Common use of Hosted Software Clause in Contracts

Hosted Software. If the Software will be hosted by Frog, the Customer will: 7.1 ensure that each End User shall keep a secure password for his use of the Hosting Services and On-Line Documentation and that each End User shall keep his password confidential; and 7.2 only issue passwords which give administrative access to the Software and Hosting Services to appropriate End Users. 1.1 Through reference to the applicable Data Protection Laws, it is agreed that 1.1.1 The Customer is the Controller of all Personal Data required to fulfil the Agreement, and 1.1.2 Frog is the Processor of all Personal Data required to fulfil the Agreement 1.1.3 Where the Customer configures the Associated Products to Process Personal Data in addition to the Personal Data required in paragraph 15.1.1, the Customer shall assume the role of Processor for that data 1.2 Both parties shall: 1.2.1 ensure that appropriate technical and organisational measures are in place to safeguard Customer Personal Data against accidental or unlawful loss, alteration, unauthorised disclosure or access 1.2.2 Ensure that procedures are in place to notify the other party in reasonable time of any Data Incident relating to the Customer Personal Data being processed in the Associated Products as part of this Agreement. This notification shall include, to the extent possible, providing details of the Data Incident including steps taken to mitigate the potential risks and steps the notifying party would recommend that the other party takes to address the Data Incident 1.3 Frog shall: 1.3.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and 1.3.2 only process Personal Data in accordance with Appendix 2; and 1.3.3 not Process Customer Personal Data other than on the relevant Customer’s written instruction unless Processing is required by Applicable Laws to which Frog is subject, in which case Frog shall inform the Customer of that legal requirement before the Processing of the Personal Data. 1.3.4 maintain Cyber Essentials certification to help ensure the effectiveness of the Supplier’s Security Measures 1.3.5 take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Sub-Processors to the extent applicable to their scope of performance; 1.3.6 inform the Customer if any instructions received from the Customer are thought to infringe the relevant Data Protection Legislation 1.3.7 maintain records to support compliance with the data protection obligations that are relevant to this agreement 1.4 The Customer shall: 1.4.1 instructs Frog (and authorises Frog to instruct each Sub-processor) to process Customer Personal Data to the extent required to deliver the services provided as part of the Agreement. 1.4.2 ensure that Frog’s use of the Customer Personal Data in accordance with this Agreement shall not put Frog in breach of any Data Protection Laws; 1.4.3 not do or omit to do anything which places Frog in breach of any Data Protection Laws; 1.4.4 at all times be responsible for the integrity, quality and legality of the Personal Data provided by the Customer to Frog (or on its behalf). Frog is under no duty to investigate the completeness, accuracy or sufficiency of the Personal Data provided to it by (or on behalf of) the Customer; 1.4.5 be solely responsible for making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of Personal Data it processes. 1.5 Appendix 2 sets out certain information regarding the Contracted Processors' Processing of the Customer Personal Data as required by article 28(3) of the GDPR. 1.6 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for Frog to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by (i) Frog to the extent that such Customer Data is held by Frog through the provision of Hosting Services; and/or (ii) the Customer in all other circumstances. Frog shall not be required to restore more than one previous full iteration of the Software and/or data containing the relevant lost or damaged Customer Data and shall not be required to restore one or more individual lost or damaged files. Frog shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by Frog to perform services related to Customer Data maintenance and back-up). 1.7 The Customer warrants that: 1.7.1 it has (and, in relation to Frog Purposes, it has or shall obtain (as applicable) using such terms or wording as Frog requires from time to time) all necessary consents and authorisations (including from End Users) and it shall comply with all Data Protection Laws to enable Frog to lawfully Process Personal Data for the purposes of Frog carrying out its obligations under this Agreement and as otherwise agreed in writing by the parties (including in relation to Frog Purposes); and 1.7.2 it will not cause Frog to be in breach of any Data Protection Laws whether by reason of any act or omission by the Customer or any of its directors, governors, officers, employees or subcontractors. 1.8 Without prejudice to the generality of clause 1.7, the parties agree that as requested by Frog, the Customer shall use all reasonable endeavours to facilitate the anonymisation of Personal Data (including by permitting Frog to act as its Data Processor in relation thereto) and Frog shall be entitled to aggregate, use and share with third parties any such anonymised Data for any purpose whether or not in relation to this Agreement.

