Common use of Processing of Customer Personal Data Clause in Contracts

Processing of Customer Personal Data. 3.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties): (a) Bottomline acts as a Processor; and (b) Customer acts as the Controller. 3.2. Bottomline shall not Process Customer Personal Data other than: (a) on Customer’s instructions (subject always to Section 3.7); and (b) as required by applicable laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.4. Customer instructs Bottomline to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement. 3.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline shall inform Customer. 3.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline under the Agreement. 3.8. Notwithstanding anything to the contrary herein, Bottomline may without liability to either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer if Bottomline considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 3.9. Customer represents and warrants on an ongoing basis that: (a) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Appears in 1 contract

Samples: Data Processing Addendum

AutoNDA by SimpleDocs

Processing of Customer Personal Data. 3.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties): (a) Bottomline acts as a Processor; and (b) Customer acts as the Controller. 3.2. Bottomline shall not Process Customer Personal Data other than: (a) on Customer’s instructions (subject always to Section 3.7); and (b) as required by applicable laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.4. Customer instructs Bottomline to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement. 3.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline shall inform Customer. 3.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline under the Agreement. 3.8. Notwithstanding anything to the contrary herein, Bottomline may without liability to either party Customer and with immediate effect terminate the Agreement in its entirety upon written notice to Customer if Bottomline considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise)., 3.9. Customer represents and warrants on an ongoing basis that: (a) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its SubprocessorsSubprocessors that are approved subject to and in accordance with Section 6) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Appears in 1 contract

Samples: Data Processing Addendum

Processing of Customer Personal Data. 3.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties): (a) Bottomline acts as a Processor; and (b) Customer acts as the Controller. 3.2. Bottomline shall not Process Customer Personal Data other than: (a) on Customer’s instructions (subject always to Section 3.7); and (b) as required by applicable laws.laws.‌ 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.4. Customer instructs Bottomline to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement. 3.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline shall inform Customer. 3.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement:Agreement:‌ (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline under the Agreement. 3.8. Notwithstanding anything to the contrary herein, Bottomline may without liability to either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer if Bottomline considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 3.9. Customer represents and warrants on an ongoing basis that: (a) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Appears in 1 contract

Samples: Data Processing Addendum

Processing of Customer Personal Data. 3.12.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties):that: (a) Bottomline Receipt Bank acts as a Data Processor; and (b) Customer acts as the Data Controller. 3.22.2. Bottomline shall Receipt Bank shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (ai) on Customer’s instructions (subject always to Section 3.7Paragraph 2.8); and (bii) as required by applicable laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.42.3. Customer instructs Bottomline Receipt Bank to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform BottomlineReceipt Bank’s obligations and exercise BottomlineReceipt Bank’s rights under the Agreement. 3.52.4. Annex 1 (Data Processing Details) sets out certain information regarding BottomlineReceipt Bank’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 3.62.5. Customer may amend Annex 1 (Data Processing Details) on written notice to Receipt Bank from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws. 2.6. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.5) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.7. Where Bottomline Receipt Bank receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline Receipt Bank shall inform Customer. 3.72.8. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline Receipt Bank pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.6) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline Receipt Bank under the Agreement. 3.82.9. Notwithstanding anything to the contrary herein, Bottomline Receipt Bank may without liability to either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Bottomline Receipt Bank considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 3.92.10. Customer represents and warrants on an ongoing basis that: (a) , for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline Receipt Bank of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Appears in 1 contract

Samples: Data Processing Agreement

Processing of Customer Personal Data. 3.12.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties):that: (a) Bottomline Firefly acts as a Processor; and (b) Customer acts as the Controller. 3.22.2. Bottomline shall Firefly shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (ai) on Customer’s instructions (subject always to Section 3.7Paragraph 2.7); and (bii) as required by applicable laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.42.3. Customer instructs Bottomline Firefly to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform BottomlineFirefly ’s obligations and exercise BottomlineFirefly’s rights under the Agreement. 3.52.4. Annex 1 (Data Processing Details) sets out certain information regarding BottomlineFirefly’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 3.62.5. Nothing in Annex 1 (Data Processing Details) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.6. Where Bottomline Firefly receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline Firefly shall inform Customer. 3.72.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline Firefly pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.5) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline Firefly under the Agreement. 3.82.8. Notwithstanding anything to the contrary herein, Bottomline Firefly may without liability to either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Bottomline Firefly considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 3.92.9. Customer represents and warrants on an ongoing basis that: (a) , for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline Firefly of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and. (b) where applicable, 2.10. Customer has been instructed by, will indemnify and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (hold harmless Firefly and its Subprocessorsemployees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to Process any breach by Customer Personal Data as of Paragraph 2.9. Any and all limitations on liability set out in and contemplated by the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Data Processing Addendum and the AgreementParagraph 2.10.

