Common use of Processing of Personal Information Clause in Contracts

Processing of Personal Information. If Cyanre processes any Personal Information on the Customer’s behalf when performing its obligations under the Contract Documents, the parties record their intention that the Customer shall be the Responsible Party and Cyanre shall be an Operator and in any such case: 12.3.4.1 the Customer shall ensure that the Customer is entitled (as per applicable data protection legislation) to transfer the relevant Personal Information to Cyanre so that Cyanre may lawfully use, process and transfer the Personal Information in accordance with Contract Documents on the Customer's behalf; 12.3.4.2 Cyanre shall process the Personal Information only in accordance with the terms of the Contract Documents and any lawful instructions reasonably given by the Customer from time to time; 12.3.4.3 Cyanre shall notify the Customer immediately in writing if there are reasonable grounds to believe that the Personal Information has been accessed or acquired by any unauthorised person or that there has been any loss or corruption of Personal Information. Cyanre agrees to use its best endeavours to assist the Customer, where such information has been used, lost, corrupted or disclosed in remedying such unauthorised use, loss, corruption or disclosure. 12.3.4.4 In the event that Cyanre uses a third party for any or all of the processing activities required of Cyanre in connection with a Contract Document, it will ensure that it has signed terms and conditions sufficient to meet its obligations under this Agreement. 12.3.4.5 Disclosure of any Personal Information to any of Cyanre’s Personnel, which will be done on a need to know basis only, and without prejudice to the Customer’s rights in terms of the Contract Documents, Cyanre shall procure that each employee or representative is aware of the confidential nature of the information being disclosed and shall be bound by am applicable confidentiality provision. 12.3.4.6 (where required) the Customer acknowledges and agrees that the Personal Information may be transferred or stored outside the country where Cyanre may make use of third party service providers in order to carry out the Services and Cyanre’s other obligations under the Contract Documents;

Processing of Personal Information. If Cyanre processes 11.1 Each Party warrants to and in favour of the other that it shall at all times during the term of this Agreement comply with Data Protection Legislation. 11.2 The Parties agree that Personal Information disclosed by either Party to the other Party shall constitute Confidential Information. 11.3 The Recipient shall – 11.3.1 treat the Personal Information that comes to its knowledge or into its possession as confidential and shall not disclose such Personal Information without the prior written consent of the Disclosing Party; 11.3.2 notify the Disclosing Party in writing within one business day or otherwise as soon as reasonably possible if any Personal Information on the Customer’s behalf when performing its obligations under the Contract Documents, the parties record their intention that the Customer shall be the Responsible Party and Cyanre shall be an Operator and in any such case: 12.3.4.1 the Customer shall ensure that the Customer has been or is entitled (as per applicable data protection legislation) reasonably believed to transfer the relevant Personal Information to Cyanre so that Cyanre may lawfully use, process and transfer the Personal Information in accordance with Contract Documents on the Customer's behalf; 12.3.4.2 Cyanre shall process the Personal Information only in accordance with the terms of the Contract Documents and any lawful instructions reasonably given by the Customer from time to time; 12.3.4.3 Cyanre shall notify the Customer immediately in writing if there are reasonable grounds to believe that the Personal Information has have been accessed or acquired by any an unauthorised person or that there if a breach has been any loss or corruption occurred with reference to its use of the Personal Information. Cyanre agrees Such notification must provide sufficient information to use allow affected individuals to take measures against the potential consequences of the compromise, including, if known to the Recipient, the identity of the unauthorised person who may have accessed or acquired the Personal Information; 11.3.3 ensure that where the Personal Information is no longer required to be retained, it is destroyed or returned to the