Common use of Processor and Controller Clause in Contracts

Processor and Controller. 2.1 The parties agree that, for the Protected Data, the Customer shall be the Controller and the Supplier shall be the Processor. Nothing in this Agreement relieves the Customer of any responsibilities or liabilities under any Data Protection Laws. 2.2 The Supplier shall process Protected Data in compliance with: 2.2.1 the obligations under Data Protection Laws in respect of the performance of its and their obligations under our Agreement; and 2.2.2 the terms of our Agreement. 2.3 The Customer shall ensure that it, its Affiliates and each Authorised User shall at all times comply with: 2.3.1 all Data Protection Laws in connection with the processing of Protected Data, the use of the Services (and each part) and the exercise and performance of its respective rights and obligations under our Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and 2.3.2 the terms of our Agreement. 2.4 The Customer warrants, represents and undertakes, that at all times: 2.4.1 all Protected Data (if processed in accordance with our Agreement) shall comply in all respects, including in terms of its collection, storage and processing, with Data Protection Laws; 2.4.2 all Protected Data shall comply with clause 9.2 of the Terms and Conditions; 2.4.3 fair processing and other information notices have been provided to the Data Subjects of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to the extent required by Data Protection Laws in connection with all processing activities in respect of the Protected Data which may be undertaken by the Supplier and its Sub-Processors in accordance with our Agreement; 2.4.4 the Protected Data is accurate and up to date; 2.4.5 it shall maintain complete and accurate backups of all Protected Data provided to the Supplier (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by the Supplier or any other person; and 2.4.6 all instructions given by it to the Supplier in respect of Personal Data shall at all times be in accordance with Data Protection Laws.

Processor and Controller. 2.1 The parties Parties agree that, for the Protected Data, the Customer shall be the Controller and the Supplier Katapult shall be the Processor. Nothing in this Agreement relieves the Customer of any responsibilities or liabilities under any Data Protection Laws. 2.2 The Supplier To the extent the Customer is not sole Controller of any Protected Data it warrants that it has full authority and authorisation of all relevant Controllers to instruct Katapult to process the Protected Data in accordance with this Agreement. 2.3 Katapult shall process Protected Data in compliance with: 2.2.1 2.3.1 the obligations of Processors under Data Protection Laws in respect of the performance of its and their obligations under our this Agreement; and 2.2.2 2.3.2 the terms of our this Agreement. 2.3 2.4 The Customer shall ensure that it, its Affiliates it and each Authorised User shall at all times comply with: 2.3.1 2.4.1 all Data Protection Laws in connection with the processing of Protected Data, the use of the Services (and each part) and the exercise and performance of its respective rights and obligations under our this Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and 2.3.2 2.4.2 the terms of our this Agreement. 2.4 2.5 The Customer warrants, represents and undertakes, that at all times: 2.4.1 2.5.1 all Protected Data (if processed in accordance with our this Agreement) shall comply in all respects, including in terms of its collection, storage and processing, with Data Protection Laws; 2.4.2 all 2.5.2 it shall ensure (and is exclusively responsible for) the accuracy, quality, integrity and legality of the Protected Data shall comply and that its use (including use in connection with clause 9.2 of the Terms Service) complies with all Applicable Laws and ConditionsIntellectual Property Rights; 2.4.3 2.5.3 fair processing and all other appropriate information notices have been provided to the Data Subjects of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to the extent required by Data Protection Laws in connection with all processing activities in respect of the Protected Data which may be undertaken by the Supplier Katapult and its Sub-Processors in accordance with our this Agreement; 2.4.4 2.5.4 the Protected Data is accurate and up to date; 2.4.5 2.5.5 it shall establish and maintain adequate security measures to safeguard the Protected Data in its possession or control (including from unauthorised or unlawful destruction, corruption, processing or disclosure) and maintain complete and accurate backups of all Protected Data provided to the Supplier Katapult (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by the Supplier Katapult or any other person; and; 2.4.6 2.5.6 all instructions given by it to the Supplier Katapult in respect of Personal Data shall at all times be in accordance with Data Protection Laws.; and 2.5.7 without prejudice to the generality of clause 9.4, it has undertaken due diligence in relation to Katapult’s processing operations and commitments and it is satisfied (and all times it continues to use the Services remains satisfied) that: 2.5.7.1 Katapult’s processing operations are suitable for the purposes for which the Customer proposes to use the Services and engage Katapult to process the Protected Data; 2.5.7.2 the technical and organisational measures set out in Schedule 4 (as Updated from time to time) shall (if Katapult complies with such obligations) ensure a level of security appropriate to the risk in regards to the Protected Data; and

