Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 4.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time. 4.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 2 contracts
Sources: Software as a Service Agreement, Software as a Service Agreement
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legalitylegality , reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified described in the relevant Service Level Agreement or the Supplier’s Hosting Policy (as applicable). The Supplier may, without obligation to the Customer from time to time. Customer, make such additional backup or archiving arrangements as it sees fit.
5.3 In the event of any loss or damage to Customer DataData during the Licence Term, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in the relevant Service Level Agreement or the Supplier’s Hosting Policy (as applicable).
5.4 The Supplier shall not be required to maintain, back-up, protect or retrieve any Customer Data after the expiry of the Licence Term.
5.5 If the Customer utilises the customer service icon provided within the Software, the Customer acknowledges that any Customer Data uploaded via such archiving procedureservice will be subject to the relevant third-party supplier’s security policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software.
5.6 The Supplier shall not be responsible for any loss, loss suffered by the Customer as a result of or arising from the destruction, alteration alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except those third parties sub-contracted by and to the extent that the Supplier is entitled to perform services related recover and has so recovered an amount (net of the costs of recovery) equal to Customer Data maintenance and back-up)such loss from the relevant third party.
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.
4.4 5.7 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementthese Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer undertakes to comply with all the requirements of the Data Protection ▇▇▇ ▇▇▇▇ in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf;
(c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementthese Terms and Conditions of Use;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(cd) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, processing and transfer as required by all applicable data protection legislation;
(de) the Supplier shall process the personal data only in accordance with the terms these Terms and Conditions of this agreement Use and any lawful instructions reasonably given by the Customer from time to time; and;
(ef) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and
(g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use.
5.8 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.
Appears in 2 contracts
Sources: Software License Agreement, Software License Agreement
Customer Data. 4.1 7.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 7.2 The Supplier shall follow its archiving procedures for will ensure that there are regular back ups of Customer Data as may be notified to the Customer from time to timeData. In the event of any loss or damage to Customer DataData caused by the Supplier, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedureSupplier. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). If recovery of Customer Data is required as a result of an issue resulting from the Customer, the Supplier will use all reasonable endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier provided that the Customer pays the Supplier’s reasonable additional Fees for such recovery.
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.
4.4 7.3 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementContract, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) 7.3.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementContract;
(b) 7.3.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Contract on the Customer's behalf;
(c) 7.3.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) 7.3.4 the Supplier shall process the personal data only in accordance with the terms of this agreement Contract and any lawful instructions reasonably given by the Customer from time to time; and
(e) 7.3.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 2 contracts
Sources: Order Form, Order Form
Customer Data. 4.1 6.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 6.2 iplicit shall follow its archiving procedures for Customer Data as set out in its Backup Policy (▇▇▇.▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇) or such other website address as may be notified to the Customer from time to time, as such document may be amended by iplicit in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier iplicit to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up backup of such Customer Data maintained by the Supplier iplicit in accordance with such the archiving procedureprocedure described in its Backup Policy. The Supplier iplicit shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)party.
4.3 The Supplier 6.3 Iplicit shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇ and the Data Protection Addendum attached to these terms or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by Iplicit in its sole discretion.
4.4 6.4 If the Supplier iplicit processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier iplicit shall be a data processor and in any such case:
(a) : Unless agreed otherwise in writing by the Company, the Customer acknowledges and agrees that the personal data may not be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplieriplicit’s other obligations under this agreement;
(b) ; the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier iplicit so that the Supplier iplicit may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) ; the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier ; iplicit shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) and each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 2 contracts
Sources: Software Services Subscription Agreement, Software Services Subscription Agreement
Customer Data. 4.1 5.1. The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2. The Supplier shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy available at such website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back- Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.3. The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at such website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 5.4. If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) 5.4.1. the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) 5.4.2. the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) 5.4.3. the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) 5.4.4. each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 2 contracts
Sources: Software as a Service Agreement, Software as a Service Agreement
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at ▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer as such document may be amended by the Supplier in its sole discretion from time to timetime the current version of which is set out at Schedule 3 of this Agreement. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data as such document may be notified to the Customer amended from time to timetime by the Supplier in its sole discretion.
4.4 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(cb) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(dc) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(ed) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
5.5 The Supplier and the Customer shall comply with their respective obligations as set out in Schedule 4 of this Agreement
Appears in 2 contracts
Sources: Subscription Agreement, Subscription Agreement
Customer Data. 4.1 6.1 The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 6.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to timeset out in its Back-Up Policy. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 6.9).
4.3 6.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If 6.4 Both parties will follow all applicable requirements of the Data Protection Legislation. This clause 6 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation.
6.5 The parties acknowledge that:
(a) if the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be is the data controller and the Supplier shall be a is the data processor for the purposes of the Data Protection Legislation (where Data Controller and Data Processor have the meanings as defined in any such case:the Data Protection Legislation).
(ab) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;. If personal data is transferred or stored outside the UK, appropriate safeguards in accordance with UK GDPR, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), will be implemented to ensure compliance with UK data protection laws.
(b) 6.6 Without prejudice to the generality of clause 6.1, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data Personal Data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the personal data Personal Data in accordance with this agreement on the Customer's behalf.
6.7 Without prejudice to the generality of clause 6.1, the Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this agreement:
(a) Process that Personal Data only on the written instructions of the Customer, unless the Supplier is required by the laws of the United Kingdom, the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, or any applicable international laws to process Personal Data (Applicable Laws). In instances where the Supplier's data processing activities are subject to the laws of a member of the European Union due to cross-border operations or data transfers, and where such laws necessitate processing actions divergent from the Customer's instructions, the Supplier shall promptly notify the Customer of this requirement before commencing the processing required by the Applicable Laws, unless prohibited by those laws from providing such notification;
(b) Not transfer any Personal Data outside of the United Kingdom or to any country not deemed to have adequate data protection laws by the UK Information Commissioner's Office (ICO), unless the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer such as Standard Contractual Clauses (SCCs) specifically adapted for the data transfer requirements under the UK GDPR, or any future UK adequacy decisions. When transferring personal data outside the UK, the Supplier will ensure the use of Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or ensure that the destination country has been deemed to provide an adequate level of protection for personal data by the UK government;
(ii) the data subject has enforceable rights and effective legal remedies in accordance with the UK GDPR and the Data Protection Act 2018;
(iii) the Supplier ensures compliance with the UK Data Protection Legislation by providing an adequate level of protection to any Personal Data transferred, including adhering to any additional requirements set forth by the UK Information Commissioner's Office (ICO); and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a Data Subject and have given their consent toin ensuring compliance with its obligations under the Data Protection Legislation with respect to security, such usebreach notifications, processing, impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators;
(d) notify the Supplier shall process ICO within 72 hours of becoming aware of a data breach. Where the personal breach is likely to result in a high risk to the rights and freedoms of natural persons, notify the affected data only in accordance with subjects without undue delay.;
(e) at the terms written direction of this agreement the Customer, delete or return Personal Data and any lawful instructions reasonably given by copies thereof to the Customer from time on termination of the agreement unless required by Applicable Law to timestore the Personal Data; and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 6.
6.8 Each party shall take ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the personal data harm that might result from the unauthorised or its unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymisation and encr ypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
6.9 The Supplier will ensure that any sub-contractors appointed to process personal data on behalf of the Customer are subject to written agreements that require them to process such data only on documented instructions from the Customer and in full compliance with the requirements of the UK GDPR, particularly Article 28. The Supplier confirms that it has entered or (as the case may be) will enter with the third- party processor into a written agreement substantially on that third party's standard terms of business. As between the Customer and the Supplier, the Supplier shall remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 6. Full details of all third parties providing such services to the Supplier and who are processing Personal data under this agreement are available upon request.
6.10 The Supplier will update its Privacy Policy to reflect any changes in sub-processors or the addition of new sub-processors. It is the responsibility of the Customer to regularly review the Privacy Policy to stay informed of such changes.
6.11 The Customer acknowledges and agrees that the Supplier relies on third-party services for the hosting and processing of Customer Data pursuant to this agreement. Specifically, Amazon Web Services (AWS) is utilised as the primary infrastructure provider due to its robust data security measures and adherence to data protection legislation relevant to our operations. For comprehensive details regarding the use of AWS, including the location of data centres and the specific security and compliance measures in place, refer to Schedule 2 of this agreement. This schedule outlines how data storage and processing activities through AWS are conducted in strict conformity with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring the highest standards of data protection and security are maintained.
6.12 The Supplier will ensure that any use of Customer Data in aggregated and anonymised form is done in a manner that fully ensures such data cannot be re-identified, adhering to the standards of anonymisation defined under the UK GDPR.
6.13 The supplier will assist the customer in ensuring compliance with the data subject rights under the Data Protection Legislation, including but not limited to rights of access, correction, deletion, and data portability.
6.14 The customer shall have the right to conduct an audit of the supplier's data processing activities related to this agreement once per year to ensure compliance with Data Protection Legislation and the terms of this agreement. Such audit shall be conducted at the customers expense, with reasonable prior notice, and shall not unreasonably interfere with the supplier's business operations
6.15 Any revisions to this clause related to data protection will be made in compliance with the latest data protection legislation and best practices, ensuring the protection of data subjects' rights. The Customer will be notified at least 30 days in advance of any such changes, which will only be implemented with the Customer's consent if they materially alter the data protection obligations of the parties.