Appears in 1 contract

Samples: Data Processing Addendum

Processing of Customer Personal Data. 3.12.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties):that: (a) Bottomline Precisely acts as a Data Processor; and (b) Customer acts as the Data Controller. 3.22.2. Bottomline shall Precisely shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; (b) not Sell Customer Personal Data; (c) not Process Customer Personal Data other than: (ai) for the specific business purpose of providing the Services; (ii) on Customer’s instructions (subject always to Section 3.7Paragraph 2.8); and (biii) as required by applicable laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.42.3. Customer instructs Bottomline Precisely to Process Customer Personal Data as necessary:necessary:‌ (a) to provide the Relevant Services to Customer; and (b) to perform BottomlinePrecisely’s obligations and exercise BottomlinePrecisely’s rights under the Agreement. 3.52.4. Annex 1 (Data Processing Details) sets out certain information regarding BottomlinePrecisely’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 3.62.5. Customer may amend Annex 1 (Data Processing Details) on written notice to Precisely from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws.‌ 2.6. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.5) confers any right or imposes any obligation on any Party to this Data Processing Addendum.‌ 2.7. Where Bottomline Precisely receives an instruction from Customer that, in its reasonable opinion, infringes the GDPRData Protection Laws, Bottomline Precisely shall inform Customer. 3.72.8. Customer acknowledges and agrees that any instructions issued by Customer with regards to the any Processing of Customer Personal Data by or on behalf of Bottomline Precisely of Customer Personal Data pursuant to or in connection with the Agreement:Agreement:‌ (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.6) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline Precisely under the Agreement. 3.82.9. Notwithstanding anything to the contrary herein, Bottomline Precisely may without liability to either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Bottomline Precisely considers (in its reasonable discretion) that:that:‌ (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). For the avoidance of doubt, this Paragraph 2.9 does not refer to the instructions set out in Paragraph 2.3. 3.92.10. Customer represents and warrants on an ongoing basis that: (a) , for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline Precisely of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Appears in 1 contract

Samples: Service License Agreement

Processing of Customer Personal Data. 3.12.1. In respect of Customer Personal Data, the The Parties acknowledge that (as between the Parties):that: (a) Bottomline Crunchy Data acts as a Processor; and (b) Customer acts as the Controller. 3.22.2. Bottomline shall Crunchy Data shall: (a) comply with the GDPR in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (ai) on Customer’s instructions (subject always to Section 3.7Paragraph 2.9); and (bii) as required by applicable laws. 3.32.3. To the extent permitted by applicable laws, Bottomline Crunchy Data shall inform Customer of: (a) any Processing to be carried out under Section 3.2(bParagraph 2.2(b)(ii); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.42.4. Customer instructs Bottomline Crunchy Data to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform BottomlineCrunchy Data’s obligations and exercise BottomlineCrunchy Data’s rights under the Agreement. 3.52.5. Annex 1 (Data Processing Details) sets out certain information regarding BottomlineCrunchy Data’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 3.62.6. Customer may amend Annex 1 (Data Processing Details) on written notice to Crunchy Data from time to time as Customer reasonably considers necessary to meet any applicable requirements of the GDPR. 2.7. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.6) confers any right or imposes any obligation on any party to this Data Processing Addendum. 2.8. Where Bottomline Crunchy Data receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline Crunchy Data shall inform Customer. 3.72.9. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline Crunchy Data pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Lawsthe GDPR; and (b) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline Crunchy Data under the Agreement. 3.82.10. Notwithstanding anything to the contrary herein, Bottomline Crunchy Data may without liability to either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Bottomline Crunchy Data considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 3.92.11. Customer represents and warrants on an ongoing basis that: , for the purposes of Article 6 of the GDPR, and (awhere applicable) Article 9 and/or Article 10 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis and (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Lawswhere applicable) condition for the Processing by Bottomline Crunchy Data of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Appears in 1 contract

