Common use of Use of Personal Data Clause in Contracts

Use of Personal Data. (a) You acknowledge and agree that, unless we agree otherwise in any agreement that we enter into in relation to specific banking services, we and you each act as independent data controllers in respect of the Personal Data that we process in connection with our performance of any services that are subject to these Terms and Conditions. Accordingly, we and you shall comply with our respective obligations under Data Protection Legislation in respect of any Personal Data that we or you (as applicable) process, except to the extent that these Terms and Conditions allocate the responsibility for compliance with a particular requirement to one Party. (b) You acknowledge and agree that we may process Personal Data (including names, contact details and financial details) relating to your and your Affiliates’ employees, officers and other individuals (“Data Subjects”) in connection with performing our obligations and/or exercising our rights in respect of any services provided that are governed by these Terms and Conditions, including to administer and operate your account, to provide any services that we provide to you and your Affiliates, to recover payments, communicate with you, to market our goods and services to you and your Affiliates, to evaluate whether to offer particular services or not, to undertake background checks (including credit reference checks and KYC and AML checks) and to comply with our regulatory obligations. (c) You acknowledge that: (i) you shall have responsibility for the accuracy, quality and legality of the Personal Data; and (ii) it shall be your responsibility to, and you shall, issue any fair processing notices to, and obtain any necessary consents from, Data Subjects as may be required in order for us to process their Personal Data as required in order to perform our obligations and exercise our rights in respect of any services provided that are governed by these Terms and Conditions. In particular, before providing us with any Personal Data you shall, and shall procure that your Affiliates shall, provide the following information to the Data Subjects to whom the Personal Data relates (except where they already have the information): (i) our identity, and that they can contact us and our data protection officer by telephone on +00(0)00 0000 0000; (ii) that we are processing their Personal Data for the purposes set out in clause 18(b); (iii) that our processing of Personal Data as described in these Terms and Conditions is permitted because it is: (a) necessary for the purposes of our legitimate interests in pursuing the purposes set out in clauses 18(b) above (which interests are not overridden by prejudice to the relevant individual’s privacy); and/or, in some cases (b) necessary so that we can comply with applicable law that we are subject to; (iv) that we may disclose their Personal Data and other information about the Accounts and you to: (i) other members of our group and/or third parties who process information in accordance with our instructions for the purposes described above; (ii) third parties who may process Personal Data to carry out background checks on individuals; (iii) third parties who may process Personal Data in order to provide ancillary services such as card payment and other services; (iv) other payment institutions in connection with the administration and execution of payment transactions; (vi) law enforcement agencies and regulatory bodies; and (vii) such other third parties as are referenced in the Framework Agreement, any Mandate to us or any other agreement that we and you may enter into for specific banking services, or who we may notify you of from time to time; (v) that the disclosure of Personal Data to third parties described in clause 18(c)(iv) may involve the transfer of Personal Data to any country, including countries outside of the EEA that may offer a lower level of data protection than in the United Kingdom, but that this will be done with appropriate safeguards in place and that we will provide them with a copy of the relevant safeguards upon request; (vi) that we will retain the Personal Data for as long as it is necessary for the purposes for which they were collected and any other permitted linked purposes, including where required by applicable law; (vii) that they have certain rights in respect of the processing of their Personal Data, including the right to access, and rectify any errors in relation to, their Personal Data; (viii) that further information on how we process Personal Data, Data Subjects’ rights and how Data Subjects may exercise their rights in respect of the Personal Data can be found at xxxxx://xxx.xxxxxx.xxx/en/privacy-policy.html and that they are encouraged to review such privacy notice; and (ix) such other information as we may reasonably require you to give to Data Subjects from time to time, including in connection with your use of certain services.

Use of Personal Data. (a) 23.1 You acknowledge and agree that, unless we agree otherwise in any agreement that we enter into in relation to specific banking services, we and you each act as independent data controllers in respect of the Personal Data that we process in connection with our performance of any services that are subject to these Terms and Conditionsunder this Framework Contract. Accordingly, we and you shall comply with our respective obligations under Data Protection Legislation in respect of any Personal Data that we or you (as applicable) process, except to the extent that these Terms and Conditions allocate this Framework Contract allocates the responsibility for compliance with a particular requirement to one Party. (b) 23.2 You acknowledge and agree that we may process Personal Data (including names, contact details and financial details) relating to your and your Affiliates’ employees, officers and other identifiable living individuals (“including Authorised Persons) (Data Subjects”) in connection with performing our obligations and/or exercising our rights under this Framework Contact, including: for the purposes of administering and operating your Account; the retention and management of records in respect of any services provided that are governed by these Terms relation to the Account; and Conditionscomplying with applicable law, including to administer and operate your account, to provide any services that we provide to you and your Affiliates, to recover payments, communicate with you, to market our goods and services to you and your Affiliates, to evaluate whether to offer particular services or not, to undertake background checks (including credit reference checks and KYC and AML checksbut not limited to) and to comply with our regulatory obligationsanti-money laundering regulations. (c) 23.3 You acknowledge that: (i) you shall have responsibility for the accuracy, quality and legality of the Personal Data; and (ii) it shall be your responsibility to, and you shall, issue any fair processing notices to, and obtain any necessary consents from, Data Subjects as may be required in order for us to process their Personal Data as required in order to perform our obligations and exercise our rights in respect of any services provided that are governed by under these Terms and Conditions. In particular, before providing us with any Personal Data you shall, and shall procure that your Affiliates shall, provide the following information to the Data Subjects to whom the Personal Data relates (except where they already have the information): (i) ): our identity, and that they can contact us and our data protection officer by telephone on +00(0)00 0000 0000; (ii) sending a message to xxxxxxxxxxxxxxxxxxxx@xxxxxx.xxx or