Common use of Protection of Personal Data Clause in Contracts

Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client is the Data Controller and that the Solicitor is the Data Processor in relation to the Client’s Personal Data. The Solicitor shall: Process the Client’s Personal Data only in accordance with instructions from the Client (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client to the Solicitor during the term of the Contract); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff who have access to the Client’s Personal Data; obtain the Client’s prior written approval in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors for the provision of the Contract Services; ensure that all members of the Solicitor’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; ensure that none of the Solicitor’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; notify the Client within five (5) Working Days if the Solicitor receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person; or a complaint or request relating to the Client's obligations under the Data Protection Legislation; provide the Client with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Data, including by: providing the Client with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's instructions; providing the Client with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the Client); and providing the Client with any information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor for Processing the Client’s Personal Data (within the timescales required by the Client); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as the Client in its discretion thinks fit. The Solicitor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. With respect to the Partiesparties' rights and obligations under the Contractthis Agreement, the Parties parties agree that the Client Authority is the Data Controller and that the Solicitor Contractor is the Data Processor in relation to the Client’s Personal DataProcessor. The Solicitor Contractor shall: Process the Client’s Personal Data only in accordance with instructions from the Client Authority (which may be specific instructions or instructions of a general nature as set out in the Contract this Agreement or as otherwise notified by the Client Authority to the Solicitor Contractor during the term of the Contractthis Agreement); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any Contractor Personnel who have access to the Client’s Personal Data; obtain the Client’s prior written approval consent from the Authority in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors contractors or members of the Contractor’s group of companies for the provision of the Contract Services; ensure that all members of the Solicitor’s Staff Contractor Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1clause 6; ensure that none of the Solicitor’s Staff Contractor Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientAuthority; notify the Client Authority (within five (5[five] Working Days) Working Days if the Solicitor it receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or a complaint or request relating to the ClientAuthority's obligations under the Data Protection Legislation; provide the Client Authority with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: providing the Client Authority with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientAuthority's instructions; providing the Client Authority with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientAuthority); and providing the Client Authority with any information requested by the ClientAuthority; permit or procure permission for the Client or the Client’s Representative Authority (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, in accordance with clause 3 (Audits), the SolicitorContractor's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractorscontractors) and comply with all reasonable requests or directions by the Client Authority to enable the Client Authority to verify and/or procure that the Solicitor Contractor is in full compliance with its obligations under the Contractthis Agreement; provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s processing Personal Data (within the timescales required by the ClientAuthority); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as Authority and, where the Client Authority consents to a transfer, to comply with: the obligations of a Data Controller under the Eighth Data Protection Principle set out in its discretion thinks fitSchedule 1 of the Data Protection Act 1998 by providing an adequate level of protection to any Personal Data that is transferred; and any reasonable instructions notified to it by the Authority. The Solicitor Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract this Agreement in such a way as to cause the Client Authority to breach any of its applicable obligations under the Data Protection Legislation. FREEDOM OF INFORMATION The Solicitor Contractor acknowledges that, in that the event that it breaches (or attempts or threatens to breach) its obligations relating Authority is subject to the Client’s Personal Data that requirements of the Client may be irreparably harmed (including harm Code of Practice on Government Information, FOIA and the Environmental Information Regulations and shall assist and cooperate with the Authority to its reputation). In such circumstances, enable the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor Authority to comply with its obligations Information disclosure obligations. The Contractor shall and shall procure that its Sub-contractors shall: transfer to the Authority all Requests for Information that it receives as soon as practicable and in any event within [two] Working Days of receiving a Request for Information; provide the Authority with a copy of all Information in its possession, or power in the form that the Authority requires within [five] Working Days (or such other period as the Authority may specify) of the Authority's request; and provide all necessary assistance as reasonably requested by the Authority to enable the Authority to respond to the Request for Information within the time for compliance set out in section 10 of the FOIA or regulation 5 of the Environmental Information Regulations. The Authority shall be responsible for determining in its absolute discretion and notwithstanding any other provision in this Agreement or any other agreement whether the Commercially Sensitive Information and/or any other Information is exempt from disclosure in accordance with the provisions of the Code of Practice on Government Information, FOIA or the Environmental Information Regulations. In no event shall the Contractor respond directly to a Request for Information unless expressly authorised to do so by the Authority. The Contractor acknowledges that (notwithstanding the provisions of clause 8) the Authority may, acting in accordance with the Department of Constitutional Affairs’ Code of Practice on the Discharge of the Functions of Public Authorities under Part 1 of the Freedom of Information Act 2000 (“the Code”), be obliged under the ContractFOIA, Client’s Personal Data is transmitted or Processed the Environmental Information Regulations to disclose information concerning the Contractor or the Services: in connection certain circumstances without consulting the Contractor; or following consultation with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data Contractor and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.having taken their views into account;

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client or the Client’s Representative CUSTOMER (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Sub- Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client Authority is the Data Controller and that the Solicitor Contractor is the Data Processor in relation to the Client’s Personal DataProcessor. The Solicitor Contractor shall: Process the Client’s Personal Data only in accordance with instructions from the Client Authority (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client Authority to the Solicitor Contractor during the term Contract Period) and the Contractor shall at the very least comply with the provisions of the Contract)Information Security Schedule; Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Goods or Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protectedprotected and in any event the measures shall not be of a lesser standard than that set out in Schedule E (Information Security); take reasonable steps to ensure the reliability of all members of the Solicitorany Contractor’s Staff Personnel who have access to the Client’s Personal Data; obtain the Client’s prior written approval consent from the Authority in order to transfer all or any of the Client’s Personal Data to any Subsub-Contractors contractors or affiliates for the provision of the Contract Services; ensure that all members of the SolicitorContractor’s Staff Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1clause 18; ensure that none of the SolicitorContractor’s Staff Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientAuthority; notify the Client Authority (within five (5Working Days) Working Days if the Solicitor it receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person; or a complaint or request relating to the Client's obligations under the Data Protection Legislation; provide the Client Authority with full cooperation co-operation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: providing the Client with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's instructions; providing the Client with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the Client); and providing the Client with any information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s processing Personal Data (within the timescales required by the ClientAuthority); and Freedom of Information The Contractor acknowledges that the Authority is subject to the requirements of the Code of Practice on Government Information, FOIA and the Environmental Information Regulations and shall assist and co-operate with the Authority to enable the Authority to comply with its Information disclosure obligations. The Contractor shall and shall procure that its sub-contractors shall: transfer to the Authority all Requests for Information that it receives as soon as practicable and in any event within two Working Days of receiving a Request for Information; provide the Authority with a copy of all Information in its possession, or power in the form that the Authority requires within five Working Days (or such other period as the Authority may specify) of the Authority's request; and provide all necessary assistance as reasonably requested by the Authority to enable the Authority to respond to the Request for Information within the time for compliance set out in section 10 of the FOIA or regulation 5 of the Environmental Information Regulations. In no event shall the Contractor respond directly to a Request for Information unless expressly authorised to do so by the Authority. The Contractor acknowledges that (notwithstanding the provisions of this clause 19) the Authority may be obliged under the FOIA, or the Environmental Information Regulations to disclose information concerning the Contractor or the Services: following consultation with the Contractor and having taken their views into account; The Parties acknowledge that, except for any information which is exempt from disclosure in accordance with the provisions of the FOIA , the content of this Contract is not Process Confidential Information. The Authority shall be responsible for determining in its absolute discretion whether any of the content of the Contract is exempt from disclosure in accordance with the provisions of the FOIA. Notwithstanding any other term of this Contract, the Contractor hereby gives consent for the Authority to publish the Contract in its entirety (but with any information which is exempt from disclosure in accordance with the provisions of the FOIA redacted), including from time to time agreed changes to the Contract, to the general public. The Contractor shall assist and cooperate with the Authority to enable the Authority to publish this Contract. Prior to publication the Authority may, at its sole discretion, in whole or otherwise transfer in part, redact information for one or more of the following grounds: not disclose the other Party's Confidential Information to any Client’s Personal Data outside the European Economic Area other person without the owner's prior written consent. Clause 20.2 shall not apply to the extent that: such disclosure is a requirement of Law placed upon the Party making the disclosure, including any requirements for disclosure under the FOIA, Code of Practice on Access to Government Information or the Environmental Information Regulations pursuant to clause 19; such information was in the possession of the Party making the disclosure without obligation of confidentiality prior to its disclosure by the information owner; such information was obtained from a third party without obligation of confidentiality; such information was already in the public domain at the time of disclosure otherwise than by a breach of the Contract; or it is independently developed without access to the other Party's Confidential Information. The Contractor shall not, and shall procure that the Contractor’s Personnel do not, use any of the Authority's Confidential Information received otherwise than for the purposes of the Contract. At the written request of the Authority, the Contractor shall procure that those members of the Contractor’s Personnel identified in the Authority's notice sign a confidentiality undertaking on similar terms to the Contract prior to commencing any work in accordance with the Contract. Nothing in the Contract shall prevent the Authority from disclosing the Contractor's Confidential Information (including the Management Information obtained under clause 24): to any consultant, contractor or other person engaged by the Authority or any person conducting an Office of Government Commerce gateway review; for the purpose of the examination and certification of the Authority's accounts; or for any examination pursuant to Section 6(1) of the National Audit Act 1983 of the economy, efficiency and effectiveness with which the Authority has used its resources. Nothing in this clause 20 shall prevent either Party from using any techniques, ideas or know-how gained during the performance of the Contract in the course of its normal business to the extent that this use does not result in a disclosure of the other Party's Confidential Information or an infringement of IPR. Official Secrets Acts 1911 to 1989, Section 182 of the Finance Act 1989 The Contractor undertakes to abide by, and ensure that its Personnel abide by, the provisions of:- Publicity, Media and Official Enquiries Without prejudice to the Authority’s obligations under the FOIA, neither Party shall make any press announcements or publicise the Contract or any part thereof in any way, except with the written consent of the Client which may be given other Party. Both Parties shall take reasonable steps to ensure that their Personnel comply with clause 22.1. Intellectual Property Rights Intellectual Property Rights in any guidance, specifications, instructions, toolkits, plans, data, drawings, databases, patents, patterns, models, designs or other material (the "IP Materials"): prepared by or for the Contractor on such terms as behalf of the Client Authority for use, or intended use, in its discretion thinks fit. The Solicitor shall comply at all times with relation to the Data Protection Legislation and shall not perform performance by the Contractor of its obligations under the Contract in such a way as to cause the Client to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating shall belong to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.Authority;