Processor and Controller. 2.1 The parties acknowledge and agree that, for the Protected Data, the Customer (or the relevant Data Client) shall be the Controller and the Supplier Relevant Daisy Group Member shall be the Processor. Nothing in this Agreement relieves the Customer of any responsibilities Processor or liabilities under any Data Protection Lawssub-processor. 2.2 The Supplier Customer authorises the Relevant Daisy Group Member responsible for providing the Services and/or Products to the Customer pursuant to the Principal Agreements to Process the Protected Data pursuant to this Addendum as a Processor or sub-processor for the purpose set out in Schedule 1. 2.3 The Relevant Daisy Group Member shall process Process Protected Data in compliance with: 2.2.1 2.3.1 the obligations of Processors under Data Protection Laws in respect of the performance of its and their obligations under our Agreementthis Addendum; and 2.2.2 2.3.2 the terms of our Agreementthis Addendum. 2.3 2.4 The Customer shall (and shall if the Customer is not the Controller ensure that it, its Affiliates and each Authorised User shall at all times the relevant Controller shall) comply with: 2.3.1 2.4.1 all Data Protection Laws in connection with the processing Processing of Protected Data, the use of the Services (and each part) and/or Products and the exercise and performance of its respective rights and obligations under our Agreementthis Addendum, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and 2.3.2 2.4.2 the terms of our Agreementthis Addendum. 2.4 2.5 The Customer warrants, represents warrants to Xxxxx and undertakes, that at all timeseach Relevant Daisy Group Member that: 2.4.1 2.5.1 it has all necessary rights to authorise Xxxxx and each Relevant Daisy Group Member to Process Protected Data (if processed in accordance with our Agreement) this Addendum and the Data Protection Laws; 2.5.2 all data sourced by the Customer for use in connection with the Services and/or Products, shall comply in all respects, including in terms of its collection, storage and processingProcessing (which shall include the Customer providing all of the required fair processing notices and information to, and obtaining all necessary consents from, Data Subjects), with Data Protection Laws; 2.4.2 all 2.5.3 it will not send any Protected Data shall comply with clause 9.2 of to the Terms and ConditionsRelevant Daisy Group Member which is not necessary for the Relevant Daisy Group Member to provide the Services and/or Products; 2.4.3 fair processing and other information notices have been provided 2.5.4 its instructions to the Data Subjects Relevant Daisy Group Member relating to Processing of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to will not put the extent required by Relevant Daisy Group Member in breach of Data Protection Laws in connection Laws, including with all processing activities in respect of the Protected Data which may be undertaken by the Supplier and its Sub-Processors in accordance with our Agreement; 2.4.4 the Protected Data is accurate and up regard to date; 2.4.5 it shall maintain complete and accurate backups of all Protected Data provided to the Supplier (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by the Supplier or any other personInternational Transfers; and 2.4.6 all instructions given by 2.5.5 it has undertaken due diligence in relation to Xxxxx's or the Supplier in respect Relevant Daisy Group Member’s Processing operations, and it is satisfied that: (a) Xxxxx’s or the Relevant Daisy Group Member’s Processing operations are suitable for the purposes for which the Customer proposes to use the Services and/or Products and engage the relevant member of Personal Data shall at all times be in accordance with Daisy’s Group to Process the Protected Data; and (b) the Relevant Daisy Group Member has sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws. 2.6 If the Relevant Daisy Group Member reasonably considers that any instructions from the Customer relating to Processing of Protected Data may put the Relevant Daisy Group Member in breach of Data Protection Laws, the Relevant Daisy Group Member will be entitled not to carry out that Processing and will not be in breach of this Addendum or otherwise liable to the Customer as a result of its failure to carry out that Processing 2.7 The Customer shall remain fully liable for the acts or omissions of each Data Client as if they were its own.

