Common use of Personal information and content Clause in Contracts

Personal information and content. (1) The Customer or its Authorized Users own the content and the personal information stored and/or processed in the system and the Customer holds the sole responsibility for the personal information stored on the Service as "Data Controller". The Customer is responsible for meeting any public requirements under the jurisdiction of the Customer to ensure that the processing of personal data is lawful and does not infringe on the rights or freedoms of its Authorized Users. ITSL may collect information on the Customers use of the Service for invoicing purposes and for gathering statistics. (2) In performing the Services ITSL undertakes to comply with provisions set out in the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) as "Data Processor", including implementing adequate measures for preventing third party access to the information, protection against unintended changes or loss of the information and ensuring that the processing is based on sufficient and relevant information. For customers required to comply with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the following applies: ITSL and the Customer must enter into a separate Data Processing Agreement (DPA). The DPA is available as an attachment to the Agreement. By entering into the Agreement, the terms and conditions of the DPA forms a part of the Agreement. ITSL shall not process or use the personal information received from the Customer in any other way than in accordance with what has been agreed in this Contract. ITSL shall also maintain a log and document all attempts at unauthorised access and other breaches of system security. The Customer accepts however that ITSL can sub- contract the safekeeping of the personal information, provided such sub-contracting does not abrogate ITSL's responsibilities. (3) If ITSL is obligated to process personal information on behalf of the Customer, such personal information shall not be handled in any other manner than strictly required to comply with the provisions of the Contract and / or the TAC. (4) ITSL (as Data Processor) and the Customer (as Data Controller) shall, through planned and systematic efforts, ensure the satisfactory securing of information in terms of confidentiality, integrity and availability with regard to personal information. (5) The Customer shall not use the Service to store, distribute or transmit viruses or any other unlawful and / or harmful material or use the Service in any manner that threatens the integrity, performance or availability of the Service.

Personal information and content. (1) The Customer or its Authorized Users own the content and the personal information stored and/or processed in he introduces into the system and the Customer holds the sole responsibility for the personal information stored on the Service as "“Data Controller"”. The Customer is responsible for meeting any public requirements under the jurisdiction of the Customer to ensure that inform, report or apply for concessions for the processing data processing. Customer will obtain consent from all Authorised Users (and their parents / guardians) to Customer’s access, storage, monitoring, use or disclosure of personal this data is lawful and does not infringe on to ITSLs providing the rights or freedoms of its Authorized UsersCustomer with the ability to do so. Such consent to be voluntary, expressly and informed. ITSL may collect information on the Customers use of the Service for invoicing purposes and for gathering statistics. (2) In performing the Services ITSL undertakes to comply with provisions set out in the General Data Protection Regulation national Personal Information Act (GDPRin the jurisdiction of the Customer) (Regulation (and EU) 2016/679) -regulation as "“Data Processor"”, including implementing adequate measures for preventing third party access to the information, protection against unintended changes or loss of the information and ensuring that the processing is based on sufficient and relevant information. For customers required to comply with If the General Data Protection Regulation Controller is situated outside the EEC (GDPR) (Regulation (EU) 2016/679and the data centre is located in Norway), the following applies: ITSL and the Customer must enter into a separate Data Processing Agreement (DPA). The DPA is available as an attachment to the Agreement. By entering into the Agreement, the terms and conditions of the DPA forms a part of the AgreementNorwegian Personal Information Act will apply. ITSL shall not process or use the personal information received from the Customer in any other way than in accordance with what has been agreed in this Contract. ITSL shall also maintain a log and document all attempts at unauthorised access and other breaches of system security. The Customer accepts however that ITSL can sub- sub-contract the safekeeping of the personal information, provided such sub-contracting does not abrogate ITSL's ’s responsibilities. (3) If ITSL is obligated to process personal information on behalf of the Customer, such personal information shall not be handled in any other manner than strictly required to comply with the provisions of the Contract and / or the TAC. (4) ITSL (as Data Processor) and the Customer (as Data Controller) shall, through planned and systematic efforts, ensure the satisfactory securing of information in terms of confidentiality, integrity and availability with regard to personal information. (5) The Customer shall not use the Service to store, distribute or transmit viruses or any other unlawful and / or harmful material or use the Service in any manner that threatens the integrity, performance or availability of the Service.