Disclosing Party in accordance with the instructions of the Disclosing Party and in compliance with Data Protection Legislation; 11.3.4 not transfer or allow Personal Information received during its best endeavours relationship with the Disclosing Party to assist be transferred outside the CustomerRecipient’s jurisdiction, where such information has unless upon express written consent of the Disclosing Party or unless adequate mechanisms have been usedemployed to ensure an adequate level of protection for the Personal Information; and 11.3.5 secure the integrity of the Personal Information in its possession or under its control by taking appropriate, lostreasonable technical and organisational measures to prevent – 11.3.5.1 loss of, corrupted or disclosed in remedying such damage to, or unauthorised use, loss, corruption destruction of the Personal Information; and/or 11.3.5.2 unlawful access to or disclosureunlawful Processing of the Personal Information. 12.3.4.4 In 11.4 The Recipient shall Process the event that Cyanre uses a third party for any or all of Personal Information only – 11.4.1 in compliance with Data Protection Legislation, the processing activities required of Cyanre in connection with a Contract Document, it will ensure that it has signed terms Disclosing Party's instructions and conditions sufficient to meet its obligations under this Agreement.; and 12.3.4.5 Disclosure of any Personal Information to any of Cyanre’s Personnel, which will be done on a need to know basis only, and without prejudice to the Customer’s rights 11.4.2 for purposes connected with performing in terms of this Agreement or as specifically otherwise instructed or authorised by the Contract Documents, Cyanre shall procure that each employee or representative is aware of the confidential nature of the information being disclosed and shall be bound by am applicable confidentiality provisionDisclosing Party in writing. 12.3.4.6 (where required) the Customer acknowledges and agrees that the Personal Information may be transferred or stored outside the country where Cyanre may make use of third party service providers in order to carry out the Services and Cyanre’s other obligations under the Contract Documents;

Processing of Personal Information. If Cyanre processes any Personal Information on the Customer’s behalf when performing its obligations under the Contract Documents, the parties record their intention that the Customer shall be the Responsible Party and Cyanre shall be an Operator and in any such case:: 12. 12.3.4.1 3.4.1 the Customer shall ensure that the Customer is entitled (as per applicable data protection legislation) to transfer the relevant Personal Information to Cyanre so that Cyanre may lawfully use, process and transfer the Personal Information in accordance with Contract Documents on the Customer's behalf;; 12. 12.3.4.2 3.4.2 Cyanre shall process the Personal Information only in accordance with the terms of the Contract Documents and any lawful instructions reasonably given by the Customer from time to time;; 12. 12.3.4.3 3.4.3 Cyanre shall notify the Customer immediately in writing if there are reasonable grounds to believe that the Personal Information has been accessed or acquired by any unauthorised person or that there has been any loss or corruption of Personal Information. Cyanre agrees to use its best endeavours to assist the Customer, where such information has been used, lost, corrupted or disclosed in remedying such unauthorised use, loss, corruption or disclosure. 12. 12.3.4.4 3.4.4 In the event that Cyanre uses a third party for any or all of the processing activities required of Cyanre in connection with a Contract Document, it will ensure that it has signed terms and conditions sufficient to meet its obligations under this Agreement. . 12.3.4.5 Disclosure of any Personal Information to any of Cyanre’s Personnel, which will be done on a need to know basis only, and without prejudice to the Customer’s rights in terms of the Contract Documents, Cyanre shall procure that each employee or representative is aware of the confidential nature of the information being disclosed and shall be bound by am applicable confidentiality provision. 12.3.4.6 (where required) the Customer acknowledges and agrees that the Personal Information may be transferred or stored outside the country where Cyanre may make use of third party service providers in order to carry out the Services and Cyanre’s other obligations under the Contract Documents;

