Common use of Without prejudice to the Clause in Contracts

Without prejudice to the. generality of Clause 10.1, GO Power shall, in relation to any Personal Data processed in connection with the performance by GO Power of its obligations under this Agreement: (a) process that Personal Data only on the written instructions of the Customer unless GO Power is required by the laws of any member of the European Union or by the laws of the European Union applicable to GO Power to process Personal Data (Applicable Data Processing Laws). Where GO Power is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, GO Power shall promptly notify the Customer of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power from so notifying the Customer; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (d) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; (e) not transfer any Personal Data outside of the European Economic Area unless the consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Customer or GO Power has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) GO Power complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; (f) assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (g) notify the Customer without undue delay on becoming aware of a Personal Data breach; AND (h) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the Agreement unless required by Applicable Data Processing Law to store the Personal Data;

Without prejudice to the. generality of Clause 10.1, GO Power shall, in relation to any Personal Data processed in connection with the performance by GO Power of its obligations under this Agreement: (a) process that Personal Data only on the written instructions of the Customer unless GO Power is required by the any applicable data processing laws of any member of the European Union or by the laws of the European Union applicable to GO Power to process Personal Data (Applicable Data Processing Laws). Where GO Power is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, GO Power shall promptly notify the Customer of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power from so notifying the Customer; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (d) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; (e) not transfer any Personal Data outside of the European Economic Area United Kingdom unless the consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Customer or GO Power has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) GO Power complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; (f) assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (g) notify the Customer without undue delay on becoming aware of a Personal Data breach; AND (h) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the Agreement unless required by Applicable Data Processing Law to store the Personal Data;

Without prejudice to the. generality of Clause 10.18.1, GO Power the Company shall, in relation to any Personal Data processed in connection with the performance by GO Power the Company of its obligations under this Agreementthe Contract: (a) 8.4.1 process that Personal Data only on the written instructions of the Customer unless GO Power the Company is required by the laws of any member of the European Union or by the laws of the European Union applicable Applicable Laws to GO Power to otherwise process that Personal Data (Applicable Data Processing Laws)Data. Where GO Power the Company is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, GO Power the Company shall promptly notify the Customer of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power the Company from so notifying the Customer;. (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) 8.4.2 ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (d) 8.4.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;; and (e) 8.4.4 not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled: (ia) the Customer or GO Power the Company has provided appropriate safeguards in relation to the transfer; (iib) the data subject Data Subject (as defined in the Data Protection Legislation) has enforceable rights and effective legal remedies; (iiic) GO Power the Company complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (ivd) GO Power the Company complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; (e) notify the Customer without undue delay on becoming aware of a Personal Data breach; (f) assist at the written direction of the Customer, at delete or return Personal Data and copies thereof to the Customer’s cost, Customer on termination of the agreement unless required by Applicable Law to store the Personal Data; and (g) maintain complete and accurate records and information to demonstrate its compliance with this Clause 8. 8.4.5 assist the Customer in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (g) notify the Customer without undue delay on becoming aware of a Personal Data breach; AND (h) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the Agreement unless required by Applicable Data Processing Law to store the Personal Data;impact

Without prejudice to the. generality of Clause 10.1clause 7.1, GO Power the Supplier shall, in relation to any Personal Data personal data processed in connection with the performance by GO Power the Supplier of its obligations under this Agreementthe Contract: (a) process that Personal Data personal data only on the documented written instructions of the Customer unless GO Power the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable Applicable Laws to GO Power to otherwise process Personal Data (Applicable Data Processing Laws)that personal data. Where GO Power the Supplier is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, GO Power the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power the Supplier from so notifying the Customer; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the Customer, to protect against unauthorised or unlawful processing of Personal Data personal data and against accidental loss or destruction of, or damage to, Personal Datapersonal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (dc) ensure that all personnel who have access to and/or process Personal Data personal data are obliged to keep the Personal Data personal data confidential;; and (ed) not transfer any Personal Data personal data outside of the European Economic Area unless the prior written consent of the Customer has been obtained and the following conditions are fulfilled: : o (i) the Customer or GO Power the Supplier has provided appropriate safeguards in relation to the transfertransfer such as putting in place standard model clauses; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) GO Power complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; (f) assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (g) notify the Customer without undue delay on becoming aware of a Personal Data breach; AND (h) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the Agreement unless required by Applicable Data Processing Law to store the Personal Data;

