Common use of Processing of Client Personal Data Clause in Contracts

Processing of Client Personal Data. 2.1 The parties acknowledge and agree that for the purposes of DP Law, Client is the Data Controller and Quivers is the Data Processor of any Client Personal Data Processed by Quivers on behalf of Client in connection with its provision of the Quivers Services. 2.2 Each of the parties warrants and undertakes that it shall comply with all applicable obligations which may arise under DP Law in connection with the Processing of Client Personal Data as contemplated under this Agreement. 2.3 Client shall ensure that: 2.3.1 it is entitled to transfer the relevant Client Personal Data to Quivers so that Quivers and each Subprocessor may lawfully use, Process and transfer the Client Personal Data in accordance with this Agreement on Client’s behalf; and 2.3.2 the relevant third parties have been informed of, and, to the extent required under DP Law, have given their consent to, such use, Processing, and transfer as required by all applicable DP Law. 2.4 Schedule 1 sets out certain information regarding Quivers’ Processing of Client Personal Data under this Agreement as required by Article 28(3) of the GDPR. Each Party may make reasonable amendments to Schedule 1 by written notice to the other Party from time to time as that Party reasonably considers necessary to meet those requirements. Nothing in Schedule 1 (including as amended pursuant to this clause 2.4) confers any right or imposes any obligation on any Party. 2.5 Quivers shall: 2.5.1 not Process Client Personal Data other than as contemplated under this Agreement or on Client’s documented instructions and solely for the purposes of providing the Quivers Services unless Processing is required by any applicable DP Law to which Quivers is subject, in which case Quivers shall to the extent permitted by any applicable DP Law inform Client of that legal requirement before the relevant Processing of that Client Personal Data; 2.5.2 promptly notify Client if Xxxxxxx believes that Client’s instructions infringe DP Laws; 2.5.3 ensure that all its personnel and Subprocessors who have access to and Process Client Personal Data are subject to confidentiality undertakings or professional or statutory obligations of confidentiality; 2.5.4 taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Quivers shall in relation to Client Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including the measures referred to in Article 32(1) of the GDPR; 2.5.5 not transfer any Personal Data outside of the European Economic Area without the prior written consent of Client without Client’s prior written consent unless otherwise explicitly stated in this Exhibit B; 2.5.6 assist Client, at Client’s cost and expense, and taking into account the nature of the Processing and information available to Quivers, in responding to any request from a Data Subject and in ensuring compliance with its obligations under DP Law with respect to security of Processing, breach notifications, Data Protection Impact Assessments and consultations with Supervisory Authorities or regulators relating to Client Personal Data Processed by Quivers; 2.5.7 notify Client without undue delay after becoming aware of a Personal Data Breach; 2.5.8 at the written direction of Client, delete or return all Client Personal Data and copies thereof to Client on termination of the Quivers Services and/or this Agreement unless required by the DP Laws or any applicable law to which Quivers is subject to store the Client Personal Data; and 2.5.9 maintain and make available to Client on request, and at Client’s cost and expense, all information necessary to demonstrate compliance with this Exhibit B, and shall allow for and contribute to reasonable audits and access, including inspections, by Client or an auditor mandated by Client in relation to the Processing of Client Personal Data by Quivers or any Subprocessor as required by Article 28(3)(h) of the GDPR. 2.6 Client acknowledges that Quivers is reliant on it for direction as to the extent to which it is entitled to use and Process the Personal Data. Consequently, and without prejudice to the provisions of Section 17 of the Agreement, Client shall defend, indemnify and hold harmless Quivers against any claims, actions, or proceedings brought by a Data Subject or a Supervisory Authority arising from any act or omission by it to the extent that such act or omission resulted directly from Client’s instructions.