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client CUSTOMER or the Client’s Representative [*** insert representative ***] (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. With respect to To the Parties' rights and obligations under the Contract, the Parties agree extent that the Client Contractor acts as a Data Processor in respect of any Personal Data for which the Authority or a Related Organisation is the Data Controller and that Controller, the Solicitor is the Data Processor in relation to the Client’s Personal Data. The Solicitor Contractor shall: Process the Client’s Personal Data only in accordance with instructions from the Client Authority or Related Organisation (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client Authority or Related Organisation to the Solicitor Contractor during the term Term) and the Contractor shall at the very least comply with the provisions of the Contract)HM Government Security Framework as updated from time to time; Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law Legislation or any Regulatory BodyRelevant Authority; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s any Contractor's Staff who have access to the Client’s Personal Data; obtain the Client’s prior written approval consent from the Authority or relevant Related Organisation in order to transfer all or any of the Client’s Personal Data to any Subsub-Contractors contractors or affiliates for the provision of the Contract Services; ensure that all members of the Solicitor’s Contractor's Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1clause 52.2 (Protection of Personal Data); ensure that none of the Solicitor’s Contractor's Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientAuthority; notify the Client Authority or relevant Related Organisation (within five (5) Working Days Business Days) if the Solicitor it receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or a complaint or request relating to the ClientAuthority's or Related Organisation obligations under the Data Protection Legislation; provide the Client Authority and the Related Organisations with full cooperation co-operation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: providing the Client Authority with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientAuthority's instructions; providing the Client Authority and the Related Organisations with any Client’s Personal Data it holds in relation to a Data Subject (Subject, within the timescales required by the Client)Authority or relevant Related Organisation; and providing the Client Authority and the Related Organisations with any information requested by the ClientAuthority or relevant Related Organisation; permit or procure permission for the Client or Authority and the Client’s Representative Related Organisations (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorContractor's data Processing activities (and/or those of its agents and Sub-Contractorsthe Contractor's Staff) and comply with all reasonable requests or directions by the Client Authority and the Related Organisations to enable the Client Authority or relevant Related Organisation to verify and/or procure that the Solicitor Contractor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s processing Personal Data (within the timescales reasonably required by the ClientAuthority or relevant Related Organisation); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as Authority or relevant Related Organisation and, where the Client Authority or relevant Related Organisation consents to a transfer, to comply with: the obligations of a Data Controller under the Eighth Data Protection Principle set out in its discretion thinks fit. The Solicitor shall Schedule 1 of the Data Protection Act 1998 by providing an adequate level of protection to any Personal Data that is transferred; any reasonable instructions notified to it by the Authority or relevant Related Organisation; comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client Authority or relevant Related Organisation to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that; and indemnify and keep indemnified in full the Authority and Related Organisations and any of its or their employees, in the event that agents and contractors against all Direct Losses incurred by it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client them in respect of any charge levied for its transmission and any other costs charged in connection with such failure breach of this clause 52.2 (Protection of Personal Data) by the SolicitorContractor and/or any act or omission of any sub-contractor which causes the Contractor to be in breach of this clause 52.2 (Protection of Personal Data). 53EUROPEAN SOCIAL FUND Where the Authority identifies duties to be undertaken by the Contractor under this Contract that are supported directly or indirectly by the European Social Fund, the Contractor shall comply with the provisions of Schedule 16 (European Social Fund).

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client or the Client’s Representative CUSTOMER (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client Authority is the Data Controller and that the Solicitor Contractor is the Data Processor in relation to the Client’s Personal DataProcessor. The Solicitor Contractor shall: Process the Client’s Personal Data only in accordance with instructions from the Client Authority (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client Authority to the Solicitor Contractor during the term Contract Period) and the Contractor shall at the very least comply with the provisions of the Contract)Information Security Schedule; Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Goods or Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protectedprotected and in any event the measures shall not be of a lesser standard than that set out in Schedule E (Information Security); take reasonable steps to ensure the reliability of all members of the Solicitorany Contractor’s Staff Personnel who have access to the Client’s Personal Data; obtain the Client’s prior written approval consent from the Authority in order to transfer all or any of the Client’s Personal Data to any Subsub-Contractors contractors or affiliates for the provision of the Contract Services; ensure that all members of the SolicitorContractor’s Staff Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1clause 18; ensure that none of the SolicitorContractor’s Staff Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientAuthority; notify the Client Authority (within five (5Working Days) Working Days if the Solicitor it receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person; or a complaint or request relating to the Client's obligations under the Data Protection Legislation; provide the Client with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Data, including by: providing the Client with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's instructions; providing the Client with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the Client); and providing the Client with any information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor for Processing the Client’s Personal Data (within the timescales required by the Client); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as the Client in its discretion thinks fit. The Solicitor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.:

Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client Authority is the Data Controller and that the Solicitor Contractor is the Data Processor in relation to the Client’s Personal DataProcessor. The Solicitor Contractor shall: Process the Client’s Personal Data only in accordance with instructions from the Client Authority (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client Authority to the Solicitor Contractor during the term Contract Period) and the Contractor shall at the very least comply with the provisions of the Contract)Information Security Schedule; Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Goods or Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protectedprotected and in any event the measures shall not be of a lesser standard than that set out in Schedule E (Information Security); take reasonable steps to ensure the reliability of all members of the Solicitorany Contractor’s Staff Personnel who have access to the Client’s Personal Data; obtain the Client’s prior written approval consent from the Authority in order to transfer all or any of the Client’s Personal Data to any Subsub-Contractors contractors or affiliates for the provision of the Contract Services; ensure that all members of the SolicitorContractor’s Staff Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1clause 18; ensure that none of the SolicitorContractor’s Staff Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientAuthority; notify the Client Authority (within five (5Working Days) Working Days if the Solicitor it receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or a complaint or request relating to the ClientAuthority's obligations under the Data Protection Legislation; provide the Client Authority with full cooperation co-operation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: providing the Client Authority with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientAuthority's instructions; providing the Client Authority with any Client’s Personal Data it holds in relation to a Data Subject (Subject, within the timescales required by the Client)Authority; and providing the Client Authority with any information requested by the ClientAuthority; permit or procure permission for ‫permit the Client or the Client’s Representative Authority (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, in accordance with clause 25, the SolicitorContractor's data Processing activities (and/or those of its agents and Sub-ContractorsPersonnel) and comply with all reasonable requests or directions by the Client Authority to enable the Client Authority to verify and/or procure that the Solicitor Contractor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s processing Personal Data (within the timescales required by the ClientAuthority); and not ‫not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as Authority and, where the Client Authority consents to a transfer, to comply with: ‫the obligations of a Data Controller under the Eighth Data Protection Principle set out in its discretion thinks fitSchedule 1 of the Data Protection Act 1998 by providing an adequate level of protection to any Personal Data that is transferred; and any reasonable instructions notified to it by the Authority. The Solicitor ‫The Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client Authority to breach any of its applicable obligations under the Data Protection Legislation. Freedom of Information The Solicitor Contractor acknowledges that, in that the event that it breaches (or attempts or threatens to breach) its obligations relating Authority is subject to the Client’s Personal Data that requirements of the Client may be irreparably harmed (including harm Code of Practice on Government Information, FOIA and the Environmental Information Regulations and shall assist and co-operate with the Authority to its reputation). In such circumstances, enable the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor Authority to comply with its obligations Information disclosure obligations. The Contractor shall and shall procure that its sub-contractors shall: transfer to the Authority all Requests for Information that it receives as soon as practicable and in any event within two Working Days of receiving a Request for Information; provide the Authority with a copy of all Information in its possession, or power in the form that the Authority requires within five Working Days (or such other period as the Authority may specify) of the Authority's request; and provide all necessary assistance as reasonably requested by the Authority to enable the Authority to respond to the Request for Information within the time for compliance set out in section 10 of the FOIA or regulation 5 of the Environmental Information Regulations. ‫The Authority shall be responsible for determining in its absolute discretion and notwithstanding any other provision in the Contract or any other agreement whether the Commercially Sensitive Information and/or any other Information is exempt from disclosure in accordance with the provisions of the Code of Practice on Government Information, FOIA or the Environmental Information Regulations. In no event shall the Contractor respond directly to a Request for Information unless expressly authorised to do so by the Authority. The Contractor acknowledges that (notwithstanding the provisions of this clause 19) the Authority may be obliged under the ContractFOIA, Client’s Personal Data is transmitted or Processed in connection the Environmental Information Regulations to disclose information concerning the Contractor or the Services: ‫in certain circumstances without consulting the Contractor; or following consultation with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data Contractor and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.having taken their views into account;

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client CUSTOMER or the Client’s Representative nominated representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client Authority is the Data Controller and that the Solicitor Contractor is the Data Processor in relation to the Client’s Personal DataProcessor. The Solicitor Contractor shall: Process the Client’s Personal Data only in accordance with instructions from the Client Authority (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client Authority to the Solicitor Contractor during the term Contract Period) and the Contractor shall at the very least comply with the provisions of the Contract)Information Security Schedule; Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Goods or Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protectedprotected and in any event the measures shall not be of a lesser standard than that set out in Schedule E (Information Security); take reasonable steps to ensure the reliability of all members of the Solicitorany Contractor’s Staff Personnel who have access to the Client’s Personal Data; obtain the Client’s prior written approval consent from the Authority in order to transfer all or any of the Client’s Personal Data to any Subsub-Contractors contractors or affiliates for the provision of the Contract Services; ensure that all members of the SolicitorContractor’s Staff Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1clause 18; ensure that none of the SolicitorContractor’s Staff Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientAuthority; notify the Client Authority (within five (5Working Days) Working Days if the Solicitor it receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person; or a complaint or request relating to the Client's obligations under the Data Protection Legislation; provide the Client Authority with full cooperation co-operation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: providing the Client with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's instructions; providing the Client with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the Client); and providing the Client with any information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s processing Personal Data (within the timescales required by the ClientAuthority); and Freedom of Information The Contractor acknowledges that the Authority is subject to the requirements of the Code of Practice on Government Information, FOIA and the Environmental Information Regulations and shall assist and co-operate with the Authority to enable the Authority to comply with its Information disclosure obligations. The Contractor shall and shall procure that its sub-contractors shall: transfer to the Authority all Requests for Information that it receives as soon as practicable and in any event within two Working Days of receiving a Request for Information; provide the Authority with a copy of all Information in its possession, or power in the form that the Authority requires within five Working Days (or such other period as the Authority may specify) of the Authority's request; and provide all necessary assistance as reasonably requested by the Authority to enable the Authority to respond to the Request for Information within the time for compliance set out in section 10 of the FOIA or regulation 5 of the Environmental Information Regulations. In no event shall the Contractor respond directly to a Request for Information unless expressly authorised to do so by the Authority. The Contractor acknowledges that (notwithstanding the provisions of this clause 19) the Authority may be obliged under the FOIA, or the Environmental Information Regulations to disclose information concerning the Contractor or the Services: following consultation with the Contractor and having taken their views into account; The Parties acknowledge that, except for any information which is exempt from disclosure in accordance with the provisions of the FOIA , the content of this Contract is not Process Confidential Information. The Authority shall be responsible for determining in its absolute discretion whether any of the content of the Contract is exempt from disclosure in accordance with the provisions of the FOIA. Notwithstanding any other term of this Contract, the Contractor hereby gives consent for the Authority to publish the Contract in its entirety (but with any information which is exempt from disclosure in accordance with the provisions of the FOIA redacted), including from time to time agreed changes to the Contract, to the general public. The Contractor shall assist and cooperate with the Authority to enable the Authority to publish this Contract. Prior to publication the Authority may, at its sole discretion, in whole or otherwise transfer in part, redact information for one or more of the following grounds: not disclose the other Party's Confidential Information to any Client’s Personal Data outside the European Economic Area other person without the owner's prior written consent. Clause 20.2 shall not apply to the extent that: such disclosure is a requirement of Law placed upon the Party making the disclosure, including any requirements for disclosure under the FOIA, Code of Practice on Access to Government Information or the Environmental Information Regulations pursuant to clause 19; such information was in the possession of the Party making the disclosure without obligation of confidentiality prior to its disclosure by the information owner; such information was obtained from a third party without obligation of confidentiality; such information was already in the public domain at the time of disclosure otherwise than by a breach of the Contract; or it is independently developed without access to the other Party's Confidential Information. The Contractor shall not, and shall procure that the Contractor’s Personnel do not, use any of the Authority's Confidential Information received otherwise than for the purposes of the Contract. At the written request of the Authority, the Contractor shall procure that those members of the Contractor’s Personnel identified in the Authority's notice sign a confidentiality undertaking on similar terms to the Contract prior to commencing any work in accordance with the Contract. Nothing in the Contract shall prevent the Authority from disclosing the Contractor's Confidential Information (including the Management Information obtained under clause 24): to any consultant, contractor or other person engaged by the Authority or any person conducting an Office of Government Commerce gateway review; for the purpose of the examination and certification of the Authority's accounts; or for any examination pursuant to Section 6(1) of the National Audit Xxx 0000 of the economy, efficiency and effectiveness with which the Authority has used its resources. Nothing in this clause 20 shall prevent either Party from using any techniques, ideas or know-how gained during the performance of the Contract in the course of its normal business to the extent that this use does not result in a disclosure of the other Party's Confidential Information or an infringement of IPR. Official Secrets Acts 1911 to 1989, Section 182 of the Finance Xxx 0000 The Contractor undertakes to abide by, and ensure that its Personnel abide by, the provisions of:- Publicity, Media and Official Enquiries Without prejudice to the Authority’s obligations under the FOIA, neither Party shall make any press announcements or publicise the Contract or any part thereof in any way, except with the written consent of the Client which may be given other Party. Both Parties shall take reasonable steps to ensure that their Personnel comply with clause 22.1. Intellectual Property Rights Intellectual Property Rights in any guidance, specifications, instructions, toolkits, plans, data, drawings, databases, patents, patterns, models, designs or other material (the "IP Materials"): prepared by or for the Contractor on such terms as behalf of the Client Authority for use, or intended use, in its discretion thinks fit. The Solicitor shall comply at all times with relation to the Data Protection Legislation and shall not perform performance by the Contractor of its obligations under the Contract in such a way as to cause the Client to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating shall belong to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.Authority;

Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client Customer is the Data Controller and that the Solicitor Supplier is the Data Processor in relation to the ClientCustomer’s Personal Data. The Solicitor Supplier shall: Process the ClientCustomer’s Personal Data only in accordance with instructions from the Client Customer (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client Customer to the Solicitor Supplier during the term of the Contract); Process the ClientCustomer’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Contract Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the ClientCustomer’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the ClientCustomer’s Personal Data and having regard to the nature of the ClientCustomer’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the SolicitorSupplier’s Staff who have access to the ClientCustomer’s Personal Data; obtain the ClientCustomer’s prior written approval in order to transfer all or any of the ClientCustomer’s Personal Data to any Sub-Contractors for the provision of the Contract Services; ensure that all members of the SolicitorSupplier’s Staff required to access the Customer’s Personal Data are informed of the confidential nature of the Customer’s Personal Data and comply with the obligations set out in this Clause 6.1; ensure that none of the SolicitorSupplier’s Staff publish, disclose or divulge any of the ClientCustomer’s Personal Data to any third party unless directed in writing to do so by the ClientCustomer; notify the Client Customer within five (5) Working Days if the Solicitor Supplier receives: a request from a Data Subject to have access to the ClientCustomer’s Personal Data relating to that person; or a complaint or request relating to the ClientCustomer's obligations under the Data Protection Legislation; provide the Client Customer with full cooperation and assistance in relation to any complaint or request made relating to the ClientCustomer’s Personal Data, including by: providing the Client Customer with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCustomer's instructions; providing the Client Customer with any ClientCustomer’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCustomer); and providing the Client Customer with any information requested by the ClientCustomer; permit or procure permission for the Client or Customer and/or the ClientCustomer’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the SolicitorSupplier's data Processing activities (and/or and / or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client Customer to enable the Client Customer to verify and/or and / or procure that the Solicitor Supplier is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor Supplier for Processing the ClientCustomer’s Personal Data (within the timescales required by the ClientCustomer); and not Process or otherwise transfer any ClientCustomer’s Personal Data outside the European Economic Area without the prior written consent of the Client Customer which may be given on such terms as the Client Customer in its discretion thinks fit. The Solicitor Supplier shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client Customer to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor Supplier acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the ClientCustomer’s Personal Data that the Client Customer may be irreparably harmed (including harm to its reputation). In such circumstances, the Client Customer may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor Supplier to comply with its obligations under the Contract, ClientCustomer’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor Supplier shall be liable for the cost of reconstitution of that data and shall reimburse the Client Customer in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the SolicitorSupplier.

Protection of Personal Data. 8.4.1 With respect to the Parties' rights and obligations under provision of the ContractContractor Services, the Parties parties agree that the Client Customer is the Data Controller and that the Solicitor Contractor is the Data Processor in relation to the Client’s Personal Data. Processor. 8.4.2 The Solicitor Contractor shall: : 8.4.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified issued by the Client Customer from time to the Solicitor during the term of the Contract); time; 8.4.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Contractor Services or as is required by Law or any Regulatory Body; ; 8.4.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff who have access to the Client’s Personal Data; obtain the Client’s prior written approval in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors for the provision of the Contract Services; ; 8.4.2.4 ensure that all members of the Solicitor’s Staff persons required to access the Personal Data in connection with the provision of the Contractor Services are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; paragraph 8.4; 8.4.2.5 not and shall ensure that none no person connected with the provision of the Solicitor’s Staff Contractor Services shall publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; Customer; 8.4.2.6 notify the Client Customer (within five (5) Working Days Days) if it receives, in connection with the Solicitor receives: Contractor Services: (a) a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or (b) a complaint or request relating to the ClientCustomer's obligations under the Data Protection Legislation; ; 8.4.2.7 provide the Client Customer with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : (a) providing the Client Customer with full details of the complaint or request; ; (b) complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCustomer's instructions; ; (c) providing the Client Customer with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCustomer); and and (d) providing the Client Customer with any information requested by the ClientCustomer; and 8.4.2.8 permit or procure permission for the Client Customer or the Client’s Customer Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the SolicitorContractor's data Processing activities (and/or those of its agents agents, subsidiaries and Subsub-Contractorscontractors) and comply with all reasonable requests or directions by the Client Customer to enable the Client Customer to verify and/or procure that the Solicitor Contractor is in full compliance with its obligations under in carrying out the Contract; provide a written description of the technical and organisational methods employed by the Solicitor for Processing the Client’s Personal Data (within the timescales required by the Client); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as the Client in its discretion thinks fit. Contractor Services. 8.4.3 The Solicitor Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract Contractor Services in such a way as to cause the Client Customer to breach any of its applicable obligations under the Data Protection Legislation. 8.4.4 The Contractor acknowledges that information relevant to the provision of the Contractor Services which relates to the Contractor, including, without limit, the Contractor's Pay, may be made available by the Customer to The Lords Commissioners of Her Majesty's Treasury (as represented by Buying Solutions) and other Contracting Authorities from time to time or may be disclosed where required by Law. Such information can be used in relation to the assessment of the Contractor Services to similar services and for such other purposes as the Customer may notify to the Contractor from time to time. 8.4.5 The Solicitor acknowledges thatSupplier shall collect, in the event that it breaches (or attempts or threatens to breach) its obligations hold and use Personal Data relating to the Client’s Contractor. The Contractor acknowledges that the Customer may receive Personal Data that from the Client Supplier and may share such Personal Data with HMRC or such other regulatory bodies as may be irreparably harmed (including harm necessary to determine compliance with the Contractor Legislation. By agreeing to these Contractor Terms the Contractor agrees that its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed may be used in connection accordance with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitorabove.

Protection of Personal Data. 7.1 With respect to the Partiesparties' rights and obligations under the this Agreement and/or any Calldown Contract, the Parties parties agree that the Client DFID is the Data Controller and that the Solicitor Supplier is the Data Processor in relation to Processor. 7.2 The Supplier shall: 7.2.1 process the Client’s Personal Data. The Solicitor shall: Process the Client’s Personal Data only in accordance with instructions from the Client DFID (which may be specific instructions or instructions of a general nature as set out in the this Agreement and/or any Calldown Contract or as otherwise notified by the Client DFID to the Solicitor Supplier during the term of Term); 7.2.2 process the Contract); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; ; 7.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processingprocessing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 7.2.4 take reasonable steps to ensure the reliability of all members of the Solicitorany Supplier’s Staff Personnel who have access to the Client’s Personal Data; ; 7.2.5 obtain the Client’s prior written approval consent from DFID in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors contractors or Affiliates for the provision of the Contract Services; ; 7.2.6 ensure that all members of the SolicitorSupplier’s Staff Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; clause 7; 7.2.7 ensure that none of the SolicitorSupplier’s Staff Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; DFID; 7.2.8 notify the Client DFID (within five (5two Working Days) Working Days if the Solicitor it receives: : 7.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 7.2.8.2 a complaint or request relating to the Client's DFID’s obligations under the Data Protection Legislation; ; 7.2.9 provide the Client DFID with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 7.2.9.1 providing the Client DFID with full details of the complaint or request; ; 7.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's DFID’s instructions; ; 7.2.9.3 providing the Client DFID with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientDFID); and and 7.2.9.4 providing the Client DFID with any information requested by the Client; DFID; 7.2.10 permit DFID or procure permission for the Client or the Client’s Representative its representatives (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's in accordance with clause 16 (Access and Audit), Supplier’s data Processing processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractorscontractors) and comply with all reasonable requests or directions by the Client DFID to enable the Client DFID to verify and/or procure that the Solicitor Supplier is in full compliance with its obligations under the this Agreement and/or any Calldown Contract; ; 7.2.11 provide a written description of the technical and organisational methods employed by the Solicitor Supplier for Processing the Client’s processing Personal Data (within the timescales required by the ClientDFID); and and 7.2.12 not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area United Kingdom without the prior written consent of DFID and, where DFID consents to a transfer, to comply with: 7.2.12.1 the Client which may be given on such terms as obligations of a Data Controller under the Client Eighth Data Protection Principle set out in its discretion thinks fit. Schedule 1 of the Data Protection Act 1998 by providing an adequate level of protection to any Personal Data that is transferred; and 7.2.12.2 any reasonable instructions notified to it by DFID. 7.3 The Solicitor Supplier shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Agreement and/or any Calldown Contract in such a way as to cause the Client DFID to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client CUSTOMER or the Client’s Representative [*** insert representative ***] (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client Customer is the Data Controller and that the Solicitor Supplier is the Data Processor in relation to the Client’s Personal DataProcessor. The Solicitor Supplier shall: Process the Client’s Personal Data only in accordance with instructions from the Client Customer (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client Customer to the Solicitor Supplier during the term of the ContractContract Period); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s any Staff who have access to the Client’s Personal Data; obtain the Client’s prior written approval Approval in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors Sub‑contractors or Affiliates for the provision of the Contract Services; ensure that all members of the Solicitor’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1clause 19.5; ensure that none of the Solicitor’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientCustomer; notify the Client Customer (within five (5) Working Days Days) if the Solicitor it receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or a complaint or request relating to the ClientCustomer's obligations under the Data Protection Legislation; provide the Client Customer with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: providing the Client Customer with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCustomer's instructions; providing the Client Customer with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCustomer); and providing the Client Customer with any information requested by the ClientCustomer; permit or procure permission for the Client Customer or the Client’s Customer Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the SolicitorSupplier's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-ContractorsSub‑contractors) and comply with all reasonable requests or directions by the Client Customer to enable the Client Customer to verify and/or procure that the Solicitor Supplier is in full compliance with its obligations under the this Contract; provide a written description of the technical and organisational methods employed by the Solicitor Supplier for Processing the Client’s processing Personal Data (within the timescales required by the ClientCustomer); and not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Commencement Date, the Supplier (or any Sub‑contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: the Supplier shall submit a request for Variation to the Customer which shall be dealt with in accordance with the Variation Procedure and paragraphs 19.5.2.12(b) to 19.5.2.12(d) below; the Supplier shall set out in its request for a Variation details of the following: the Personal Data which will be Processed and/or transferred outside the European Economic Area; the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; any Sub‑contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and how the Supplier will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the Customer’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area the Supplier shall comply with such other instructions and shall carry out such other actions as the Customer may notify in writing, including: incorporating standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and procuring that any Sub‑contractor or other third party who will be Processing and/or transferring the Personal Data outside the European Economic Area without enters into a direct data processing agreement with the prior written consent of the Client which may be given Customer on such terms as may be required by the Client in its discretion thinks fitCustomer, which the Supplier acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). The Solicitor Supplier shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client Customer to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor SERVICE PROVIDER is the Data Processor in relation to the Client’s Personal DataProcessor. The Solicitor SERVICE PROVIDER shall: Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor SERVICE PROVIDER during the term of the ContractTerm); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered Software Application Solutions or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any SERVICE PROVIDER Personnel who have access to the Client’s Personal Data; obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract ServicesOrdered Software Application Solutions; ensure that all members of the Solicitor’s Staff SERVICE PROVIDER Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.115; ensure that none of the Solicitor’s Staff SERVICE PROVIDER Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientCUSTOMER; notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person; or a complaint or request relating to the Client's obligations under the Data Protection Legislation; provide the Client with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Data, including by: providing the Client with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's instructions; providing the Client with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the Client); and providing the Client with any information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor for Processing the Client’s Personal Data (within the timescales required by the Client); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as the Client in its discretion thinks fit. The Solicitor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.:

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client CUSTOMER or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Sub- Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), CUSTOMER to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. 22.5.1 With respect to the Parties' rights and obligations under the Contractthis Lease Agreement, the Parties agree that the Client Customer is the Data Controller and that the Solicitor Supplier is the Data Processor in relation to the Client’s Personal Data. Processor. 22.5.2 The Solicitor Supplier shall: : 22.5.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client Customer (which may be specific instructions or instructions of a general nature as set out in the Contract this Lease Agreement or as otherwise notified by the Client Customer to the Solicitor Supplier during the term of the ContractLease Agreement Period); ; 22.5.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services and Goods or as is required by Law or any Regulatory Body; ; 22.5.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 22.5.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s any Staff who have access to the Client’s Personal Data; ; 22.5.2.5 obtain the Client’s prior written approval Approval in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors contractors or Affiliates for the provision of the Contract Services; Services and Goods; 22.5.2.6 ensure that all members of the Solicitor’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; clause 22.5; 22.5.2.7 ensure that none of the Solicitor’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; Customer; 22.5.2.8 notify the Client Customer (within five (5) Working Days Days) if the Solicitor it receives: : (a) a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or (b) a complaint or request relating to the ClientCustomer's obligations under the Data Protection Legislation; ; 22.5.2.9 provide the Client Customer with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : (a) providing the Client Customer with full details of the complaint or request; ; (b) complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCustomer's instructions; ; (c) providing the Client Customer with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCustomer); and and (d) providing the Client Customer with any information requested by the Client; Customer; 22.5.2.10 permit or procure permission for the Client Customer or the Client’s Customer Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the SolicitorSupplier's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractorscontractors) and comply with all reasonable requests or directions by the Client Customer to enable the Client Customer to verify and/or procure that the Solicitor Supplier is in full compliance with its obligations under the Contract; this Lease Agreement; 22.5.2.11 provide a written description of the technical and organisational methods employed by the Solicitor Supplier for Processing the Client’s processing Personal Data (within the timescales required by the ClientCustomer); and and 22.5.2.12 [not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Commencement Date, the Supplier (or any Sub- contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: (a) the Supplier shall submit a request for Variation to the Customer which shall be dealt with in accordance with the Variation Procedure and paragraph (b) to (d) below; (b) the Supplier shall set out in its request for a Variation details of the following: (i) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (ii) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (iii) any Sub-contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (iv) how the Supplier will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the Customer’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; (c) in providing and evaluating the request for Variation, the Parties shall ensure that they have regard to and comply with then-current Customer, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally but, for the prior written consent avoidance of doubt, the Client Customer may, in its absolute discretion, refuse to grant Approval of such Process and/or transfer any Personal Data outside the European Economic Area; and (d) the Supplier shall comply with such other instructions and shall carry out such other actions as the Customer may notify in writing, including: (i) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Lease Agreement or a separate data processing agreement between the parties; and (ii) procuring that any Sub-contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the Customer on such terms as may be required by the Client in its discretion thinks fit. Customer, which the Supplier acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation).] 22.5.3 The Solicitor Supplier shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract this Lease Agreement in such a way as to cause the Client Customer to breach any of its applicable obligations under the Data Protection Legislation. . 22.5.4 The Solicitor Supplier acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client Customer may be irreparably harmed (including harm to its reputation). In such circumstances, the Client Customer may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In . 22.5.5 The Supplier shall, at all times during and after the event that through any failure Lease Agreement Period, indemnify the Customer and keep the Customer indemnified against all losses, damages, costs or expenses and other liabilities (including legal fees) incurred by, awarded against or agreed to be paid by the Solicitor to comply with its Customer arising from any breach of the Supplier's obligations under this clause 22 except and to the Contract, Client’s Personal Data is transmitted or Processed in connection with extent that such liabilities have resulted directly from the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the SolicitorCustomer's instructions.

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: Schedule 2 (Model Contract) v 1.00 19 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client or the Client’s Representative CUSTOMER (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals Schedule 2 (Model Contract) v 1.00 20 processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. ‌ 29.1 With respect to the Partiesparties' rights and obligations under the Contractthis Service Agreement, the Parties parties agree that the Client Commission is the Data Controller and that the Solicitor Contractor is the Data Processor in relation to Processor. 29.2 In so far as the Client’s Contractor Processes any Personal Data. The Solicitor , the Contractor shall: : 29.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client Commission (which may be specific instructions or instructions of a general nature as set out in the Contract this Service Agreement or as otherwise notified by the Client Commission to the Solicitor Contractor during the term of the ContractTerm); ; 29.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; ; 29.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing Processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 29.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any Contractor Personnel who have access to the Client’s Personal Data; ; 29.2.5 obtain the Client’s prior written approval consent from the Commission in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors contractors or Affiliates for the provision of the Contract Services; ; 29.2.6 ensure that all members of the Solicitor’s Staff Contractor Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; clause 29 (Protection of Personal Data); 29.2.7 ensure that none of the Solicitor’s Staff Contractor Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; Commission; 29.2.8 notify the Client Commission (within five (5) Clear Working Days Days) if the Solicitor it receives: a : 29.2.8.1 request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 29.2.8.2 a complaint or request relating to the ClientCommission's obligations under the Data Protection Legislation; ; 29.2.9 provide the Client Commission with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 29.2.9.1 providing the Client Commission with full details of the complaint or request; ; 29.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCommission's instructions; ; 29.2.9.3 providing the Client Commission with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCommission); and and 29.2.9.4 providing the Client Commission with any information requested by the Client; Commission; 29.2.10 permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), Commission to inspect and audit, in accordance with clause 25 (Audits), the SolicitorContractor's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractorscontractors) and comply with all reasonable requests or directions by the Client Commission to enable the Client Commission to verify and/or procure that the Solicitor Contractor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor for Processing the Client’s Personal Data (within the timescales required by the Client); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as the Client in its discretion thinks fit. The Solicitor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.this Service Agreement;

Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client Authority is the Data Controller and that the Solicitor Contractor is the Data Processor in relation to the Client’s Personal DataProcessor. The Solicitor Contractor shall: Process the Client’s Personal Data only in accordance with instructions from the Client Authority (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client Authority to the Solicitor Contractor during the term Contract Period) and the Contractor shall at the very least comply with the provisions of the Contract)Information Security Schedule; Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Goods or Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protectedprotected and in any event the measures shall not be of a lesser standard than that set out in Schedule E (Information Security); take reasonable steps to ensure the reliability of all members of the Solicitorany Contractor’s Staff Personnel who have access to the Client’s Personal Data; obtain the Client’s prior written approval consent from the Authority in order to transfer all or any of the Client’s Personal Data to any Subsub-Contractors contractors or affiliates for the provision of the Contract Services; ensure that all members of the SolicitorContractor’s Staff Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1clause 18; ensure that none of the SolicitorContractor’s Staff Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientAuthority; notify the Client Authority (within five (5Working Days) Working Days if the Solicitor it receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or a complaint or request relating to the ClientAuthority's obligations under the Data Protection Legislation; provide the Client Authority with full cooperation co-operation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: providing the Client Authority with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientAuthority's instructions; providing the Client Authority with any Client’s Personal Data it holds in relation to a Data Subject (Subject, within the timescales required by the Client)Authority; and providing the Client Authority with any information requested by the ClientAuthority; permit or procure permission for ‫‍permit the Client or the Client’s Representative Authority (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, in accordance with clause 25, the SolicitorContractor's data Processing activities (and/or those of its agents and Sub-ContractorsPersonnel) and comply with all reasonable requests or directions by the Client Authority to enable the Client Authority to verify and/or procure that the Solicitor Contractor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s processing Personal Data (within the timescales required by the ClientAuthority); and not ‫‍not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as Authority and, where the Client Authority consents to a transfer, to comply with: ‫‍the obligations of a Data Controller under the Eighth Data Protection Principle set out in its discretion thinks fitSchedule 1 of the Data Protection Act 1998 by providing an adequate level of protection to any Personal Data that is transferred; and any reasonable instructions notified to it by the Authority. The Solicitor ‫‍The Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client Authority to breach any of its applicable obligations under the Data Protection Legislation. Freedom of Information The Solicitor Contractor acknowledges that, in that the event that it breaches (or attempts or threatens to breach) its obligations relating Authority is subject to the Client’s Personal Data that requirements of the Client may be irreparably harmed (including harm Code of Practice on Government Information, FOIA and the Environmental Information Regulations and shall assist and co-operate with the Authority to its reputation). In such circumstances, enable the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor Authority to comply with its Information disclosure obligations. The Contractor shall and shall procure that its sub-contractors shall: transfer to the Authority all Requests for Information that it receives as soon as practicable and in any event within two Working Days of receiving a Request for Information; provide the Authority with a copy of all Information in its possession, or power in the form that the Authority requires within five Working Days (or such other period as the Authority may specify) of the Authority's request; and provide all necessary assistance as reasonably requested by the Authority to enable the Authority to respond to the Request for Information within the time for compliance set out in section 10 of the FOIA or regulation 5 of the Environmental Information Regulations. ‫‍The Authority shall be responsible for determining in its absolute discretion and notwithstanding any other provision in the Contract or any other agreement whether the Commercially Sensitive Information and/or any other Information is exempt from disclosure in accordance with the provisions of the Code of Practice on Government Information, FOIA or the Environmental Information Regulations. In no event shall the Contractor respond directly to a Request for Information unless expressly authorised to do so by the Authority. The Contractor acknowledges that (notwithstanding the provisions of this clause 19) the Authority may be obliged under the FOIA, or the Environmental Information Regulations to disclose information concerning the Contractor or the Services: ‫‍in certain circumstances without consulting the Contractor; or following consultation with the Contractor and having taken their views into account; ‫‍provided always that where clause 19.5.1 applies the Authority shall take reasonable steps, where appropriate, to give the Contractor advanced notice, or failing that, to draw the disclosure to the Contractor’s attention after any such disclosure. ‫‍The Contractor shall ensure that all Information is retained for disclosure and shall permit the Authority to inspect such records as requested from time to time. ‫‍Confidentiality ‫‍ The Parties acknowledge that, except for any information which is exempt from disclosure in accordance with the provisions of the FOIA, the content of this Contract is not Confidential Information. The Authority shall be responsible for determining in its absolute discretion whether any of the content of the Contract is exempt from disclosure in accordance with the provisions of the FOIA. Notwithstanding any other term of this Contract, the Contractor hereby gives consent for the Authority to publish the Contract in its entirety (but with any information which is exempt from disclosure in accordance with the provisions of the FOIA redacted), including from time to time agreed changes to the Contract, to the general public. The Contractor shall assist and cooperate with the Authority to enable the Authority to publish this Contract. Prior to publication the Authority may, at its sole discretion, in whole or in part, redact information for one or more of the following grounds: national security; personal data; information protected by intellectual property law; information which it is not in the public interest to disclose (under a Freedom of Information Act analysis) third party confidential information; IT security; or prevention of fraud ‫‍Except to the extent set out in this clause or where disclosure is expressly permitted elsewhere in the Contract, each Party shall: ‫‍treat the other Party's Confidential Information as confidential and safeguard it accordingly; and not disclose the other Party's Confidential Information to any other person without the owner's prior written consent. Clause 20.2 shall not apply to the extent that: such disclosure is a requirement of Law placed upon the Party making the disclosure, including any requirements for disclosure under the FOIA, Code of Practice on Access to Government Information or the Environmental Information Regulations pursuant to clause 19; such information was in the possession of the Party making the disclosure without obligation of confidentiality prior to its disclosure by the information owner; such information was obtained from a third party without obligation of confidentiality; such information was already in the public domain at the time of disclosure otherwise than by a breach of the Contract; or it is independently developed without access to the other Party's Confidential Information. ‫‍The Contractor may only disclose the Authority's Confidential Information to the Contractor’s Personnel who are directly involved in the provision of the Goods or Services any of the Authority’s Confidential Information and need to know, and shall ensure that the Contractor’s Personnel are aware of and shall comply with this clause 20. The Contractor shall not, and shall procure that the Contractor’s Personnel do not, use any of the Authority's Confidential Information received otherwise than for the purposes of the Contract. At the written request of the Authority, the Contractor shall procure that those members of the Contractor’s Personnel identified in the Authority's notice sign a confidentiality undertaking on similar terms to the Contract prior to commencing any work in accordance with the Contract. Nothing in the Contract shall prevent the Authority from disclosing the Contractor's Confidential Information (including the Management Information obtained under clause 24): ‫‍to any Crown Body or any other Contracting Authority on the understanding that they shall be entitled to further disclose the Confidential Information to other Crown Bodies or other Contracting Authorities on the basis that the information is confidential and is not to be disclosed to a third party which is not part of any Crown Body or any Contracting Authority; to any consultant, contractor or other person engaged by the Authority or any entity specified in clause 20.7.1 (including any benchmarking organisation) for any purpose relating to or connected with this Contract, including for the avoidance of doubt any person conducting a Gateway review; to Parliament and Parliamentary Committees or if required by any Parliamentary reporting requirement; to the extent that the Authority (acting reasonably) deems disclosure necessary or appropriate in the course of carrying out its public functions or for the purpose of the exercise of its rights under this Contract; on a confidential basis to a proposed successor body in connection with any assignment, novation or disposal of any of its rights, obligations or liabilities under this Contract for the purpose of the examination and certification of the Authority's accounts; or for any examination pursuant to Section 6(1) of the National Audit Act 1983 of the economy, efficiency and effectiveness with which the Authority has used its resources. ‫‍The Authority shall use all reasonable endeavours to ensure that any government department, Contracting Authority, employee, third party or sub-contractor to whom the Contractor's Confidential Information is disclosed pursuant to clause 20.7 is made aware of the Authority's obligations of confidentiality. Nothing in this clause 20 shall prevent either Party from using any techniques, ideas or know-how gained during the performance of the Contract in the course of its normal business to the extent that this use does not result in a disclosure of the other Party's Confidential Information or an infringement of IPR. Official Secrets Acts 1911 to 1989, Section 182 of the Finance Act 1989 The Contractor undertakes to abide by, and ensure that its Personnel abide by, the provisions of:- ‫‍ ‫‍the Official Secrets Acts 1911 to 1989; and Section 182 of the Finance Act 1989. ‫‍In the event that the Contractor and its Personnel fail to comply with this clause, the Authority reserves the right to terminate the Contract by giving notice in writing to the Contractor. Publicity, Media and Official Enquiries Without prejudice to the Authority’s obligations under the ContractFOIA, Client’s Personal Data is transmitted neither Party shall make any press announcements or Processed publicise the Contract or any part thereof in connection any way, except with the Contract is either lost written consent of the other Party. Both Parties shall take reasonable steps to ensure that their Personnel comply with clause 22.1. Intellectual Property Rights Intellectual Property Rights in any guidance, specifications, instructions, toolkits, plans, data, drawings, databases, patents, patterns, models, designs or sufficiently degraded so as other material (the "IP Materials"): ‫‍furnished or made available to be unusable, the Solicitor Contractor by or on behalf of the Authority shall be liable remain the property of the Authority; and prepared by or for the cost Contractor on behalf of reconstitution the Authority for use, or intended use, in relation to the performance by the Contractor of that data its obligations under the Contract shall belong to the Authority; ‫‍and the Contractor shall not, and shall reimburse procure that the Client Contractor’s Personnel shall not, (except when necessary for the performance of the Contract) without prior Approval, use or disclose any such Intellectual Property Rights in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the SolicitorIP Materials.