Processing of Personal Information. If Cyanre processes (a) In respect of any Personal Information Data which WEX processes on behalf of the Customer’s behalf when Customer in performing its obligations under the Contract Documentsthis Agreement, the parties record their intention that the Customer shall be the Responsible Party Data Controller and Cyanre shall WEX will be an Operator the Data Processor and in any such case: 12.3.4.1 the Customer shall ensure that the Customer is entitled (as per applicable data protection legislationi) to transfer the relevant Personal Information to Cyanre so that Cyanre may lawfully use, process and transfer WEX will Process the Personal Information in accordance with Contract Documents Data solely on the Customer's behalf’s documented instructions for the purposes of providing the Goods and Services provided under this Agreement and shall immediately inform the Customer if, in its opinion, an instruction infringes the Data Protection Laws; 12.3.4.2 Cyanre shall process (ii) WEX will take all measures required by article 32 of the GDPR to ensure the security of the Personal Information only Data; (iii) WEX will take responsible steps to ensure that its personnel, who may have access to the Personal Data, have committed themselves to confidentiality; (iv) WEX will promptly, and in accordance with any case within 5 Business Days, Notify the terms Customer of any communication from a Data Subject regarding the Processing of their Personal Data, or any other communication (including from a supervisory authority) of which WEX is aware, relating to either party’s obligations under the Data Protection Laws in respect of the Contract Documents and any lawful instructions reasonably given by Personal Data; (v) WEX will Notify the Customer from time to time; 12.3.4.3 Cyanre shall notify the Customer immediately in writing if there are reasonable grounds to believe that the Personal Information has been accessed or acquired by any unauthorised person or that there has been any loss or corruption of Personal Information. Cyanre agrees to use its best endeavours to assist the Customer, where such information has been used, lost, corrupted or disclosed in remedying such unauthorised use, loss, corruption or disclosure. 12.3.4.4 In the event that Cyanre uses a third party for any or all of the processing activities required of Cyanre in connection with a Contract Document, it will ensure that it has signed terms and conditions sufficient to meet its obligations under this Agreement. 12.3.4.5 Disclosure without undue delay upon becoming aware of any Personal Information to any of Cyanre’s Personnel, which Data Breach; (vi) WEX will be done on a need to know basis only, and without prejudice provide commercially reasonable assistance to the Customer’s rights Customer on request in terms relation to a) any communication received under clause 6.4 (iv) and b) any Personal Data Breach, including by implementing appropriate technical and organizational measures; (vii) The Customer acknowledges and agrees that WEX is generally authorized to appoint third parties to Process the Personal Data (“Sub- Processor“), subject to Notifying the Customer about its Sub-Processors and otherwise meeting the conditions set out in Article 28 (2) and (4) of the Contract Documents, Cyanre shall procure that each employee or representative is aware of the confidential nature of the information being disclosed and shall be bound by am applicable confidentiality provision.GDPR; 12.3.4.6 (where requiredviii) the The Customer acknowledges and agrees that the Personal Information Data may be transferred or stored outside the European Economic Area or the country where Cyanre may make use of third party service providers the Customer is located in order for WEX to carry out the Services and Cyanre’s other its obligations under this Agreement. WEX will take such steps as are necessary to ensure the Contract DocumentsProcessing is in accordance with the Data Protection Laws; (ix) WEX will make available to the Customer upon request and with costs to be borne by the Customer all information necessary to demonstrate compliance with this clause 6.4 and with article 28 of the GDPR and upon the Customer’s Notice in Writing, provide it with a copy of WEX's then current third-party audits or certifications, as applicable, as well as any summaries thereof; and (x) WEX will cease Processing the Personal Data upon the termination or expiration of this Agreement and, upon the Customer’s request, either return to the Customer or securely delete the Personal Data.