Appears in 2 contracts
Sources: Service Agreement, Service Agreement
Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier Siemens shall follow its archiving procedures for Customer Data as set out in its Data Management Principles for Stratos document available as a pdf at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/Footer/Legalor such other website address as may be notified to the Customer from time to time, as such document may be amended by Siemens in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier Siemens to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Siemens in accordance with such the archiving procedure. The Supplier shall not be responsible procedure described in its Data Management Principles for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)Stratos document.
4.3 The Supplier Siemens shall, in providing the Services, comply with its Data Protection Policy Security Principles for Stratos document relating to the privacy and security of the Customer Data available as a pdf at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇/Footer/Legal or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by Siemens in its sole discretion.
4.4 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(cb) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(dc) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(ed) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
4.5 Siemens shall own the Siemens Data. During the Subscription Term, the Customer shall have access to the Siemens Data. At the end of the Subscription Term the Customer shall return to Siemens all the Siemens Data.
Appears in 2 contracts
Sources: Stratos System Agreement, Stratos Subscription Agreement
Customer Data. 4.1 (5.1) The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier (5.2) Avari Solutions Ltd shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to timeData. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier Avari Solutions Ltd to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedure. The Supplier Avari Solutions Ltd. Avari Solutions Ltd shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier Avari Solutions Ltd to perform services related to Customer Data maintenance and back-back- up).
4.3 The Supplier (5.3) Avari Solutions Ltd shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data available at www.Avari Solutions ▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by Avari Solutions Ltd in its sole discretion.
4.4 (5.4) If the Supplier Avari Solutions Ltd processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Avari Solutions Ltd shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s Avari Solutions Ltd other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Avari Solutions Ltd so that the Supplier Avari Solutions Ltd may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(ed) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 2 contracts
Sources: Software as a Service Agreement, Software as a Service Agreement
Customer Data. 4.1 6.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 6.2 Where the Customer stores the Customer Data on its own systems, the Customer shall follow its archiving own back-up procedures for such Customer Data and Protean shall have no responsibility for any loss, destruction, alteration or disclosure of Customer Data that is held on the Customer’s own systems.
6.3 Where Protean is hosting the Customer Data, Protean shall follow its back-up procedures for Customer Data (details of which are available on request from Protean) or such other website address as may be notified to the Customer from time to time, as such procedures may be amended by Protean in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier Protean to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Protean in accordance with such archiving procedurethe back-up procedure described above. The Supplier Protean shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier Protean to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier 6.4 Protean shall, in providing supplying the Services, Software to the Customer comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available on request to the Customer and on such website address as may be notified to the Customer from time to time, as such document may be amended from time to time by Protean in its sole discretion.
4.4 6.5 If the Supplier Protean processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Protean shall be a data processor and in any such case:
(a) 6.5.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services Cloud Service and the Supplier▇▇▇▇▇▇▇’s other obligations under this agreement;
(b) 6.5.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Protean so that the Supplier Protean may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) 6.5.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier 6.5.4 Protean shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) 6.5.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
6.6 Without prejudice to clause 4.2, the Customer acknowledges and agrees that:
6.6.1 Protean is reliant upon third party providers in order to supply the Cloud Service; and
6.6.2 Protean shall have no liability to the Customer for any loss (including any loss arising from the loss or misuse of Customer Data) to the Customer which is caused by an act or omission of such third party providers.
6.7 The Customer acknowledges and agrees that when using the Software:
6.7.1 it is able to integrate with third party software (such as accounting software) in order to submit and exchange Customer Data; and
6.7.2 it shall indemnify Protean for any claim against Protean by such third party software suppliers arising from the Customer’s submission and exchange of Customer Data pursuant to clause 6.7.1.
6.8 The Customer hereby gives consent to Protean to allow Protean to collate and use its Customer Data for Protean’s own marketing and other commercial purposes, provided that such Customer Data is anonymised by Protean prior to its use, and such use is subject to Protean’s obligations of confidentiality under clause 11.
Appears in 2 contracts
Sources: Software Subscription Agreement, Software Subscription Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. The customer being a contractor of DSA Airport, the customer shall not own the rights, title and interest in and to the Data which belongs to DSA Airport.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted subcontracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 2 contracts
Sources: Software as a Service (Saas) Subscription Agreement, Software as a Service (Saas) Subscription Agreement
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy; such document may be notified to amended by the Customer Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted subcontracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data as Data; such document may be notified to the Customer amended from time to timetime by the Supplier in its sole discretion.
4.4 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 2 contracts
Sources: Software as a Service (Saas) Subscription Agreement, Software as a Service (Saas) Subscription Agreement
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at ▇▇▇▇://▇▇▇▇▇▇▇.▇▇/GDPR/security-and-data- protection/servers-security#a174 as such document may be notified to amended by the Customer Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇/staffwise_privacy.pdf or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion. The client will be notified 30 days before any amends.
4.4 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored temporarily outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 2 contracts
Sources: Services Agreements, Software Subscription Agreement
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legalitylegality , reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier Customer shall follow its have sole responsibility for the security, back-up, archiving procedures for and recovery of Customer Data as may be notified to Data.
5.3 If the Customer from time to time. In utilises the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained customer service icon provided by the Supplier in accordance with within the Software the Customer acknowledges that any Customer Data uploaded via such archiving procedureservice will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software.
5.4 The Supplier shall not be responsible for any loss, loss suffered by the Customer as a result of or arising from the destruction, alteration alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except those third parties sub-contracted by and to the extent that the Supplier is entitled to perform services related recover and has so recovered an amount (net of the costs of recovery) equal to Customer Data maintenance and back-up)such loss from the relevant third party.
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.
4.4 5.5 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementthese Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf;
(c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementthese Terms and Conditions of Use;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(cd) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, processing and transfer as required by all applicable data protection legislation;
(de) the Supplier shall process the personal data only in accordance with the terms these Terms and Conditions of this agreement Use and any lawful instructions reasonably given by the Customer from time to time; and;
(ef) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and
(g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use.
5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.
Appears in 2 contracts
Sources: Licensing Agreements, Licensing Agreements
Customer Data. 4.1 10.1 The Customer shall own all right, title grant to the Supplier access to any and interest in and to all of its data as set out in the Commercial Summary that is in the custody of any third party. Customer shall ensure that that third party provides access to or the Supplier to that data in a timely manner. Any delays in authorizations and/or access to the Customer Data and shall have in the custody of third parties is the sole responsibility of the Customer.
10.2 The Customer shall not use Infringing Data on the SaaS.
10.3 The Customer shall not provide any data, information, materials, and/or documents that are infringing Intellectual Property Rights.
10.4 The Customer grants a royalty-free, non-transferable, non-exclusive, non-revocable and worldwide licence and necessary permissions for the term of this Agreement, to the Supplier to use the Customer Data to the extent necessary to perform the SaaS and provide the Supplier Professional Services Deliverables.
10.5 Customer is responsible for the accuracy, quality, integrity, legality, reliability, integrityand appropriateness of all electronic data or information and Customer Data submitted by Customer to Supplier. Customer is solely responsible for the preparation, accuracy content, accuracy, quality and quality review of any documents, data, or output prepared or resulting from the use of the SaaS and/or any deliverable pursuant to a Statement of Work. The Customer acknowledges that the Supplier has no control over any Customer Data hosted as part of the provision of the SaaS and does not actively monitor the content of the Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. In the event the Supplier is required, on behalf of Customer, to reload or amend any erroneous Customer Data submitted by the Customer to the Supplier, the Supplier shall be entitled to charge the Customer for such services.
10.6 The Supplier shall notify the Customer immediately if it becomes aware of any loss or damage to allegation that any Customer Data, the Customer's sole Data may be Infringing Data and exclusive remedy shall be for the Supplier shall have the right to use reasonable commercial endeavours to restore the lost or damaged remove Customer Data from the latest back-up of such SaaS without the need to consult the Customer.
10.7 The Customer Data maintained by shall indemnify the Supplier, its Affiliates and each officers, directors, agent, employees, and subcontractors from and against all loss caused to the Supplier as a result of the Customer’s use of Infringing Data on the SaaS and/or the provision to the Supplier of any data, information, materials, and/or documents that are infringing Intellectual Property Rights.
10.8 The Supplier acknowledges that, as between the parties, all Intellectual Property Rights in accordance with such archiving procedurethe Customer materials are owned by Customer or licensors to Customer. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services may collect and use information related to Customer Data maintenance and back-up).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security Customer’s use of the Customer Data SaaS and any Submissions on the Supplier’s products and services, for the purposes of the administration of this Agreement and, as may be notified long as such information is not identifiable to the Customer from time or any individual User, to timetest, develop, improve and enhance its products and services and to create and own derivative works based on such Submission.
4.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 2 contracts
Sources: Saas Agreement, Saas Agreement
Customer Data. 4.1 5.1. The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 5.2. The Supplier shall follow its archiving procedures for maintenance of metadata related to Customer Data as set out in its Metadata Maintenance Policy available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/metadata-maintenance-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer with available Customer comprehensible metadata to restore the lost or damaged Customer Data from the latest back-up version of such metadata related to Customer Data maintained by the Supplier in accordance with such archiving procedurethe procedure described in its Metadata Maintenance Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 5.9).