Protection of Personal Data. 41.1 With respect to the Parties' rights and obligations under the Contractthis Agreement, the Parties agree that the Client Authority is the Data Controller and that the Solicitor Contractor is the Data Processor of the Personal Data of the Authority. 41.2 The Contractor shall in relation to the Client’s Personal Data. The Solicitor shall: Data of the Authority: 41.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client Authority (which may be specific instructions or instructions of a general nature as set out in the Contract this Agreement or as otherwise notified by the Client Authority to the Solicitor Contractor during the term of Term provided that such instructions shall not oblige the ContractContractor to contravene any Data Protection Legislation); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; ; 41.2.2 implement appropriate technical and organisational measures as approved by the Authority to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm as advised by the Authority which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 41.2.3 take reasonable steps to ensure the reliability of all members of the Solicitor’s any Contractor Staff who have access to the Client’s Personal Data; ; 41.2.4 obtain the Client’s prior written approval consent from the Authority in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors Subcontractors or Affiliates for the provision of the Contract Services; ; 41.2.5 ensure that all members of the Solicitor’s Contractor Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 41; 41.2.6 ensure that none of the Solicitor’s Contractor Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; Authority; 41.2.7 notify the Client Authority (within five (55 Working Days) Working Days if the Solicitor it receives: : 41.2.7.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 41.2.7.2 a complaint or request relating to the ClientAuthority's obligations under the Data Protection Legislation; ; 41.2.8 provide the Client Authority with full all reasonable cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Dataunder Data Protection Legislation, including by: : 41.2.8.1 providing the Client Authority with full details of the complaint or request; ; 41.2.8.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientAuthority's instructions; ; 41.2.8.3 providing the Client Authority with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientAuthority); and and 41.2.8.4 providing the Client Authority with any information requested by the Client; Authority; 41.2.9 permit or procure permission for the Client or the Client’s Representative Authority (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, in accordance with Clause 25 (Audits), the SolicitorContractor's data Processing activities (and/or those of the Contractor’s Staff and its agents and Sub-Contractorssubsidiaries) and comply with all reasonable requests or directions by the Client Authority to enable the Client Authority to verify and/or procure that the Solicitor Contractor is in full compliance with its obligations under the Contract; this Clause 41; 41.2.10 provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s processing Personal Data (within the timescales reasonably required by the ClientAuthority); and and 41.2.11 not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as Authority and, where the Client Authority consents to a transfer, to comply with: 41.2.11.1 the obligations of a Data Controller under the Eighth Data Protection Principle set out in its discretion thinks fit. Schedule 1 of the Data Protection Act 1998 by providing an adequate level of protection to any Personal Data that is transferred; and 41.2.11.2 any reasonable instructions notified to it by the Authority. 41.3 The Solicitor Parties shall comply at all times with the Data Protection Legislation and neither Party shall not perform its obligations under the Contract this Agreement in such a way as to cause the Client other Party to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. 49.1 With respect to the Partiesparties' rights and obligations under the Contractthis Agreement, the Parties parties agree that the Client DCC is either the Data Controller or the Data Processor and that the Contractor is the Data Controller and Processor. For the avoidance of doubt, the parties agree that the Solicitor Contractor is the a sub-Data Processor in relation to where the Client’s Personal Data. DCC acts as a Data Processor. 49.2 The Solicitor Contractor shall: : 49.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client DCC (which may be specific instructions or instructions of a general nature as set out in the Contract this Agreement or as otherwise notified by the Client DCC to the Solicitor Contractor during the term of Service Period). Any such instructions which are inconsistent with the Contract); parties' rights and obligations under this Agreement shall be dealt with in accordance with the Change Control Procedure; 49.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; Law; 49.2.3 subject to Clause 48.12, implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing Processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 49.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any Contractor Personnel who have access to the Client’s Personal Data; ; 49.2.5 obtain the Client’s prior written approval consent from the DCC in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors contractors or Affiliates for the provision of the Contract Services; , such consent not to be unreasonably withheld or delayed; 49.2.6 ensure that all members of the Solicitor’s Staff Contractor Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 49; 49.2.7 ensure that none of the Solicitor’s Staff Contractor Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; DCC; 49.2.8 notify the Client DCC (within five (5) Working Days Days) if the Solicitor it receives: : 49.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 49.2.8.2 a complaint or request relating to the ClientDCC's obligations under the Data Protection Legislation; ; 49.2.9 provide the Client DCC with full cooperation co-operation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 49.2.9.1 providing the Client DCC with full details of the complaint or request; complying ; 49.2.9.2 enabling the DCC to comply with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientDCC's instructions; ; 49.2.9.3 providing the Client DCC with any Client’s Personal Data it holds in relation to a Data Subject as a result of this Agreement (within the timescales required by the ClientDCC); and and 49.2.9.4 providing the Client DCC with any information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; DCC; 49.2.10 provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s Personal Data (within the timescales reasonably required by the ClientDCC); and and 49.2.11 not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area. If, after the Effective Date, the Contractor (or any Sub-contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 49.2.11.1 the Contractor shall submit a Change Request to the DCC which shall be dealt with in accordance with the Change Control Procedure and this Clause 49.2.11; 49.2.11.2 the Contractor shall set out in its Change Request and/or Impact Assessment appropriate details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the Contractor will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the DCC's compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 49.2.11.3 in providing and evaluating the Change Request and Impact Assessment, the parties shall ensure that they have regard to and comply with then current Guidance on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 49.2.11.4 the prior written consent of Contractor shall comply with such other instructions and shall carry out such other actions as the Client DCC may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Agreement or a separate data processing agreement between the parties; and (b) procuring that any Sub-contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the DCC on such terms as may be required by the Client in its discretion thinks fit. DCC, which the Contractor acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 49.3 The Solicitor Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract this Agreement in such a way as to cause the Client DCC to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. With respect to the Parties' rights and obligations under the Legal Services Contract, the Parties agree that the Client Customer is the Data Controller and that the Solicitor Supplier is the Data Processor in relation to the ClientCustomer’s Personal Data. The Solicitor Supplier shall: Process the ClientCustomer’s Personal Data only in accordance with instructions from the Client Customer (which may be specific instructions or instructions of a general nature as set out in the Legal Services Contract or as otherwise notified by the Client Customer to the Solicitor Supplier during the term Term of the Legal Services Contract); Process the ClientCustomer’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Ordered Panel Services or as is required by Law or any Regulatory Bodyregulatory body; implement appropriate technical and organisational measures to protect the ClientCustomer’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the ClientCustomer’s Personal Data and having regard to the nature of the ClientCustomer’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the SolicitorSupplier’s Staff Personnel who have access to the ClientCustomer’s Personal Data; obtain the Client’s prior written approval Approval in order to transfer all or any of the ClientCustomer’s Personal Data to any Sub-Contractors for the provision of the Contract Services; ensure that all members of the SolicitorSupplier’s Staff Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.19.1; ensure that none of the SolicitorSupplier’s Staff Personnel publish, disclose or divulge any of the ClientCustomer’s Personal Data to any third party unless directed in writing to do so by the ClientCustomer; notify the Client Customer within five (5) Working Days if the Solicitor Supplier receives: a request from a Data Subject to have access to the ClientCustomer’s Personal Data relating to that person; or a complaint or request relating to the ClientCustomer's obligations under the Data Protection Legislation; provide the Client Customer with full cooperation and assistance in relation to any complaint or request made relating to the ClientCustomer’s Personal Data, including by: providing the Client Customer with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCustomer's instructions; providing the Client Customer with any ClientCustomer’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCustomer); and providing the Client Customer with any information requested by the ClientCustomer; permit or procure permission for the Client Customer or the ClientCustomer’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the SolicitorSupplier's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client Customer to enable the Client Customer to verify and/or procure that the Solicitor Supplier is in full compliance with its obligations under the Legal Services Contract; provide a written description of the technical and organisational methods employed by the Solicitor Supplier for Processing the ClientCustomer’s Personal Data (within the timescales required by the ClientCustomer); and not Process or otherwise transfer any ClientCustomer’s Personal Data outside the European Economic Area without the prior written consent of the Client Customer which may be given on such terms as shall have the Client in its discretion thinks fitabsolute right grant (whether conditionally or otherwise) or deny. The Solicitor Supplier shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Legal Services Contract in such a way as to cause the Client Customer to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor Supplier acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the ClientCustomer’s Personal Data that the Client Customer may be irreparably harmed (including harm to its reputation). In such circumstances, the Client Customer may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor Supplier to comply with its obligations under the Legal Services Contract, ClientCustomer’s Personal Data is transmitted or Processed in connection with the Legal Services Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor Supplier shall be liable for the cost of reconstitution of that data and shall reimburse the Client Customer in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the SolicitorSupplier.

Protection of Personal Data. 5.1 With respect to the Parties' parties’ rights and obligations under the Contractthis Agreement, the Parties parties agree that the Client COI is the Data Controller and that the Solicitor Contractor is the Data Processor in relation to Processor. 5.2 The Contractor shall process the Client’s Personal Data. The Solicitor shall: Process the Client’s Personal Data only in accordance with instructions from the Client COI (which may be specific instructions set out in the Contract or instructions of a general nature as set out in the Contract Information Assurance Capability Questionnaire or as otherwise notified by the Client COI to the Solicitor Contractor during the term of Term). 5.3 The Contractor shall process the Contract); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; . 5.4 The Contractor shall implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processingprocessing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s . 5.5 The Contractor shall employ appropriate Staff who Vetting Procedures where staff may have access to the Client’s Personal Data; . 5.6 The Contractor shall obtain the Client’s prior written approval consent from COI in order to transfer all or any of the Client’s Personal Data to any Subsub-Contractors contractors or Affiliates for the provision of the Contract Services; . 5.7 The Contractor shall ensure that all members of the Solicitor’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; clause 5. 5.8 The Contractor shall ensure that none of the Solicitor’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing Approved to do so by the Client; COI. 5.9 The Contractor shall notify the Client COI within five (5) Working Days 5 working days if the Solicitor it receives: : 5.9.1 a request from a Data Subject to have access to the Clientthat person’s Personal Data relating to that personData; or or 5.9.2 a complaint or request relating to the Client's COI’s obligations under the Data Protection Legislation; . 5.10 The Contractor shall provide the Client COI with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 5.10.1 providing the Client COI with full details of the complaint or request; ; 5.10.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's COI’s instructions; ; 5.10.3 providing the Client COI with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCOI); and and 5.10.4 providing the Client COI with any information requested by the Client; COI. 5.11 The Contractor shall permit COI or procure permission for the Client or the ClientCOI’s Representative Agents (subject to reasonable and appropriate confidentiality undertakings), ) to inspect and auditaudit in accordance with Framework – clause 19 “Records and Audit Access”, the Solicitor's Contractor’s data Processing processing activities (and/or and those of its agents agents, subsidiaries and Subsub-Contractorscontractors) and comply with all reasonable requests or directions by the Client COI to enable the Client COI to verify and/or procure that the Solicitor Contractor is in full compliance with its obligations under the this Contract; . 5.12 The Contractor shall provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s processing Personal Data (within the timescales required by the ClientCOI); and . 5.13 The Contractor shall not Process or otherwise transfer any Client’s process Personal Data outside the European Economic Area without the prior written consent of COI and, where COI consents to a transfer, to comply with: 5.13.1 the Client which may be given on such terms as obligations of a Data Controller under the Client Eighth Data Protection Principle set out in its discretion thinks fit. Schedule 1 of the Data Protection Act 1998 by providing an adequate level of protection to any Personal Data that is transferred; and 5.13.2 any reasonable instructions notified to it by COI. 5.14 The Solicitor Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client COI to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in . 5.15 For the event that it breaches (or attempts or threatens avoidance of doubt all references to breach) its obligations relating to the Client’s Personal Data that in this clause 5 shall also include the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further definition of Sensitive Personal Data. 5.16 The breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission part of this Clause 5 will be regarded as a fundamental breach when interpreting Clause 25 and any other costs charged in connection with such failure by the SolicitorClause 29.

Protection of Personal Data. 25.1 With respect to the Parties' rights and obligations under this Framework Agreement, where the Contract, the Parties agree that the Client is the Data Controller and that the Solicitor Supplier is the Data Processor the provisions set out in relation to the Client’s Personal Data. Clause 25.2 shall apply. 25.2 The Solicitor Supplier shall: : 25.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client Authority (which may be specific instructions or instructions of a general nature as set out in the Contract this Framework Agreement or as otherwise notified by the Client Authority to the Solicitor Supplier during the term of the ContractTerm); ; 25.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision performance of the Services Supplier's obligations under this Framework Agreement or as is required by Law or any Regulatory Body; ; 25.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff who have access to the Client’s Personal Data; obtain the Client’s prior written approval in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors for the provision of the Contract Services; ensure that all members of the Solicitor’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; ensure that none of the Solicitor’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; ; 25.2.4 notify the Client Authority (within five (5) Working Days Days) if the Solicitor it receives: : (a) a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or (b) a complaint or request relating to the ClientAuthority's obligations under the Data Protection Legislation; ; 25.2.5 provide the Client Authority with full such cooperation and assistance as is reasonably necessary in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : (a) providing the Client Authority with full details of the complaint or request; ; (b) complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientAuthority's instructions; ; (c) providing the Client Authority with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientAuthority); and and (d) providing the Client Authority with any reasonable additional information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor for Processing the Client’s Personal Data (within the timescales required by the Client); and Authority; 25.2.6 not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the Authority's prior written consent consent. As part of the Client which may provision of any such consent the Authority shall be given on such entitled to impose any additional terms as relating to the Client in its discretion thinks fit. The Solicitor shall comply transfer and use of any Personal Data outside the European Economic Area; 25.2.7 at all times comply with the Data Protection Legislation and shall not perform its obligations under the Contract this Framework Agreement in such a way as to cause the Client Authority to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. 8.1 With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client is the Data Controller and that the Solicitor Insurer is the Data Processor in relation to the Client’s Personal Data. . 8.2 The Solicitor Insurer shall: : 8.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client to the Solicitor Insurer during the term of the Contract); ; 8.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; ; 8.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 8.2.4 take reasonable steps to ensure the reliability of all members of the SolicitorInsurer’s Staff who have access to the Client’s Personal Data; ; 8.2.5 obtain the Client’s prior written approval in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors for the provision of the Contract Services; ; 8.2.6 ensure that all members of the SolicitorInsurer’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; Clause; 8.2.7 ensure that none of the SolicitorInsurer’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; ; 8.2.8 notify the Client within five (5) Working Days if the Solicitor Insurer receives: : (a) a request from a Data Subject to have access to the Client’s Personal Data relating to that person; or or (b) a complaint or request relating to the Client's obligations under the Data Protection Legislation; ; 8.2.9 provide the Client with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Data, including by: : (a) providing the Client with full details of the complaint or request; ; (b) complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's instructions; ; (c) providing the Client with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the Client); and and (d) providing the Client with any information requested by the Client; ; 8.2.10 permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the SolicitorInsurer's data Processing activities (and/or those of its agents and Sub-Sub- Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor Insurer is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor for Processing the Client’s Personal Data (within the timescales required by the Client); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as the Client in its discretion thinks fit. The Solicitor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.;