Processing of Personal Information. If Cyanre LexTrado processes any Personal Information on the Customer’s behalf when performing its obligations under the Contract Documents, the parties record their intention that the Customer shall be the Responsible Party and Cyanre LexTrado shall be an Operator and in any such case: 12.3.4.1 the Customer shall ensure that the Customer is entitled (as per applicable data protection legislation) to transfer the relevant Personal Information to Cyanre LexTrado so that Cyanre LexTrado may lawfully use, process and transfer the Personal Information in accordance with Contract Documents on the Customer's behalf; 12.3.4.2 Cyanre LexTrado shall process the Personal Information only in accordance with the terms of the Contract Documents and any lawful instructions reasonably given by the Customer from time to time; 12.3.4.3 Cyanre LexTrado shall notify the Customer immediately in writing if there are reasonable grounds to believe that the Personal Information has been accessed or acquired by any unauthorised person or that there has been any loss or corruption of Personal Information. Cyanre LexTrado agrees to use its best endeavours to assist the Customer, where such information has been used, lost, corrupted or disclosed in remedying such unauthorised use, loss, corruption or disclosure. 12.3.4.4 In the event that Cyanre LexTrado uses a third party for any or all of the processing activities required of Cyanre LexTrado in connection with a Contract Document, it will ensure that it has signed terms and conditions sufficient to meet its obligations under this Agreement. 12.3.4.5 Disclosure of any Personal Information to any of CyanreLexTrado’s Personnel, which will be done on a need to know basis only, and without prejudice to the Customer’s rights in terms of the Contract Documents, Cyanre LexTrado shall procure that each employee or representative is aware of the confidential nature of the information being disclosed and shall be bound by am applicable confidentiality provision. 12.3.4.6 (where required) the Customer acknowledges and agrees that the Personal Information may be transferred or stored outside the country where Cyanre LexTrado may make use of third party service providers in order to carry out the Services and CyanreLexTrado’s other obligations under the Contract Documents;

Processing of Personal Information. If Cyanre processes any personal information as such term is defined in the Act (“Personal Information Information”) on the Customer’s behalf when performing its obligations under the Contract Documents, the parties record their intention that the Customer shall be the Responsible Party and Cyanre shall be an Operator operator and in any such case: 12.3.4.1 12.8.4.1 the Customer shall ensure that the Customer is entitled (as per applicable data protection legislation) to transfer the relevant Personal Information to Cyanre so that Cyanre may lawfully use, process and transfer the Personal Information in accordance with Contract Documents on the Customer's behalf; 12.3.4.2 12.8.4.2 Cyanre shall process the Personal Information only in accordance with the terms of the Contract Documents and any lawful instructions reasonably given by the Customer from time to time; 12.3.4.3 12.8.4.3 Cyanre shall take reasonable steps to identify all reasonably foreseeable internal and/or external risks, posed to Customer Data under Cyanre’s possession, care and/or control and to establish and/or maintain appropriate safeguards against any risk identified. Cyanre shall notify the Customer immediately in writing if there are reasonable grounds to believe that the Personal Information has been accessed or acquired by any unauthorised person or that there has been any loss or corruption of Personal Information. Cyanre agrees to use its best endeavours to assist the Customer, where such information has been used, lost, corrupted or disclosed in remedying such unauthorised use, loss, corruption or disclosure.; 12.3.4.4 12.8.4.4 In the event that Cyanre uses a third party for any or all of the processing activities required of Cyanre in connection with a Contract Document, it will ensure that it has signed terms and conditions sufficient to meet its obligations under this Agreement.Agreement and inform the Customer of this; 12.3.4.5 12.8.4.5 Disclosure of any Personal Information to any of Cyanre’s Personnel, which will be done on a need to know basis only, and without prejudice to the Customer’s rights in terms of the Contract Documents, . Cyanre shall procure that each employee or representative is aware of the confidential nature of the information being disclosed and shall be bound by am an applicable confidentiality provision.; 12.3.4.6 12.8.4.6 (where required) the Customer acknowledges and agrees that the Personal Information may be transferred or stored outside the country where Cyanre may make use of third party service providers in order to carry out the Services and Cyanre’s other obligations under the Contract Documents;Documents only if Cyanre ascertains that the country in which the Customer Data will be stored has the same or more onerous law relating to the protection of personal information than South Africa has, and only if Cyanre has concluded an agreement with the third party which give effect to the obligations for the protection of Customer Data as set out in this agreement.