Samples: Data Processing Agreement

AutoNDA by SimpleDocs

Processing of Customer Personal Data. 3.12.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties):that: (a) Bottomline Supplier acts as a ProcessorData Processor or “service provider” as defined under the CCPA; and (b) Customer acts as the ControllerData Controller or “business” as defined under the CCPA. 3.22.2. Bottomline shall Supplier shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (ai) on Customer’s instructions (subject always to Section 3.7Paragraph 2.9); and (bii) as required by applicable laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.42.3. Customer instructs Bottomline Supplier to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and; (b) to perform BottomlineSupplier’s obligations and exercise BottomlineSupplier’s rights or defend legal claims under the Agreement; and (c) for the proper management and administration of Supplier’s business. 3.52.4. Annex 1 (Data Processing Details) sets out certain information regarding BottomlineSupplier’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 3.62.5. Customer may amend Annex 1 (Data Processing Details) on written notice to Supplier from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws. 2.6. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.6) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.7. Where Bottomline Supplier receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline Supplier shall inform Customer. 3.72.8. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline Supplier pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with applicable Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.7) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline Supplier under the Agreement. 3.82.9. Notwithstanding anything to the contrary herein, Bottomline Supplier may without liability to either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Bottomline Supplier considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 3.9(c) For the avoidance of doubt, this Paragraph 2.9 does not refer to the instructions set out in Paragraph 2.3. 2.10. Customer represents and warrants on an ongoing basis that: (a) , for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline Supplier of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its Subprocessors) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Appears in 1 contract

Samples: Data Processing Addendum

Processing of Customer Personal Data. 3.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties): (a) Bottomline acts as a Processor; and (b) Customer acts as the Controller. 3.2. Bottomline shall not Process Customer Personal Data other than: (a) on Customer’s instructions (subject always to Section 3.7); andor (b) as required by applicable lawsData Protection Laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.4. Customer instructs Bottomline to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform Bottomline’s obligations and exercise Bottomline’s rights under the Agreement. 3.5. Annex 1 (Data Processing Details) sets out certain information regarding Bottomline’s Processing of Customer Personal Data as required by Article 28(3) of the GDPRData. 3.6. Where Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the GDPRData Protection Laws, Bottomline shall inform Customer. 3.7. Customer acknowledges and agrees that any instructions additional to those set out in this Data Processing Addendum or the Agreement issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline under the Agreement. 3.8. Notwithstanding anything to the contrary herein, Bottomline may without liability to either party Customer and with immediate effect terminate the Agreement in its entirety upon written notice to Customer if Bottomline considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise)., 3.9. Customer represents and warrants on an ongoing basis that: (a) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and (b) where applicable, Customer has been instructed by, and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its SubprocessorsSubprocessors that are approved subject to and in accordance with Section 6) to Process Customer Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement.

Appears in 1 contract

Samples: Data Processing Addendum

Processing of Customer Personal Data. 3.12.1. In respect of Customer Personal Data, the Parties acknowledge that (as between the Parties):that: (a) Bottomline Firefly acts as a Processor; and (b) Customer acts as the Controller. 3.22.2. Bottomline shall Firefly shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (ai) on Customer’s instructions (subject always to Section 3.7Paragraph 2.7); and (bii) as required by applicable laws. 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 3.42.3. Customer instructs Bottomline Firefly to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform BottomlineFirefly ’s obligations and exercise BottomlineFirefly ’s rights under the Agreement. 3.52.4. Annex 1 (Data Processing Details) sets out certain information regarding BottomlineFirefly’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 3.62.5. Nothing in Annex 1 (Data Processing Details) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.6. Where Bottomline Firefly receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Bottomline Firefly shall inform Customer. 3.72.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Bottomline Firefly pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.5) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Bottomline Firefly under the Agreement. 3.82.8. Notwithstanding anything to the contrary herein, Bottomline Firefly may without liability to either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Bottomline Firefly considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 3.92.9. Customer represents and warrants on an ongoing basis that: (a) , for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Bottomline Firefly of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing); and. (b) where applicable, 2.10. Customer has been instructed by, will indemnify and obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (hold harmless Firefly and its Subprocessorsemployees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to Process any breach by Customer Personal Data as of Paragraph 2.10. Any and all limitations on liability set out in and contemplated by the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Data Processing Addendum and the AgreementParagraph 2.10.

Appears in 1 contract

Samples: Data Processing Addendum

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!