4.3 5.3. The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If 5.4. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
5.5. The parties acknowledge that:
(a) if the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case:for the purposes of the Data Protection Legislation.
(ab) Schedule 2 sets out the Customer acknowledges scope, nature and agrees that purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.
(c) the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;.
(b) 5.6. Without prejudice to the generality of clause 5.4, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf.
5.7. Without prejudice to the generality of clause 5.4, the Supplier shall, in relation to any personal data processed in connection with the performance by the Supplier of its obligations under this agreement:
(a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
(b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled:
i. the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
ii. the data subject has enforceable rights and effective legal remedies;
iii. the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
iv. the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a data subject and have given their consent toin ensuring compliance with its obligations under the Data Protection Legislation with respect to security, such usebreach notifications, processing, impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators;
(d) notify the Supplier shall process Customer without undue delay on becoming aware of a personal data breach;
(e) at the written direction of the Customer, delete or return personal data it can reasonably identify and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data only in accordance with (and for these purposes the terms of this agreement and any lawful instructions reasonably given by the Customer from time term "delete" shall mean to timeput such data beyond use); and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation.
5.8. Each party shall take ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with (i) Amazon Web Services EMEA SARL or any other member of the Amazon Web Services Group; and (ii) any other third party processor the Supplier considers appropriate to the provision of the Services; as a third-party processor of personal data under this agreement. The Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business including terms related to the requirements of the Data Protection Legislation. As between the Customer and the Supplier, the Supplier shall use commercially reasonable efforts to enforce the terms of any third-party processor.
Appears in 1 contract
Sources: Software License Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. For the avoidance of doubt, the Company shall have no right or interest in the Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. 5.2 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier Company to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedureCompany. The Supplier Company shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)party.
4.3 5.3 The Supplier shall, in providing Company shall use commercially reasonable endeavours to maintain the Services, comply with its Data Protection Policy relating to the privacy and security confidentiality of the Customer Customer’s Data as may be notified to and shall not disclose or use this without the Customer from time to timeCustomer’s express consent.
4.4 5.4 If the Supplier Company processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Company shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierCompany’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Company so that the Supplier Company may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier Company shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
5.5 Upon termination of the Agreement for whatever reason, the Customer shall be entitled to an export of the Customer Data then held by the Company.
Appears in 1 contract
Sources: Subscription Agreement
Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier Tazio shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at ▇▇▇.▇▇▇▇▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by ▇▇▇▇▇ in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy Tazio shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Tazio in accordance with such the archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subprocedure described in its Back-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)Up Policy.
4.3 The Supplier Tazio shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by ▇▇▇▇▇ in its sole discretion.
4.4 If the Supplier Tazio processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Tazio shall be a data processor and in any such case:
(a) the Customer ▇▇▇▇▇ acknowledges and agrees that the personal data may only be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierTazio’s other obligations under this agreement with the Customer’s written agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Tazio so that the Supplier ▇▇▇▇▇ may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier ▇▇▇▇▇ shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
4.5 As soon as reasonably practicable, ▇▇▇▇▇ shall notify the Customer in writing, and provide such co- operation, assistance and information the Customer may reasonably require if Tazio:
(a) receives any complaint, notice or communication which relates directly or indirectly to the processing of personal data under this agreement or to the Customer or its affiliates;
(b) becomes aware of any security breach or personal data breach which relates directly or indirectly to the processing of personal data under this agreement; or
(c) receives a data subject rights request (including a data subject access request, request for erasure or rectification) which relates directly or indirectly to the processing of personal data under this agreement.
4.6 Tazio shall not release any press release or make any announcements relating to or referring to the Customer or its affiliates (including without limitation, any reference to this agreement and the Services hereunder) without first seeking the Customer’s written approval
Appears in 1 contract
Sources: Services Agreement
Customer Data. 4.1 5.1 The Customer and Supplier shall jointly own all rightrights, title and interest in and to all of the Customer Data and Data, the customer or its nominated users shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at ▇▇▇▇▇▇▇▇▇▇▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy [Privacy and Security Policy] relating to the privacy and security of the Customer Data available at Care ▇▇▇▇▇▇▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer or its users shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement, subject to customers user agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Customer Data. 4.1 9.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 9.2 The Supplier shall follow its archiving the procedures for Customer Data as set out in applicable Service Option, and such procedure may be notified to amended by the Customer Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest last available back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedureData. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 9.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy Policy relating to available on the privacy and security of the Customer Data InsightCloud Website or such other website address as may be notified to the Customer from time to timetime and such policy may be amended from time to time by the Supplier in its sole discretion.
4.4 9.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) 9.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreementAgreement;
(b) 9.4.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer's behalf;
(c) 9.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) 9.4.4 the Supplier shall process the personal data only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party 9.4.5 the Supplier shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
9.5 On termination of this Agreement, any Service Option or User Subscription (as the care may be) the Customer shall have 30 days to request a copy of the last back-up of the Customer Data. Thereafter, the Supplier shall be entitled to destroy the Customer Data at its discretion.
Appears in 1 contract
Sources: Software Services Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 5.2 Yotta shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by Yotta in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier Yotta to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Yotta in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier ▇▇▇▇▇ shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier Yotta to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier 5.3 Yotta shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by Yotta in its sole discretion.
4.4 5.4 If the Supplier Yotta processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Yotta shall be a data processor and in any such case:
(a) 5.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside within the EEA or the country where the Customer and the Authorised Users are located in order inorder to carry out the Services and the Supplier’s Yotta's other obligations under this agreement;
(b) 5.4.2 the Customer shall ensure that the Customer it complies with its obligations under applicable Data Protection Legislation and that it is entitled to transfer the relevant personal data to the Supplier Yotta so that the Supplier ▇▇▇▇▇ may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) 5.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislationData Protection Legislation;
(d) the Supplier 5.4.4 Yotta shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to timeprovisions of applicable Data Protection Legislation; and
(e) 5.4.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Software as a Service Agreement
Customer Data. 4.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier Customer grants to ▇▇▇▇▇▇▇! a royalty-free, non-exclusive, non-transferable licence to process Customer Data in accordance with the terms of this Agreement for the purpose of fulfilling its obligations under this Agreement.
4.3 ▇▇▇▇▇▇▇! shall follow its standard archiving procedures for Customer Data as may be notified to the Customer from time to timeData. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier ▇▇▇▇▇▇▇! to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier ▇▇▇▇▇▇▇! in accordance with such its standard archiving procedureprocedures. The Supplier ▇▇▇▇▇▇▇! shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to timeparty.
4.4 The Customer is able to download or export its Customer Data at any time. Instructions on how to do so are available on the Platform.
4.5 If the Supplier ▇▇▇▇▇▇▇! processes any personal data on the Customer’s behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier ▇▇▇▇▇▇▇! shall be a data processor and in any such case:
: (a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier ▇▇▇▇▇▇▇! so that the Supplier ▇▇▇▇▇▇▇! may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer's ’s behalf;
; (cb) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier ▇▇▇▇▇▇▇! shall process the personal data only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and
and (ec) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (d) any user shall ensure that when setting up workflows or making any other use of the Services that they possess the relevant consent or lawful permission to use, process and share End User Data and that they comply with all relevant data protection laws in all relevant jurisdiction(s) in relation to the data processed through the ▇▇▇▇▇▇▇! Platform.
Appears in 1 contract
Sources: Terms of Service
Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier shall follow its standard archiving procedures for Customer Data as may be notified to the Customer from time to timeData. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such its standard archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 The Customer acknowledges that the Supplier does not, as part of its operations in providing the Services, collect personal data for its own purposes. All data collected as a result of the use of the Services is stored anonymously by the Supplier. However, the Supplier shall, in providing the Services, comply with its Data Protection Policy legal and statutory obligations relating to the privacy and security of any personal data provided by the Customer Data as Customer’s service users. Anonymised data may be notified used by the Supplier to improve its services or for general dissemination of anonymised analysis to the Customer from time relevant industry and to timeCustomers.
4.4 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementobligations, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementobligations;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement these terms on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with these terms, the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Terms and Conditions
Customer Data. 4.1 9.1. The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The 9.2. In relation to Services which involve the Supplier shall follow its archiving procedures for storing Customer Data as may be notified to the Customer from time to time. In and in the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore ensure that the lost or damaged Customer Data from is secure and backed up and that the latest back-up of such Customer has electronic access to the Customer Data maintained stored by the Supplier to retrieve or manipulate at any time. If the Customer has no access to the Customer Data electronically, the Supplier shall, upon the Customer’s request grant such access necessary to retrieve/manipulate Customer Data within 7 working days from the request. In the event that the Customer requires Customer Data on physical media, the Customer can raise a request and the Supplier will apply reasonable endeavours to assist the Customer with the physical retrieval of Customer Data.
9.3. On the billing anniversary following the termination date of a Service which involves the storing or hosting of Customer Data by the Supplier, all Customer Data held within the Service shall cease to be available to the Customer to access. Any Customer Data will be retained in accordance with such archiving procedureto the extent set out in the applicable Service Option and can be retrieved by the Supplier (and then provided to the Customer in the format reasonably required) through the submission of a request to the Supplier by email.
