY Save as granted under this Framework Agreement, neither the Authority, a Contracting Body nor the Supplier shall acquire any right, title or interest in the other’s Intellectual Property Rights. The Supplier shall ensure and procure that the availability, provision and delivery prior Approval of the services under this Framework Agreement and the Services under any Call Off Agreement shall not infringe any Intellectual Property Right of any third party. With respect to the Supplier’s obligations under this Framework Agreement and any Call Off AgreementAuthority and, the Supplier warrants and represents that: it owns or has obtained valid licences for all Intellectual Property Rights that are necessary to perform its obligations under this Framework Agreement and/or any Call Off Agreement which may be entered into with where the Authority consents to such processing, storing, accessing or Other Contracting Bodies and shall maintain transfer outside the same European Economic Area, to comply with: the obligations of a Data Controller under the Eighth Data Protection Principle set out in full force and effect for the duration Schedule 1 of the Term and the duration Data Protection Act 1998 by providing an adequate level of protection to any and all Call Off Agreements entered into Authority Personal Data that is so processed, stored, accessed or transferred; any reasonable instructions notified to it by it under the Framework Agreement. it has and shall continue to take all steps, in accordance with Good Industry Practice, to prevent the introduction, creation or propagation of any disruptive elements (including any virus, worms and/or trojans, spyware or other malware) into systems, data, software or Authority’s Confidential Information or information that would be deemed “confidential information” in accordance with the terms of any Call Off Agreement (held in electronic form) owned by or under the control of, or used by the Authority and/or Other Contracting Bodies. The Supplier shall during and after the Term indemnify and keep indemnified the Authority and Contracting Body on demand in full from and against all Losses whatsoever arising from, out of, in respect of or incurred by reason of any infringement or alleged infringement (including the defence of such alleged infringement) of any Intellectual Property Right by the: availability, provision or use of the Services (or any parts thereof); and performance of the Supplier’s responsibilities and obligations hereunder. The Supplier shall promptly notify the Authority or Contracting Body if any claim concerned; or, either incorporate standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) or demand is made or action brought against warrant that that the obligations set out in the Supplier Terms provide Adequate protection for infringement or alleged infringement of any Intellectual Property Right that may affect the availability, provision or use of the Services (or any Deliverables or parts thereof) and/or the performance of the Supplier’s responsibilities and obligations hereunder. If a claim or demand is made or action brought alleging matters which if proved would constitute a breach of this Clause FW-39. or any Call Off Agreement, or in the reasonable opinion of the Supplier is likely to be made or brought, the Supplier may (subject to the Authority’s prior Approval or in respect of a Call Agreement, subject to the relevant Contracting Body’s prior written approval) at its own expense and at no cost to the Authority or relevant Contracting Body, within a reasonable time either: modify any or all of the affected Services without reducing the performance and functionality of the same, or substitute alternative services of equivalent performance and functionality for any or all of the affected Services, so as to avoid the infringement or the alleged infringement; provided that such action shall not increase the cost or burden on Contracting Bodies; procure a licence to use the affected Services and/or Deliverables on terms that are reasonably acceptable to the Authority or Contracting Body (as applicable); and in relation to the performance of the Supplier’s responsibilities and obligations hereunder, promptly re-perform those responsibilities and obligations. And in the event that the Supplier is unable to comply with Clauses FW-39.6.1 or FW-39.6.2 within twenty (20) Working Days of receipt of the Supplier’s notification, the Authority may terminate the this Contract and the Contracting Body may terminate a Call Off Agreement in accordance with the terms of the Call Off Agreement and the Supplier shall, upon demand, refund the Authority and/or Contracting Body (as the case may be) with all monies paid in respect of the Service and/or Deliverable that is subject to the Claim. Subject to full compliance with the Authority’s branding guidance, the Supplier shall be entitled to use the Authority’s logo exclusively in connection with the provision of the Services during the Term and for no other purposePersonal Data.