Processing of Client Personal Data. 2.1 The parties acknowledge and agree that for the purposes of DP Law, Client is the Data Controller and Quivers shall comply with the obligations of a Controller under the GDPR and that Surecomp is acting in the capacity of a Processor. In some circumstances, Client may additionally or alternatively be a Processor, in which case Client appoints Surecomp as an authorised Sub- processor, which shall not change the obligations of the parties under this Addendum as Surecomp will remain a Processor in any such event. Client will comply with all obligations applicable to a Controller pursuant to the Data Processor of any Protection Legislation. 2.2 Surecomp shall Process Client Personal Data Processed on the documented instructions of Client, unless otherwise required by Quivers an Applicable Law to which Surecomp is subject. In which case, Surecomp shall notify Client if, in its opinion, any instruction infringes the GDPR or other Applicable Law, unless that law prohibits such notification. Such notification will not constitute a general obligation on behalf the part of Client in connection with its provision of Surecomp to monitor or interpret the Quivers Services. 2.2 Each of the parties warrants laws applicable to Client, and undertakes that it shall comply with all applicable obligations which may arise under DP Law in connection with the Processing of Client Personal Data as contemplated under this Agreementsuch notification will not constitute legal advice to Client. 2.3 Client shall ensure that: 2.3.1 warrants that it is entitled has all the necessary rights to transfer provide the relevant Client Personal Data to Quivers so Surecomp for the Processing to be performed in relation to the Services, and that Quivers and each Subprocessor may lawfully use, Process and transfer one or more lawful bases set forth in the Client Personal Data in accordance with this Agreement on Client’s behalf; and 2.3.2 Protection Legislation support the relevant third parties have been informed of, and, to lawfulness of the Processing. To the extent required under DP Lawby the Data Protection Legislation, have given their consent toClient is responsible for ensuring that all necessary privacy notices are provided to Data Subjects, such use, and unless another legal bases set forth in the Data Protection Legislation supports the lawfulness of the Processing, that any necessary Data Subject consents to the Processing are obtained, and transfer for ensuring that a record of such consent is maintained. Should such consent be revoked by a Data Subject, Client is responsible for communicating the fact of such revocation to Surecomp, and Surecomp will act pursuant to Client's instructions as required by all applicable DP Lawseems appropriate. 2.4 Schedule Annex 1 to this Addendum sets out certain information regarding Quivers’ Processing of Client Personal Data under this Agreement as required by Article 28(3) of the GDPRGDPR according to, Personal Data may be processed by Surecomp. Each Party may make reasonable amendments to Schedule 1 by written notice to Client warrants it is an accurate reflection of the other Party from time to time as that Party reasonably considers necessary to meet those requirements. Nothing in Schedule 1 (including as amended Processing activities pursuant to this clause 2.4) confers any right or imposes any obligation on any Party. 2.5 Quivers shall: 2.5.1 not Process Client Personal Data other than as contemplated under this Agreement or on Client’s documented instructions Addendum and solely for the purposes of providing the Quivers Services unless Processing is required by any applicable DP Law to which Quivers is subject, in which case Quivers shall to the extent permitted by any applicable DP Law inform Client of that legal requirement before the relevant Processing of that Client Personal Data; 2.5.2 promptly notify Client if Xxxxxxx believes that Client’s instructions infringe DP Laws; 2.5.3 ensure that all its personnel and Subprocessors who have access to and Process Client Personal Data are subject to confidentiality undertakings or professional or statutory obligations of confidentiality; 2.5.4 taking into account the state Agreement. The nature of the art, Processing operations will depend on the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Quivers shall in relation to Client Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including the measures referred to in Article 32(1) scope of the GDPR; 2.5.5 not transfer any Personal Data outside of the European Economic Area without the prior written consent of Client without Client’s prior written consent unless otherwise explicitly stated in this Exhibit B; 2.5.6 assist Client, at Client’s cost Services and expense, and taking into account the nature of the Processing and information available to QuiversPersonal Data that Client provides in its sole discretion, in responding a manner by which Surecomp finds appropriate to any request from a Data Subject and in ensuring compliance with its obligations under DP Law with respect to security of Processing, breach notifications, Data Protection Impact Assessments and consultations with Supervisory Authorities or regulators relating to Client Personal Data Processed by Quivers; 2.5.7 notify Client without undue delay after becoming aware of a Personal Data Breach; 2.5.8 at provide the written direction of Client, delete or return all Client Personal Data and copies thereof to Client on termination of the Quivers Services and/or this Agreement unless required by the DP Laws or any applicable law to which Quivers is subject to store the Client Personal Data; and 2.5.9 maintain and make available to Client on request, and at Client’s cost and expense, all information necessary to demonstrate compliance with this Exhibit B, and shall allow for and contribute to reasonable audits and access, including inspections, by Client or an auditor mandated by Client in relation to the Processing of Client Personal Data by Quivers or any Subprocessor as required by Article 28(3)(h) of the GDPRServices. 2.6 Client acknowledges that Quivers is reliant on it for direction as to the extent to which it is entitled to use and Process the Personal Data. Consequently, and without prejudice to the provisions of Section 17 of the Agreement, Client shall defend, indemnify and hold harmless Quivers against any claims, actions, or proceedings brought by a Data Subject or a Supervisory Authority arising from any act or omission by it to the extent that such act or omission resulted directly from Client’s instructions.

