Common use of Processing and security Clause in Contracts

Processing and security. 3.1 In performing its obligations under this Agreement, bookinglab shall only process the categories of Personal Data and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Annex to this Appendix or as necessary to perform its obligations under this Agreement, save as otherwise required by any Applicable law. 3.2 In processing the Customer Personal Data, bookinglab shall: (a) process Customer Personal Data only in accordance with the Customer's written instructions from time to time (including those set out in this Agreement) except as otherwise required by any Applicable Law; (b) not process the Customer Personal Data for any purpose other than those set out in the Annex and as necessary to perform its obligations under this Agreement unless otherwise expressly authorised by the Customer; (c) promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; (d) as far as reasonably practicable, co-operate with and provide assistance to the Customer in relation to any Data Subject Request in respect of Customer Personal Data; (e) taking into account: (i) the state of the art; (ii) the nature, scope, context and purposes of the processing; and (iii) the risk and severity of potential harm, protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measures, including measures to protect the Customer Personal Data against the risks of a Security Breach; and (f) ensure that any persons authorised by bookinglab to process Customer Personal Data are obliged to keep such data confidential. 3.3 bookinglab shall, without undue delay after discovering any Security Breach or any failure or defect in security which leads, or might reasonably be expected to lead, to a Security Breach (together a "Security Issue") notify the Customer of the same. 3.4 Where a Security Issue arises, bookinglab shall: (a) as soon as reasonably practicable, provide the Customer with details of the Security Issue, the actual or expected consequences of it, and the measures taken or proposed to be taken to address or mitigate it; (b) co-operate with the Customer, and provide the Customer with all reasonable assistance in relation to the Security Issue; and (c) unless required by Applicable Law, not make any notifications to a DP Regulator or any Data Subjects about the Security Issue without the Customer's prior written consent (such consent not to be unreasonably withheld or delayed).

Processing and security. 3.1 In performing its obligations under this Agreement, bookinglab Field Dynamics shall only process the categories of Personal Data and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Annex to this Appendix or as necessary to perform its obligations under this Agreement, save as otherwise required by any Applicable law. 3.2 In processing the Customer Personal Data, bookinglab Field Dynamics shall: (a) process Customer Personal Data only in accordance with the Customer's written instructions from time to time (including those set out in this Agreement) except as otherwise required by any Applicable Law; (b) not process the Customer Personal Data for any purpose other than those set out in the Annex and as necessary to perform its obligations under this Agreement unless otherwise expressly authorised by the Customer; (c) promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; (d) as far as reasonably practicable, co-operate with and provide assistance to the Customer in relation to any Data Subject Request in respect of Customer Personal Data; (e) taking into account: (i) the state of the art; (ii) the nature, scope, context and purposes of the processing; and (iii) the risk and severity of potential harm, protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measures, including measures to protect the Customer Personal Data against the risks of a Security Breach; and (f) ensure that any persons authorised by bookinglab Field Dynamics to process Customer Personal Data are obliged to keep such data confidential. 3.3 bookinglab Field Dynamics shall, without undue delay after discovering any Security Breach or any failure or defect in security which leads, or might reasonably be expected to lead, to a Security Breach (together a "Security Issue") notify the Customer of the same. 3.4 Where a Security Issue arises, bookinglab Field Dynamics shall: (a) as soon as reasonably practicable, provide the Customer with details of the Security Issue, the actual or expected consequences of it, and the measures taken or proposed to be taken to address or mitigate it; (b) co-operate with the Customer, and provide the Customer with all reasonable assistance in relation to the Security Issue; and (c) unless required by Applicable Law, not make any notifications to a DP Regulator or any Data Subjects about the Security Issue without the Customer's prior written consent (such consent not to be unreasonably withheld or delayed).

Processing and security. 3.1 In performing its obligations under this Agreement, bookinglab BookingLab shall only process the categories of Personal Data and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Annex to this Appendix or as necessary to perform its obligations under this Agreement, save as otherwise required by any Applicable law. 3.2 In processing the Customer Personal Data, bookinglab BookingLab shall: (a) process Customer Personal Data only in accordance with the Customer's written instructions from time to time (including those set out in this Agreement) except as otherwise required by any Applicable Law; (b) not process the Customer Personal Data for any purpose other than those set out in the Annex and as necessary to perform its obligations under this Agreement unless otherwise expressly authorised by the Customer; (c) promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; (d) as far as reasonably practicable, co-operate with and provide assistance to the Customer in relation to any Data Subject Request in respect of Customer Personal Data; (e) taking into account: (i) the state of the art; (ii) the nature, scope, context and purposes of the processing; and (iii) the risk and severity of potential harm, protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measures, including measures to protect the Customer Personal Data against the risks of a Security Breach; and (f) ensure that any persons authorised by bookinglab BookingLab to process Customer Personal Data are obliged to keep such data confidential. 3.3 bookinglab BookingLab shall, without undue delay after discovering any Security Breach or any failure or defect in security which leads, or might reasonably be expected to lead, to a Security Breach (together a "Security Issue") notify the Customer of the same. 3.4 Where a Security Issue arises, bookinglab BookingLab shall: (a) as soon as reasonably practicable, provide the Customer with details of the Security Issue, the actual or expected consequences of it, and the measures taken or proposed to be taken to address or mitigate it; (b) co-operate with the Customer, and provide the Customer with all reasonable assistance in relation to the Security Issue; and (c) unless required by Applicable Law, not make any notifications to a DP Regulator or any Data Subjects about the Security Issue without the Customer's prior written consent (such consent not to be unreasonably withheld or delayed).