Processing of Personal Information. If Cyanre processes 12.1 The Customer’s privacy is very important to ASSA ABLOY and ASSA ABLOY will use reasonable efforts to ensure that any information, including Personal Information, provided by the Customer, or which is collected from the Customer, is stored in a secure manner. 12.2 The Customer agrees to give (where applicable) honest, accurate and current information about the Customer to ASSA ABLOY and to maintain and update such information when necessary. 12.3 Personal Information collected from the Customer may be used for inter alia, the following reasons: (a) to perform our obligations as described in these Terms; (b) to set up and manage your customer profile on our database; (c) to comply with local or international legal, auditing, operational or recordkeeping requirements to which we are subject, such as tax or financial reporting requirements; (d) to detect and prevent fraud and money laundering and/or in the interest of security and crime prevention; (e) to detect and prevent any breach of sanctions and export control laws, regulations, rules or restrictive measures to which ASSA ABLOY is subject; (f) for Direct Marketing – Data subjects may refer to the privacy statement available on our website for further information on how to opt out of Direct Marketing activities (xxxxx://xxx.xxxxxxxxx.xxx/za/en/privacy-centre- popia/privacy-statement) 12.4 The Customer acknowledges that where Personal Information relating to related parties of the Customer has been supplied to ASSA ABLOY, the Customer has made such related parties aware of the collection and processing of such Personal Information and that the relevant parties have given their voluntary consent to do so. 12.5 The Customer acknowledges that any information supplied to ASSA ABLOY is provided voluntarily. 12.6 By submitting any information to ASSA ABLOY in any form, the Customer acknowledges that such conduct constitutes an unconditional, specific and voluntary consent to the processing of such information by ASSA ABLOY under any applicable Law in the manner contemplated above, which consent shall, in the absence of any written objection received from the Client, be indefinite and/or for the period otherwise required in terms of any applicable Law. 12.7 Unless the Customer has consented, ASSA ABLOY will not sell, exchange, transfer, rent or otherwise make available any personal information about the Customer (such as name, address, email address, telephone or fax number) to other parties and the Customer indemnifies ASSA ABLOY from any unintentional disclosures of such information to unauthorized persons. 12.8 Should the Customer believe that ASSA ABLOY has utilized the Customer’s behalf when performing its obligations under the Contract DocumentsPersonal Information contrary to applicable Law, the parties record their intention that the Customer shall be the Responsible Party and Cyanre shall be an Operator and in first resolve any such case: 12.3.4.1 the Customer shall ensure that concerns with ASSA ABLOY. If the Customer is entitled (as per applicable data protection legislation) not satisfied with such process, the Customer has the right to transfer the relevant Personal Information to Cyanre so that Cyanre may lawfully use, process and transfer the Personal Information in accordance with Contract Documents on the Customer's behalf; 12.3.4.2 Cyanre shall process the Personal Information only in accordance lodge a complaint with the terms of the Contract Documents and any lawful instructions reasonably given by the Customer from time to time; 12.3.4.3 Cyanre shall notify the Customer immediately in writing if there are reasonable grounds to believe that the Personal Information has been accessed or acquired by any unauthorised person or that there has been any loss or corruption of Personal Information. Cyanre agrees to use its best endeavours to assist the CustomerRegulator, where such information has been used, lost, corrupted or disclosed in remedying such unauthorised use, loss, corruption or disclosureonce established. 12.3.4.4 In the event that Cyanre uses a third party for any or all of the processing activities required of Cyanre in connection with a Contract Document, it will ensure that it has signed terms and conditions sufficient to meet its obligations under this Agreement. 12.3.4.5 Disclosure of any Personal Information to any of Cyanre’s Personnel, which will be done on a need to know basis only, and without prejudice to the Customer’s rights in terms of the Contract Documents, Cyanre shall procure that each employee or representative is aware of the confidential nature of the information being disclosed and shall be bound by am applicable confidentiality provision. 12.3.4.6 (where required) the Customer acknowledges and agrees that the Personal Information may be transferred or stored outside the country where Cyanre may make use of third party service providers in order to carry out the Services and Cyanre’s other obligations under the Contract Documents;

