Common use of Processing of Customer Personal Data Clause in Contracts

Processing of Customer Personal Data. 3.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties): (a) Bottomline acts as a Processor; and (b) Customer acts as the Controller. 3.2. Bottomline shall not Process Customer Personal Data other than: (a) on Customer’s instructions (subject always to Section 3.7); or (b) as required by applicable Data Protection Laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.4. Customer instructs Bottomline to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement. 3.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data. 3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection Laws, Bottomline shall inform Customer. 3.7. Customer acknowledges and agrees that any instructions additional to those set out in this Data Processing Addendum or the Agreement issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline under the Agreement. 3.8. Notwithstanding anything to the contrary herein, Bottomline may without liability to Customer and with immediate effect terminate the Agreement in its entirety upon written notice to Customer if Bottomline considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise), 3.9. Customer represents and warrants on an ongoing basis that: (a) there is, and will be throughout the term of the Agreement, a valid legal basis (as required under Data Protection Laws) for the Processing by Bottomline of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved subject to and in accordance with Section 6) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Processing of Customer Personal Data. 3.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties): (a) Bottomline acts as a Processor; and (b) Customer acts as the Controller. 3.2. Bottomline shall not Process Customer Personal Data other than: (a) on Customer’s instructions (subject always to Section 3.7); orand (b) as required by applicable Data Protection Lawslaws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.4. Customer instructs Bottomline to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement. 3.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal DataData as required by Article 28(3) of the GDPR. 3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection LawsGDPR, Bottomline shall inform Customer. 3.7. Customer acknowledges and agrees that any instructions additional to those set out in this Data Processing Addendum or the Agreement issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline under the Agreement. 3.8. Notwithstanding anything to the contrary herein, Bottomline may without liability to Customer and with immediate effect terminate the Agreement in its entirety upon written notice to Customer if Bottomline considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise), 3.9. Customer represents and warrants on an ongoing basis that: (a) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved subject to and in accordance with Section 6) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Processing of Customer Personal Data. 3.12.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties):that: (a) Bottomline Supplier acts as a ProcessorData Processor or “service provider” as defined under the CCPA; and (b) Customer acts as the ControllerData Controller or “business” as defined under the CCPA. 3.22.2. Bottomline shall Supplier shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (ai) on Customer’s instructions (subject always to Section 3.7Paragraph 2.9); orand (bii) as required by applicable Data Protection Lawslaws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.42.3. Customer instructs Bottomline Supplier to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and; (b) to perform BottomlineSupplier’s obligations and exercise BottomlineSupplier’s rights or defend legal claims under the Agreement; and (c) for the proper management and administration of Supplier’s business. 3.52.4. Annex 1 (Data Processing Details) sets out certain information regarding BottomlineSupplier’s Processing of Customer Personal DataData as required by Article 28(3) of the GDPR. 3.62.5. Customer may amend Annex 1 (Data Processing Details) on written notice to Supplier from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws. 2.6. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.6) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.7. Where Bottomline Supplier receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection LawsGDPR, Bottomline Supplier shall inform Customer. 3.72.8. Customer acknowledges and agrees that any instructions additional to those set out in this Data Processing Addendum or the Agreement issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline Supplier pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with applicable Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.7) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline Supplier under the Agreement. 3.82.9. Notwithstanding anything to the contrary herein, Bottomline Supplier may without liability to Customer and with immediate effect terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Bottomline Supplier considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise),. 3.9(c) For the avoidance of doubt, this Paragraph 2.9 does not refer to the instructions set out in Paragraph 2.3. 2.10. Customer represents and warrants on an ongoing basis that: (a) , for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis (as required under Data Protection Laws) for the Processing by Bottomline Supplier of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved subject to and in accordance with Section 6) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Processing of Customer Personal Data. 3.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties): (a) Bottomline acts as a Processor; and (b) Customer acts as the Controller. 3.2. Bottomline shall not Process Customer Personal Data other than: (a) on Customer’s instructions (subject always to Section 3.7); orand (b) as required by applicable Data Protection Lawslaws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.4. Customer instructs Bottomline to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement. 3.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal DataData as required by Article 28(3) of the GDPR. 3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection LawsGDPR, Bottomline shall inform Customer. 3.7. Customer acknowledges and agrees that any instructions additional to those set out in this Data Processing Addendum or the Agreement issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline under the Agreement. 3.8. Notwithstanding anything to the contrary herein, Bottomline may without liability to Customer either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer if Bottomline considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise),. 3.9. Customer represents and warrants on an ongoing basis that: (a) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved subject to and in accordance with Section 6Subprocessors) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Processing of Customer Personal Data. 3.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties): (a) Bottomline acts as a Processor; and (b) Customer acts as the Controller. 3.2. Bottomline shall not Process Customer Personal Data other than: (a) on Customer’s instructions (subject always to Section 3.7); or (b) as required by applicable Data Protection LawsEuropean Union, UK or European Union Member State laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.4. Customer instructs Bottomline to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement. 3.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal DataData as required by Article 28(3) of the GDPR. 3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the Data Protection LawsGDPR, Bottomline shall inform Customer. 3.7. Customer acknowledges and agrees that any instructions additional to those set out in this Data Processing Addendum or the Agreement issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline under the Agreement. 3.8. Notwithstanding anything to the contrary herein, Bottomline may without liability to Customer and with immediate effect terminate the Agreement in its entirety upon written notice to Customer if Bottomline considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise), 3.9. Customer represents and warrants on an ongoing basis that: (a) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors that are approved subject to and in accordance with Section 6) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.