Processing of Client Personal Data. 2.1 The parties acknowledge and agree that for the purposes of DP Law, Client is the Data Controller and Quivers shall comply with the obligations of a Controller under the GDPR and that Surecomp is acting in the capacity of a Processor. In some circumstances, Client may additionally or alternatively be a Processor, in which case Client appoints Surecomp as an authorised Sub-processor, which shall not change the obligations of the parties under this Addendum as Surecomp will remain a Processor in any such event. Client will comply with all obligations applicable to a Controller pursuant to the Data Processor of any Protection Legislation. 2.2 Surecomp shall Process Client Personal Data Processed on the documented instructions of Client, unless otherwise required by Quivers an Applicable Law to which Surecomp is subject. In which case, Surecomp shall notify Client if, in its opinion, any instruction infringes the GDPR or other Applicable Law, unless that law prohibits such notification. Such notification will not constitute a general obligation on behalf the part of Client in connection with its provision of Surecomp to monitor or interpret the Quivers Services. 2.2 Each of the parties warrants laws applicable to Client, and undertakes that it shall comply with all applicable obligations which may arise under DP Law in connection with the Processing of Client Personal Data as contemplated under this Agreementsuch notification will not constitute legal advice to Client. 2.3 Client shall ensure that: 2.3.1 warrants that it is entitled has all the necessary rights to transfer provide the relevant Client Personal Data to Quivers so Surecomp for the Processing to be performed in relation to the Services, and that Quivers and each Subprocessor may lawfully use, Process and transfer one or more lawful bases set forth in the Client Personal Data in accordance with this Agreement on Client’s behalf; and 2.3.2 Protection Legislation support the relevant third parties have been informed of, and, to lawfulness of the Processing. To the extent required under DP Lawby the Data Protection Legislation, have given their consent toClient is responsible for ensuring that all necessary privacy notices are provided to Data Subjects, such use, and unless another legal bases set forth in the Data Protection Legislation supports the lawfulness of the Processing, that any necessary Data Subject consents to the Processing are obtained, and transfer for ensuring that a record of such consent is maintained. Should such consent be revoked by a Data Subject, Client is responsible for communicating the fact of such revocation to Surecomp, and Surecomp will act pursuant to Client's instructions as required by all applicable DP Lawseems appropriate. 2.4 Schedule Annex 1 to this Addendum sets out certain information regarding Quivers’ Processing of Client Personal Data under this Agreement as required by Article 28(3) of the GDPRGDPR according to, Personal Data may be processed by Surecomp. Each Party may make reasonable amendments to Schedule 1 by written notice to Client warrants it is an accurate reflection of the other Party from time to time as that Party reasonably considers necessary to meet those requirements. Nothing in Schedule 1 (including as amended Processing activities pursuant to this clause 2.4) confers any right or imposes any obligation on any Party. 2.5 Quivers shall: 2.5.1 not Process Client Personal Data other than as contemplated under this Agreement or on Client’s documented instructions Addendum and solely for the purposes of providing the Quivers Services unless Processing is required by any applicable DP Law to which Quivers is subject, in which case Quivers shall to the extent permitted by any applicable DP Law inform Client of that legal requirement before the relevant Processing of that Client Personal Data; 2.5.2 promptly notify Client if Xxxxxxx believes that Client’s instructions infringe DP Laws; 2.5.3 ensure that all its personnel and Subprocessors who have access to and Process Client Personal Data are subject to confidentiality undertakings or professional or statutory obligations of confidentiality; 2.5.4 taking into account the state Agreement. The nature of the art, Processing operations will depend on the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Quivers shall in relation to Client Personal Data implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including the measures referred to in Article 32(1) scope of the GDPR; 2.5.5 not transfer any Personal Data outside of the European Economic Area without the prior written consent of Client without Client’s prior written consent unless otherwise explicitly stated in this Exhibit B; 2.5.6 assist Client, at Client’s cost Services and expense, and taking into account the nature of the Processing and information available to QuiversPersonal Data that Client provides in its sole discretion, in responding a manner by which Surecomp finds appropriate to any request from a Data Subject and in ensuring compliance with its obligations under DP Law with respect to security of Processing, breach notifications, Data Protection Impact Assessments and consultations with Supervisory Authorities or regulators relating to Client Personal Data Processed by Quivers; 2.5.7 notify Client without undue delay after becoming aware of a Personal Data Breach; 2.5.8 at provide the written direction of Client, delete or return all Client Personal Data and copies thereof to Client on termination of the Quivers Services and/or this Agreement unless required by the DP Laws or any applicable law to which Quivers is subject to store the Client Personal Data; and 2.5.9 maintain and make available to Client on request, and at Client’s cost and expense, all information necessary to demonstrate compliance with this Exhibit B, and shall allow for and contribute to reasonable audits and access, including inspections, by Client or an auditor mandated by Client in relation to the Processing of Client Personal Data by Quivers or any Subprocessor as required by Article 28(3)(h) of the GDPRServices. 2.6 Client acknowledges that Quivers is reliant on it for direction as to the extent to which it is entitled to use and Process the Personal Data. Consequently, and without prejudice to the provisions of Section 17 of the Agreement, Client shall defend, indemnify and hold harmless Quivers against any claims, actions, or proceedings brought by a Data Subject or a Supervisory Authority arising from any act or omission by it to the extent that such act or omission resulted directly from Client’s instructions.