9.4. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 9.5. The Supplier shall, in providing the Services, comply with its Data Protection Privacy Policy relating to available on the privacy and security of the Customer Data InsightCloud Website or such other website address as may be notified to the Customer from time to timetime and such policy may be amended from time to time by the Supplier in its sole discretion.
4.4 9.6. If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) 9.6.1. the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreementAgreement;
(b) 9.6.2. the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer's behalf;
(c) 9.6.3. the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) 9.6.4. the Supplier shall process the personal data only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party 9.6.5. the Supplier shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Software Services Agreement
Customer Data. 4.1 6.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Profile Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Profile Data.
4.2 6.2 The Supplier Service Provider shall follow its archiving procedures for Customer Data (Customer Profile Data and Customer Submitted Data) performing daily-automated back-ups of the entire member data as may be notified to the Customer from time to timedescribed in Schedule 3 below. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier Service Provider to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedureService Provider. The Supplier Service Provider shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier Service Provider to perform services related to Customer Data maintenance and back-up).
4.3 6.3 The Supplier Service Provider shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.required by all applicable General Data Protection Regulation (Regulation EU 2016/679 “GDPR”);
4.4 6.4 If the Supplier Service Provider processes any personal data on the Customer’s behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier Service Provider shall be a data processor (as agreed and defined in the Data Protection Agreement signed between the two parties and included as Annex 1 to this main contract) and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Service Provider so that the Supplier Service Provider may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer's behalf;
(cb) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(c) the Service Provider agrees that the personal data may not be transferred or stored outside the client’s chosen data storage region in order to carry out the Services and the Service Provider’s other obligations under this Agreement;
(d) the Supplier Service Provider shall process the personal data only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
(f) Regardless of the Agreement documents’ application hierarchy, Appendix 1 (Data Protection Agreement annex) will always be primarily applied in matters concerning data protection.
6.5 The Service Provider undertakes that the Services will be performed both by it and its duly authorised contractors, assigns or agents in accordance with the Documentation and with reasonable skill and care.
Appears in 1 contract
Sources: Services Agreement
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legalitylegality , reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified described in the Service Level Agreement or the Supplier’s Hosting Policy (as applicable). The Supplier may, without obligation to the Customer from time to time. Customer, make such additional backup or archiving arrangements as it sees fit.
5.3 In the event of any loss or damage to Customer DataData during the Licence Term, the Customer's sole and exclusive remedy Supplier shall be for under no obligation to retrieve the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Customer’s Data from the latest any back-up taken by or on behalf of such the Supplier.
5.4 The Supplier shall not be required to maintain, back-up, protect or retrieve any Customer Data maintained by after the expiry of the Licence Term.
5.5 If the Customer utilises the customer service icon provided within the Software, the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third-party supplier’s security policy. The Supplier in accordance with such archiving procedurecurrently utilises a Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software.
5.6 The Supplier shall not be responsible for any loss, loss suffered by the Customer as a result of or arising from the destruction, alteration alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except those third parties sub-contracted by and to the extent that the Supplier is entitled to perform services related recover and has so recovered an amount (net of the costs of recovery) equal to Customer Data maintenance and back-up)such loss from the relevant third party.
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.
4.4 5.7 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementthese Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer undertakes to comply with all the requirements of the Data Protection ▇▇▇ ▇▇▇▇ in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf;
(c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementthese Terms and Conditions of Use;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(cd) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, processing and transfer as required by all applicable data protection legislation;
(de) the Supplier shall process the personal data only in accordance with the terms these Terms and Conditions of this agreement Use and any lawful instructions reasonably given by the Customer from time to time; and;
(ef) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and
(g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use.
5.8 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.
Appears in 1 contract
Sources: Software License Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-back- up).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 5.4 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementAgreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: License Agreement
Customer Data. 4.1 3.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 3.2 CybSafe shall follow its archiving procedures for Customer Data and the Analytical Data as set out in its Back-Up Policy available at ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by CybSafe in its sole discretion from time to time. In the event of any loss or damage to Customer Data or Analytical Data, the Customer's sole and exclusive remedy shall be for the Supplier CybSafe to use reasonable commercial endeavours to restore the lost or damaged Customer Data or Analytical Data from the latest back-up of such Customer Data or Analytical Data maintained by the Supplier CybSafe in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier CybSafe shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier CybSafe to perform services related to Customer Data maintenance and back-up).
4.3 3.3 The Supplier Parties shall comply at all times with and assist each other in complying with their respective responsibilities for compliance with the obligations of Privacy and Data Protection Requirements in connection with the processing of Personal Data only as set out in Schedule 2 as updated in writing between the Parties from time to time, unless required to process the Personal Data for any other purpose by applicable Law in which case, where legally permitted, Customer or Cybsafe must inform the other of this legal requirement before processing.
3.3.1 CybSafe shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by CybSafe in its sole discretion.
4.4 If the Supplier 3.4 Where CybSafe processes any personal data on Personal Data, for which the Customer’s behalf customer determines the purpose and the means of processing when performing its obligations under this agreement▇▇▇▇, the parties record their intention that the Customer shall be the data controller and the Supplier CybSafe shall be a data processor processor.
3.4.1 Where Cybsafe determines the purpose and the means of processing, they shall be considered independent controllers.
3.4.2 Where Cybsafe jointly with others, determines the purpose and the means of processing, they shall be considered joint controllers.
3.5 Each Party agrees to their respective responsibilities and duties regarding processing as set out in any such caseSchedule 2 including to:
3.5.1 comply with data protection by design and data protection by default obligations under Privacy and Data Protection Requirements, including, where required, legitimate interest assessments and data protection impact assessments and associated consultation with data subjects, other Parties involved with the processing and any applicable supervisory authority, to ensure appropriate technical and organisational measures, including appropriate data protection governance and audit compliance, are implemented to safeguard the rights and freedoms of data subjects;
3.5.2 observe the principles of Privacy and Data Protection Requirements, including not retaining any of Personal Data for longer than is necessary to perform its obligations under this Agreement and upon the other Party’s reasonable request, securely destroy (aunless applicable Laws require continued storage of Personal Data) or return such Personal Data;
3.5.3 only transfer any Personal Data outside of the European Economic Area (the “EEA”) relying on Adequacy Decisions by the EU Commission or on appropriate standard contractual clauses (“Model Clauses”) between the Parties. In the event that the Adequacy Decision granted in respect of the Model Clauses is invalidated or suspended, or any supervisory authority requires transfers of personal information pursuant to such Model Clauses to be suspended, then the Parties may require to:
3.5.3.1 cease data transfers forthwith, and implement an alternative adequacy mechanism (as agreed in writing by the Parties); or
3.5.3.1 return all Personal Data previously transferred and ensure that a senior officer or director of Customer acknowledges or Cybsafe certifies to the other that this has been done.
3.6 monitor for, investigate and agrees that manage any actual or suspected personal data breach regarding processing activities undertaken by them, to inform the other Party of such personal data breaches without undue delay, and the other Party’s sole and exclusive remedy shall be for the first Party to use reasonable commercial endeavours to resolve the personal data breach;
3.7 comply with and provide information notices to data subjects regarding processing activities undertaken by them, including personal data breaches – such notices being available at [▇▇▇▇▇▇▇▇▇▇.▇▇▇] such other website address as may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data notified to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer other Party from time to time; , as such document may be amended from time to time by the first Party in its sole discretion;
3.8 notify any applicable law enforcement authority (including any applicable supervisory authority) regarding personal data breaches where required relating to processing activities undertaken by them;
3.9 fulfil any data subject rights request pertaining to their Personal Data or assist the other Party in doing so
3.10 notify the other Party without undue delay in writing if it receives from any applicable law enforcement authorities (including any applicable regulators) where permitted to do so:
3.11 any communication seeking to exercise rights conferred on the data subject by Privacy and Data Protection Requirements;
3.12 any complaint or any claim for compensation arising from or relating to the processing of Personal Data as set out in Schedule 2;
3.13 any communication from any applicable law enforcement authorities (including any applicable regulators);
3.14 provide such information and such assistance to the other Party as they may reasonably require, and within the timescales reasonably specified by the Parties, to allow the other Party to comply with their data protection by design and data protection by default obligations under Privacy and Data Protection Requirements, including, where required, consultation regarding legitimate interest assessments and data protection impact assessments, to ensure appropriate technical and organisational measures, including appropriate data protection governance and audit compliance, are implemented to safeguard the rights and freedoms of data subjects, including such full and prompt information and assistance to the other Party and any applicable law enforcement authorities (including any applicable regulators) in relation to a personal data breach.
3.15 Each Party shall designate a contact point for data subjects.
3.16 The Parties agree that they shall at no additional cost, keep or cause to be kept such information as is necessary to demonstrate compliance with their respective obligations under this clause (Data Protection) regarding the processing of Personal Data as set out in Schedule 2 carried out by the Parties in writing and in electronic form, and shall, upon reasonable notice, make available to the other Party or grant to the other Party and its auditors and agents, and any applicable law enforcement authority (including any applicable supervisory authority), a right of access to, and to take copies of, any information or records kept by the other Party pursuant to this clause (Data Protection) – this information to contain no less than:
3.17 their name and contact details, including those of its Companies, and, where applicable, of their representative, and their data protection officer;
(e) each party shall take 3.18 the details regarding their respective processing set out in schedule 2
3.19 a general description of the appropriate technical and organisational measures to protect Personal Data against unauthorised accidental or unlawful processing, loss, destruction, damage, alteration, or unauthorised disclosure or access, including so as to allow the Parties to comply with their obligations under Privacy and Data Protection Requirements – in particular to safeguard against the specific offences:
3.20 for a person knowingly or recklessly to re-identify Personal Data that is de-identified Personal Data without the consent of the controller responsible for de-identifying the personal data.