Processing and security. 3.1 In performing its obligations under this Agreement, bookinglab Bookinglab shall only process the categories of Personal Data and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Annex to this Appendix or as necessary to perform its obligations under this Agreement, save as otherwise required by any Applicable law. 3.2 In processing the Customer Personal Data, bookinglab Bookinglab shall: (a) process Customer Personal Data only in accordance with the Customer's written instructions from time to time (including those set out in this Agreement) except as otherwise required by any Applicable Law; (b) not process the Customer Personal Data for any purpose other than those set out in the Annex and as necessary to perform its obligations under this Agreement unless otherwise expressly authorised by the Customer; (c) promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; (d) as far as reasonably practicable, co-operate with and provide assistance to the Customer in relation to any Data Subject Request in respect of Customer Personal Data; (e) taking into account: (i) the state of the art; (ii) the nature, scope, context and purposes of the processing; and (iii) the risk and severity of potential harm, protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measures, including measures to protect the Customer Personal Data against the risks of a Security Breach; and (f) ensure that any persons authorised by bookinglab Bookinglab to process Customer Personal Data are obliged to keep such data confidential. 3.3 bookinglab Bookinglab shall, without undue delay after discovering any Security Breach or any failure or defect in security which leads, or might reasonably be expected to lead, to a Security Breach (together a "Security Issue") notify the Customer of the same. 3.4 Where a Security Issue arises, bookinglab Bookinglab shall: (a) as soon as reasonably practicable, provide the Customer with details of the Security Issue, the actual or expected consequences of it, and the measures taken or proposed to be taken to address or mitigate it; (b) co-operate with the Customer, and provide the Customer with all reasonable assistance in relation to the Security Issue; and (c) unless required by Applicable Law, not make any notifications to a DP Regulator or any Data Subjects about the Security Issue without the Customer's prior written consent (such consent not to be unreasonably withheld or delayed).

Processing and security. 3.1 In performing its obligations under this Agreement, bookinglab Field Dynamics shall only process the categories of Personal Data and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Annex to this Appendix Schedule or as necessary to perform its obligations under this Agreement, save as otherwise required by any Applicable law. 3.2 In processing the Customer Personal Data, bookinglab Field Dynamics shall: (a) process Customer Personal Data only in accordance with the Customer's written instructions from time to time (including those set out in this Agreement) except as otherwise required by any Applicable Law; (b) not process the Customer Personal Data for any purpose other than those set out in the Annex and as necessary to perform its obligations under this Agreement unless otherwise expressly authorised by the Customer; (c) promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; (d) as far as reasonably practicable, co-operate with and provide assistance to the Customer in relation to any Data Subject Request in respect of Customer Personal Data; (e) taking into account: (i) the state of the art; (ii) the nature, scope, context and purposes of the processing; and (iii) the risk and severity of potential harm, protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measures, including measures to protect the Customer Personal Person Data against the risks of a Security Breach; and (f) ensure that any persons authorised by bookinglab Field Dynamics to process Customer Personal Data are obliged to keep such data confidential. 3.3 bookinglab Field Dynamics shall, without undue delay after discovering any Security Breach or any failure or defect in security which leads, or might reasonably be expected to lead, to a Security Breach (together a "Security Issue") notify the Customer of the same. 3.4 Where a Security Issue arises, bookinglab Field Dynamics shall: (a) as soon as reasonably practicable, provide the Customer with details of the Security Issue, the actual or expected consequences of it, and the measures taken or proposed to be taken to address or mitigate it; (b) co-operate with the Customer, and provide the Customer with all reasonable assistance in relation to the Security Issue; and (c) unless required by Applicable Law, not make any notifications to a DP Regulator or any Data Subjects about the Security Issue without the Customer's prior written consent (such consent not to be unreasonably withheld or delayed).