by sending a letter to Nordea, Group Data Protection Office, Xxxxxxxxxxxxxxx 0, 00000 Xxxxxx, Xxxxxxxx, Xxxxxxx; that we are processing their Personal Data for the purposes set out in clause 18(b); (iii) 23.2; that our processing of Personal Data as described in these Terms and Conditions this Contract is permitted because it is: (a) necessary for the purposes of our legitimate interests in pursuing the purposes set out in clauses 18(b) 23.2 above (which interests are not overridden by prejudice to the relevant individual’s privacy); ) and/or, in some cases (b) necessary so that we can comply with applicable law that we are subject to; (iv) ; that we may disclose their Personal Data and other information about the Accounts and you to: (i) other members of our group and/or third parties who process information in accordance with our instructions for the purposes described above; and (ii) third parties who may process Personal Data to carry out background checks on individuals; (iii) third parties who may process Personal Data in order to provide ancillary services such as card payment and other services; (iv) other payment institutions in connection with the administration and execution of payment transactions; (vi) law enforcement agencies and regulatory bodies; and (vii) such other third parties as are referenced in the this Framework Agreement, any Mandate to us or any other agreement that we and you may enter into for specific banking services, or who we may notify you of from time to time; (v) Contract; that the disclosure of Personal Data to third parties described in clause 18(c)(iv23.3(d) may involve the transfer of Personal Data to any country, including countries outside of the EEA that may offer a lower level of data protection than in the United Kingdom, but that this will be done with appropriate safeguards in place and that we will provide them with a copy of the relevant safeguards upon request; (vi) ; that we will retain the Personal Data for as long as it is necessary for the purposes for which they were collected and any other permitted linked purposes, including where required by applicable law; (vii) ; that they have certain rights in respect of the processing our use of their Personal Data, including the right to access, and rectify any errors in relation to, their Personal Data; (viii) ; that further information on how we process Personal Data, Data Subjects’ rights and how Data Subjects may exercise their rights in respect of the Personal Data can be found at xxxxx://xxx.xxxxxx.xxx/en/privacy-policy.html in Nordea’s Privacy Policy and that they are encouraged to review such privacy notice; and (ix) and such other information as we may reasonably require you to give to Data Subjects from time to time, including in connection with your use of certain services. 23.4 You shall indemnify us against any losses, damages and other liabilities (including legal fees) incurred by us arising out of or in connection with a breach by you of your obligations under this clause 23. 23.5 We shall indemnify you against any losses, damages and other liabilities (including legal fees) incurred by you arising out of or in connection with a breach by us of our obligations under this clause 23.

Use of Personal Data. (a) You acknowledge and agree that, unless we agree otherwise in any agreement that we enter into in relation to specific banking services, we and you each act as independent data controllers in respect of the Personal Data that we process in connection with our performance of any services that are subject to these Terms and Conditions. Accordingly, we and you shall comply with our respective obligations under Data Protection Legislation in respect of any Personal Data that we or you (as applicable) process, except to the extent that these Terms and Conditions allocate the responsibility for compliance with a particular requirement to one Party. (b) You acknowledge and agree that we may process Personal Data (including names, contact details and financial details) relating to your and your Affiliates’ employees, officers and other individuals (“Data Subjects”) in connection with performing our obligations and/or exercising our rights in respect of any services provided that are governed by these Terms and Conditions, including to administer and operate your account, to provide any services that we provide to you and your Affiliates, to recover payments, communicate with you, to market our goods and services to you and your Affiliates, to evaluate whether to offer particular services or not, to undertake background checks (including credit reference checks and KYC and AML checks) and to comply with our regulatory obligations. (c) You acknowledge that: (i) you shall have responsibility for the accuracy, quality and legality of the Personal Data; and (ii) it shall be your responsibility to, and you shall, issue any fair processing notices to, and obtain any necessary consents from, Data Subjects as may be required in order for us to process their Personal Data as required in order to perform our obligations and exercise our rights in respect of any services provided that are governed by these Terms and Conditions. In particular, before providing us with any Personal Data you shall, and shall procure that your Affiliates shall, provide the following information to the Data Subjects to whom the Personal Data relates (except where they already have the information): (i) our identity, and that they can contact us and our data protection officer by telephone on +00(0)00 0000 0000sending a message to: xxxxxxxxxxxxxxxxxxxx@xxxxxx.xxx, or by sending a letter to: Nordea, Group Data Protection Office, Xxxxxxxxxxxxxxx 0, 00000 Xxxxxx, Xxxxxxxx, Xxxxxxx; (ii) that we are processing their Personal Data for the purposes set out in clause 18(b12(b); (iii) that our processing of Personal Data as described in these Terms and Conditions is permitted because it is: (a) necessary for the purposes of our legitimate interests in pursuing the purposes set out in clauses 18(b12(b) above (which interests are not overridden by prejudice to the relevant individual’s privacy); and/or, in some cases (b) necessary so that we can comply with applicable law that we are subject to; (iv) that we may disclose their Personal Data and other information about the Accounts and you to: (i) other members of our group and/or third parties who process information in accordance with our instructions for the purposes described above; (ii) third parties who may process Personal Data to carry out background checks on individuals; (iii) third parties who may process Personal Data in order to provide ancillary services such as card payment and other services; (iv) other payment institutions in connection with the administration and execution of payment transactions; (vi) law enforcement agencies and regulatory bodies; and (vii) such other third parties as are referenced in the Framework AgreementContract, any Mandate to us or any other agreement that we and you may enter into for specific banking services, or who we may notify you of from time to time; (v) that the disclosure of Personal Data to third parties described in clause 18(c)(iv12(c)(iv) may involve the transfer of Personal Data to any country, including countries outside of the EEA that may offer a lower level of data protection than in the United KingdomUK, but that this will be done with appropriate safeguards in place and that we will provide them with a copy of the relevant safeguards upon request; (vi) that we will retain the Personal Data for as long as it is necessary for the purposes for which they were collected and any other permitted linked purposes, including where required by applicable law; (vii) that they have certain