Processing of Personal Information. If Cyanre processes any Personal Information on For purposes of this Addendum, We are the Customer’s behalf when performing its obligations under the Contract Documents, the parties record their intention that the Customer shall be the Responsible Party and Cyanre shall be an Operator and in any such case: 12.3.4.1 the Customer shall ensure that the Customer is entitled (as per applicable data protection legislation) to transfer the relevant Personal Information to Cyanre so that Cyanre may lawfully use, process and transfer Data Controller of the Personal Information Processed by Supplier in its performance of the Services under the terms of the Principal Agreement and/or an applicable SOW or Order Form. Supplier is the Data Processor and service provider with respect to such Personal Information, except when We Process Personal Information in Our capacity as a Data Processor, in which case Supplier is considered a Subprocessor. Supplier and each Supplier Affiliate shall Process Personal Information only to perform the Services as specified by the relevant Group Member’s documented instructions and in accordance with Contract Documents on the Customer's behalf; 12.3.4.2 Cyanre Applicable Law; in no event shall process the Supplier or Supplier Affiliate Process Personal Information only for any other purpose (including for their own commercial benefit) unless Supplier obtains Our prior explicit written consent. Supplier will maintain information and records related to the structure and functioning of all systems and processes that Process Personal Information applicable to this Addendum, the Principal Agreement and/or applicable SOW or Order Form. This will include at least (i) the types of Processing performed, (ii) Subprocessors used and the activities they perform, (iii) the countries to which International Transfers occur, and (iv) the technical and organizational measures used to protect Personal Information. Supplier will regularly audit its business processes involved in accordance Processing Personal Information for compliance with the terms of this Addendum and Applicable Law. A copy of the Contract Documents and any lawful instructions reasonably given by audit results shall be provided to Us upon request. Where the Customer from time to time; 12.3.4.3 Cyanre shall notify the Customer immediately in writing if there are reasonable grounds to believe that the Services involve Supplier receiving or collecting Personal Information has been accessed directly from Individuals on Our behalf, Supplier shall: ● ensure that Personal Information is accurate and kept up to date, and that any Personal Information that is inaccurate or acquired incomplete is promptly erased or rectified in accordance with Our instructions; ● seek instructions from Us regarding (i) information that must be provided by Supplier to the Individual in connection with the collection and further Processing of the Individuals’ Personal information, and (ii) requests by Individuals to be dealt with on an anonymous or pseudonymous basis; ● provide any unauthorised person notices and/or obtain consents as required under Applicable Law, and maintain records of such notices and consents or other legal bases relied upon for Processing Personal Information and provide them for review upon Our request; and ● not use an Individual’s government identifier as Supplier’s own identifier for that there has been Individual. If Supplier is storing and maintaining Personal Information for Us, Supplier will: ● keep databases containing Personal Information segregated from other Supplier Personal Information using logical access restrictions; ● update its records with any loss or corruption Personal Information provided by Us within 5 business days of receipt; ● log all access to special categories of Personal Information. Cyanre agrees , with information identifying the user who accessed (or tried to use its best endeavours to assist the Customeraccess) such data, where such information has been used, lost, corrupted or disclosed in remedying such unauthorised use, loss, corruption or disclosure. 12.3.4.4 In the event that Cyanre uses a third party for any or all of the processing activities required of Cyanre in connection with a Contract Document, when it will ensure that it has signed terms and conditions sufficient to meet its obligations under this Agreement. 12.3.4.5 Disclosure of any Personal Information to any of Cyanre’s Personnel, which will be done on a need to know basis onlywas accessed, and without prejudice whether the access was authorized or denied, and ● maintain audit trails to the Customer’s rights in terms detect and respond to Security Incidents, including logging of the Contract Documents, Cyanre shall procure that each employee or representative is aware of the confidential nature of the information being disclosed and shall suspicious events. Such audit trials must be bound by am applicable confidentiality provisionmaintained for three years. 12.3.4.6 (where required) the Customer acknowledges and agrees that the Personal Information may be transferred or stored outside the country where Cyanre may make use of third party service providers in order to carry out the Services and Cyanre’s other obligations under the Contract Documents;