Common use of DATA PROTECTION AND PRIVACY Clause in Contracts

DATA PROTECTION AND PRIVACY. 17.1 Where Sage processes on the End-User’s behalf any data classified as personal data or special categories of personal data under applicable data protection and privacy laws, Sage shall comply with the applicable data protection and privacy laws. In particular, Sage shall: 17.1.1 maintain technical and organisational security measures and safeguards sufficient to comply with at least those obligations imposed on controllers by applicable data protection and privacy laws; 17.1.2 act only on instructions from the End-User (as data controller) in respect of such personal data and process it only for the purposes of: (a) performing Sage’s obligations under this Agreement and to prevent or address service or technical problems; (b) as compelled by law; and (c) as the End User expressly permits in writing; and 17.1.3 be responsible for the performance of its personnel (including its employees and contractors) and their compliance with its obligations under this Agreement, except as otherwise specified within this Agreement. 17.2 In addition to the above requirements, Sage may, upon the End-User’s request, provide to the End-User, a declaration and any supporting evidential documents of Sage’s compliance with requirements of any local data protection and privacy laws. 17.3 Notwithstanding this clause 17, the End-User owns the End-User Data and has sole responsibility for its legality, reliability, integrity, accuracy and quality and shall also be responsible and for its own compliance with applicable data protection and privacy laws.

DATA PROTECTION AND PRIVACY. 17.1 Where Sage processes on the End-User’s behalf any data classified as personal data or special categories of personal data under applicable data protection and privacy laws, Sage shall comply with the applicable data protection and privacy laws. In particular, Sage shall: 17.1.1 maintain technical and organisational security measures and safeguards sufficient to comply with at least those obligations imposed on controllers by applicable data protection and privacy laws; 17.1.2 act only on instructions from the End-User (as data controller) in respect of such personal data and process it only for the purposes of: (a) performing Sage’s obligations under this Agreement and to prevent or address service or technical problems; ; (b) as compelled by law; and (c) as the End User expressly permits in writing; and 17.1.3 be responsible for the performance of its personnel (including its employees and contractors) and their compliance with its obligations under this Agreement, except as otherwise specified within this Agreement. 17.2 In addition to the above requirements, Sage may, upon the End-User’s request, provide to the End-User, a declaration and any supporting evidential documents of Sage’s compliance with requirements of any local data protection and privacy laws. 17.3 Notwithstanding this clause 17, the End-User owns the End-User Data and has sole responsibility for its legality, reliability, integrity, accuracy and quality and shall also be responsible and for its own compliance with applicable data protection and privacy laws.