Common use of Personal Information Protection Clause in Contracts

Personal Information Protection. ‌ 13.1 To the extent that Supplier has had or will have access to Personal Data of Purchaser and/or its customers, Supplier agrees to: a) comply with applicable Privacy Law in force from time to time in performing the Services; b) process, use and maintain the Personal Data for Purchaser and/or its customers only in accordance with Purchaser's instructions and this Contract for the purposes of performing its responsibilities and obligations under this Contract, and make no other use of the Personal Data other than for the provision of the contracted Services to Purchaser. Supplier represents and warrants that it there is no Local Law that would prevent it from fulfilling such obligations; c) take appropriate technical and organizational measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access or use, and against all other unlawful forms of processing; d) to ensure that only Supplier Personnel who need to have access to the Personal Data are granted access to such Personal Data and only for the purposes of the performance of this Contract and inform all Supplier Personnel of the confidential nature of the Personal Data; e) cooperate with and provide reasonable co-operation and assistance to Purchaser and the relevant Government Agency in relation to any complaint or request made in respect of any Personal Data by any data subject or in the event of a litigation or regulatory inquiry concerning the Personal Data and abide by the advice of Xxxxxxxxx and the relevant Government Agency with regard to the processing of Personal Data; f) to ensure that all data communications and storage of data at rest shall be conducted using best-practice encryption standards. The Supplier shall follow current security best practices involving cryptography and compliance requirements, and adjust current use of xxxxxxx and protocols accordingly. The Supplier agrees that encryption shall be implemented using measures no less protective than FIPS-140-2 compliant algorithms and a 2048-bit RSA key and/or and SHA256 based hashing algorithms for all data in transit or data accessed from private or public points of access. All data stored at rest shall be encrypted utilizing at least AES 256 bit encryption; g) comply with Purchaser's privacy policies and enter into further agreements as reasonably requested by Purchaser to comply with applicable Privacy Laws; h) not to transfer such Personal Data to another country outside of the country of the Purchaser or not to engage any sub- processors in the performance of the Services, unless authorised in writing by Xxxxxxxxx and subject to a written agreement imposing the same obligations on such sub-processor as set out in this Contract. Where applicable, in the event that the Services provided by Supplier involves a transfer of Purchaser's and/or its customer's Personal Data outside of the European Economic Area, transfer the Personal Data only if at least one of the following conditions are satisfied: (i) the Personal Data is transferred to a country which is recognised by the European Commission as providing an adequate level of protection in relation to the Personal Data that is transferred; or (ii) a processing agreement which incorporates the standard model contractual clauses for data transfers approved by the European Commission is executed between the applicable parties within 90 days following execution of this Contract; i) promptly notify Purchaser of (i) any failure to comply with Purchaser's instructions concerning the Personal Data, (ii) any suspected or actual breach of this Section, (iii) any disclosure, except as permitted hereunder, or request for disclosure of Personal Data to a third party and (iv) any inquiry from a third party concerning the Personal Data; and, (v) any change in Local Law that would render Supplier unable to comply with this Section; j) on termination of the Agreement, return or permanently delete all copies of such personal data to Purchaser, as directed by Xxxxxxxxx, and certify compliance with this obligation in writing to Purchaser. Such certification of compliance to be signed by a signing officer of Supplier. 13.2 Supplier agrees that individuals may enforce the provisions of this clause 13 as a third- party beneficiary against Supplier with respect to their Personal Data. Breach of this clause 13 shall be deemed a material breach of this Contract.