rights in respect of the processing of their Personal Data, including the right to access, and rectify any errors in relation to, their Personal Data; (viii) that further information on how we process Personal Data, Data Subjects’ rights and how Data Subjects may exercise their rights in respect of the Personal Data can be found at xxxxx://xxx.xxxxxx.xxx/en/privacy-policy.html in Nordea’s Privacy Policy and that they are encouraged to review such privacy notice; and (ix) such other information as we may reasonably require you to give to Data Subjects from time to time, including in connection with your use of certain services. (d) To the extent that you (the Customer) are located in the EEA and the UK is considered a Third Country for the purposes of the GDPR, the additional provisions of this clause 18(d) shall apply: (i) you and we shall be deemed to have entered into the Standard Contractual Clauses, in the form set out at Appendix 1 to these Terms and Conditions; (ii) pursuant to clause 18(d)(i), you (the Customer) shall be the data exporter for the purposes of the Standard Contractual Clauses and we (the Bank) shall be the data importer for the purposes of the Standard Contractual Clauses; and (iii) we and you agree to amend or replace the provisions of the Standard Contractual Clauses to the extent required by Data Protection Legislation. (e) You shall indemnify us against any losses, damages and other liabilities (including legal fees) incurred by us arising out of or in connection with a breach by you of your obligations under this clause 12. (f) We shall indemnify you against any losses, damages and other liabilities (including legal fees) incurred by you arising out of or in connection with a breach by us of our obligations under this clause 12.

Use of Personal Data. (a) 24.1 You acknowledge and agree that, unless we agree otherwise in any agreement that we enter into in relation to specific banking services, we and you each act as independent data controllers in respect of the Personal Data that we process in connection with our performance of any services that are subject to these Terms and Conditionsunder this Framework Contract. Accordingly, we and you shall comply with our respective obligations under Data Protection Legislation in respect of any Personal Data that we or you (as applicable) process, except to the extent that these Terms and Conditions allocate this Framework Contract allocates the responsibility for compliance with a particular requirement to one Party. (b) 24.2 You acknowledge and agree that we may process Personal Data (including names, contact details and financial details) relating to your and your Affiliates’ employees, officers and other identifiable living individuals (“including Authorised Persons) (Data Subjects”) in connection with performing our obligations and/or exercising our rights under this Framework Contact, including: for the purposes of administering and operating your Account; the retention and management of records in respect of any services provided that are governed by these Terms relation to the Account; and Conditionscomplying with applicable law, including to administer and operate your account, to provide any services that we provide to you and your Affiliates, to recover payments, communicate with you, to market our goods and services to you and your Affiliates, to evaluate whether to offer particular services or not, to undertake background checks (including credit reference checks and KYC and AML checksbut not limited to) and to comply with our regulatory obligationsanti-money laundering regulations. (c) 24.3 You acknowledge that: (i) you shall have responsibility for the accuracy, quality and legality of the Personal Data; and (ii) it shall be your responsibility to, and you shall, issue any fair processing notices to, and obtain any necessary consents from, Data Subjects as may be required in order for us to process their Personal Data as required in order to perform our obligations and exercise our rights in respect of any services provided that are governed by under these Terms and Conditions. In particular, before providing us with any Personal Data you shall, and shall procure that your Affiliates shall, provide the following information to the Data Subjects to whom the Personal Data relates (except where they already have the information): (i) ): our identity, and that they can contact us and our data protection officer by telephone on +00(0)00 0000 0000; (ii) sending a message to xxxxxxxxxxxxxxxxxxxx@xxxxxx.xxx or by sending a letter to Nordea, Group Data Protection Office, Xxxxxxxxxxxxxxx 0, 00000 Xxxxxx, Xxxxxxxx, Xxxxxxx; that we are processing their Personal Data for the purposes set out in clause 18(b); (iii) 24.2; that our processing of Personal Data as described in these Terms and Conditions this Contract is permitted because it is: (a) necessary for the purposes of our legitimate interests in pursuing the purposes set out in clauses 18(b) 24.2 above (which interests are not overridden by prejudice to the relevant individual’s privacy); ) and/or, in some cases (b) necessary so that we can comply with applicable law that we are subject to; (iv) ; that we may disclose their Personal Data and other information about the Accounts and you to: (i) other members of our group and/or third parties who process information in accordance with our instructions for the purposes described above; and (ii) third parties who may process Personal Data to carry out background checks on individuals; (iii) third parties who may process Personal Data in order to provide ancillary services such as card payment and other services; (iv) other payment institutions in connection with the administration and execution of payment transactions; (vi) law enforcement agencies and regulatory bodies; and (vii) such other third parties as are referenced in the this Framework Agreement, any Mandate to us or any other agreement that we and you may enter into for specific banking services, or who we may notify you of from time to time; (v) Contract; that the disclosure of Personal Data to third parties described in clause 18(c)(iv24.3(d) may involve the transfer of Personal Data to any country, including countries outside of the EEA that may offer a lower level of data protection than in the United Kingdom, but that this will be done with appropriate safeguards in place and that we will provide them with a copy of the relevant safeguards upon request; (vi) ; that we will retain the Personal Data for as long as it is necessary for the purposes for which they were collected and any other permitted linked purposes, including where required by applicable law; (vii) ; that they have certain rights in respect of the processing our use of their Personal Data, including the right to access, and rectify any errors in relation to, their Personal Data; (viii) ; that further information on how we process Personal Data, Data Subjects’ rights and how Data Subjects may exercise their rights in respect of the Personal Data can be found at xxxxx://xxx.xxxxxx.xxx/en/privacy-policy.html and that they are encouraged to review such privacy notice; and (ix) and such other information as we may reasonably require you to give to Data Subjects from time to time, including in connection with your use of certain services. 24.4 You shall indemnify us against any losses, damages and other liabilities (including legal fees) incurred by us arising out of or in connection with a breach by you of your obligations under this clause 24. 24.5 We shall indemnify you against any losses, damages and other liabilities (including legal fees) incurred by you arising out of or in connection with a breach by us of our obligations under this clause 24.