DATA PROTECTION AND DISCLOSURE. The provisions of this Clause FW-24. shall apply during the Term and for such time as the Supplier holds the Authority Personal Data. The Supplier shall (and shall procure that Supplier’s Staff) comply with any notification requirements under the DPA and both Parties will duly observe all their obligations under the DPA which arise in connection with this Framework Agreement or under any Call Off Agreement. Where the Supplier is Processing Authority Personal Data, Data for the Authority the Supplier shall ensure that it has in place appropriate technical and organisational measures to ensure the Security security of the Authority Personal Data (and to guard against unauthorised or unlawful Processing of the Authority Personal Data and against accidental loss or accidental lossdestruction of, destruction of or damage to to, the Authority Personal Data). The Supplier shall) and: provide the Authority with such information as the Authority may reasonably request to satisfy itself that the Supplier is complying with its obligations under the DPA: ; promptly notify the Authority of any breach of the Security security measures to be put in place pursuant to this Clause; and ensure that it does not knowingly or negligently do or omit to do anything which places the Authority in breach of its obligations under the DPA; and . The Supplier shall: not cause or permit to be processed, stored, accessed or otherwise transferred outside the European Economic Area any Authority Personal Data supplied to it by the Authority without Approval. INTELLECTUAL PROPERTY RIGHTS AND INDEMNITY Save as granted under this Framework Agreement, neither the Authority, a Contracting Body nor the Supplier shall acquire any right, title or interest in the other’s Intellectual Property Rights. The Supplier shall ensure and procure that the availability, provision and delivery prior Approval of the services under this Framework Agreement and the Services under any Call Off Agreement shall not infringe any Intellectual Property Right of any third party. With respect to the Supplier’s obligations under this Framework Agreement and any Call Off AgreementAuthority and, the Supplier warrants and represents that: it owns or has obtained valid licences for all Intellectual Property Rights that are necessary to perform its obligations under this Framework Agreement and/or any Call Off Agreement which may be entered into with where the Authority consents to such processing, storing, accessing or Other Contracting Bodies and shall maintain transfer outside the same European Economic Area, to comply with: the obligations of a Data Controller under the Eighth Data Protection Principle set out in full force and effect for the duration Schedule 1 of the Term and the duration Data Protection Act 1998 by providing an adequate level of protection to any and all Call Off Agreements entered into Authority Personal Data that is so processed, stored, accessed or transferred; any reasonable instructions notified to it by it under the Framework Agreement. it has and shall continue to take all steps, in accordance with Good Industry Practice, to prevent the introduction, creation or propagation of any disruptive elements (including any virus, worms and/or trojans, spyware or other malware) into systems, data, software or Authority’s Confidential Information or information that would be deemed “confidential information” in accordance with the terms of any Call Off Agreement (held in electronic form) owned by or under the control of, or used by the Authority and/or Other Contracting Bodies. The Supplier shall during and after the Term indemnify and keep indemnified the Authority and Contracting Body on demand in full from and against all Losses whatsoever arising from, out of, in respect of or incurred by reason of any infringement or alleged infringement (including the defence of such alleged infringement) of any Intellectual Property Right by the: availability, provision or use of the Services (or any parts thereof); and performance of the Supplier’s responsibilities and obligations hereunder. The Supplier shall promptly notify the Authority or Contracting Body if any claim or demand is made or action brought against concerned; or, either incorporate standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) warrant that that the obligations set out in the Supplier Terms provide Adequate protection for infringement or alleged infringement of any Intellectual Property Right that may affect the availability, provision or use of the Services (or any Deliverables or parts thereof) and/or the performance of the Supplier’s responsibilities and obligations hereunder. If a claim or demand is made or action brought alleging matters which if proved would constitute a breach of this Clause FW-39. or any Call Off Agreement, or in the reasonable opinion of the Supplier is likely to be made or brought, the Supplier may (subject to the Authority’s prior Approval or in respect of a Call Agreement, subject to the relevant Contracting Body’s prior written approval) at its own expense and at no cost to the Authority or relevant Contracting Body, within a reasonable time either: modify any or all of the affected Services without reducing the performance and functionality of the same, or substitute alternative services of equivalent performance and functionality for any or all of the affected Services, so as to avoid the infringement or the alleged infringement; provided that such action shall not increase the cost or burden on Contracting Bodies; procure a licence to use the affected Services and/or Deliverables on terms that are reasonably acceptable to the Authority or Contracting Body (as applicable); and in relation to the performance of the Supplier’s responsibilities and obligations hereunder, promptly re-perform those responsibilities and obligations. And in the event that the Supplier is unable to comply with Clauses FW-39.6.1 or FW-39.6.2 within twenty (20) Working Days of receipt of the Supplier’s notification, the Authority may terminate the this Contract and the Contracting Body may terminate a Call Off Agreement in accordance with the terms of the Call Off Agreement and the Supplier shall, upon demand, refund the Authority and/or Contracting Body (as the case may be) with all monies paid in respect of the Service and/or Deliverable that is subject to the Claim. Subject to full compliance with the Authority’s branding guidance, the Supplier shall be entitled to use the Authority’s logo exclusively in connection with the provision of the Services during the Term and for no other purposePersonal Data.