Personal Information Protection. ‌ 13.1 To the extent that Supplier has had or will have access to Personal Data of Purchaser and/or its customers, Supplier agrees toagreesto: a) comply with applicable Privacy Law in force from time to time in timein performing the Services; b) process, use and maintain the Personal Data for Purchaser and/or its customers only in accordance with Purchaser's instructions and this Contract for the purposes of performing its performingits responsibilities and obligations under this Contract, and make no other use of the Personal Data other than for the provision of the contracted Services to Purchaser. Supplier represents and warrants that it there is no Local Law that would prevent it from fulfilling such obligations; c) take appropriate technical and organizational measures to protect toprotect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access or use, and against all other unlawful forms unlawfulforms of processing; d) to ensure that only Supplier Personnel who need to have access to the Personal Data are granted access to such Personal Data and only for the purposes of the performance of performanceof this Contract and inform all Supplier Personnel of the confidential nature of the Personal Data; e) cooperate with and provide reasonable co-operation and assistance to Purchaser and the relevant Government Agency in relation to any complaint or request made in respect of any Personal Data by any data subject or in the event of a litigation or regulatory inquiry concerning the Personal Data and abide by the advice of Xxxxxxxxx Purchaser and the relevant Government Agency with regard to the processing of Personal ofPersonal Data; f) to ensure that all data communications and storage of data at rest shall be conducted using best-practice encryption standards. The Supplier shall follow current security best practices involving cryptography and compliance requirements, and adjust current use of xxxxxxx and protocols accordinglyprotocolsaccordingly. The Supplier agrees that encryption shall be implemented using measures no less protective than FIPS-140FIPS- 140-2 compliant algorithms and a 2048-bit RSA key and/or and SHA256 based hashing algorithms for all data in transit or data accessed from private or public points of access. All data stored at rest shall be encrypted utilizing at least AES 256 bit encryption; g) comply with Purchaser's privacy policies and enter into further agreements furtheragreements as reasonably requested by Purchaser to comply with complywith applicable Privacy Laws; h) not to transfer such Personal Data to another country outside of the country of the Purchaser or not to engage any sub- processors in the performance of the Services, unless authorised in writing by Xxxxxxxxx and subject to a written agreement imposing the same obligations on such sub-sub- processor as set out in this Contract. Where applicable, in the event that the Services provided by Supplier involves a transfer of Purchaser's and/or its customer's Personal Data outside of the European Economic Area, transfer the Personal Data only if at least one of the following conditions are satisfied: (i) the Personal Data is transferred to a country which is recognised by the European Commission as providing an adequate level of protection in relation to the Personal Data that is transferred; or (ii) a processing agreement which incorporates the standard model contractual clauses contractualclauses for data transfers approved by the European Commission is executed between the applicable parties within 90 within90 days following execution of this Contract; i) promptly notify Purchaser of (i) any failure to comply with Purchaser's instructions concerning the Personal Data, (ii) any suspected or actual breach of this Section, (iii) any disclosure, except as permitted hereunder, or request for disclosure of Personal Data to a third party and (iv) any inquiry from a third party concerning the Personal Data; and, , j) (v) any change in Local Law that would render Supplier unable Supplierunable to comply with this Section; jk) on termination of the Agreement, return or permanently delete all deleteall copies of such personal data to Purchaser, as directed by Xxxxxxxxx, and certify compliance with this obligation in writing to Purchaser. Such certification of compliance to be signed by a signing officer of Supplier. 13.2 Supplier agrees that individuals may enforce the provisions of this clause thisclause 13 as a third- party beneficiary against Supplier with respect to their Personal Data. Breach of this clause 13 shall be deemed a material breach of this Contract.

Personal Information Protection. ‌ 13.1 To the extent that Supplier has had or will have access to Personal Data of Purchaser and/or its customers, Supplier agrees to: (a) comply with applicable Privacy Law in force from time to time in performing the Services; (b) process, use and maintain the Personal Data for Purchaser and/or its customers only in accordance with Purchaser's instructions and this Contract for the purposes of performing its responsibilities and obligations under this Contract, and make no other use of the Personal Data other than for the provision of the contracted Services to Purchaser. Supplier represents and warrants that it there is no Local Law that would prevent it from fulfilling such obligations; (c) take appropriate technical and organizational measures to protect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access or use, and against all other unlawful forms of processing; (d) to ensure that only Supplier Personnel who need to have access to the Personal Data are granted access to such Personal Data and only for the purposes of the performance of this Contract and inform all Supplier Personnel of the confidential nature of the Personal Data; (e) cooperate with and provide reasonable co-operation and assistance to Purchaser and the relevant Government Agency in relation to any complaint or request made in respect of any Personal Data by any data subject or in the event of a litigation or regulatory inquiry concerning the Personal Data and abide by the advice of Xxxxxxxxx Purchaser and the relevant Government Agency with regard to the processing of Personal Data; (f) to ensure that all data communications and storage of data at rest shall be conducted using best-practice encryption standards. The Supplier shall follow current security best practices involving cryptography and compliance requirements, and adjust current use of xxxxxxx and protocols accordingly. The Supplier agrees that encryption shall be implemented using measures no less protective than FIPS-140FIPS- 140-2 compliant algorithms and a 2048-bit RSA key and/or and SHA256 based hashing algorithms for all data in transit or data accessed from private or public points