Use of Personal Data. (a) You acknowledge and agree that, unless we agree otherwise in any agreement that we enter into in relation to specific banking services, we and you each act as independent data controllers in respect of the Personal Data that we process in connection with our performance of any services that are subject to these Terms and Conditions. Accordingly, we and you shall comply with our respective obligations under Data Protection Legislation in respect of any Personal Data that we or you (as applicable) process, except to the extent that these Terms and Conditions allocate the responsibility for compliance with a particular requirement to one Party. (b) You acknowledge and agree that we may process Personal Data (including names, contact details and financial details) relating to your and your Affiliates’ employees, officers and other individuals (“Data Subjects”) in connection with performing our obligations and/or exercising our rights in respect of any services provided that are governed by these Terms and Conditions, including to administer and operate your account, to provide any services that we provide to you and your Affiliates, to recover payments, communicate with you, to market our goods and services to you and your Affiliates, to evaluate whether to offer particular services or not, to undertake background checks (including credit reference checks and KYC and AML checks) and to comply with our regulatory obligations. (c) You acknowledge that: (i) you shall have responsibility for the accuracy, quality and legality of the Personal Data; and (ii) it shall be your responsibility to, and you shall, issue any fair processing notices to, and obtain any necessary consents from, Data Subjects as may be required in order for us to process their Personal Data as required in order to perform our obligations and exercise our rights in respect of any services provided that are governed by these Terms and Conditions. In particular, before providing us with any Personal Data you shall, and shall procure that your Affiliates shall, provide the following information to the Data Subjects to whom the Personal Data relates (except where they already have the information): (i) our identity, and that they can contact us and our data protection officer by telephone on +00(0)00 0000 0000; (ii) that we are processing their Personal Data for the purposes set out in clause 18(b); (iii) that our processing of Personal Data as described in these Terms and Conditions is permitted because it is: (a) necessary for the purposes of our legitimate interests in pursuing the purposes set out in clauses 18(b) above (which interests are not overridden by prejudice to the relevant individual’s privacy); and/or, in some cases (b) necessary so that we can comply with applicable law that we are subject to; (iv) that we may disclose their Personal Data and other information about the Accounts and you to: (i) other members of our group and/or third parties who process information in accordance with our instructions for the purposes described above; (ii) third parties who may process Personal Data to carry out background checks on individuals; (iii) third parties who may process Personal Data in order to provide ancillary services such as card payment and other services; (iv) other payment institutions in connection with the administration and execution of payment transactions; (vi) law enforcement agencies and regulatory bodies; and (vii) such other third parties as are referenced in the Framework Agreement, any Mandate to us or any other agreement that we and you may enter into for specific banking services, or who we may notify you of from time to time; (v) that the disclosure of Personal Data to third parties described in clause 18(c)(iv) may involve the transfer of Personal Data to any country, including countries outside of the EEA that may offer a lower level of data protection than in the United Kingdom, but that this will be done with appropriate safeguards in place and that we will provide them with a copy of the relevant safeguards upon request; (vi) that we will retain the Personal Data for as long as it is necessary for the purposes for which they were collected and any other permitted linked purposes, including where required by applicable law; (vii) that they have certain rights in respect of the processing of their Personal Data, including the right to access, and rectify any errors in relation to, their Personal Data; (viii) that further information on how we process Personal Data, Data Subjects’ rights and how Data Subjects may exercise their rights in respect of the Personal Data can be found at xxxxx://xxx.xxxxxx.xxx/en/privacy-policy.html and that they are encouraged to review such privacy notice; and (ix) such other information as we may reasonably require you to give to Data Subjects from time to time, including in connection with your use of certain services.

