Common use of Processing and security Clause in Contracts

Processing and security. 4.1. In performing its obligations under this Agreement, Bizagi shall only process the types of Personal Data, and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Schedule 1 to this DPA. 4.2. In processing the Customer Personal Data, Bizagi shall: 4.2.1. process Customer Personal Data only in accordance with the Customer's written instructions from time to time (including those set out in this Agreement) unless it is otherwise required by applicable law; 4.2.2. not process the Customer Personal Data for any purpose other than those set out in this Agreement or otherwise expressly authorised by the Customer; 4.2.3. promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; 4.2.4. provide the Customer with its all reasonable co-operation and assistance in relation to any Data Subject Request in respect of Customer Personal Data; 4.2.5. utilise appropriate technical and organisational measures to facilitate responding to requests from Data Subjects; 4.2.6. not disclose any Customer Personal Data to any Data Subject or to a third party (including any subcontractor or affiliate) other than at the written request of the Customer or as expressly provided for in this Agreement; 4.2.7. considering: 4.2.7.1. the state of the art; 4.2.7.2. the nature, scope, context and purposes of the processing; and 4.2.7.3. the risk and severity of potential harm, 4.3. protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measures, including measures to protect the Customer Personal Data against the risks of a Security Breach; and 4.4. ensure that only persons authorised by Bizagi process Customer Personal Data and that such persons are (i) subject to binding obligations to maintain the confidentiality of the Customer Personal Data; and (ii) trained on both (1) the requirements of the Data Protection Laws, and

Processing and security. 4.1. In performing its obligations under this Agreement, Bizagi shall only process the types of Personal Data, and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Schedule 1 to this DPA. 4.2. In processing the Customer Personal Data, Bizagi shall: 4.2.1. process Customer Personal Data only in accordance with the Customer's written instructions from time to time (including those set out in this AgreementDPA) unless it is otherwise required by applicable law; 4.2.2. not process the Customer Personal Data for any purpose other than those set out in this Agreement DPA or otherwise expressly authorised by the Customer; 4.2.3. promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; 4.2.4. provide the Customer with its all reasonable co-operation and assistance in relation to any Data Subject Request in respect of Customer Personal Data; 4.2.5. utilise appropriate technical and organisational measures to facilitate responding to requests from Data Subjects; 4.2.6. not disclose any Customer Personal Data to any Data Subject or to a third party (including any subcontractor or affiliate) other than at the written request of the Customer or as expressly provided for in this Agreement; 4.2.7. considering: 4.2.7.1. the state of the art; 4.2.7.2. the nature, scope, context and purposes of the processing; and 4.2.7.3. the risk and severity of potential harm, 4.3. protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measuresmeasures as per Schedule 4 of the DPA, including measures to protect the Customer Personal Data against the risks of a Security Breach; and 4.4. ensure that only persons authorised by Bizagi process Customer Personal Data and that such persons are (i) subject to binding obligations to maintain the confidentiality of the Customer Personal Data; and (ii) trained on both (1) the requirements of the Data Protection Laws, and

Processing and security. 4.1. In performing its obligations under this Agreement, Bizagi shall only process the types of Personal Data, and only in respect of the categories of Data Subjects, and only for the nature and purposes of processing and duration, as is set out in the Schedule 1 to this DPA. 4.2. In processing the Customer Personal Data, Bizagi shall: 4.2.1. process Customer Personal Data only in accordance with the Customer's written instructions from time to time (including those set out in this AgreementDPA) unless it is otherwise required by applicable law; 4.2.2. not process the Customer Personal Data for any purpose other than those set out in this Agreement or otherwise expressly authorised by the Customer; 4.2.3. promptly notify the Customer if it receives a Data Subject Request in respect of Customer Personal Data; 4.2.44.2.3. provide the Customer with its all reasonable co-operation and assistance in relation to any Data Subject Request in respect of Customer Personal Data; 4.2.54.2.4. utilise appropriate technical and organisational measures to facilitate responding to requests from Data Subjects; 4.2.64.2.5. not disclose any Customer Personal Data to any Data Subject or to a third party (including any subcontractor or affiliate) other than at the written request of the Customer or as expressly provided for in this AgreementAgreement or when it is necessary for the establishment, exercise or defence of legal claims; 4.2.74.2.6. considering: 4.2.7.14.2.6.1. the state of the art; 4.2.7.24.2.6.2. the nature, scope, context and purposes of the processing; and 4.2.7.34.2.6.3. the risk and severity of potential harm, 4.3. protect the Customer Personal Data by ensuring that it has in place appropriate technical and organisational measuresmeasures as per Schedule 3 of the DPA, including measures to protect the Customer Personal Data against the risks of a Security Personal Data Breach; and 4.4. ensure that only persons authorised by Bizagi process Customer Personal Data and that such persons are (i) subject to binding obligations to maintain the confidentiality of the Customer Personal Data; and (ii) trained on both (1) the requirements of the Data Protection Laws, and