Processor and Controller. 2.1 The parties acknowledge and agree that, for the Protected Data, the Customer (or the relevant Data Client) shall be the Controller and the Supplier Relevant Daisy Group Member shall be the Processor. Nothing in this Agreement relieves the Customer of any responsibilities Processor or liabilities under any Data Protection Lawssub-processor. 2.2 The Supplier Customer authorises the Relevant Daisy Group Member responsible for providing the Services and/or Products to the Customer pursuant to the Principal Agreements to Process the Protected Data pursuant to this Addendum as a Processor or sub-processor for the purpose set out in Schedule 1. 2.3 The Relevant Daisy Group Member shall process Process Protected Data in compliance with: 2.2.1 2.3.1 the obligations of Processors under Data Protection Laws in respect of the performance of its and their obligations under our Agreementthis Addendum; and 2.2.2 2.3.2 the terms of our Agreementthis Addendum. 2.3 2.4 The Customer shall (and shall if the Customer is not the Controller ensure that it, its Affiliates and each Authorised User shall at all times the relevant Controller shall) comply with: 2.3.1 2.4.1 all Data Protection Laws in connection with the processing Processing of Protected Data, the use of the Services (and each part) and/or Products and the exercise and performance of its respective rights and obligations under our Agreementthis Addendum, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and 2.3.2 2.4.2 the terms of our Agreementthis Addendum. 2.4 2.5 The Customer warrants, represents warrants to Xxxxx and undertakes, that at all timeseach Relevant Daisy Group Member that: 2.4.1 2.5.1 it has all necessary rights to authorise Xxxxx and each Relevant Daisy Group Member to Process Protected Data (if processed in accordance with our Agreement) this Addendum and the Data Protection Laws; 2.5.2 all data sourced by the Customer for use in connection with the Services and/or Products, shall comply in all respects, including in terms of its collection, storage and processingProcessing (which shall include the Customer providing all of the required fair processing notices and information to, and obtaining all necessary consents from, Data Subjects), with Data Protection Laws; 2.4.2 all 2.5.3 it will not send any Protected Data shall comply with clause 9.2 of to the Terms and ConditionsRelevant Daisy Group Member which is not necessary for the Relevant Daisy Group Member to provide the Services and/or Products; 2.4.3 fair processing and other information notices have been provided 2.5.4 its instructions to the Data Subjects Relevant Daisy Group Member relating to Processing of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to will not put the extent required by Relevant Daisy Group Member in breach of Data Protection Laws in connection Laws, including with all processing activities in respect of the Protected Data which may be undertaken by the Supplier and its Sub-Processors in accordance with our Agreement; 2.4.4 the Protected Data is accurate and up regard to date; 2.4.5 it shall maintain complete and accurate backups of all Protected Data provided to the Supplier (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by the Supplier or any other personInternational Transfers; and 2.4.6 all instructions given by 2.5.5 it has undertaken due diligence in relation to Xxxxx's or the Supplier in respect Relevant Daisy Group Member Processing operations, and it is satisfied that: (a) Daisy or the Relevant Daisy Group Member Processing operations are suitable for the purposes for which the Customer proposes to use the Services and/or Products and engage Group to Process the Protected Data; and (b) the Relevant Daisy Group Member has sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Personal Data shall at all times be in accordance with Data Protection Laws. 2.6 If the Relevant Daisy Group Member reasonably considers that any instructions from the Customer relating to Processing of Protected Data may put the Relevant Daisy Group Member in breach of Data Protection Laws, the Relevant Daisy Group Member will be entitled not to carry out that Processing and will not be in breach of this Addendum or otherwise liable to the Customer as a result of its failure to carry out that Processing 2.7 The Customer shall remain fully liable for the acts or omissions of each Data Client as if they were its own.