Use of Personal Data. (a) You acknowledge and agree that, unless we agree otherwise in any agreement that we enter into in relation to specific banking services, we and you each act as independent data controllers in respect of the Personal Data that we process in connection with our performance of any services that are subject to these Terms and Conditions. Accordingly, we and you shall comply with our respective obligations under Data Protection Legislation in respect of any Personal Data that we or you (as applicable) process, except to the extent that these Terms and Conditions allocate the responsibility for compliance with a particular requirement to one Party. (b) You acknowledge and agree that we may process Personal Data (including names, contact details and financial details) relating to your and your Affiliates’ employees, officers and other individuals (“Data Subjects”) in connection with performing our obligations and/or exercising our rights in respect of any services provided that are governed by these Terms and Conditions, including to administer and operate your account, to provide any services that we provide to you and your Affiliates, to recover payments, communicate with you, to market our goods and services to you and your Affiliates, to evaluate whether to offer particular services or not, to undertake background checks (including credit reference checks and KYC and AML checks) and to comply with our regulatory obligations. (c) You acknowledge that: (i) you shall have responsibility for the accuracy, quality and legality of the Personal Data; and (ii) it shall be your responsibility to, and you shall, issue any fair processing notices to, and obtain any necessary consents from, Data Subjects as may be required in order for us to process their Personal Data as required in order to perform our obligations and exercise our rights in respect of any services provided that are governed by these Terms and Conditions. In particular, before providing us with any Personal Data you shall, and shall procure that your Affiliates shall, provide the following information to the Data Subjects to whom the Personal Data relates (except where they already have the information): (i) our identity, and that they can contact us and our data protection officer by telephone on +00(0)00 0000 0000sending a message to: xxxxxxxxxxxxxxxxxxxx@xxxxxx.xxx, or by sending a letter to: Nordea, Group Data Protection Office, Xxxxxxxxxxxxxxx 0, 00000 Xxxxxx, Xxxxxxxx, Xxxxxxx;; (ii) that we are processing their Personal Data for the purposes set out in clause 18(b); (iii) that our processing of Personal Data as described in these Terms and Conditions is permitted because it is: (a) necessary for the purposes of our legitimate interests in pursuing the purposes set out in clauses 18(b) above (which interests are not overridden by prejudice to the relevant individual’s privacy); and/or, in some cases (b) necessary so that we can comply with applicable law that we are subject to; (iv) that we may disclose their Personal Data and other information about the Accounts and you to: (i) other members of our group and/or third parties who process information in accordance with our instructions for the purposes described above; (ii) third parties who may process Personal Data to carry out background checks on individuals; (iii) third parties who may process Personal Data in order to provide ancillary services such as card payment and other services; (iv) other payment institutions in connection with the administration and execution of payment transactions; (vi) law enforcement agencies and regulatory bodies; and (vii) such other third parties as are referenced in the Framework Agreement, any Mandate to us or any other agreement that we and you may enter into for specific banking services, or who we may notify you of from time to time; (v) that the disclosure of Personal Data to third parties described in clause 18(c)(iv) may involve the transfer of Personal Data to any country, including countries outside of the EEA that may offer a lower level of data protection than in the United Kingdom, but that this will be done with appropriate safeguards in place and that we will provide them with a copy of the relevant safeguards upon request; (vi) that we will retain the Personal Data for as long as it is necessary for the purposes for which they were collected and any other permitted linked purposes, including where required by applicable law; (vii) that they have certain rights in respect of the processing of their Personal Data, including the right to access, and rectify any errors in relation to, their Personal Data; (viii) that further information on how we process Personal Data, Data Subjects’ rights and how Data Subjects may exercise their rights in respect of the Personal Data can be found at xxxxx://xxx.xxxxxx.xxx/en/privacy-policy.html and that they are encouraged to review such privacy notice; and (ix) such other information as we may reasonably require you to give to Data Subjects from time to time, including in connection with your use of certain services.cases

Use of Personal Data. The following conditions will apply to the processing of your Data (afor more information on this processing, please see the Data Protection Pol- icy on our website: xxxxxxxx.xxxxxxxxxxxxxxx.xxx/xx): a. As necessary, we may (1) You acknowledge share information about you (including your personal data), your Account and agree thatTransactions to your Account (includ- ing details about goods and services acquired) (henceforth “Data”) with American Express Entities, unless we agree otherwise including their agents, processors and sup- pliers; with your Company (including the Programme Administrator) and with your Associated Companies, including their agents and processors; with any third party authorised by you; with your bank, savings bank or card issuer; with the relevant regulatory bodies; with companies that dis- tribute the Card; with any third party whose name or logo appears on the Card, and with Affiliated Establishments used by you; and/or (2) in any agreement that we enter into in relation to specific banking services, we and you each act as independent data controllers in respect of the Personal Data that we other way process in connection with our performance of any services that are subject to these Terms and Conditions. Accordingly, we and you shall comply with our respective obligations under Data Protection Legislation in respect of any Personal Data that we or you (as applicable) process, except to the extent that these Terms and Conditions allocate the responsibility for compliance with a particular requirement to one Party. (b) You acknowledge and agree that we may process Personal your Data (including namesprofiling), contact details in each case to admin- ister and provide services for your Account or the Corporate American Express Card programme, to process and receive payment for Transac- tions on the account and to administer any benefits, insurance, travel or other business programmes in which you or your Company participate, or for security, anti-fraud and regulatory purposes. b. American Express Entities, other companies and designated proces- sors that we have specifically selected will have access to and may pro- cess the Data (including profiling) to develop lists from which they may make relevant offers to you via post, email, telephone or online, provided you have given your consent, where necessary. Therefore, we may (i) pseudonymise Data, (ii) consolidate Data from different American Ex- press Entities, and/or (iii) combine your Data with Data from other card- holders in order to manage, maintain and develop our overall relationship with you. The Data used