Without prejudice to the. generality of Clause 10.1clause 15.1, GO Power shallthe Supplier shall use its commercial reasonable efforts, in relation to any Personal Data processed in connection with the performance by GO Power the Supplier of its obligations under this Agreementagreement: (a) 15.3.1 process that Personal Data only on the written instructions of the Customer unless GO Power the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable Applicable Laws to GO Power to otherwise process that Personal Data (Applicable Data Processing Laws)Data. Where GO Power the Supplier is relying on the laws of a member of the European Union or European Union law Law as the basis for processing Personal Data, GO Power the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power the Supplier from so notifying the Customer; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that 15.3.2 it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (d) 15.3.3 ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; (e) 15.3.4 unless otherwise agreed under a SOW or accessed by an Affiliate for the sole purposes of performance of the Services the Supplier shall not transfer any Personal Data outside of the European Economic Area unless the prior consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Customer or GO Power has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferredobtained; and (iv) GO Power complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; (f) assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (g) 15.3.5 notify the Customer without undue delay on becoming aware of a Personal Data breach; AND (h) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the Agreement unless required by Applicable Data Processing Law to store the Personal Data;.

Without prejudice to the. generality of Clause 10.1clause 16.2, GO Power Veritas shall, in relation to any Personal Data processed in connection with the performance by GO Power of its obligations under this Agreementthe Contract: (a) process Process that Personal Data only on behalf of and in accordance with the documented written instructions of the Customer Client, unless GO Power Veritas is required by the laws of any member of the European Union or by the laws of the European Union applicable Applicable Laws to GO Power to process otherwise Process that Personal Data (Applicable Data Processing Laws)Data. Where GO Power Veritas is relying on laws of a member of the European Union or European Union law Applicable Laws as the basis for processing Processing Personal Data, GO Power Veritas shall promptly notify the Customer Client of this before performing the processing Processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power Veritas from so notifying the CustomerClient; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has in place appropriate technical Appropriate Technical and organisational measures Organisational Measures to protect against unauthorised or unlawful processing Processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing Processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (dc) ensure that all personnel who have access to and/or process Process Personal Data are obliged to keep the Personal Data confidential; (e) not transfer any Personal Data outside of the European Economic Area unless the consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Customer or GO Power has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) GO Power complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; (fd) assist the CustomerClient, at the Customer’s Client's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (ge) notify the Customer Client without undue delay on becoming aware of a Personal Data breach; ANDBreach; (hf) at the written direction of the CustomerClient, delete or return Personal Data and copies thereof to the Customer Client on termination of the Agreement Contract unless required by Applicable Data Processing Applica(ibi)le Law to store the Personal Data;; and (g) maintain complete and accurate records and information to demonstrate its compliance with (tihii)is clause 16 and allow for audits by the Client or the Client's designated auditor and promptly inform the Client if, in the opinion of Veritas, an instruction infringes the Data Protection Laws.

Without prejudice to the. generality of Clause 10.1, GO Power shall, in relation to any Personal Data processed in connection with the performance by GO Power of its obligations under this Agreement: (a) process that Personal Data only on the written instructions of the Customer unless GO Power is required by the applicable data processing laws of any member of the European Union or by the laws of the European Union applicable to GO Power to process Personal Data (Applicable Data Processing Laws). Where GO Power is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, GO Power shall promptly notify the Customer of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power from so notifying the CustomerW; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (d) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; (e) not transfer any Personal Data outside of the European Economic Area United Kingdom unless the consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Customer or GO Power has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) GO Power complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; (f) assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (g) notify the Customer without undue delay on becoming aware of a Personal Data breach; AND (h) at the written direction of the Customer, delete or return Personal Data and copies thereof to the Customer on termination of the Agreement unless required by Applicable Data Processing Law to store the Personal Data;