3.21 to alter, deface, block, erase, destroy or conceal Personal Data with the intention of preventing disclosure of all or part of the Personal Data that the person making the request would have been entitled to receive.
3.22 where transferring Personal Data to a third country or an international organisation, the identification of that third country or international organisation and, in the case of ex-EEA transfers without adequacy, binding corporate rules, code of conduct, data protection seals, or standard contractual clauses, the documentation of appropriate safeguards such as:
3.23 explicit consent from affected data subjects, or
3.24 evidence that the transfer is required for the performance or conclusion of the performance of a contract with said data subjects.
3.25 ensure that any staff or personnel (including contractors) authorised to process Personal Data shall be subject to a binding duty of confidentiality in respect of such data.
3.26 The Parties agree to notify each other immediately if, in the opinion of the other Party, the written arrangement for the processing of Personal Data given by the personal data Customer or its accidental loss, destruction or damageCybsafe violates any provision of Privacy and Data Protection Requirements.
3.27 Neither Party must not perform their obligations under this Agreement in such a way as to cause the other Party to violate any of their obligations under Privacy and Data Protection Requirements.
Appears in 1 contract
Sources: End User License Agreement (Eula)
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under Clause 5.9).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If 5.4 Both parties will comply with all applicable requirements of the Data Protection Legislation. This Clause 5 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation.
5.5 The parties acknowledge that:
(a) if the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case:for the purposes of the Data Protection Legislation.
(ab) [Schedule 4 sets out the Customer acknowledges scope, nature and agrees that purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.]
(c) the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;.
(b) 5.6 Without prejudice to the generality of Clause 5.4, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Software Subscription Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to set out in the Customer from time to timeService Definition. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in the Service Definition. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services specifically related to Customer Data maintenance and back-up).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy at Schedule 5 relating to the privacy and security of the Customer Data Data, as such document may be notified to the Customer amended from time to timetime by the Supplier in agreement with the accreditor of the RMADS referred to in Schedule 5.
4.4 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may only be transferred or stored outside in the EEA or UK without prejudice to the country where the Customer and ability of the Authorised Users are located to access such data from anywhere in order to carry out the Services and the Supplier’s other obligations under this agreementworld;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy as such document may be notified to amended by the Customer Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 4.9).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇▇▇▇▇▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 4 is in addition to, and does not relieve, remove or replace, a party's obligations under the Data Protection Legislation.
4.5 The parties acknowledge that:
(a) if the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be is the data controller and the Supplier shall be a is the data processor for the purposes of the Data Protection Legislation (where Personal Data, Data Controller and Data Processor have the meanings as defined in any such case:the Data Protection Legislation).
(ab) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;.
(b) 4.6 Without prejudice to the generality of clause 4.1, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data Personal Data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the personal data Personal Data in accordance with this agreement on the Customer's behalf.
4.7 Without prejudice to the generality of clause 4.1, the Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this agreement:
(a) process that Personal Data only on the written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier to process Personal Data (Applicable Laws). Where the Supplier is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
(b) ensure that all personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and
(c) not transfer any Personal Data outside of the EEA unless the following conditions are fulfilled:
(i) the Customer shall ensure or the Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and
(iv) the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required Supplier complies with reasonable instructions notified to it in advance by all applicable data protection legislationthe Customer with respect to the processing of the Personal Data;
(d) assist the Supplier shall process Customer, at the personal data only Customer's cost, in accordance responding to any request from a Data Subject and in ensuring compliance with its obligations under the terms of this agreement Data Protection Legislation with respect to security, breach notifications, impact assessments and any lawful instructions reasonably given by consultations with supervisory authorities or regulators;
(e) notify the Customer from time to timewithout undue delay on becoming aware of a Personal Data breach; and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 4 and allow for audits by the Customer or the Customer's designated auditor.
4.8 Each party shall take ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the personal data harm that might result from the unauthorised or its unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
4.9 The Customer does not consent to the Supplier appointing any third party processor of Personal Data under this agreement.
4.10 Either party may at the cost of the Customer for both parties, at any time on not less than 30 days' notice, revise this clause 4 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).
Appears in 1 contract
Sources: Service Agreement
Customer Data. 4.1 5.1. The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 5.2. The Supplier shall follow its archiving procedures for maintenance of metadata related to Customer Data as set out in its Privacy and Security Policy available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/privacy- security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer with available Customer comprehensible metadata to restore the lost or damaged Customer Data from the latest back-up version of such metadata related to Customer Data maintained by the Supplier in accordance with such archiving procedurethe procedure described in its Metadata Maintenance Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 5.9).
4.3 5.3. The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If 5.4. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
5.5. The parties acknowledge that:
(a) if the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case:for the purposes of the Data Protection Legislation.
(ab) Schedule 2 sets out the Customer acknowledges scope, nature and agrees that purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.
(c) the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Authorized Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;.
(b) 5.6. Without prejudice to the generality of clause 5.4, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf.
5.7. Without prejudice to the generality of clause 5.4, the Supplier shall, in relation to any personal data processed in connection with the performance by the Supplier of its obligations under this agreement:
(a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
(b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a data subject and have given their consent toin ensuring compliance with its obligations under the Data Protection Legislation with respect to security, such usebreach notifications, processing, impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators;
(d) notify the Supplier shall process Customer without undue delay on becoming aware of a personal data breach;
(e) at the written direction of the Customer, delete or return personal data it can reasonably identify and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data only in accordance with (and for these purposes the terms of this agreement and any lawful instructions reasonably given by the Customer from time term "delete" shall mean to timeput such data beyond use); and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation.
5.8. Each party shall take ensure that it has in place appropriate technical and organisational measures to protect against unauthorised unauthorized or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorized or unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with
Appears in 1 contract
Sources: Software License Agreement
Customer Data. 4.1 The As between Customer shall own and SKIDATA, all right, title data created or transmitted by Customer and interest in and to all stored on the SKIDATA servers (or those of its subcontractor or other designee) as part of the Hosted Services (the “Customer Data and Data”) shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of at all times be owned by Customer. SKIDATA will back up or otherwise protect the Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as , transactional history and other information that may be notified to included in the Customer from time to timeSKIDATA or the Hosted Services databases using state-of-the-art technology. In the event of any loss or damage to Customer DataNevertheless, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.
4.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that SKIDATA shall have no responsibility, obligation or liability to do the personal data aforementioned and that SKIDATA makes no warranty or guarantee other than required by law. Any and all of Customer´s use of the Hosted Service, or any use utilizing Customer´s account information, shall be Customer´s re- sponsibility. Without limitation, Customer acknowledges that in no event shall SKIDATA be liable to Customer or any third party for loss, destruction or corruption of Customer Data. Customer agrees and acknowledges that Customer is in a better position to foresee and evalu- ate any potential damage or loss Customer may be transferred suffer in connection with the loss of Customer Data and that the fees payable under this Agreement have been calculated on the basis that SKIDATA shall exclude liability as provided in this Section. • SKIDATA may transfer, store and process Customer Data in any country in which SKIDATA or stored outside its parent company, subsidiaries, other related entities or any of their subcontractors, vendors or other representatives, maintain facilities. In using the EEA or the country where Services, Customer consent to this transfer, processing and storage of the Customer and the Authorised Users are located in order Data. • Customer is solely responsible for responding to carry out the Services and the Supplier’s other obligations under this agreement;
(b) any third party requests relating to the Customer Data. • Without limiting the disclaimers of warranty and limitations of liability set forth below, Customer acknowledges and agrees that SKI- DATA shall ensure not be responsible or liable, in any way, for the deletion, correction, destruction, damage, loss or failure to store any Customer Data, unless such deletion, correction, destruction, damage, loss or failure is directly attributable to the gross negligence of SKIDATA with- out any contributory negligence of the part of Customer or Customer´s end-users, affiliates, employees, agents, representatives, invitees or licensees. • SKIDATA is not responsible for any lost files, information or data, including but not limited to such losses that the are a direct result of SKIDATA’s gross negligence. Without limiting any release set forth herein, Customer releases and gives up any and all claims and rights Customer may have against any SKIDATA Parties (as defined in Clause 9) based upon such loss or damage. SKIDATA will undertake commercially reasonable efforts to contain such losses, if they emerge. • Upon request Customer is entitled to transfer a data-export of end-user, sales and access data in a .csv file format once per year free of charges. Additional requests may be processed only against costs dependent on effort. • As processor of the relevant personal data to the Supplier so that the Supplier may lawfully useAuthorized Distributor, process and transfer if any, SKIDATA is processing the personal data in accordance with this agreement on the Customer's behalf;
(c) of the Customer shall ensure that (respectively personal end-user data). With the relevant third parties have been informed ofData Processing Agreement (DPA), an agreement signed by Customer and have given their consent toAuthorized Distributor, such useif any, processingor SKI- DATA, SKIDATA and transfer as required by all applicable the Authorized Distributor commit to comply with data protection legislation;
(d) obligations. • SKIDATA undertakes to comply with security standards according to ISO/IEC 27001. • Customer acknowledges that SKIDATA may be required to disclose Customer`s Data by law or at the Supplier shall process the personal data only in accordance with the terms request of this agreement a governmental, ad- ministrative, legislative, arbitrational or judicial body and any lawful instructions reasonably given by the Customer from time agrees to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damagesuch disclosure.
