Common use of Processing of Customer Personal Data Clause in Contracts

Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the Parties acknowledge that: (a) Firefly acts as a Processor; and (b) Customer acts as the Controller. 2.2. Firefly shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (i) on Customer’s instructions (subject always to Paragraph 2.7); and (ii) as required by applicable laws. 2.3. Customer instructs Firefly to Process Customer Personal Data as necessary: (a) to provide the Services to Customer; and (b) to perform Firefly ’s obligations and exercise Firefly ’s rights under the Agreement. 2.4. Annex 1 (Data Processing Details) sets out certain information regarding Firefly’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.5. Nothing in Annex 1 (Data Processing Details) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.6. Where Firefly receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Firefly shall inform Customer. 2.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Firefly pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.5) shall not relate to the scope of, or otherwise materially change, the Services to be provided by Firefly under the Agreement. 2.8. Notwithstanding anything to the contrary herein, Firefly may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 2.9. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis for the Processing by Firefly of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing). 2.10. Customer will indemnify and hold harmless Firefly and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to any breach by Customer of Paragraph 2.10. Any and all limitations on liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10.

Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the Parties acknowledge that: (a) Firefly Precisely acts as a Data Processor; and (b) Customer acts as the Data Controller. 2.2. Firefly Precisely shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and; (b) not Sell Customer Personal Data; (c) not Process Customer Personal Data other than: (i) for the specific business purpose of providing the Services; (ii) on Customer’s instructions (subject always to Paragraph 2.72.8); and (iiiii) as required by applicable laws. 2.3. Customer instructs Firefly Precisely to Process Customer Personal Data as necessary:necessary:‌ (a) to provide the Services to Customer; and (b) to perform Firefly Precisely’s obligations and exercise Firefly Precisely’s rights under the Agreement. 2.4. Annex 1 (Data Processing Details) sets out certain information regarding FireflyPrecisely’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.5. Customer may amend Annex 1 (Data Processing Details) on written notice to Precisely from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws.‌ 2.6. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.5) confers any right or imposes any obligation on any Party to this Data Processing Addendum.Addendum.‌ 2.62.7. Where Firefly Precisely receives an instruction from Customer that, in its reasonable opinion, infringes the GDPRData Protection Laws, Firefly Precisely shall inform Customer. 2.72.8. Customer acknowledges and agrees that any instructions issued by Customer with regards to the any Processing of Customer Personal Data by or on behalf of Firefly Precisely of Customer Personal Data pursuant to or in connection with the Agreement:Agreement:‌ (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.52.6) shall not relate to the scope of, or otherwise materially change, the Services to be provided by Firefly Precisely under the Agreement. 2.82.9. Notwithstanding anything to the contrary herein, Firefly Precisely may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly Precisely considers (in its reasonable discretion) that:that:‌ (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). For the avoidance of doubt, this Paragraph 2.9 does not refer to the instructions set out in Paragraph 2.3. 2.92.10. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis for the Processing by Firefly Precisely of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing). 2.10. Customer will indemnify and hold harmless Firefly and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to any breach by Customer of Paragraph 2.10. Any and all limitations on liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10.

Processing of Customer Personal Data. 2.13.1. In respect of Customer Personal Data, the Parties acknowledge that:that (as between the Parties): (a) Firefly Bottomline acts as a Processor; and (b) Customer acts as the Controller. 2.23.2. Firefly shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) Bottomline shall not Process Customer Personal Data other than: (ia) on Customer’s instructions (subject always to Paragraph 2.7Section 3.7); and (iib) as required by applicable laws.‌ 3.3. To the extent permitted by applicable laws, Bottomline shall inform Customer of: (a) any Processing to be carried out under Section 3.2(b); and (b) the relevant legal requirements that require it to carry out such Processing, before the relevant Processing of that Customer Personal Data. 2.33.4. Customer instructs Firefly Bottomline to Process Customer Personal Data as necessary: (a) to provide the Relevant Services to Customer; and (b) to perform Firefly Bottomline’s obligations and exercise Firefly Bottomline’s rights under the Agreement. 2.43.5. Annex 1 (Data Processing Details) sets out certain information regarding FireflyBottomline’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.5. Nothing in Annex 1 (Data Processing Details) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.63.6. Where Firefly Bottomline receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Firefly Bottomline shall inform Customer. 2.73.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Firefly Bottomline pursuant to or in connection with the Agreement:Agreement:‌ (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.5) shall not relate to the scope of, or otherwise materially change, the Relevant Services to be provided by Firefly Bottomline under the Agreement. 2.83.8. Notwithstanding anything to the contrary herein, Firefly Bottomline may without liability to either party and with immediate effect terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly Bottomline considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 2.93.9. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, : (a) there is, and will be throughout the term of the Agreement, a valid legal basis (whether under Articles 6, 9 and/or 10 of the GDPR or otherwise as required under Data Protection Laws) for the Processing by Firefly Bottomline of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing).; and 2.10. (b) where applicable, Customer will indemnify has been instructed by, and hold harmless Firefly obtained the valid and effective authorisation of, any relevant third party Controller(s) (including, for these purposes, Customer Affiliates) to instruct Bottomline (and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and feesSubprocessors) arising from or relating to any breach by Process Customer of Paragraph 2.10. Any and all limitations on liability Personal Data as set out in and contemplated by this Data Processing Addendum and the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10Agreement.

Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the Parties acknowledge that: (a) Firefly Receipt Bank acts as a Data Processor; and (b) Customer acts as the Data Controller. 2.2. Firefly Receipt Bank shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (i) on Customer’s instructions (subject always to Paragraph 2.72.8); and (ii) as required by applicable laws. 2.3. Customer instructs Firefly Receipt Bank to Process Customer Personal Data as necessary: (a) to provide the Services to Customer; and (b) to perform Firefly Receipt Bank’s obligations and exercise Firefly Receipt Bank’s rights under the Agreement. 2.4. Annex 1 (Data Processing Details) sets out certain information regarding FireflyReceipt Bank’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.5. Customer may amend Annex 1 (Data Processing Details) on written notice to Receipt Bank from time to time as Customer reasonably considers necessary to meet any applicable requirements of Data Protection Laws. 2.6. Nothing in Annex 1 (Data Processing Details) (including as amended pursuant to Paragraph 2.5) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.62.7. Where Firefly Receipt Bank receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Firefly Receipt Bank shall inform Customer. 2.72.8. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Firefly Receipt Bank pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.52.6) shall not relate to the scope of, or otherwise materially change, the Services to be provided by Firefly Receipt Bank under the Agreement. 2.82.9. Notwithstanding anything to the contrary herein, Firefly Receipt Bank may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly Receipt Bank considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 2.92.10. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis for the Processing by Firefly Receipt Bank of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing). 2.10. Customer will indemnify and hold harmless Firefly and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to any breach by Customer of Paragraph 2.10. Any and all limitations on liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10.

Processing of Customer Personal Data. 2.1. In respect of Customer Personal Data, the Parties acknowledge that: (a) Firefly acts as a Processor; and (b) Customer acts as the Controller. 2.2. Firefly shall: (a) comply with all applicable Data Protection Laws in Processing Customer Personal Data; and (b) not Process Customer Personal Data other than: (i) on Customer’s instructions (subject always to Paragraph 2.7); and (ii) as required by applicable laws. 2.3. Customer instructs Firefly to Process Customer Personal Data as necessary: (a) to provide the Services to Customer; and (b) to perform Firefly ’s obligations and exercise Firefly Firefly’s rights under the Agreement. 2.4. Annex 1 (Data Processing Details) sets out certain information regarding Firefly’s Processing of Customer Personal Data as required by Article 28(3) of the GDPR. 2.5. Nothing in Annex 1 (Data Processing Details) confers any right or imposes any obligation on any Party to this Data Processing Addendum. 2.6. Where Firefly receives an instruction from Customer that, in its reasonable opinion, infringes the GDPR, Firefly shall inform Customer. 2.7. Customer acknowledges and agrees that any instructions issued by Customer with regards to the Processing of Customer Personal Data by or on behalf of Firefly pursuant to or in connection with the Agreement: (a) shall be strictly required for the sole purpose of ensuring compliance with Data Protection Laws; and (b) (without limitation to the generality of Paragraph 2.5) shall not relate to the scope of, or otherwise materially change, the Services to be provided by Firefly under the Agreement. 2.8. Notwithstanding anything to the contrary herein, Firefly may terminate the Agreement in its entirety upon written notice to Customer with immediate effect if Firefly considers (in its reasonable discretion) that: (a) it is unable to adhere to, perform or implement any instructions issued by Customer due to the technical limitations of its systems, equipment and/or facilities; and/or (b) to adhere to, perform or implement any such instructions would require disproportionate effort (whether in terms of time, cost, available technology, manpower or otherwise). 2.9. Customer represents and warrants on an ongoing basis that, for the purposes of Article 6 of the GDPR, there is, and will be throughout the term of the Agreement, a valid legal basis for the Processing by Firefly of Customer Personal Data in accordance with this Data Processing Addendum and the Agreement (including, any and all instructions issued by Customer from time to time in respect of such Processing). 2.10. Customer will indemnify and hold harmless Firefly and its employees, officers, directors and agents from and against any and all liabilities, losses, damages, costs, fines and other expenses (including legal costs and fees) arising from or relating to any breach by Customer of Paragraph 2.102.9. Any and all limitations on liability set out in the Agreement shall not apply to liability arising under or in connection with the indemnity set out in this Paragraph 2.10.