Hosted Software. If the Software will be hosted by Frog, the Customer will: 7.1 ensure that each End User shall keep a secure password for his use of the Hosting Services and On-Line Documentation and that each End User shall keep his password confidential; and 7.2 only issue passwords which give administrative access to the Software and Hosting Services to appropriate End Users. 1.1 Through reference to the applicable Data Protection Laws, it is agreed that 1.1.1 The Customer is the Controller of all Personal Data required to fulfil the Agreement, and 1.1.2 Frog is the Processor of all Personal Data required to fulfil the Agreement 1.1.3 Where the Customer configures the Associated Products to Process Personal Data in addition to the Personal Data required in paragraph 15.1.1, the Customer shall assume the role of Processor for that data 1.2 Both parties shall: 1.2.1 ensure that appropriate technical and organisational measures are in place to safeguard Customer Personal Data against accidental or unlawful loss, alteration, unauthorised disclosure or access 1.2.2 Ensure that procedures are in place to notify the other party in reasonable time of any Data Incident relating to the Customer Personal Data being processed in the Associated Products as part of this Agreement. This notification shall include, to the extent possible, providing details of the Data Incident including steps taken to mitigate the potential risks and steps the notifying party would recommend that the other party takes to address the Data Incident 1.3 Frog shall: 1.3.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and 1.3.2 only process Personal Data in accordance with Appendix 2; and 1.3.3 not Process Customer Personal Data other than on the relevant Customer’s written instruction unless Processing is required by Applicable Laws to which Frog is subject, in which case Frog shall inform the Customer of that legal requirement before the Processing of the Personal Data. 1.3.4 maintain Cyber Essentials certification to help ensure the effectiveness of the Supplier’s Security Measures 1.3.5 take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Sub-Processors to the extent applicable to their scope of performance; 1.3.6 inform the Customer if any instructions received from the Customer are thought to infringe the relevant Data Protection Legislation 1.3.7 maintain records to support compliance with the data protection obligations that are relevant to this agreement 1.4 The Customer shall: 1.4.1 instructs Frog (and authorises Frog to instruct each Sub-processor) to process Customer Personal Data to the extent required to deliver the services provided as part of the Agreement. 1.4.2 ensure that Frog’s use of the Customer Personal Data in accordance with this Agreement shall not put Frog in breach of any Data Protection Laws; 1.4.3 not do or omit to do anything which places Frog in breach of any Data Protection Laws; 1.4.4 at all times be responsible for the integrity, quality and legality of the Personal Data provided by the Customer to Frog (or on its behalf). Frog is under no duty to investigate the completeness, accuracy or sufficiency of the Personal Data provided to it by (or on behalf of) the Customer; 1.4.5 be solely responsible for making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of Personal Data it processes. 1.5 Appendix 2 sets out certain information regarding the Contracted Processors' Processing of the Customer Personal Data as required by article 28(3) of the GDPR. 1.6 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for Frog to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by (i) Frog to the extent that such Customer Data is held by Frog through the provision of Hosting Services; and/or (ii) the Customer in all other circumstances. Frog shall not be required to restore more than one previous full iteration of the Software and/or data containing the relevant lost or damaged Customer Data and shall not be required to restore one or more individual lost or damaged files. Frog shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-sub- contracted by Frog to perform services related to Customer Data maintenance and back-up). 1.7 The Customer warrants that: 1.7.1 it has (and, in relation to Frog Purposes, it has or shall obtain (as applicable) using such terms or wording as Frog requires from time to time) all necessary consents and authorisations (including from End Users) and it shall comply with all Data Protection Laws to enable Frog to lawfully Process Personal Data for the purposes of Frog carrying out its obligations under this Agreement and as otherwise agreed in writing by the parties (including in relation to Frog Purposes); and 1.7.2 it will not cause Frog to be in breach of any Data Protection Laws whether by reason of any act or omission by the Customer or any of its directors, governors, officers, employees or subcontractors. 1.8 Without prejudice to the generality of clause 1.7, the parties agree that as requested by Frog, the Customer shall use all reasonable endeavours to facilitate the anonymisation of Personal Data (including by permitting Frog to act as its Data Processor in relation thereto) and Frog shall be entitled to aggregate, use and share with third parties any such anonymised Data for any purpose whether or not in relation to this Agreement.