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client CUSTOMER or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client CLIENT is the Data Controller and that the Solicitor SERVICE PROVIDER is the Data Processor in relation to the Client’s Personal DataProcessor. The Solicitor SERVICE PROVIDER shall: Process the Client’s Personal Data only in accordance with instructions from the Client CLIENT (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client CLIENT to the Solicitor SERVICE PROVIDER during the term of the ContractContract Period); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s any Staff who have access to the Client’s Personal Data; obtain the Client’s prior written approval consent from the CLIENT in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors contractors or Affiliates for the provision of the Contract Services; ensure that all members of the Solicitor’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.133; ensure that none of the Solicitor’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the ClientCLIENT; notify the Client CLIENT (within five (5Working Days) Working Days if the Solicitor SERVICE PROVIDER receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or a complaint or request relating to the Client's CLIENT'S obligations under the Data Protection Legislation; provide the Client CLIENT with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: providing the Client CLIENT with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's CLIENT'S instructions; providing the Client CLIENT with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCLIENT); and providing the Client CLIENT with any information requested by the ClientCLIENT; permit or procure permission for the Client CLIENT or the Client’s CLIENT Representative (subject to reasonable and appropriate confidentiality undertakings), ) to inspect and audit, in accordance with Clause 39 the Solicitor's data SERVICE PROVIDER’S Data Processing activities (and/or those of its agents his agents, subsidiaries and Sub-Contractorscontractors) and comply with all reasonable requests or directions by the Client CLIENT to enable the Client CLIENT to verify and/or procure that the Solicitor SERVICE PROVIDER is in full compliance with its his obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor SERVICE PROVIDER for Processing the Client’s processing Personal Data (within the timescales required by the ClientCLIENT); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as CLIENT and, where the Client CLIENT consents to a transfer, to comply with: the obligations of a Data Controller under the Eighth Data Protection Principle set out in its discretion thinks fitSchedule 1 of the Data Protection Act 1998 by providing an adequate level of protection to any Personal Data that is transferred; and any reasonable instructions notified to it by the CLIENT. The Solicitor SERVICE PROVIDER shall comply at all times with the Data Protection Legislation and shall not perform its his obligations under the Contract in such a way as to cause the Client CLIENT to breach any of its his applicable obligations under the Data Protection Legislation. Each Party shall:- treat all Confidential Information belonging to the other Party as confidential and safeguard it accordingly; and not disclose any Confidential Information belonging to the other Party to any other person without the prior written consent of the other Party, except to such persons and to such extent as may be necessary for the performance of either Party’s obligations under the Contract or except where disclosure is otherwise expressly permitted by the provisions of the Contract. The Solicitor SERVICE PROVIDER shall ensure that its Staff, professional advisors and consultants are aware of the SERVICE PROVIDER’S confidentiality obligations under the Contract and shall use its best endeavours to ensure that its staff, professional advisors and consultants comply with the SERVICE PROVIDER'S confidentiality obligations under this Contract. The SERVICE PROVIDER shall not use any Confidential Information it receives from the CLIENT otherwise than for the purposes of the Contract. Nothing in Clauses 34.1.1 to 34.1.4 shall prevent the CLIENT disclosing any Confidential Information obtained from the SERVICE PROVIDER:- for the purpose of the examination and certification of the CLIENT’S accounts; or for the purpose of any examination pursuant to Section 6(1) of the National Audit Xxx 0000 of the economy, efficiency and effectiveness with which the CLIENT has used its resources; or to any government department or any other Contracting CLIENT and the SERVICE PROVIDER hereby acknowledges thatthat all government departments or Contracting Authorities receiving such Confidential Information may further disclose the Confidential Information to other government departments or other Contracting Authorities on the basis that the information is confidential and is not to be disclosed to a third party which is not part of any government department or any Contracting CLIENT; or to any consultant, contractor or other person engaged by the CLIENT; provided that in disclosing information under sub-paragraphs (c) and (d) the CLIENT discloses only the information which is necessary for the purpose concerned and requests that the information is treated in confidence and that a confidentiality undertaking is given where appropriate. Nothing in Clauses 34.1.1 to 34.1.4 shall prevent either Party from:- using any techniques, ideas or know-how gained during the performance of its obligations under the Contract in the event that it breaches (or attempts or threatens to breach) course of its obligations relating normal business, to the Clientextent that this does not result in a disclosure of the other Party’s Personal Data that Confidential Information or an infringement of the Client may other Party’s Intellectual Property Rights, or disclosing Confidential Information which must be irreparably harmed (disclosed pursuant to a statutory, legal or parliamentary obligation placed upon the Party making the disclosure, including harm to its reputation). In such circumstances, any requirements for disclosure under the Client may proceed directly to court and seek injunctive FOIA or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach)the Environmental Information Regulations. In the event that through any failure by the Solicitor SERVICE PROVIDER fails to comply with its obligations Clauses 34.1.1 to 34.1.4 the CLIENT reserves the right to terminate the Contract with immediate effect by notice in writing. Clauses 34.1.1 to 34.1.4 are without prejudice to the application of the Official Secrets Acts 1911 to 1989 to any Confidential Information. In order to ensure that no unauthorised person gains access to any Confidential Information or any data obtained in the supply of the Services under the Contract, Client’s Personal Data the SERVICE PROVIDER undertakes to maintain adequate security arrangements that meet the requirements of professional standards and best industry practice. The SERVICE PROVIDER will immediately notify the CLIENT of any breach of security in relation to Confidential Information and all data obtained in the supply of the Services under the Contract and will keep a record of such breaches. The SERVICE PROVIDER will use its best endeavours to recover such Confidential Information or data however it may be recorded. This obligation is transmitted or Processed in connection addition to the SERVICE PROVIDER’S obligations under Clauses 34.1.1 to 34.1.4. The SERVICE PROVIDER will co-operate with the Contract is either lost or sufficiently degraded so CLIENT in any investigation that the CLIENT considers necessary to undertake as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect a result of any charge levied for breach of security in relation to Confidential Information or data. The SERVICE PROVIDER shall, at its transmission and own expense, alter any other costs charged in connection security systems at any time during the Contract Period at the CLIENT’S request if the CLIENT reasonably believes the SERVICE PROVIDER has failed to comply with such failure by the SolicitorClause 34.5.

Protection of Personal Data. With 28.4.1. Where any Personal Data are Processed with respect to the Parties' rights and obligations under the this Call Off Contract, the Parties agree that the Client Customer is the Data Controller and that the Solicitor Supplier is the Data Processor in relation to the Client’s Personal DataProcessor. 28.4.2. The Solicitor Supplier shall: : (a) Process the Client’s Personal Data only in accordance with instructions from the Client Customer (which may be specific instructions or instructions of a general nature as set out in the this Call Off Contract or as otherwise notified by the Client Customer to the Solicitor Supplier during the term of the ContractCall Off Contract Period); ; (b) Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; Law; (c) implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing Processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; (d) take reasonable steps to ensure the reliability of all members of the Solicitor’s any Staff who have access to the Client’s Personal Data; ; (e) obtain the Client’s prior written approval Approval in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; ; (f) ensure that all members of the Solicitor’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 28.4; (g) ensure that none of the Solicitor’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; Customer; (h) notify the Client Customer within five (5) Working Days if the Solicitor it receives: : (i) a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or (ii) a complaint or request relating to the ClientCustomer's obligations under the Data Protection Legislation; ; (i) provide the Client Customer with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : (i) providing the Client Customer with full details of the complaint or request; ; (ii) complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCustomer's instructions; ; (iii) providing the Client Customer with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCustomer); and and (iv) providing the Client Customer with any information requested by the Client; Customer; (j) permit or procure permission for the Client Customer or the Client’s Customer Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the SolicitorSupplier's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client Customer to enable the Client Customer to verify and/or procure that the Solicitor Supplier is in full compliance with its obligations under the this Call Off Contract; ; (k) provide a written description of the technical and organisational methods employed by the Solicitor Supplier for Processing the Client’s Personal Data (within the timescales required by the ClientCustomer); and and (l) not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Call Off Commencement Date, the Supplier (or any Sub- Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: (i) the Supplier shall submit a request for Variation to the Customer which shall be dealt with in accordance with the Variation Procedure and paragraphs (A) to (D) below; (ii) the Supplier shall set out in its request for a Variation details of the following: (A) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (B) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (C) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (D) how the Supplier will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the Customer’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; (iii) in providing and evaluating the request for Variation, the Parties shall ensure that they have regard to and comply with then-current Customer, Government and Information Commissioner Office’s policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally but, for the prior written consent avoidance of doubt, the Client Customer may, in its absolute discretion, refuse to grant Approval of such process and/or transfer any Personal Data outside the European Economic Area; and (iv) the Supplier shall comply with such other instructions and shall carry out such other actions as the Customer may notify in writing, including: (A) incorporating standard and/or model Clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Call Off Contract or a separate data processing agreement between the parties; and (B) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the Customer on such terms as may be required by the Client in its discretion thinks fitCustomer, which the Supplier acknowledges may include the incorporation of standard and/or model Clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 28.4.3. The Solicitor Supplier shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Call Off Contract in such a way as to cause the Client Customer to breach any of its applicable obligations under the Data Protection Legislation. 28.4.4. The Solicitor Supplier acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client Customer may be irreparably harmed (including harm to its reputation). In such circumstances, the Client Customer may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). 28.4.5. In The Supplier shall, at all times during and after the event that through any failure Call Off Contract Period, indemnify the Customer and keep the Customer fully indemnified against all Losses incurred by, awarded against or agreed to be paid by the Solicitor Customer at any time (whether before or after the making of a demand pursuant to comply with its the indemnity hereunder) arising from any breach of the Supplier's obligations under this Clause 28.4 except and to the Contract, Client’s Personal Data is transmitted or Processed in connection with extent that such liabilities have resulted directly from the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the SolicitorCustomer's instructions.

Protection of Personal Data. 14.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 14.2 The Solicitor CONTRACTOR shall: : 14.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 14.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 14.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 14.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 14.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 14.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 14; 14.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 14.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 14.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 14.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 14.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 14.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 14.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 14.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 14.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 14.2.10 permit or procure permission for the Client CUSTOMER or the Client’s Representative nominated representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 14.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 14.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 14.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 14.2.12.2 to 14.2.12.4 below; 14.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 14.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 14.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 14.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client or the Client’s Representative CUSTOMER (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Sub- Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit an Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER‟s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor for Processing the Client’s Personal Data (within the timescales required by the Client); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as the Client in its discretion thinks fit. The Solicitor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.CUSTOMER;

Protection of Personal Data. With respect to the Parties' rights and obligations under the Contract, the Parties agree that the Client is the Data Controller and that the Solicitor is the Data Processor in relation to the Client’s Personal Data. The Solicitor shall: Process the Client’s Personal Data only in accordance with instructions from the Client (which may be specific instructions or instructions of a general nature as set out in the Contract or as otherwise notified by the Client to the Solicitor during the term of the Contract); Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff who have access to the Client’s Personal Data; obtain the Client’s prior written approval in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors for the provision of the Contract Services; ensure that all members of the Solicitor’s Staff required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; ensure that none of the Solicitor’s Staff publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; notify the Client within five (5) Working Days if the Solicitor receives: a request from a Data Subject to have access to the Client’s Personal Data relating to that person; or a complaint or request relating to the Client's obligations under the Data Protection Legislation; provide the Client with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Data, including by: providing the Client with full details of the complaint or request; complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the Client's instructions; providing the Client with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the Client); and providing the Client with any information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; provide a written description of the technical and organisational methods employed by the Solicitor for Processing the Client’s Personal Data (within the timescales required by the Client); and not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area without the prior written consent of the Client which may be given on such terms as the Client in its discretion thinks fit. The Solicitor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract in such a way as to cause the Client to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that Data, the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.