of access. All data stored at rest shall be encrypted utilizing at least AES 256 bit encryption; (g) comply with Purchaser's privacy policies and enter into further agreements as reasonably requested by Purchaser to comply with applicable Privacy Laws; (h) not to transfer such Personal Data to another country outside of the country of the Purchaser or not to engage any sub- processors in the performance of the Services, unless authorised in writing by Xxxxxxxxx Purchaser and subject to a written agreement imposing the same obligations on such sub-sub- processor as set out in this Contract. Where applicable, in the event that the Services provided by Supplier involves a transfer of Purchaser's and/or its customer's Personal Data outside of the European Economic Area, transfer the Personal Data only if at least one of the following conditions are satisfied: (i) the Personal Data is transferred to a country which is recognised by the European Commission as providing an adequate level of protection in relation to the Personal Data that is transferred; or (ii) a processing agreement which incorporates the standard model contractual clauses for data transfers approved by the European Commission is executed between the applicable parties within 90 days following execution of this Contract; (i) promptly notify Purchaser of (i) any failure to comply with Purchaser's instructions concerning the Personal Data, (ii) any suspected or actual breach of this Section, (iii) any disclosure, except as permitted hereunder, or request for disclosure of Personal Data to a third party and (iv) any inquiry from a third party concerning the Personal Data; and, (v) any change in Local Law that would render Supplier unable to comply with this Section; j) on termination of the Agreement, return or permanently delete all copies of such personal data to Purchaser, as directed by Xxxxxxxxx, and certify compliance with this obligation in writing to Purchaser. Such certification of compliance to be signed by a signing officer of Supplier. 13.2 Supplier agrees that individuals may enforce the provisions of this clause 13 as a third- party beneficiary against Supplier with respect to their Personal Data. Breach of this clause 13 shall be deemed a material breach of this Contract.,

Personal Information Protection. ‌ 13.1 To the extent that Supplier has had or will have access to Personal Data of Purchaser and/or its customers, Supplier agrees to: a) comply with applicable Privacy Law in force from time to time in timein performing the Services; b) process, use and maintain the Personal Data for Purchaser and/or its customers only in accordance with Purchaser's instructions and this Contract for the purposes of performing its performingits responsibilities and obligations under this Contract, and make no other use of the Personal Data other than for the provision of the contracted Services to Purchaser. Supplier represents and warrants that it there is no Local Law that would prevent it from fulfilling such obligations; c) take appropriate technical and organizational measures to protect toprotect the Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access or use, and against all other unlawful forms unlawfulforms of processing; d) to ensure that only Supplier Personnel who need to have access to the Personal Data are granted access to such Personal Data and only for the purposes of the performance of performanceof this Contract and inform all Supplier Personnel of the confidential nature of the Personal Data; e) cooperate with and provide reasonable co-operation and assistance to Purchaser and the relevant Government Agency in relation to any complaint or request made in respect of any Personal Data by any data subject or in the event of a litigation or regulatory inquiry concerning the Personal Data and abide by the advice of Xxxxxxxxx Purchaser and the relevant Government Agency with regard to the processing of Personal ofPersonal Data; f) to ensure that all data communications and storage of data at rest shall be conducted using best-practice encryption standards. The Supplier shall follow current security best practices involving cryptography and compliance requirements, and adjust current use of xxxxxxx and protocols accordinglyprotocolsaccordingly. The Supplier agrees that encryption shall be implemented using measures no less protective than FIPS-140FIPS- 140-2 compliant algorithms and a 2048-bit RSA key and/or and SHA256 based hashing algorithms for all data in transit or data accessed from private or public points of access. All data stored at rest shall be encrypted utilizing at least AES 256 bit encryption; g) comply with Purchaser's privacy policies and enter into further agreements as reasonably requested by Purchaser to comply with applicable Privacy Laws; h) not to transfer such Personal Data to another country outside of the country of the Purchaser or not to engage any sub- processors in the performance of the Services, unless authorised in writing by Xxxxxxxxx and subject to a written agreement imposing the same obligations on such sub-sub- processor as set out in this Contract. Where applicable, in the event that the Services provided by Supplier involves a transfer of Purchaser's and/or its customer's Personal Data outside of the European Economic Area, transfer the Personal Data only if at least one of the following conditions are satisfied: (i) the Personal Data is transferred to a country which is recognised by the European Commission as providing an adequate level of protection in relation to the Personal Data that is transferred; or (ii) a processing agreement which incorporates the standard model contractual clauses for data transfers approved by the European Commission is executed between the applicable parties within 90 days following execution of this Contract; i) promptly notify Purchaser of (i) any failure to comply with Purchaser's instructions concerning the Personal Data, (ii) any suspected or actual breach of this Section, (iii) any disclosure, except as permitted hereunder, or request for disclosure of Personal Data to a third party and (iv) any inquiry from a third party concerning the Personal Data; and, (v) any change in Local Law that would render Supplier unable to comply with this Section; j) on termination of the Agreement, return or permanently delete all deleteall copies of such personal data to Purchaser, as directed by Xxxxxxxxx, and certify compliance with this obligation in writing to Purchaser. Such certification of compliance to be signed by a signing officer of Supplier. 13.2 Supplier agrees that individuals may enforce the provisions of this clause thisclause 13 as a third- party beneficiary against Supplier with respect to their Personal Data. Breach of this clause 13 shall be deemed a material breach of this Contract.