Without prejudice to the. generality of Clause 10.1clause 1.1, GO Power Quotient shall, in relation to any Personal Data processed in connection with the performance by GO Power Quotient of its obligations under this Agreementagreement: (a) process that Personal Data only on the written instructions of the Customer Sponsor unless GO Power Quotient is required by the laws of any member of the European Union or by the laws of the European Union applicable to GO Power Quotient to process Personal Data (Applicable Data Processing Laws). Where GO Power Quotient is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, GO Power Quotient shall promptly notify the Customer Sponsor of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power Quotient from so notifying the CustomerSponsor; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the Sponsor, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, services and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (dc) ensure that all personnel who have access to and/or process Personal Data are obliged to must keep the Personal Data confidential;; and (ed) not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer Sponsor has been obtained and the following these conditions are fulfilled: (i) the Customer Sponsor or GO Power Quotient has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power Quotient complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) GO Power Quotient complies with reasonable instructions notified to it in advance by the Customer with respect to Sponsor regarding the processing of the Personal Data; (fe) assist the CustomerSponsor, at the CustomerSponsor’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to regarding security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (gf) notify the Customer Sponsor without undue delay on becoming aware learning of a Personal Data breach; AND; (hg) at the written direction of the CustomerSponsor, delete or return Personal Data and copies thereof to the Customer Sponsor on termination of the Agreement agreement unless required by Applicable Data Processing Law to store the Personal Data;; and (h) maintain complete and accurate records and information to demonstrate its compliance with this clause one (1) and allow for audits by the Sponsor or the Sponsor’s designated auditor.

Without prejudice to the. generality of Clause 10.15.4, GO Power the Supplier shall, in relation to any Personal Data personal data processed in connection with the performance by GO Power the Supplier of its obligations under this Agreementagreement: (a) process that Personal Data personal data only on the documented written instructions of the Customer unless GO Power the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to GO Power the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process Personal Data personal data (Applicable Data Processing Laws). Where GO Power the Supplier is relying on laws of a member of the European Union or European Union law Applicable Laws as the basis for processing Personal Datapersonal data, GO Power the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power the Supplier from so notifying the Customer; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (d) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; (e) not transfer any Personal Data personal data outside of the European Economic Area and the United Kingdom unless the consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Customer or GO Power the Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data personal data that is transferred; and (iv) GO Power the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Datapersonal data; (fc) assist the Customer, at the Customer’s cost, in responding to any request from a Data Subject data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (gd) notify the Customer without undue delay on becoming aware of a Personal Data personal data breach; AND; (he) at the written direction of the Customer, delete or return Personal Data personal data and copies thereof to the Customer on termination of the Agreement agreement unless required by Applicable Data Processing Law to store the Personal Data;personal data; and (f) maintain complete and accurate records and information to demonstrate its compliance with this Clause 5 and immediately inform the Company if, in the opinion of the VAR, an instruction infringes the Data Protection Legislation.

Without prejudice to the. generality of Clause 10.1clause 2.1, GO Power Trace shall, in relation to any Client Personal Data processed in connection with the performance by GO Power Trace of its obligations under this Agreementagreement: (a) process that Client Personal Data only on the written instructions of the Customer unless GO Power Trace is required by the laws of any member of the European Union or by the laws of the European Union applicable to GO Power Trace to process any Client Personal Data (Applicable Data Processing Laws). Where GO Power Trace is relying on laws of a member of the European Union or European Union law as the basis for processing Client Personal Data, GO Power Trace shall promptly notify the Customer Client of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power Trace from so notifying the CustomerClient; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the Client, to protect against unauthorised or unlawful processing of Client Personal Data and against accidental loss or destruction of, or damage to, Client Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Client Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Client Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (dc) ensure that all personnel who have access to and/or process Client Personal Data are obliged to keep the Client Personal Data confidential;; and (ed) not transfer any Client Personal Data outside of the European Economic Area unless the prior written consent of the Customer Client has been obtained and the following conditions are fulfilled: (i) the Customer Client or GO Power Trace has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power Trace complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Client Personal Data that is transferred; and (iv) GO Power Trace complies with reasonable instructions notified to it in advance by the Customer Client with respect to the processing of the Client Personal Data; (fe) assist the CustomerClient, at the CustomerClient’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (gf) notify the Customer without Clientwithout undue delay on becoming aware of a Client Personal Data breach; AND; (hg) at the written direction of the CustomerClient, delete or return Client Personal Data and copies thereof to the Customer Client on termination of the Agreement agreement unless required by Applicable Data Processing Law to store the Client Personal Data;; and (h) maintain complete and accurate records and information to demonstrate its compliance with this clause and allow for audits by the Client or the Client’s designated auditor.