Hosted Software. If the The Software will be hosted by Frog, the Customer will: 7.1 ensure that each End User shall keep a secure password for his use of the Hosting Services and On-Line Documentation and that each End User shall keep his his/her password confidential; and 7.2 only issue passwords which give administrative access to the Software and Hosting Services to appropriate End Users. 1 Data Processing 1.1 Through reference to the applicable Data Protection Laws, it is agreed that: 1.1.1 The the Customer is the Controller of all Personal Data required to fulfil the Agreement, and 1.1.2 Frog is the Processor of all Personal Data required to fulfil the Agreement 1.1.3 Where where the Customer configures the Associated Products to Process Personal Data in addition to the Personal Data required in paragraph 15.1.1Appendix 2, the Customer shall assume the role of Processor for that data 1.2 Both parties shall: 1.2.1 ensure that appropriate technical and organisational measures are in place to safeguard Customer Personal Data against accidental or unlawful loss, alteration, unauthorised disclosure or access 1.2.2 Ensure ensure that procedures are in place to notify the other party in reasonable time of any Data Incident relating to the Customer Personal Data being processed in the Associated Products as part of this Agreement. This notification shall include, to the extent possible, providing details of the Data Incident including steps taken to mitigate the potential risks and steps the notifying party would recommend that the other party takes to address the Data Incident 1.3 Frog shall: 1.3.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and 1.3.2 only process Personal Data in accordance with Appendix 2; and 1.3.3 not Process Customer customer Personal Data other than on the relevant Customer’s written instruction unless Processing is required by Applicable Laws to which Frog is subject, in which case Frog shall inform the Customer of that legal requirement before the Processing of the Personal Data. 1.3.4 maintain Cyber Essentials certification to help ensure the effectiveness of the Supplier’s Security Measures 1.3.5 take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Sub-Processors to the extent applicable to their scope of performance;. Frog shall notify The Customer by issuing the updated version if there are significant changes to the Security Measures during the contract term. 1.3.6 inform the Customer if any instructions received from the Customer are thought to infringe the relevant Data Protection Legislation 1.3.7 maintain records to support compliance with the data protection obligations that are relevant to this agreement 1.4 The Customer shall: 1.4.1 instructs instruct Frog (and authorises Frog to instruct each Sub-processor) to process Customer Personal Data to the extent required to deliver the services provided as part of the Agreement. 1.4.2 ensure that Frog’s use of the Customer Personal Data in accordance with this Agreement shall not put Frog in breach of any Data Protection Laws; 1.4.3 not do or omit to do anything which places Frog in breach of any Data Protection Laws; 1.4.4 at all times be responsible for the integrity, quality and legality of the Personal Data provided by the Customer to Frog (or on its behalf). Frog is under no duty to investigate the completeness, accuracy or sufficiency of the Personal Data provided to it by (or on behalf of) the Customer; 1.4.5 be solely responsible for making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of Personal Data it processes. 1.5 Appendix 2 sets out certain information regarding the Contracted Processors' Processing of the Customer Personal Data as required by article 28(3) of the GDPR. 1.6 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for Frog to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by (i) Frog to the extent that such Customer Data is held by Frog through the provision of Hosting Services; and/or (ii) the Customer in all other circumstances. Frog shall not be required to restore more than one previous full iteration of the Software and/or data containing the relevant lost or damaged Customer Data and shall not be required to restore one or more individual lost or damaged files. Frog shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by Frog to perform services related to Customer Data maintenance and back-up). 1.7 The Customer warrants that: 1.7.1 it has (and, in relation to Frog Purposes, it has or shall obtain (as applicable) using such terms or wording as Frog requires from time to time) all necessary consents and authorisations (including from End Users) and it shall comply with all Data Protection Laws to enable Frog to lawfully Process Personal Data for the purposes of Frog carrying out its obligations under this Agreement and as otherwise agreed in writing by the parties (including in relation to Frog Purposes); and 1.7.2 it will not cause Frog to be in breach of any Data Protection Laws whether by reason of any act or omission by the Customer or any of its directors, governors, officers, employees or subcontractors. 1.8 Without prejudice to the generality of clause 1.7, the parties agree that as requested by Frog, the Customer shall use all reasonable endeavours to facilitate the anonymisation of Personal Data (including by permitting Frog to act as its Data Processor in relation thereto) and Frog shall be entitled to aggregate, use and share with third parties any such anonymised Data for any purpose whether or not in relation to this Agreement.and/or