Appears in 1 contract
Sources: Hosted Services Agreement
Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available on request in writing as such document may be notified to amended by the Customer Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-back- up).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Saas Subscription Agreement
Customer Data. 4.1 6.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 6.2 Smartway2 Ltd shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier Smartway2 Ltd to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by Smartway2 Ltd. For the Supplier in accordance avoidance of doubt, back-up procedures do not form part of the Services and are offered to the Customer with such archiving procedureno warranty or guarantee of their date, accuracy or integrity. The Supplier Smartway2 Ltd shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by party.
6.3 The Customer grants to the Supplier a non-exclusive, non-transferable licence to perform services related to access and view the Customer Data maintenance for the purposes assessing and back-up).
4.3 The Supplier improving the Services during the Subscription Term. Smartway2 Ltd shall not modify the Customer Data and shall, in providing the Services, comply with its Data Protection Policy commercially prudent practices relating to the privacy and security of the Customer Data as may be notified to the Customer from time to timeData.
4.4 6.4 If the Supplier Smartway2 Ltd processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Smartway2 Ltd shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierSmartway2 Ltd’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer it is entitled to transfer the relevant personal data to the Supplier Smartway2 Ltd so that the Supplier Smartway2 Ltd may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(ed) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Customer Data. 4.1 5.1 The Customer shall own all right, title is responsible for the reliability and interest in and to all accuracy of the any Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Datawhich it provides to Moixa.
4.2 The Supplier 5.2 Moixa shall follow its archiving procedures for Customer Data as set out in its back-up policy available at ▇▇▇.▇▇▇▇▇.▇▇▇ (“Back-Up Policy”) or such other website address as may be notified to the Customer from time to time. The Back-Up Policy may be amended by Moixa in its sole discretion from time to time provided that, if significant changes are made to terms forming part of this Agreement and the Customer does not agree the changes, the Customer will be entitled to terminate this Agreement by giving notice by email to ▇▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇.
5.3 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy Moixa shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Moixa in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier Moixa shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party except (except those i) the Hosting Services Provider and (ii) where any third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)party acted on Moixa’s instructions.
4.3 The Supplier 5.4 Moixa shall, in providing the ServicesMoixa Dashboard, comply with its Data Protection Policy privacy policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇.▇▇▇ (“Privacy Policy”) or such other website address as may be notified to the Customer from time to time. The Privacy Policy may be amended from time to time by Moixa in its sole discretion provided that, if significant changes are made to terms forming part of this Agreement and the Customer does not agree the changes, the Customer will be entitled to terminate this Agreement by giving notice by email to ▇▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇.
4.4 5.5 Moixa shall use the Customer Data:
(a) to provide the Moixa Dashboard to the Customer, including Moixa’s use of the Hosting Service Provider for storage of Customer Data in accordance with the Hosting Service Provider Customer Agreement;
(b) to perform analysis on the Customer Data in accordance with the Privacy Policy to improve Moixa’s products and services;
(c) to aggregate information and statistics for the purposes of monitoring performance of the Moixa Dashboard in order to help Moixa to develop the Moixa Dashboard; and
(d) where the owner of the Smart Battery has granted you the rights to use the battery, giving such owner access to the data for the purposes of calculating and verifying the generation of electricity and battery usage.
5.6 If the Supplier Moixa processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are is located in order to carry out provide the Services Moixa Dashboard and the Supplier’s perform Moixa's other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier Moixa shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to timePrivacy Policy; and
(ec) each party Moixa shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: End User Agreement
Customer Data. 4.1 6.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedure. The Supplier 6.2 Apposite shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier Apposite to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier 6.3 Apposite shall, in providing the ServicesProducts, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data (as identified in the Table) (such document may be notified to the Customer amended from time to timetime by Apposite and/or its Technology Provider in its sole discretion).
4.4 6.4 If the Supplier Apposite processes any personal data Personal Data on the Customer’s behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier Apposite shall be a data processor (as defined in the DPA) and in any such case:
(a) the Customer acknowledges and agrees that the personal data Personal Data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out provide the Products. The Customer consents for Apposite to receive, share and transfer Personal Data arising from use of the Products and/or Hosted Services and with telecommunications or other providers used in conjunction with the Supplier’s other obligations under this agreementProducts and/or Hosted Services;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data Personal Data to the Supplier Apposite so that the Supplier they may lawfully use, process and transfer the personal data Personal Data in accordance with this agreement Agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislationunder the DPA;
(d) the Supplier Personal Data shall process the personal data be processed only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational organizational measures against unauthorised or unlawful processing of the personal data Personal Data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: End User Terms and Conditions
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 The Supplier 5.2 MY DIGITAL shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy, as such document may be notified to the Customer amended by MY DIGITAL in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against MY DIGITAL shall be for the Supplier MY DIGITAL to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier MY DIGITAL in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier MY DIGITAL shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier MY DIGITAL to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 5.10). The Customer shall ensure that each of its Authorised Users is aware of the Back Up Policy and MY DIGITAL’s obligations with regard to the restoration of Customer Data.
4.3 5.3 The Supplier Privacy Policy is incorporated into this contract by reference and applies to the Subscription Services. The Customer acknowledges and agrees that Customer Data shall be collected and used by MY DIGITAL in accordance with the Privacy Policy and shall ensure that each Authorised User is aware of the Privacy Policy and provides its prior written consent to the Customer which shall confirm that each Contractor User and End Client User has seen and agrees to that party’s personal data being used by MY DIGITAL in accordance with the Privacy Policy. MY DIGITAL shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to timeData.
4.4 If 5.4 Both parties will comply with all applicable requirements of the Supplier Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
5.5 The Customer shall not disclose (and shall not permit any data subject to disclose), any sensitive personal data/special categories of personal data to MY DIGITAL for processing.
5.6 The parties acknowledge that where MY DIGITAL processes any personal data as described in this contract on the Customer’s behalf when performing its obligations under this agreementcontract, and for the purposes of this Contract, the parties record their intention that Customer is the controller and MY DIGITAL is the processor for the purposes of the Data Protection Legislation.
5.7 Without prejudice to the generality of clause 5.4, the Customer shall be will ensure that it has all necessary appropriate consents and notices in place to enable the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that lawful transfer of the personal data may be transferred or stored outside to MY DIGITAL for the EEA or the country where the Customer duration and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under purposes of this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier contract so that the Supplier MY DIGITAL may lawfully use, process and transfer the personal data in accordance with this agreement contract on the Customer's behalf.
5.8 Without prejudice to the generality of clause 5.4, MY DIGITAL shall, in relation to any personal data processed in connection with the performance by MY DIGITAL of its obligations under this contract:
(a) process that personal data only on the documented written instructions of the Customer unless MY DIGITAL is required by the laws of any member of the European Union or by the laws of the European Union applicable to MY DIGITAL and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where MY DIGITAL is relying on Applicable Laws as the basis for processing personal data, MY DIGITAL shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit MY DIGITAL from so notifying the Customer;
(b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled:
(i) the Customer or MY DIGITAL has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) MY DIGITAL complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
(iv) MY DIGITAL complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a data subject and have given their consent toin ensuring compliance with its obligations under the Data Protection Legislation with respect to security, such usebreach notifications, processing, impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators;
(d) notify the Supplier shall process Customer without undue delay on becoming aware of a personal data breach;
(e) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of this contract unless required by Applicable Law to store the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to timedata; and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Company if, in the opinion of the MY DIGITAL, an instruction infringes the Data Protection Legislation.
5.9 Each party shall take ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
5.10 The Customer consents to MY DIGITAL appointing AWS Europe as a third-party processor of personal data under this contract. MY DIGITAL confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business and which reflect the requirements of the Data Protection Legislation. As between the Customer and MY DIGITAL, MY DIGITAL shall remain fully liable for all acts or omissions of any third- party processor appointed by it pursuant to this clause 5.
5.11 The Customer acknowledges and agrees that internet transmissions are never completely private or secure and that any message or information which is sent or received using the Services may be read or intercepted by others, even if a particular transmission is encrypted.
5.12 The Customer consents (on behalf of itself and each Authorised User) to MY DIGITAL collecting and using technical information about the devices and related software, hardware and peripherals for services that are internet or wireless based to improve its products and to provide any Services to the Customer.
Appears in 1 contract
Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all Customer Data.
4.2 The Supplier Customer acknowledges and agrees that the Customer Data shall follow its be transferred to and stored by the PaaS Supplier.
4.3 The archiving procedures for Customer Data as may shall be notified to the Customer from time to timeby the Supplier. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to require the PaaS Supplier to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the PaaS Supplier in accordance with such the PaaS Supplier’s then current archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)party.
4.3 4.4 The Supplier shall, in providing the Services, comply with its Data Protection Policy privacy and IT and communications system policies relating to the privacy and security of the Customer Data as such policies may be notified to the Customer amended from time to timetime by the Supplier in its sole discretion.