Without prejudice to the. generality of Clause 10.1clause 13.1.1, GO Power we shall, in relation to any Personal Data processed in connection with the performance by GO Power us of its our obligations under this Agreement: (a) process that Personal Data only on the your written instructions of the Customer unless GO Power is we are required by the laws of any member of the European Union or by the laws of the European Union applicable to GO Power us to process Personal Data (“Applicable Data Processing Laws”). Where GO Power is we are relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, GO Power we shall promptly notify the Customer you of this before performing the processing required by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power us from so notifying the Customeryou; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has we have in place appropriate technical and organisational measures measures, reviewed and approved by you, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (dc) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential;; and (ed) not transfer any Personal Data outside of the European Economic Area unless the your prior written consent of the Customer has been obtained and the following conditions are fulfilled: (i) the Customer or GO Power has either of us have provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) GO Power complies we comply with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) GO Power complies we comply with reasonable instructions notified to it us in advance by the Customer you with respect to the processing of the Personal Data; (fe) assist the Customeryou, at the Customer’s your cost, in responding to any request from a Data Subject data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (gf) notify the Customer you without undue delay on becoming aware of a Personal Data breach; AND; (hg) at the your written direction of the Customerdirection, delete or return Personal Data and copies thereof to the Customer you on termination of the this Agreement unless required by Applicable Data Processing Law to store the Personal Data;; and (h) maintain complete and accurate records and information to demonstrate its compliance with this clause 13.1.

Without prejudice to the. generality of Clause 10.1clause 11.2, GO Power shall, in relation to any the Service Provider must ensure that all Personal Data processed by or on behalf of the Service Provider in connection with the performance by GO Power course of its obligations under this Agreement:delivering the Services is processed in (a) process that Personal Data only on the written instructions of the Customer Council, unless GO Power the Service Provider is required by the laws of any member of the European Union or by the laws of the European Union (Applicable Laws) applicable to GO Power the Service Provider to otherwise process the Personal Data (Applicable Data Processing Laws)Data. Where GO Power the Service Provider is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Dataso required, GO Power it shall promptly notify the Customer of this Council before performing processing the processing required Personal Data, unless prohibited by the Applicable Data Processing Laws unless those Applicable Data Processing Laws prohibit GO Power from so notifying the CustomerLaw; (b) process that Personal Data only to the extent necessary for the legitimate interest of GO Power and its specified third parties, and as required for the performance of this Agreement and the rights of GO Power under it; (c) ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the Council, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (d) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; (ec) not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Customer Council has been obtained and the following conditions are fulfilled: (i) the Customer Council or GO Power the Service Provider has provided appropriate safeguards in relation to the transfer; (ii) the data subject Data Subject has enforceable rights and effective legal remedies; (iii) GO Power the Service Provider complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) GO Power the Service Provider complies with the reasonable instructions notified to it in advance by the Customer Council with respect to the processing of the Personal Data; (fd) notify the Council as soon as reasonably practicable if it receives: (i) a request from a Data Subject to have access to that individual’s Personal Data; (ii) a Right of Access, Rectification or Erasure Request; (iii) receives any other request, complaint or communication relating to either Party's obligations under the Data Protection Legislation (including any communication from the Information Commissioner); (e) at the Service Provider’s expense, assist the Customer, at the Customer’s cost, Council in responding to any request from a Data Subject and in ensuring compliance with its the Council's obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (g) notify the Customer without undue delay on becoming aware of a Personal Data breach; AND (hf) at the written direction of the CustomerCouncil, delete or return Personal Data and copies thereof to the Customer individual on termination or expiry of the this Agreement unless required by the Applicable Data Processing Law Laws to store the Personal Data; (g) maintain complete and accurate records and information to demonstrate its compliance with this clause 11.2 and allow for audits by the Council