to develop these lists may be obtained from the Application Form and the application process, from Card Transactions, from surveys and research (which may involve contacting you by post, email, telephone or online, provided you have provided your consent, where necessary), as well as from other sources, such as Affiliated Es- tablishments and marketing agencies. c. Recognising that you may only use the Card for professional purposes, we may use information about you, your Account and the Transactions made with the Card, to prepare reports and statistics to allow your Com- pany to maintain an effective administration and purchasing policy, and to meet our contractual obligations with your Company; this may also include information about outstanding debts. Such reports and statis- tics may be made available to your Company (including the Programme Administrator and designated employees) or its Related Companies, in- cluding its agents and data processors, for the purposes of administer- ing the American Express Corporate Card programme, and include de- tailed information about transactions, such as your name, card number, description of transactions (including, for example, dates, amounts and currency of the transaction) and information about the establishment and its type of industry. d. Unless your Account has “Full Company Liability” as described in the “Liability for Transactions” section of this Agreement, we may: i) exchange Data with credit reference agencies (“CRAs”). If you owe us any amount and do not repay it in full or when due, we may ask the CRAs to register the outstanding debt (provided that 5 years have not elapsed since the due date, without prejudice to the debt continuing to be outstanding thereafter). This information may be used to make decisions about offering products such as credit and related services, and other lines of credit to you or any other person with whom you maintain a financial detailsrelationship, as well as to prevent fraud and to locate debtors. ii) perform credit checks while any amount is owed on your Account (including contacting your bank, savings provider or authorised in- termediary) and disclose the Data to collection agencies and lawyers for the purposes of collecting existing debts on your Account, and/or iii) perform other solvency checks, including with CRAs, and analyse your Data to support management of your Account, authorise Trans- actions, develop risk management policies, models and procedures, and prevent fraud or other illegal activity. These CRA checks may be viewed or used by other organisations to determine your ability to obtain credit or meet your legal obligations. iv) transfer your Data and the data relating to the risks that you have with us to the Central Risk Information Service of the Bank of Spain (SCIRBE). We may also ask SCIRBE for information on all the back- ground, risks and credits appearing in your and name in order to deter- mine your Affiliates’ employeesfinancial solvency. e. We may exchange the Data with fraud prevention agencies. If you provide us with false or inaccurate information that results in fraud, officers this may be recorded for security reasons. We and other individuals organisations may use these records to make decisions to offer you, and any third party with whom you have a financial association, products such as credit and related services, car, home, life and other insurance products; to make decisions about insurance claims made by you or any third party with whom you maintain a financial association, locate debtors, collect debts, prevent fraud and money laundering and manage your accounts and in- surance policies. f. We and accredited organisations we have selected may monitor or re- cord your telephone calls to us or ours to you, to ensure a consistent level of service (“Data Subjects”including staff training) in connection with performing our obligations and/or exercising our rights in respect and the operation of any services provided that are governed by these Terms and Conditions, including to administer and operate your account, to provide any services that we provide to you assist in dispute resolution and monitor your Affiliates, to recover payments, communicate with you, to market our goods and services to you and your Affiliates, to evaluate whether to offer particular services or not, to undertake background checks (including credit reference checks and KYC and AML checks) and to comply with our regulatory obligationscontractual requests. (c) You acknowledge that: (i) you shall have responsibility for the accuracy, quality and legality g. We may carry out all of the Personal Data; above both in and outside Spain and the European Union (ii) it shall be hereinafter the “EU”), including processing your responsibility toinfor- mation in the United States of America, Mexico and you shallIndia, issue any fair processing notices to, and obtain any necessary consents from, Data Subjects where data protection laws are not as may be required comprehensive as in order for us to process their Personal Data as required in order to perform our obligations and exercise our rights in respect of any services provided that are governed by these Terms and Conditionsthe EU. In particularsuch cases, before providing us with any Personal Data you shallwe always take appropriate measures to guarantee an adequate level of protection, and shall procure that your Affiliates shall, provide the following information to the Data Subjects to whom the Personal Data relates (except where they already have the information): (i) our identity, and that they can contact us and our data protection officer by telephone on +00(0)00 0000 0000; (ii) that we are processing their Personal Data for the purposes set out in clause 18(b); (iii) that our processing of Personal Data as described in these Terms and Conditions is permitted because it is: (a) necessary for the purposes of our legitimate interests in pursuing the purposes set out in clauses 18(b) above (which interests are not overridden by prejudice to the relevant individual’s privacy); and/or, in some cases (b) necessary so that we can comply with applicable law that we are subject to; (iv) that we may disclose their Personal Data and other information about the Accounts and you to: (i) other members of our group and/or third parties who process information in accordance with our instructions the legal requirements in force in the EU. h. We use advanced technologies and well-defined procedures to ensure that your Data is processed promptly, accurately and in full. i. We will process your Data as established above with your consent for the purposes described above; (specified purposes, as necessary to guarantee compliance with legal or contractual obligations, or to satisfy our legitimate interests. j. In certain cases, you have the right of access, and the right to rectifica- tion or erasure of your Data. Furthermore, you may also have the right to restrict the processing of your Data, and to object to that processing. If you consent to your Data being processed, you may revoke that consent at any time. You also have the right to receive your data in a way that guarantees its portability. Please refer to our Privacy Policy on our web- site xxxxxxxx.xxxxxxxxxxxxxxx.xxx/xx for more information on how to exercise these rights. Likewise: i) If you wish to opt-out of marketing programmes, we recommend you update your data protection preferences by logging into business. xxxxxxxxxxxxxxx.xxx/xx. You may also write to us at American Ex- press, Xxxxxxx Xxxxxxxx 00-00, 00000, Xxxxxx. ii) third parties who may process Personal Data You have a legal right to carry out background checks on individuals; (access your personal records