4.4 4.5 If the Supplier and/or the PaaS Supplier processes any personal data on the Customer’s 's behalf when performing its the Supplier’s obligations under this agreementagreement (including the processing set out in Schedule 6), the parties record their intention that the Customer shall be the data controller and the Supplier and/or PaaS Supplier as appropriate shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA United Kingdom or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier and/or PaaS Supplier as appropriate for the duration and purposes of this agreement so that the Supplier and/or PaaS Supplier as appropriate may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;; and
(c) the Customer shall ensure that the all relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable Data Protection Legislation.
4.6 The Supplier shall, in relation to any personal data processed by it on the Customer’s behalf when performing its obligations under this agreement:
(a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
(b) not transfer any personal data outside of the United Kingdom unless the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection legislationto any personal data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators;
(d) notify the Supplier shall process Customer without undue delay on becoming aware of a personal data breach;
(e) at the written direction of the Customer take all reasonable steps to delete or return personal data to the Customer on termination of the agreement unless required by Applicable Law to store the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to timedata; and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 4 and immediately inform the Customer if an instruction infringes the Data Protection Legislation.
4.7 Each party shall take ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
4.8 The Customer consents to the Supplier appointing the PaaS Supplier as a third-party processor of personal data under this agreement. The Supplier confirms that it has entered into a written agreement on that third party's standard terms of business which reflect the requirements of the Data Protection Legislation.
4.9 Either party may, at any time on not less than 30 days' notice, revise this clause 4 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement).
4.10 Both parties will comply with all applicable requirements of the Data Protection Legislation and acknowledge that this obligation is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
Appears in 1 contract
Customer Data. 4.1 5.1 The Customer shall own all right, title is responsible for the reliability and interest in and to all accuracy of the any Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Datawhich it provides to Moixa.
4.2 The Supplier 5.2 Moixa shall follow its archiving procedures for Customer Data as set out in its back-up policy available at ▇▇▇.▇▇▇▇▇.▇▇▇ (“Back-Up Policy”) or such other website address as may be notified to the Customer from time to time. The Back-Up Policy may be amended by Moixa in its sole discretion from time to time provided that, if significant changes are made to terms forming part of this Agreement and the Customer does not agree the changes, the Customer will be entitled to terminate this Agreement by giving notice by email to ▇▇▇▇▇▇▇@▇▇▇▇▇.▇▇▇.
5.3 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy Moixa shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Moixa in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier Moixa shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party except (except those i) the Hosting Services Provider and (ii) where any third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)party acted on Moixa’s instructions.
4.3 The Supplier 5.4 Moixa shall, in providing the ServicesMoixa Dashboard, comply with its Data Protection Policy privacy policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇.▇▇▇ (“Privacy Policy”) or such other website address as may be notified to the Customer from time to time. The Privacy Policy may be amended from time to time by Moixa in its sole discretion provided that, if significant changes are made to terms forming part of this Agreement and the Customer does not agree the changes, the Customer will be entitled to terminate this Agreement by giving notice by email to
5.5 Moixa shall use the Customer Data:
(a) to provide the Moixa Dashboard to the Customer, including Moixa’s use of the Hosting Service Provider for storage of Customer Data in accordance with the Hosting Service Provider Customer Agreement;
(b) to perform analysis on the Customer Data in accordance with the Privacy Policy to improve Moixa’s products and services;
(c) to aggregate information and statistics for the purposes of monitoring performance of the Moixa Dashboard in order to help Moixa to develop the Moixa Dashboard; and
(d) where the owner of the Smart Battery has granted you the rights to use the battery, giving such owner access to the data for the purposes of calculating and verifying the generation of electricity and battery usage.
4.4 5.6 If the Supplier Moixa processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are is located in order to carry out provide the Services Moixa Dashboard and the Supplier’s perform Moixa's other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier Moixa shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to timePrivacy Policy; and
(ec) each party (Moixa shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: End User Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data (or have an appropriate licence to use such rights where the Customer relates to an End User) and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 5.2 Causeway shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy available at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/ or such other website address as may be notified to the Customer from time to time, as such document may be amended by ▇▇▇▇▇▇▇▇ in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier Causeway to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Causeway in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier Causeway shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier Causeway to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier 5.3 Causeway shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇.▇▇▇▇▇▇▇▇.▇▇▇/ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by Causeway in its sole discretion.
4.4 5.4 If the Supplier Causeway processes any personal data on the Customer’s 's (or an End User’s) behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Causeway shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to timeData. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇-▇▇▇▇▇▇.▇▇▇/privacy-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier Customer will not have any access to any Customer Data during a suspension or following termination of this agreement.
5.3 CHL shall follow its archiving procedures for Customer Data available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such procedure may be amended by CHL in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier CHL to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedureCHL. The Supplier CHL shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)party.
4.3 The Supplier 5.4 CHL shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by CHL in its sole discretion.
4.4 5.5 If the Supplier CHL processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier CHL shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierCHL’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier CHL so that the Supplier CHL may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier CHL shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Cloud Terms of Service
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legalitylegality , reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified described in the Service Level Agreement or the Supplier’s Hosting Policy (as applicable). The Supplier may, without obligation to the Customer from time to time. Customer, make such additional backup or archiving arrangements as it sees fit.
5.3 In the event of any loss or damage to Customer DataData during the Licence Term, the Customer's sole and exclusive remedy Supplier shall be for under no obligation to retrieve the Customer’s Data from any back- up taken by or on behalf of the Supplier.
5.4 The Supplier shall not be required to use reasonable commercial endeavours to restore the lost maintain, back-up, protect or damaged retrieve any Customer Data from after the latest back-up expiry of such the Licence Term.
5.5 If the Customer utilises the customer service icon provided within the Software, the Customer acknowledges that any Customer Data maintained by uploaded via such service will be subject to the relevant third-party supplier’s security policy. The Supplier in accordance with such archiving procedurecurrently utilises a Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software.
5.6 The Supplier shall not be responsible for any loss, loss suffered by the Customer as a result of or arising from the destruction, alteration alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except those third parties sub-contracted by and to the extent that the Supplier is entitled to perform services related recover and has so recovered an amount (net of the costs of recovery) equal to Customer Data maintenance and back-up)such loss from the relevant third party.
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.
4.4 5.7 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementthese Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer undertakes to comply with all the requirements of the Data Protection ▇▇▇ ▇▇▇▇ in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf;
(c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementthese Terms and Conditions of Use;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(cd) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, processing and transfer as required by all applicable data protection legislation;
(de) the Supplier shall process the personal data only in accordance with the terms these Terms and Conditions of this agreement Use and any lawful instructions reasonably given by the Customer from time to time; and;
(ef) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and
(g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use.
5.8 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.
Appears in 1 contract
Sources: Software License Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier Customer acknowledges and agrees to create, assign and maintain the Unique Identifier assigned to their Customer Data across all types of Data Sources for the duration of this agreement
5.3 Activ8 Intelligence shall follow its archiving procedures for Customer Data as set out in its Backup Policy (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en_US/saas-terms-and-conditions)) or such other website address as may be notified to the Customer Customer, as such a document may be amended by Activ8 Intelligence in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier Activ8 Intelligence to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up backup of such Customer Data maintained by the Supplier Activ8 Intelligence in accordance with such the archiving procedureprocedure described in its Backup Policy. The Supplier Activ8 Intelligence shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)party.
4.3 The Supplier 5.4 Activ8 Intelligence shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en_US/saas- terms-and-conditions) and the Activ8 Intelligence Data Protection Agreement attached to these terms, or such other website address as may be notified to the Customer from time to time, as such documents may be amended from time to time by Activ8 Intelligence in its sole discretion.
4.4 5.5 If the Supplier Activ8 Intelligence processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Activ8 Intelligence shall be a data processor and in any such case:
(a) Unless agreed otherwise in writing by the Company, the Customer acknowledges and agrees that the personal data may not be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierActiv8 Intelligence’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Activ8 Intelligence so that the Supplier Activ8 Intelligence may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier Activ8 Intelligence shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
f) Activ8 Intelligence may collect, use, and disclose data derived from Customer’s use of the Service for industry analysis, benchmarking, analytics, marketing, and other business purposes in support of the provision of the Service. Any such data will be in aggregate form only and will not contain Customer identifiable data unless agreed in writing.
Appears in 1 contract
Customer Data. 4.1 6.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 6.2 Iplicit shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy available at ▇▇▇.▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by Iplicit in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier Iplicit to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Iplicit in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier Iplicit shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)party.
4.3 The Supplier 6.3 Iplicit shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by Iplicit in its sole discretion.
4.4 6.4 If the Supplier Iplicit processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Iplicit shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierIplicit’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Iplicit so that the Supplier Iplicit may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier Iplicit shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Customer Data. 4.1 5.1 The Customer Customer’s Group shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 5.2 SDS shall follow its archiving procedures for Customer Data as set out in its back-up policy available at ▇▇▇.▇-▇-▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by SDS in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier SDS to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier SDS in accordance with such the archiving procedureprocedure described in its back-up policy. The Supplier SDS shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier SDS to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier 5.3 SDS shall, in providing the Services, comply with its Data Protection Policy privacy and security policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇-▇-▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by SDS in its sole discretion.