Processing and security. 3.1 In performing its obligations under this Agreement, bookinglab Miso shall only process the categories of Personal Data and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Annex to this Appendix Schedule or as necessary to perform its obligations under this Agreement, save as otherwise required by any Applicable law. 3.2 In processing the Customer Personal Data, bookinglab Miso shall: (a) process Customer Personal Data only in accordance with the Customer's written instructions from time to time (including those set out in this Agreement) except as otherwise required by any Applicable Law; (b) not process the Customer Personal Data for any purpose other than those set out in the Annex and as necessary to perform its obligations under this Agreement unless otherwise expressly authorised by the Customer; (c) promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; (d) as far as reasonably practicable, co-operate with and provide assistance to the Customer in relation to any Data Subject Request in respect of Customer Personal Data; (e) taking into account: (i) the state of the art; (ii) the nature, scope, context and purposes of the processing; and (iii) the risk and severity of potential harm, protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measures, including measures to protect the Customer Personal Person Data against the risks of a Security Breach; and (f) ensure that any persons authorised by bookinglab Xxxx to process Customer Personal Data are obliged to keep such data confidential. 3.3 bookinglab Miso shall, without undue delay after discovering any Security Breach or any failure or defect in security which leads, or might reasonably be expected to lead, to a Security Breach (together a "" Security Issue") notify the Customer of the same. 3.4 Where a Security Issue arises, bookinglab Miso shall: (a) as soon as reasonably practicable, provide the Customer with details of the Security Issue, the actual or expected consequences of it, and the measures taken or proposed to be taken to address or mitigate it; (b) co-operate with the Customer, and provide the Customer with all reasonable assistance in relation to the Security Issue; and (c) unless required by Applicable Law, not make any notifications to a DP Regulator or any Data Subjects about the Security Issue without the Customer's prior written consent (such consent not to be unreasonably withheld or delayed).

Processing and security. 3.1 In performing its obligations under this the Agreement, bookinglab Watermark shall only process the categories types of Personal Data Data, and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Annex Schedule 1 to this Appendix or as necessary to perform its obligations under Addendum. By entering into this Agreement, save Customer instructs Watermark to Process Customer Data to provide the services and pursuant to any other written instructions given by Customer and acknowledged in writing by Watermark as otherwise required by any Applicable lawconstituting instructions for purposes of the Addendum. If Watermark becomes aware that the personal data it has received is inaccurate, or has become outdated, it shall inform the data exporter (i.e., the Customer) without undue delay. 3.2 In Organization shall: (a) ensure that any instructions it issues to Watermark shall comply with the Applicable Data Protection Laws; and (b) have sole responsibility for the accuracy, quality and legality of Personal Data and the means by which Organization acquired such Personal Data shall establish the legal basis for processing under Applicable Data Protection Laws, including providing all notices and obtaining all consents as may be required under Applicable Data Protection Laws in order for Watermark to process the Customer Personal DataData as otherwise contemplated by this Agreement. 3.3 To the extent that Watermark receives from, bookinglab or processes any Personal Data on behalf of, Organization, Watermark shall: (a) process Customer Personal Data Data: (i) only in accordance with the CustomerOrganization's written instructions from time to time (including those set out in this Agreement) except as provided such instructions are lawful and, unless it is otherwise required by any Applicable LawData Protection Laws (in which case, unless such law prohibits such notification on important grounds of public interest, Watermark shall notify Organization of the relevant legal requirement before processing the Personal Data); and (ii) only for the duration of this Agreement; (b) not process the Customer take commercially reasonable steps to ensure its personnel who are authorized to have access to such Personal Data for Data, and ensure that any purpose other than those set out in the Annex and as necessary such personnel are committed to perform its obligations confidentiality, or are under this Agreement unless otherwise expressly authorised by the Customer; an appropriate statutory obligation of confidentiality when processing such Personal Data; (c) promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; (d) as far as reasonably practicable, co-operate with and provide assistance to the Customer in relation to any Data Subject Request in respect of Customer Personal Data; (e) taking into account: (i) the state of the art; (ii) the nature, scope, context and purposes of the processing; and (iii) the risk and severity of potential harm, protect the Customer Personal Data by ensuring that it has in place ; implement appropriate technical and organisational measuresorganizational measures and procedures to ensure a level of security for such Personal Data appropriate to the risk, including measures to protect the Customer Personal Data against the risks of a Security Breachaccidental, unlawful or unauthorized destruction, loss, alteration, disclosure, dissemination or access; and (fd) ensure that any persons authorised by bookinglab to process Customer Personal Data are obliged to keep such data confidential. 3.3 bookinglab shall, inform Organization without undue delay after discovering upon becoming aware of any Security Breach such Personal Data (while within Watermark's or any failure its subcontractors' or defect in security which leads, Affiliates' possession or might reasonably be expected to lead, control) being subject to a Security Breach (together a "Security Issue") notify the Customer of the samepersonal data breach. 3.4 Where a Security Issue arises, bookinglab shall: (ae) as soon as reasonably practicable, provide the Customer with details of the Security Issue, the actual not disclose any Personal Data to any Data Subject or expected consequences of it, and the measures taken or proposed to be taken to address or mitigate it; (b) co-operate with the Customer, and provide the Customer with all reasonable assistance in relation to the Security Issue; and (c) unless required by Applicable Law, not make any notifications to a DP Regulator third party other than at the written request of Organization or any Data Subjects about the Security Issue without the Customer's prior written consent (such consent not to be unreasonably withheld or delayed)as expressly provided for in this Agreement.