held by CRAs and fraud prevention agencies. We will provide you with the names and addresses of the organisations we have contacted, upon request to American Express, Xxxxxxx Xxxxxxxx 00-00, 00000, Xxxxxx. iii) third parties who may process Personal If you believe that any Data in order to provide ancillary services such as card payment and other services; (iv) other payment institutions in connection with the administration and execution of payment transactions; (vi) law enforcement agencies and regulatory bodies; and (vii) such other third parties as are referenced in the Framework Agreementwe hold about you is incorrect or incom- plete, any Mandate please write to us as soon as possible at American Express, Xxxxxxx Xxxxxxxx 00-00, 00000, Xxxxxx. Any incorrect or any other agreement that we and incomplete Data will be corrected as soon as possible. k. We keep Data about you may enter into for specific banking servicesif it is relevant to the above purposes, or who we may notify if it is required by the applicable legislation. If you of from time to time; (v) that the disclosure of Personal Data to third parties described in clause 18(c)(iv) may involve the transfer of Personal Data to any countryso request, including countries outside of the EEA that may offer a lower level of data protection than in the United Kingdom, but that this will be done with appropriate safeguards in place and that we will provide them you with a copy of the relevant safeguards upon request; (vi) that we will retain the Personal Data for as long as it is necessary for the purposes for which they were collected and any other permitted linked purposes, including where required by applicable law; (vii) that they have certain rights in respect of the processing of their Personal Data, including the right to access, and rectify any errors in relation to, their Personal Data; (viii) that further information on how the Data we process Personal Datahold about you, Data Subjects’ rights and how Data Subjects may exercise their rights in respect of accordance with the Personal Data can be found at xxxxx://xxx.xxxxxx.xxx/en/privacy-policy.html and that they are encouraged to review such privacy notice; and (ix) such other information as we may reasonably require you to give to Data Subjects from time to time, including in connection with your use of certain servicesapplicable legislation.

Use of Personal Data. (a) You acknowledge and agree that, unless we agree otherwise in any agreement that we enter into in relation to specific banking services, we and you each act as independent data controllers in respect of the Personal Data that we process in connection with our performance of any services that are subject to these Terms and Conditions. Accordingly, we and you shall comply with our respective obligations under Data Protection Legislation in respect of any Personal Data that we or you (as applicable) process, except to the extent that these Terms and Conditions allocate the responsibility for compliance with a particular requirement to one Party. (b) You acknowledge and agree that we may process Personal Data (including names, contact details and financial details) relating to your and your Affiliates’ employees, officers and other individuals (“Data Subjects”) in connection with performing our obligations and/or exercising our rights in respect of any services provided that are governed by these Terms and Conditions, including to administer and operate your account, to provide any services that we provide to you and your Affiliates, to recover payments, communicate with you, to market our goods and services to you and your Affiliates, to evaluate whether to offer particular services or not, to undertake background checks (including credit reference checks and KYC and AML checks) and to comply with our regulatory obligations. (c) You acknowledge that: (i) you shall have responsibility for the accuracy, quality and legality of the Personal Data; and (ii) it shall be your responsibility to, and you shall, issue any fair processing notices to, and obtain any necessary consents from, Data Subjects as may be required in order for us to process their Personal Data as required in order to perform our obligations and exercise our rights in respect of any services provided that are governed by these Terms and Conditions. In particular, before providing us with any Personal Data you shall, and shall procure that your Affiliates shall, provide the following information to the Data Subjects to whom the Personal Data relates (except where they already have the information): (i) our identity, and that they can contact us and our data protection officer by telephone on +00(0)00 0000 0000; (ii) that we are processing their Personal Data for the purposes set out in clause 18(b12(b); (iii) that our processing of Personal Data as described in these Terms and Conditions is permitted because it is: (a) necessary for the purposes of our legitimate interests in pursuing the purposes set out in clauses 18(b12(b) above (which interests are not overridden by prejudice to the relevant individual’s privacy); and/or, in some cases (b) necessary so that we can comply with applicable law that we are subject to; (iv) that we may disclose their Personal Data and other information about the Accounts and you to: (i) other members of our group and/or third parties who process information in accordance with our instructions for the purposes described above; (ii) third parties who may process Personal Data to carry out background checks on individuals; (iii) third parties who may process Personal Data in order to provide ancillary services such as card payment and other services; (iv) other payment institutions in connection with the administration and execution of payment transactions; (vi) law enforcement agencies and regulatory bodies; and (vii) such other third parties as are referenced in the Framework Agreement, any Mandate to us or any other agreement that we and you may enter into for specific banking services, or who we may notify you of from time to time; (v) that the disclosure of Personal Data to third parties described in clause 18(c)(iv12(c)(iv) may involve the transfer of Personal Data to any country, including countries outside of the EEA that may offer a lower level of data protection than in the United Kingdom, but that this will be done with appropriate safeguards in place and that we will provide them with a copy of the relevant safeguards upon request; (vi) that we will retain the Personal Data for as long as it is necessary for the purposes for which they were collected and any other permitted linked purposes, including where required by applicable law; (vii) that they have certain rights in respect of the processing of their Personal Data, including the right to access, and rectify any errors in relation to, their Personal Data; (viii) that further information on how we process Personal Data, Data Subjects’ rights and how Data Subjects may exercise their rights in respect of the Personal Data can be found at xxxxx://xxx.xxxxxx.xxx/en/privacy-policy.html and that they are encouraged to review such privacy notice; and (ix) such other information as we may reasonably require you to give to Data Subjects from time to time, including in connection with your use of certain services. (d) You shall indemnify us against any losses, damages and other liabilities (including legal fees) incurred by us arising out of or in connection with a breach by you of your obligations under this clause 12. (e) We shall indemnify you against any losses, damages and other liabilities (including legal fees) incurred by you arising out of or in connection with a breach by us of our obligations under this clause 12.