Personal information and content. (1) The Customer or its Authorized Users own the content and the personal information stored and/or processed in he introduces into the system and the Customer holds the sole responsibility for the personal information stored on the Service as "Data Controller". The Customer is responsible for meeting any public requirements under the jurisdiction of the Customer to ensure that inform, report or apply for concessions for the processing data processing. Customer will obtain consent from all Authorised Users (and their parents / guardians) to Customer's access, storage, monitoring, use or disclosure of personal this data is lawful and does not infringe on to ITLs providing the rights or freedoms of its Authorized UsersCustomer with the ability to do so. ITSL Such consent to be voluntary, expressly and informed. ITL may collect information on the Customers use of the Service for invoicing purposes and for gathering statistics. (2) In performing the Services ITSL ITL undertakes to comply with provisions set out in the General Data Protection Regulation national Personal Information Act (GDPRin the jurisdiction of the Customer) (Regulation (and EU) 2016/679) -regulation as "Data Processor", including implementing adequate measures for preventing third party access to the information, protection against unintended changes or loss of the information and ensuring that the processing is based on sufficient and relevant information. For customers required to comply with If the General Data Protection Regulation Controller is situated outside the EEC (GDPR) (Regulation (EU) 2016/679and the data centre is located in Norway), the following applies: ITSL and the Customer must enter into a separate Data Processing Agreement (DPA)Norwegian Personal Information Act will apply. The DPA is available as an attachment to the Agreement. By entering into the Agreement, the terms and conditions of the DPA forms a part of the Agreement. ITSL ITL shall not process or use the personal information received from the Customer in any other way than in accordance with what has been agreed in this Contract. ITSL ITL shall also maintain a log and document all attempts at unauthorised access and other breaches of system security. The Customer accepts however that ITSL ITL can sub- contract the safekeeping of the personal information, provided such sub-sub- contracting does not abrogate ITSLITL's responsibilities. (3) If ITSL ITL is obligated to process personal information on behalf of the Customer, such personal information shall not be handled in any other manner than strictly required to comply with the provisions of the Contract and / or the TAC. (4) ITSL ITL (as Data Processor) and the Customer (as Data Controller) shall, through planned and systematic efforts, ensure the satisfactory securing of information in terms of confidentiality, integrity and availability with regard to personal information. (5) The Customer shall not use the Service to store, distribute or transmit viruses or any other unlawful and / or harmful material or use the Service in any manner that threatens the integrity, performance or availability of the Service.

Personal information and content. (1) The Customer or its Authorized Users own the content and the personal information stored and/or processed in he introduces into the system and the Customer holds the sole responsibility for the personal information stored on the Service as "Data Controller". The Customer is responsible for meeting any public requirements under the jurisdiction of the Customer to ensure that inform, report or apply for concessions for the processing data processing. Customer will obtain consent from all Authorised Users (and their parents / guardians) to Customer's access, storage, monitoring, use or disclosure of personal this data is lawful and does not infringe on to ITSLs providing the rights or freedoms of its Authorized UsersCustomer with the ability to do so. Such consent to be voluntary, expressly and informed. ITSL may collect information on the Customers use of the Service for invoicing purposes and for gathering statistics. (2) In performing the Services ITSL undertakes to comply with provisions set out in the General Data Protection Regulation national Personal Information Act (GDPRin the jurisdiction of the Customer) (Regulation (and EU) 2016/679) -regulation as "Data Processor", including implementing adequate measures for preventing third party access to the information, protection against unintended changes or loss of the information and ensuring that the processing is based on sufficient and relevant information. For customers required to comply with If the General Data Protection Regulation Controller is situated outside the EEC (GDPR) (Regulation (EU) 2016/679and the data centre is located in Norway), the following applies: ITSL and the Customer must enter into a separate Data Processing Agreement (DPA). The DPA is available as an attachment to the Agreement. By entering into the Agreement, the terms and conditions of the DPA forms a part of the AgreementNorwegian Personal Information Act will apply. ITSL shall not process or use the personal information received from the Customer in any other way than in accordance with what has been agreed in this Contract. ITSL shall also maintain a log and document all attempts at unauthorised access and other breaches of system security. The Customer accepts however that ITSL can sub- contract the safekeeping of the personal information, provided such sub-sub- contracting does not abrogate ITSL's responsibilities. (3) If ITSL is obligated to process personal information on behalf of the Customer, such personal information shall not be handled in any other manner than strictly required to comply with the provisions of the Contract and / or the TAC. (4) ITSL (as Data Processor) and the Customer (as Data Controller) shall, through planned and systematic efforts, ensure the satisfactory securing of information in terms of confidentiality, integrity and availability with regard to personal information. (5) The Customer shall not use the Service to store, distribute or transmit viruses or any other unlawful and / or harmful material or use the Service in any manner that threatens the integrity, performance or availability of the Service.