Protection of Personal Data. ‌ 49.1 With respect to the Partiesparties' rights and obligations under the Contractthis Agreement, the Parties parties agree that the Client DCC is either the Data Controller or the Data Processor and that the Contractor is the Data Controller and Processor. For the avoidance of doubt, the parties agree that the Solicitor Contractor is the a sub-Data Processor in relation to where the Client’s Personal Data. DCC acts as a Data Processor. 49.2 The Solicitor Contractor shall: : 49.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client DCC (which may be specific instructions or instructions of a general nature as set out in the Contract this Agreement or as otherwise notified by the Client DCC to the Solicitor Contractor during the term of Service Period). Any such instructions which are inconsistent with the Contract); parties' rights and obligations under this Agreement shall be dealt with in accordance with the Change Control Procedure; 49.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services or as is required by Law or any Regulatory Body; Law; 49.2.3 subject to Clause 48.12, implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing Processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 49.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any Contractor Personnel who have access to the Client’s Personal Data; ; 49.2.5 obtain the Client’s prior written approval consent from the DCC in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors contractors or Affiliates for the provision of the Contract Services; , such consent not to be unreasonably withheld or delayed; 49.2.6 ensure that all members of the Solicitor’s Staff Contractor Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 49; 49.2.7 ensure that none of the Solicitor’s Staff Contractor Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; DCC; 49.2.8 notify the Client DCC (within five (5) Working Days Days) if the Solicitor it receives: : 49.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 49.2.8.2 a complaint or request relating to the ClientDCC's obligations under the Data Protection Legislation; ; 49.2.9 provide the Client DCC with full cooperation co-operation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 49.2.9.1 providing the Client DCC with full details of the complaint or request; complying ; 49.2.9.2 enabling the DCC to comply with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientDCC's instructions; ; 49.2.9.3 providing the Client DCC with any Client’s Personal Data it holds in relation to a Data Subject as a result of this Agreement (within the timescales required by the ClientDCC); and and 49.2.9.4 providing the Client DCC with any information requested by the Client; permit or procure permission for the Client or the Client’s Representative (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, the Solicitor's data Processing activities (and/or those of its agents and Sub-Contractors) and comply with all reasonable requests or directions by the Client to enable the Client to verify and/or procure that the Solicitor is in full compliance with its obligations under the Contract; DCC; 49.2.10 provide a written description of the technical and organisational methods employed by the Solicitor Contractor for Processing the Client’s Personal Data (within the timescales reasonably required by the ClientDCC); and and 49.2.11 not Process or otherwise transfer any Client’s Personal Data outside the European Economic Area. If, after the Effective Date, the Contractor (or any Sub-contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 49.2.11.1 the Contractor shall submit a Change Request to the DCC which shall be dealt with in accordance with the Change Control Procedure and this Clause 49.2.11; 49.2.11.2 the Contractor shall set out in its Change Request and/or Impact Assessment appropriate details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the Contractor will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the DCC's compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 49.2.11.3 in providing and evaluating the Change Request and Impact Assessment, the parties shall ensure that they have regard to and comply with then current Guidance on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 49.2.11.4 the prior written consent of Contractor shall comply with such other instructions and shall carry out such other actions as the Client DCC may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Agreement or a separate data processing agreement between the parties; and (b) procuring that any Sub-contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the DCC on such terms as may be required by the Client in its discretion thinks fit. DCC, which the Contractor acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 49.3 The Solicitor Contractor shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the Contract this Agreement in such a way as to cause the Client DCC to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that50. CONFIDENTIALITY‌ 50.1 Subject to Clauses 50.4, in 50.5, 50.7, 50.13, 50.16, 50.19 and 54.3, the event Contractor undertakes to the DCC that it breaches (or attempts or threatens to breachand each Contractor Person) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.shall:

Protection of Personal Data. 15.1 With respect to the Partiesparties' rights and obligations under the this Contract, the Parties parties agree that the Client CUSTOMER is the Data Controller and that the Solicitor CONTRACTOR is the Data Processor in relation to the Client’s Personal Data. Processor. 15.2 The Solicitor CONTRACTOR shall: : 15.2.1 Process the Client’s Personal Data only in accordance with instructions from the Client CUSTOMER (which may be specific instructions or instructions of a general nature as set out in the this Contract or as otherwise notified by the Client CUSTOMER to the Solicitor CONTRACTOR during the term of the ContractTerm); ; 15.2.2 Process the Client’s Personal Data only to the extent, and in such manner, as is necessary for the provision of the Services Ordered IT Products or as is required by Law or any Regulatory Body; ; 15.2.3 implement appropriate technical and organisational measures to protect the Client’s Personal Data against unauthorised or unlawful processing and against accidental loss, destruction, damage, alteration or disclosure. These measures shall be appropriate to the harm which might result from any unauthorised or unlawful Processing, accidental loss, destruction or damage to the Client’s Personal Data and having regard to the nature of the Client’s Personal Data which is to be protected; ; 15.2.4 take reasonable steps to ensure the reliability of all members of the Solicitor’s Staff any CONTRACTOR Personnel who have access to the Client’s Personal Data; ; 15.2.5 obtain the Client’s prior written approval consent from the CUSTOMER in order to transfer all or any of the Client’s Personal Data to any Sub-Contractors or Affiliates for the provision of the Contract Services; Ordered IT Products; 15.2.6 ensure that all members of the Solicitor’s Staff CONTRACTOR Personnel required to access the Personal Data are informed of the confidential nature of the Personal Data and comply with the obligations set out in this Clause 6.1; 15; 15.2.7 ensure that none of the Solicitor’s Staff CONTRACTOR Personnel publish, disclose or divulge any of the Client’s Personal Data to any third party unless directed in writing to do so by the Client; CUSTOMER; 15.2.8 notify the Client CUSTOMER (within five (5) Working Days Days) if the Solicitor it receives: : 15.2.8.1 a request from a Data Subject to have access to the Client’s Personal Data relating to that person's Personal Data; or or 15.2.8.2 a complaint or request relating to the ClientCUSTOMER's obligations under the Data Protection Legislation; ; 15.2.9 provide the Client CUSTOMER with full cooperation and assistance in relation to any complaint or request made relating to the Client’s Personal Datamade, including by: : 15.2.9.1 providing the Client CUSTOMER with full details of the complaint or request; ; 15.2.9.2 complying with a data access request within the relevant timescales set out in the Data Protection Legislation and in accordance with the ClientCUSTOMER's instructions; ; 15.2.9.3 providing the Client CUSTOMER with any Client’s Personal Data it holds in relation to a Data Subject (within the timescales required by the ClientCUSTOMER); and and 15.2.9.4 providing the Client CUSTOMER with any information requested by the Client; CUSTOMER; 15.2.10 permit or procure permission for the Client or the Client’s Representative CUSTOMER (subject to reasonable and appropriate confidentiality undertakings), to inspect and audit, audit the SolicitorCONTRACTOR's data Processing activities (and/or those of its agents agents, subsidiaries and Sub-Contractors) and comply with all reasonable requests or directions by the Client CUSTOMER to enable the Client CUSTOMER to verify and/or procure that the Solicitor CONTRACTOR is in full compliance with its obligations under the this Contract; ; 15.2.11 provide a written description of the technical and organisational methods employed by the Solicitor CONTRACTOR for Processing the Client’s processing Personal Data (within the timescales required by the ClientCUSTOMER); and and 15.2.12 not Process or otherwise transfer any ClientPersonal Data outside the European Economic Area. If, after the Effective Date, the CONTRACTOR (or any Sub-Contractor) wishes to Process and/or transfer any Personal Data outside the European Economic Area, the following provisions shall apply: 15.2.12.1 the CONTRACTOR shall submit a Contract Change Note to the CUSTOMER which shall be dealt with in accordance with the Contract Change Procedure and Clauses 15.2.12.2 to 15.2.12.4 below; 15.2.12.2 the CONTRACTOR shall set out in its Contract Change Note (and/or impact assessment) details of the following: (a) the Personal Data which will be Processed and/or transferred outside the European Economic Area; (b) the country or countries in which the Personal Data will be Processed and/or to which the Personal Data will be transferred outside the European Economic Area; (c) any Sub-Contractors or other third parties who will be Processing and/or transferring Personal Data outside the European Economic Area; and (d) how the CONTRACTOR will ensure an adequate level of protection and adequate safeguards (in accordance with the Data Protection Legislation and in particular so as to ensure the CUSTOMER’s compliance with the Data Protection Legislation) in respect of the Personal Data that will be Processed and/or transferred outside the European Economic Area; 15.2.12.3 in providing and evaluating the Contract Change Note, the parties shall ensure that they have regard to and comply with then-current CUSTOMER, Government and Information Commissioner Office policies, procedures, guidance and codes of practice on, and any approvals processes in connection with, the Processing and/or transfers of Personal Data outside the European Economic Area without and/or overseas generally; and 15.2.12.4 the prior written consent of CONTRACTOR shall comply with such other instructions and shall carry out such other actions as the Client CUSTOMER may notify in writing, including: (a) incorporating standard and/or model clauses (which may are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation) in this Contract or a separate data processing agreement between the parties; and (b) procuring that any Sub-Contractor or other third party who will be given Processing and/or transferring the Personal Data outside the European Economic Area enters into a direct data processing agreement with the CUSTOMER on such terms as may be required by the Client in its discretion thinks fit. CUSTOMER, which the CONTRACTOR acknowledges may include the incorporation of standard and/or model clauses (which are approved by the European Commission as offering adequate safeguards under the Data Protection Legislation). 15.3 The Solicitor CONTRACTOR shall comply at all times with the Data Protection Legislation and shall not perform its obligations under the this Contract in such a way as to cause the Client CUSTOMER to breach any of its applicable obligations under the Data Protection Legislation. The Solicitor acknowledges that, in the event that it breaches (or attempts or threatens to breach) its obligations relating to the Client’s Personal Data that the Client may be irreparably harmed (including harm to its reputation). In such circumstances, the Client may proceed directly to court and seek injunctive or other equitable relief to remedy or prevent any further breach (or attempted or threatened breach). In the event that through any failure by the Solicitor to comply with its obligations under the Contract, Client’s Personal Data is transmitted or Processed in connection with the Contract is either lost or sufficiently degraded so as to be unusable, the Solicitor shall be liable for the cost of reconstitution of that data and shall reimburse the Client in respect of any charge levied for its transmission and any other costs charged in connection with such failure by the Solicitor.