Common use of Restrictions on use of the Shared Information Clause in Contracts

Restrictions on use of the Shared Information. 6.1. Each Party shall only process the Relevant Information as is necessary to achieve the Specified Purpose, and, in particular, shall not use or process Relevant Information for any other purpose unless agreed in writing by the Data Controller that released the information to the other. There shall be no other use or onward transmission of the Relevant Information to any third party without a lawful basis first being determined, and the originating Data Controller being notified. 6.2. Access to, and processing of, the Relevant Information provided by a Party must be the minimum necessary to achieve the Specified Purpose. Information and Sensitive Personal Data will be handled at all times on a restricted basis, in compliance with Information Law requirements, and Personnel should only have access to Personal Data on a justifiable Need to Know basis for the purpose of performing their duties in connection with the services they are there to deliver. The Need to Know requirement means that the Data Controllers’ Personnel will only have access to Personal Data or Sensitive Personal Data if it is lawful for such Personnel to have access to such data for the Specified Purpose and the function they are required to fulfil at that particular time, in relation to the Specified Purpose, cannot be achieved without access to the Personal Data or Sensitive Personal Data specified. 6.3. Having this Agreement in place does not give licence for unrestricted access to data that the other Data Controller may hold. It lays the parameters for the safe and secure sharing and processing of information for a justifiable Need to Know purpose. 6.4. Neither Party shall subcontract any processing of the Relevant Information without the prior written consent of the other Party. Where a Party subcontracts its obligations, it shall do so only by way of a written agreement with the sub-contractor which imposes the same obligations as are imposed on the Data Controllers under this Agreement. 6.5. Neither Party shall cause or allow Data to be transferred to any territory outside the European Economic Area without the prior written permission of the responsible Data Controller. 6.6. Any particular restrictions on use of certain Relevant Information are included in the attached Personal Data Agreement.

Restrictions on use of the Shared Information. 6.1. Each Party shall only process the Relevant Information as is necessary to achieve the Specified Purpose, and, in particular, shall not use or process Relevant Information for any other purpose unless agreed in writing by the Data Controller that released the information to the other. There shall be no other use or onward transmission of the Relevant Information to any third party without a lawful basis first being determined, and the originating Data Controller being notified. 6.2. Access to, and processing of, the Relevant Information provided by a Party must be the minimum necessary to achieve the Specified Purpose. Information and Sensitive Special Category Personal Data will be handled at all times on a restricted basis, in compliance with Information Law requirements, and Personnel should only have access to Personal Data on a justifiable Need to Know basis for the purpose of performing their duties in connection with the services they are there to deliver. The Need to Know requirement means that the Data Controllers’ Personnel will only have access to Personal Data or Sensitive Personal Data if it is lawful for such Personnel to have access to such data for the Specified Purpose and the function they are required to fulfil at that particular time, in relation to the Specified Purpose, cannot be achieved without access to the Personal Data or Sensitive Special Category Personal Data specified. 6.3. Having this Agreement in place does not give licence for unrestricted access to data that the other Data Controller may hold. It lays the parameters for the safe and secure sharing and processing of information for a justifiable Need to Know purpose. 6.4. Neither Party shall subcontract any processing of the Relevant Information without the prior written consent of the other Party. Where a Party subcontracts its obligations, it shall do so only by way of a written agreement with the sub-contractor which imposes the same obligations as are imposed on the Data Controllers under this Agreement. 6.5. Neither Party shall cause or allow Data to be transferred to any territory outside the European Economic Area without the prior written permission of the responsible Data Controller. 6.6. Any particular restrictions on use of certain Relevant Information are included in the attached Personal Data Agreement.