Processor and Controller. ‌ 2.1 The parties agree that, for the Protected Data, the Customer shall be the Controller and the Supplier shall be the Processor. Nothing in this Agreement relieves the Customer of any responsibilities or liabilities under any Data Protection Laws. 2.2 The Supplier shall process Protected Data in compliance with: 2.2.1 the obligations under Data Protection Laws in respect of the performance of its and their obligations under our Agreement; and 2.2.2 the terms of our Agreement. 2.3 The Customer shall ensure that it, its Affiliates and each Authorised User shall at all times comply with: 2.3.1 all Data Protection Laws in connection with the processing of Protected Data, the use of the Services (and each part) and the exercise and performance of its respective rights and obligations under our Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and 2.3.2 the terms of our Agreement. 2.4 The Customer warrants, represents and undertakes, that at all times: 2.4.1 all Protected Data (if processed in accordance with our Agreement) shall comply in all respects, including in terms of its collection, storage and processing, with Data Protection Laws; 2.4.2 all Protected Data shall comply with clause 9.2 of the Terms and Conditions; 2.4.3 fair processing and other information notices have been provided to the Data Subjects of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to the extent required by Data Protection Laws in connection with all processing activities in respect of the Protected Data which may be undertaken by the Supplier and its Sub-Processors in accordance with our Agreement; 2.4.4 the Protected Data is accurate and up to date; 2.4.5 it shall maintain complete and accurate backups of all Protected Data provided to the Supplier (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by the Supplier or any other person; and 2.4.6 all instructions given by it to the Supplier in respect of Personal Data shall at all times be in accordance with Data Protection Laws.

Processor and Controller. 2.1 The parties We each agree that, for the Protected Data, the Customer shall be where you are the Controller and the Supplier we are your Processor, this DPA shall be the Processorapply. Nothing in this DPA or any other part of our Agreement relieves the Customer you of any responsibilities or liabilities under any Data Protection Laws. 2.2 The Supplier shall You warrant that you have full authority and authorisation to instruct us to process the Protected Data in accordance with our Agreement. 2.3 We will process Protected Data in compliance with: 2.2.1 2.3.1 the obligations of Processors under Data Protection Laws in respect of the performance of its and their our obligations under our Agreement; and 2.2.2 2.3.2 the terms of our Agreement. 2.3 The Customer shall 2.4 You will ensure that it, its Affiliates and each Authorised User shall will at all times comply with: 2.3.1 2.4.1 all Data Protection Laws in connection with the processing of Protected Data, the use of the Services Verature Platform (and each part) and the exercise and performance of its your respective rights and obligations under our Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and 2.3.2 2.4.2 the terms of our Agreement. 2.4 The Customer warrants2.5 You warrant, represents represent and undertakesundertake, that at all times: 2.4.1 2.5.1 the processing of all Protected Data (if processed in accordance with our Agreement) shall will comply in all respectsrespects with Data Protection Laws, including in terms of its collection, storage use and processing, with Data Protection Lawsstorage; 2.4.2 all Protected Data shall comply with clause 9.2 of the Terms and Conditions; 2.4.3 2.5.2 fair processing and all other information appropriate notices have been provided to the Data Subjects of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to the extent required by Data Protection Laws in connection with all processing activities in respect of the Protected Data which may be undertaken by the Supplier us and its our Sub-Processors in accordance with our Agreement; 2.4.4 2.5.3 the Protected Data is accurate and up to date; 2.4.5 it shall 2.5.4 you will establish and maintain adequate security measures to safeguard the Protected Data in your possession or control (including from unauthorised or unlawful destruction, corruption, processing or disclosure) and maintain complete and accurate backups of all Protected Data provided to the Supplier us (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by the Supplier us or any other person; and; 2.4.6 2.5.5 all instructions given by it you to the Supplier us in respect of Personal Data shall will at all times be in accordance with Data Protection Laws; and 2.5.6 you have undertaken due diligence in relation to our processing operations and commitments and are satisfied (and all times you continue to receive the benefit of any Services and/or use the Verature Platform remain satisfied) that: 2.5.6.1 our processing operations are suitable for the purposes for which you propose to receive the benefit of any Services and use the Verature Platform and engage us to process the Protected Data; 2.5.6.2 the technical and organisational measures set out in the Information Security Policy (as updated by us from time to time) will (if we comply with our obligations under the Information Security Policy) ensure a level of security appropriate to the risk in regards to the Protected Data as required by Data Protection Laws; and 2.5.6.3 we have sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.