Use of Personal Data. (a) 24.1 You acknowledge and agree that, unless we agree otherwise in any agreement that we enter into in relation to specific banking services, we and you each act as independent data controllers in respect of the Personal Data that we process in connection with our performance of any services that are subject to these Terms and Conditionsunder this Framework Agreement. Accordingly, we and you shall comply with our respective obligations under Data Protection Legislation in respect of any Personal Data that we or you (as applicable) process, except to the extent that these Terms and Conditions allocate this Framework Agreement allocates the responsibility for compliance with a particular requirement to one Party. (b) 24.2 You acknowledge and agree that we may process Personal Data (including names, contact details and financial details) relating to your and your Affiliates’ employees, officers and other identifiable living individuals (“including Authorised Persons) (Data Subjects”) in connection with performing our obligations and/or exercising our rights under this Framework Contact, including: (a) for the purposes of administering and operating your Account; (b) the retention and management of records in respect of any services provided that are governed by these Terms and Conditions, including relation to administer and operate your account, to provide any services that we provide to you and your Affiliates, to recover payments, communicate with you, to market our goods and services to you and your Affiliates, to evaluate whether to offer particular services or not, to undertake background checks (including credit reference checks and KYC and AML checks) and to comply with our regulatory obligations.the Account; and (c) complying with applicable law, including (but not limited to) anti-money laundering regulations. 24.3 You acknowledge that: (i) you shall have responsibility for the accuracy, quality and legality of the Personal Data; and (ii) it shall be your responsibility to, and you shall, issue any fair processing notices to, and obtain any necessary consents from, Data Subjects as may be required in order for us to process their Personal Data as required in order to perform our obligations and exercise our rights in respect of any services provided that are governed by under these Terms and Conditions. In particular, before providing us with any Personal Data you shall, and shall procure that your Affiliates shall, provide the following information to the Data Subjects to whom the Personal Data relates (except where they already have the information): (ia) our identity, and that they can contact us and our data protection officer by telephone on +00(0)00 0000 0000; (iib) that we are processing their Personal Data for the purposes set out in clause 18(b)24.2; (iiic) that our processing of Personal Data as described in these Terms and Conditions this Agreement is permitted because it is: (a) necessary for the purposes of our legitimate interests in pursuing the purposes set out in clauses 18(b) 24.2 above (which interests are not overridden by prejudice to the relevant individual’s privacy); ) and/or, in some cases (b) necessary so that we can comply with applicable law that we are subject to; (iv) ; that we may disclose their Personal Data and other information about the Accounts and you to: : (i) other members of our group and/or third parties who process information in accordance with our instructions for the purposes described above; and (ii) third parties who may process Personal Data to carry out background checks on individuals; (iii) third parties who may process Personal Data in order to provide ancillary services such as card payment and other services; (iv) other payment institutions in connection with the administration and execution of payment transactions; (vi) law enforcement agencies and regulatory bodies; and (vii) such other third parties as are referenced in the this Framework Agreement, any Mandate to us or any other agreement that we and you may enter into for specific banking services, or who we may notify you of from time to time; (v) ; that the disclosure of Personal Data to third parties described in clause 18(c)(iv24.3(d) may involve the transfer of Personal Data to any country, including countries outside of the EEA that may offer a lower level of data protection than in the United Kingdom, but that this will be done with appropriate safeguards in place and that we will provide them with a copy of the relevant safeguards upon request; (vi) ; that we will retain the Personal Data for as long as it is necessary for the purposes for which they were collected and any other permitted linked purposes, including where required by applicable law; (vii) ; that they have certain rights in respect of the processing our use of their Personal Data, including the right to access, and rectify any errors in relation to, their Personal Data; (viii) ; that further information on how we process Personal Data, Data Subjects’ rights and how Data Subjects may exercise their rights in respect of the Personal Data can be found at xxxxx://xxx.xxxxxx.xxx/en/privacy-policy.html xxx.xxxxxx.xx.xx/xxxxxxx_xxxxxx and that they are encouraged to review such privacy notice; and (ix) and such other information as we may reasonably require you to give to Data Subjects from time to time, including in connection with your use of certain services. 24.4 You shall indemnify us against any losses, damages and other liabilities (including legal fees) incurred by us arising out of or in connection with a breach by you of your obligations under this clause 24. 24.5 We shall indemnify you against any losses, damages and other liabilities (including legal fees) incurred by you arising out of or in connection with a breach by us of our obligations under this clause 24.