Restrictions on use of the Shared Information. 6.1. Each Party shall only process the Relevant Information as is necessary to achieve the Specified Purpose, and, in particular, shall not use or process Relevant Information for any other purpose unless agreed in writing by the Data Controller that released the information to the other. There shall be no other use or onward transmission of the Relevant Information to any third party without a lawful basis first being determined, and the originating Data Controller being notified. 6.2. Access to, and processing of, the Relevant Information provided by a Party must be the minimum necessary to achieve the Specified Purpose. Information and Sensitive Personal Data will be handled at all times on a restricted basis, in compliance with Information Law requirements, and Personnel should only have access to Personal Data on a justifiable Need to Know basis for the purpose of performing their duties in connection with the services they are there to deliver. The Need to Know requirement means that the Data Controllers’ Controllers‟ Personnel will only have access to Personal Data or Sensitive Personal Data if it is lawful for such Personnel to have access to such data for the Specified Purpose and the function they are required to fulfil at that particular time, in relation to the Specified Purpose, cannot be achieved without access to the Personal Data or Sensitive Personal Data specified. 6.3. Having this Agreement in place does not give licence for unrestricted access to data that the other Data Controller may hold. It lays the parameters for the safe and secure sharing and processing of information for a justifiable Need to Know purpose. 6.4. Neither Party shall subcontract any processing of the Relevant Information without the prior written consent of the other Party. Where a Party subcontracts its obligations, it shall do so only by way of a written agreement with the sub-contractor which imposes the same obligations as are imposed on the Data Controllers under this Agreement. 6.5. Neither Party shall cause or allow Data to be transferred to any territory outside the European Economic Area without the prior written permission of the responsible Data Controller. 6.6. Any particular restrictions on use of certain Relevant Information are included in the attached Personal Data Agreement.

Restrictions on use of the Shared Information. 6.1. Each Party shall only process the Relevant Information as is necessary to achieve the Specified Purpose, and, in particular, shall not use or process Relevant Information for any other purpose unless agreed in writing by the Data Controller that released the information to the other. There shall be no other use or onward transmission of the Relevant Information to any third party without a lawful basis first being determined, and the originating Data Controller being notified. 6.2. Access to, and processing of, the Relevant Information provided by a Party must be the minimum necessary to achieve the Specified Purpose. Information and Sensitive Personal Data will be handled at all times on a restricted basis, in compliance with Information Law requirements, and Personnel should only have access to Personal Data on a justifiable Need to Know basis for the purpose of performing their duties in connection with the services they are there to deliver. The Need to Know requirement means that the Data Controllers’ Personnel will only have access to Personal Data or Sensitive Personal Data if it is lawful for such Personnel to have access to such data for the Specified Purpose and the function they are required to fulfil at that particular time, in relation to the Specified Purpose, cannot be achieved without access to the Personal Data or Sensitive Special Category Personal Data specified. 6.3. Having this Agreement in place does not give licence for unrestricted access to data that the other Data Controller may hold. It lays the parameters for the safe and secure sharing and processing of information for a justifiable Need to Know purpose. 6.4. Neither Party shall subcontract any processing of the Relevant Information without the prior written consent of the other Party. Where a Party subcontracts its obligations, it shall do so only by way of a written agreement with the sub-contractor which imposes the same obligations as are imposed on the Data Controllers under this Agreement. 6.5. Neither Party shall cause or allow Data to be transferred to any territory outside the European Economic Area without the prior written permission of the responsible Data Controller. 6.6. Any particular restrictions on use of certain Relevant Information are included in the attached Personal Data Agreement.

Restrictions on use of the Shared Information. 6.1. Each Party shall only process the Relevant Information as is necessary to achieve the Specified Purpose, and, in particular, shall not use or process Relevant Information for any other purpose unless agreed in writing by the Data Controller that released the information to the other. There shall be no other use or onward transmission of the Relevant Information to any third party without a lawful basis first being determined, and the originating Data Controller being notified. 6.2. Access to, and processing of, the Relevant Information provided by a Party must be the minimum necessary to achieve the Specified Purpose. Information and Sensitive Special Categories of Personal Data will be handled at all times on a restricted basis, in compliance with Information Law requirements, and Personnel should only have access to Personal Data on a justifiable Need to Know basis for the purpose of performing their duties in connection with the services they are there to deliver. The Need to Know requirement means that the Data Controllers’ Personnel will only have access to Personal Data or Sensitive Special Categories of Personal Data if it is lawful for such Personnel to have access to such data for the Specified Purpose and the function they are required to fulfil at that particular time, in relation to the Specified Purpose, cannot be achieved without access to the Personal Data or Sensitive Special Categories of Personal Data specified. 6.3. Having this Agreement in place does not give licence for unrestricted access to data that the other Data Controller may hold. It lays the parameters for the safe and secure sharing and processing of information for a justifiable Need to Know purpose. 6.4. Neither Party shall subcontract any processing of the Relevant Information without the prior written consent of the other Party. Where a Party subcontracts its obligations, it shall do so only by way of a written agreement with the sub-contractor which imposes the same obligations as are imposed on the Data Controllers under this Agreement. 6.5. Neither Party shall cause or allow Data to be transferred to any territory outside the European Economic Area without the prior written permission of the responsible Data Controller. 6.6. Any particular restrictions on use of certain Relevant Information are included in the attached Personal Data Agreement.