Processor and Controller. 2.1 The parties agree that, for the Protected Data, the Customer shall be the Controller and the Supplier SMUK shall be the Processor. Nothing in this our Agreement relieves the Customer of any responsibilities or liabilities under any Data Protection Laws. 2.2 The Supplier To the extent the Customer is not sole Controller of any Protected Data it warrants that it has full authority and authorisation of all relevant Controllers to instruct SMUK to process the Protected Data in accordance with our Agreement. 2.3 SMUK shall process Protected Data in compliance with: 2.2.1 2.3.1 the obligations of Processors under Data Protection Laws in respect of the performance of its and their obligations under our Agreement; and 2.2.2 2.3.2 the terms of our Agreement. 2.3 2.4 The Customer shall ensure that it, its Affiliates and it each Authorised User shall at all times comply with: 2.3.1 2.4.1 all Data Protection Laws in connection with the processing of Protected Data, the use of the Services SERVICEmate (and each part) and the exercise and performance of its respective rights and obligations under our Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and 2.3.2 2.4.2 the terms of our Agreement. 2.4 2.5 The Customer warrants, represents and undertakes, that at all times: 2.4.1 2.5.1 the processing of all Protected Data (if processed in accordance with our Agreement) shall comply in all respectsrespects with Data Protection Laws, including in terms of its collection, storage use and processing, with Data Protection Laws;storage 2.4.2 all Protected Data shall comply with clause 9.2 of the Terms and Conditions; 2.4.3 2.5.2 fair processing and all other information appropriate notices have been provided to the Data Subjects of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to the extent required by Data Protection Laws in connection with all processing activities in respect of the Protected Data which may be undertaken by the Supplier SMUK and its Sub-Processors in accordance with our Agreement; 2.4.4 2.5.3 the Protected Data is accurate and up to date; 2.4.5 2.5.4 except to the extent resulting from Transfers to International Recipients made by SMUK or any Sub-Processor, the Protected Data is not subject to the laws of any jurisdiction outside of the United Kingdom; 2.5.5 it shall establish and maintain adequate security measures to safeguard the Protected Data in its possession or control (including from unauthorised or unlawful destruction, corruption, processing or disclosure) and maintain complete and accurate backups of all Protected Data provided to the Supplier SMUK (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by the Supplier SMUK or any other person; and; 2.4.6 2.5.6 all instructions given by it to the Supplier SMUK in respect of Personal Data shall at all times be in accordance with Data Protection Laws; and 2.5.7 it has undertaken due diligence in relation to SMUK’s processing operations and commitments and it is satisfied (and all times it continues to use SERVICEmate remains satisfied) that: 2.5.7.1 SMUK’s processing operations are suitable for the purposes for which the Customer proposes to use SERVICEmate and engage SMUK to process the Protected Data; 2.5.7.2 the technical and organisational measures set out in our Agreement (each as Updated from time to time) shall (if SMUK complies with its obligations under our Agreement) ensure a level of security appropriate to the risk in regards to the Protected Data as required by Data Protection Laws; and 2.5.7.3 SMUK has sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.