Hosted Software. If the The Software will be hosted by Frog, the Customer will: 7.1 ensure that each End User shall keep a secure password for his use of the Hosting Services and On-Line Documentation and that each End User shall keep his his/her password confidential; and 7.2 only issue passwords which give administrative access to the Software and Hosting Services to appropriate End Users. 1.1 Through reference to the applicable Data Protection Laws, it is agreed that: 1.1.1 The the Customer is the Controller of all Personal Data required to fulfil the Agreement, and 1.1.2 Frog is the Processor of all Personal Data required to fulfil the Agreement 1.1.3 Where where the Customer configures the Associated Products to Process Personal Data in addition to the Personal Data required in paragraph 15.1.1Appendix 2, the Customer shall assume the role of Processor for that data 1.2 Both parties shall: 1.2.1 ensure that appropriate technical and organisational measures are in place to safeguard Customer Personal Data against accidental or unlawful loss, alteration, unauthorised disclosure or access 1.2.2 Ensure ensure that procedures are in place to notify the other party in reasonable time of any Data Incident relating to the Customer Personal Data being processed in the Associated Products as part of this Agreement. This notification shall include, to the extent possible, providing details of the Data Incident including steps taken to mitigate the potential risks and steps the notifying party would recommend that the other party takes to address the Data Incident 1.3 Frog shall: 1.3.1 comply with all applicable Data Protection Laws in the Processing of Customer Personal Data; and 1.3.2 only process Personal Data in accordance with Appendix 2; and 1.3.3 not Process Customer customer Personal Data other than on the relevant Customer’s written instruction unless Processing is required by Applicable Laws to which Frog is subject, in which case Frog shall inform the Customer of that legal requirement before the Processing of the Personal Data. 1.3.4 maintain Cyber Essentials certification to help ensure the effectiveness of the Supplier’s Security Measures 1.3.5 take appropriate steps to ensure compliance with the Security Measures by its employees, contractors and Sub-Processors to the extent applicable to their scope of performance;. Frog shall notify The Customer by issuing the updated version if there are significant changes to the Security Measures during the contract term. 1.3.6 inform the Customer if any instructions received from the Customer are thought to infringe the relevant Data Protection Legislation 1.3.7 maintain records to support compliance with the data protection obligations that are relevant to this agreement 1.4 The Customer shall: 1.4.1 instructs instruct Frog (and authorises Frog to instruct each Sub-processor) to process Customer Personal Data to the extent required to deliver the services provided as part of the Agreement. 1.4.2 ensure that Frog’s use of the Customer Personal Data in accordance with this Agreement shall not put Frog in breach of any Data Protection Laws; 1.4.3 not do or omit to do anything which places Frog in breach of any Data Protection Laws; 1.4.4 at all times be responsible for the integrity, quality and legality of the Personal Data provided by the Customer to Frog (or on its behalf). Frog is under no duty to investigate the completeness, accuracy or sufficiency of the Personal Data provided to it by (or on behalf of) the Customer; 1.4.5 be solely responsible for making appropriate use of the Services to ensure a level of security appropriate to the risk in respect of Personal Data it processes. 1.5 Appendix 2 sets out certain information regarding the Contracted Processors' Processing of the Customer Personal Data as required by article 28(3) of the GDPR. 1.6 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for Frog to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by (i) Frog to the extent that such Customer Data is held by Frog through the provision of Hosting Services; and/or (ii) the Customer in all other circumstances. Frog shall not be required to restore more than one previous full iteration of the Software and/or data containing the relevant lost or damaged Customer Data and shall not be required to restore one or more individual lost or damaged files. Frog shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted subcontracted by Frog to perform services related to Customer Data maintenance and back-up). 1.7 The Customer warrants that: 1.7.1 it has (and, in relation to Frog Purposes, it has or shall obtain (as applicable) using such terms or wording as Frog requires from time to time) all necessary consents and authorisations (including from End Users) and it shall comply with all Data Protection Laws to enable Frog to lawfully Process Personal Data for the purposes of Frog carrying out its obligations under this Agreement and as otherwise agreed in writing by the parties (including in relation to Frog Purposes); and 1.7.2 it will not cause Frog to be in breach of any Data Protection Laws whether by reason of any act or omission by the Customer or any of its directors, governors, officers, employees or subcontractors. . 1.8 Without prejudice to the generality of clause 1.7, the parties agree that as requested by Frog, the Customer shall use all reasonable endeavours to facilitate the anonymisation of Personal Data (including by permitting Frog to act as its Data Processor in relation thereto) and Frog shall be entitled to aggregate, use and share with third parties any such anonymised Data for any purpose whether or not in relation to this Agreement.