Processor and Controller. 2.1 The parties agree that, for the Protected Data, the Customer shall be the Controller and the Supplier shall be the Processor. Nothing in this Agreement relieves the Customer of any responsibilities or liabilities under any Data Protection Laws. 2.2 To the extent the Customer is not sole Controller of any Protected Data it warrants that it has full authority and authorisation of all relevant Controllers to instruct the Supplier to process the Protected Data in accordance with our Agreement. 2.3 The Supplier shall process Protected Data in compliance with: 2.2.1 2.3.1 the obligations of Processors under Data Protection Laws in respect of the performance of its and their obligations under our Agreement; and 2.2.2 2.3.2 the terms of our Agreement. 2.3 2.4 The Customer shall ensure that it, its Affiliates and each Authorised User shall at all times comply with: 2.3.1 2.4.1 all Data Protection Laws in connection with the processing of Protected Data, the use of the Services (and each part) and the exercise and performance of its respective rights and obligations under our Agreement, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and 2.3.2 2.4.2 the terms of our Agreement. 2.4 2.5 The Customer warrants, represents and undertakes, that at all times: 2.4.1 2.5.1 all Protected Data (if processed in accordance with our Agreement) shall comply in all respects, including in terms of its collection, storage and processing, with Data Protection Laws; 2.4.2 2.5.2 all Protected Data shall comply with clause 9.2 clauses 10.3 and 11.2 of the Terms and ConditionsSaaS Terms; 2.4.3 2.5.3 all necessary fair processing and other information notices have been provided to the Data Subjects of the Protected Data (and all necessary consents from such Data Subjects obtained and at all times maintained) to the extent required by Data Protection Laws in connection with all processing activities in respect of the Protected Data which may be undertaken by the Supplier and its Sub-Sub- Processors in accordance with our Agreement; 2.4.4 2.5.4 the Protected Data is accurate and up to date; 2.4.5 2.5.5 it shall establish and maintain adequate security measures to safeguard Protected Data in its possession or control from unauthorised access and maintaining complete and accurate backups copies of all Protected Data provided to the Supplier (or anyone acting on its behalf) so as to be able to immediately recover and reconstitute such Protected Data in the event of loss, damage or corruption of such Protected Data by the Supplier or any other person; and; 2.4.6 2.5.6 all instructions given by it to the Supplier in respect of Personal Data shall at all times be in accordance with Data Protection Laws; and 2.5.7 it has undertaken due diligence in relation to the Supplier’s processing operations and commitments and it is satisfied (and all times its continues to use the Services remains satisfied) that: (a) the Supplier’s processing operations are suitable for the purposes for which the Customer proposes to use the Services and engage the Supplier to process the Protected Data; (b) the following technical and organisational measures shall (if the Supplier complies with its obligations) ensure a level of security appropriate to the risk in regards to the Protected Data: (i) all data sent between a web browser and the Supplier’s servers shall be encrypted in transit; (ii) all personally identifiable pupil data shall remain encrypted at rest in the Supplier’s database; (iii) the Supplier’s servers are located in a highly secure ISO27001 certified data centre; (iv) all of the Supplier’s staff have an up-to-date enhanced DBS check; (v) the Supplier’s offices are monitored by CCTV and security patrols; (vi) the Supplier has protocols in place to ensure that Protected Data is handled appropriately, securely and in a legally compliant manner; (vii) all data is stored within the United Kingdom; (viii) save for any data processing undertaken by the Supplier’s ISO27001 certified UK based data centre provider, the Supplier does not subcontract any data processing activities; (ix) all of the Supplier’s staff are subject to non-disclosure terms and a duty of confidentiality with respect to information that comes into their possession during the course of employment; and (c) the Supplier has sufficient expertise, reliability and resources to implement technical and organisational measures that meet the requirements of Data Protection Laws.