4.4 5.4 If the Supplier SDS processes any personal data on the Customer’s Group’s behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier SDS shall be a data processor and in any such case:
(a) 5.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierSDS’s other obligations under this agreementAgreement. SDS will choose a UK data centre as its preferred data storage location. Should any transfer be required this will always be done subject to the implementation of the same or better legal protection as the UK;
(b) 5.4.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier SDS so that the Supplier SDS may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer's ’s behalf;
(c) 5.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) 5.4.4 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: SDS Cloud Licence Agreement
Customer Data. 4.1 5.1. The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 5.2. The Supplier shall follow its archiving procedures for maintenance of metadata related to Customer Data as set out in its Privacy and Security Policy available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/privacy- security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours endeavors to provide the Customer with available Customer comprehensible metadata to restore the lost or damaged Customer Data from the latest back-up version of such metadata related to Customer Data maintained by the Supplier in accordance with such archiving procedurethe procedure described in its Metadata Maintenance Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 5.9).
4.3 5.3. The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If 5.4. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
5.5. The parties acknowledge that:
(a) if the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case:for the purposes of the Data Protection Legislation.
(ab) Schedule 2 sets out the Customer acknowledges scope, nature and agrees that purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.
(c) the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Authorized Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;.
(b) 5.6. Without prejudice to the generality of clause 5.4, the Customer shall will ensure that it has all necessary and appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf.
5.7. Without prejudice to the generality of clause 5.4, the Supplier shall, in relation to any personal data processed in connection with the performance by the Supplier of its obligations under this agreement:
(a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
(b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a data subject and have given their consent toin ensuring compliance with its obligations under the Data Protection Legislation with respect to security, such usebreach notifications, processing, impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators;
(d) notify the Supplier shall process Customer without undue delay on becoming aware of a personal data breach;
(e) in accordance with clause 14.1 (b), delete or return personal data on termination of the agreement unless required by Applicable Law to store the personal data only in accordance with (and for these purposes the terms of this agreement and any lawful instructions reasonably given by the Customer from time term "delete" shall mean to timeput such data beyond use); and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation.
5.8. Each party shall take ensure that it has in place appropriate technical and organisational organizational measures to protect against unauthorised unauthorized or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorized or unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organizational measures adopted by it).
5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with
Appears in 1 contract
Sources: Software License Agreement
Customer Data. 4.1 7.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 7.2 For Service hosted on Supplier infrastructure or by Supplier Hosting Provider:
7.2.1 The Supplier shall follow its archiving procedures for will ensure that there are regular back ups of Customer Data as may be notified to the Customer from time to timeData. In the event of any loss or damage to Customer DataData caused by the Supplier, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-back- up of such Customer Data maintained by the Supplier in accordance with such archiving procedure. Supplier.
7.2.2 The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 The 7.2.3 If recovery of Customer Data is required as a result of an issue resulting from the Customer, the Supplier shall, in providing will use all reasonable endeavours to restore the Services, comply with its lost or damaged Customer Data Protection Policy relating to from the privacy and security latest back-up of such Customer Data maintained by the Supplier provided that the Customer pays the Supplier’s reasonable additional Fees for such recovery; and for the avoidance of doubt Customer acknowledges and agrees that where the Service is hosted by Customer or Customer’s third party provider then Customer shall be responsible for ensuring that all Customer Data as may is appropriately backed up and the Supplier shall not be notified responsible for any losses arising from a failure to the take appropriate back-ups or recover any Customer from time to timeData howsoever arising.
4.4 7.3 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementContract, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) 7.3.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementContract;
(b) 7.3.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Contract on the Customer's behalf;
(c) 7.3.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) 7.3.4 the Supplier shall process the personal data only in accordance with the terms of this agreement Contract and any lawful instructions reasonably given by the Customer from time to time; and
(e) 7.3.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Services Agreement
Customer Data. 4.1 The As between Customer shall own and SKIDATA, all right, title data created or transmitted by Customer and interest in and to all stored on the SKIDATA servers (or those of its subcontractor or other designee) as part of the Hosted Services (the “Customer Data and Data”) shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of at all times be owned by Customer. SKIDATA will back up or otherwise protect the Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as , transactional history and other information that may be notified to included in the Customer from time to timeSKIDATA or the Hosted Services databases using state-of-the-art technology. In the event of any loss or damage to Customer DataNevertheless, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.
4.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that SKIDATA shall have no responsibility, obligation or liability to do the personal data aforementioned and that SKIDATA makes no warranty or guarantee other than required by law. Any and all of Customer´s use of the Hosted Service, or any use utilizing Customer´s account information, shall be Customer´s re- sponsibility. Without limitation, Customer acknowledges that in no event shall SKIDATA be liable to Customer or any third party for loss, destruction or corruption of Customer Data. Customer agrees and acknowledges that Customer is in a better position to foresee and evalu- ate any potential damage or loss Customer may be transferred suffer in connection with the loss of Customer Data and that the fees payable under this Agreement have been calculated on the basis that SKIDATA shall exclude liability as provided in this Section. SKIDATA may transfer, store and process Customer Data in any country in which SKIDATA or stored outside its parent company, subsidiaries, other related entities or any of their subcontractors, vendors or other representatives, maintain facilities. In using the EEA or the country where Services, Customer consent to this transfer, processing and storage of the Customer and the Authorised Users are located in order Data. Customer is solely responsible for responding to carry out the Services and the Supplier’s other obligations under this agreement;
(b) any third party requests relating to the Customer Data. Without limiting the disclaimers of warranty and limitations of liability set forth below, Customer acknowledges and agrees that SKI- DATA shall ensure not be responsible or liable, in any way, for the deletion, correction, destruction, damage, loss or failure to store any Customer Data, unless such deletion, correction, destruction, damage, loss or failure is directly attributable to the gross negligence of SKIDATA with- out any contributory negligence of the part of Customer or Customer´s end-users, affiliates, employees, agents, representatives, invitees or licensees. SKIDATA is not responsible for any lost files, information or data, including but not limited to such losses that the are a direct result of SKIDATA’s gross negligence. Without limiting any release set forth herein, Customer releases and gives up any and all claims and rights Customer may have against any SKIDATA Parties (as defined in Clause 9) based upon such loss or damage. SKIDATA will undertake commercially reasonable efforts to contain such losses, if they emerge. Upon request Customer is entitled to transfer a data-export of end-user, sales and access data in a .csv file format once per year free of charges. Additional requests may be processed only against costs dependent on effort. As processor of the relevant personal data to the Supplier so that the Supplier may lawfully useAuthorized Distributor, process and transfer if any, SKIDATA is processing the personal data in accordance with this agreement on the Customer's behalf;
(c) of the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the respectively personal data only in accordance end-user data). In order to comply with the terms Data Privacy Regulations (GDPR) a Data Processing Agreement (DPA) needs to be concluded with SKIDATA; Authorized Distributor shall also have such DPA in place with its Customer. SKIDATA undertakes to comply with security standards according to ISO/IEC 27001. Customer acknowledges that SKIDATA may be required to disclose Customer`s Data by law or at the request of this agreement a governmental, ad- ministrative, legislative, arbitrational or judicial body and any lawful instructions reasonably given by the Customer from time agrees to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damagesuch disclosure.
Appears in 1 contract
Sources: Hosted Service Agreement
Customer Data. 4.1 9.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The 9.2 In relation to Services which involve the Supplier shall follow its archiving procedures for storing Customer Data as may be notified to the Customer from time to time. In and in the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore ensure that the lost or damaged Customer Data from is secure and backed up and that the latest back-up of such Customer has electronic access to the Customer Data maintained stored by the Supplier to retrieve or manipulate at any time. If the Customer has no access to the Customer Data electronically, the Supplier shall, upon the Customer’s request grant such access necessary to retrieve/manipulate Customer Data within 7 working days from the request. In the event that the Customer requires Customer Data on physical media, the Customer can raise a request and the Supplier will apply reasonable endeavours to assist the Customer with the physical retrieval of Customer Data.
9.3 On the billing anniversary following the termination date of a Service which involves the storing or hosting of Customer Data by the Supplier, all Customer Data held within the Service shall cease to be available to the Customer to access. Any Customer Data will be retained in accordance with such archiving procedure. to the extent set out in the applicable Service Option and can be retrieved by the Supplier (and then provided to the Customer in the format reasonably required) through the submission of a request to the Supplier by email.
9.4 The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 9.5 The Supplier shall, in providing the Services, comply with its Data Protection Privacy Policy relating to available on the privacy and security of the Customer Data smartCLOUD Website or such other website address as may be notified to the Customer from time to timetime and such policy may be amended from time to time by the Supplier in its sole discretion.
4.4 9.6 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) 9.6.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreementAgreement;
(b) 9.6.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer's behalf;
(c) 9.6.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) 9.6.4 the Supplier shall process the personal data only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party 9.6.5 the Supplier shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Software Services Agreement
Customer Data. 4.1 o The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 . o The Supplier shall follow its archiving procedures for maintenance of metadata related to Customer Data as set out in its Metadata Maintenance Policy available athttps://▇▇▇▇▇▇▇▇.▇▇/▇▇▇▇▇▇▇▇-▇▇▇▇▇▇▇▇▇▇▇-▇▇▇▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer with available Customer comprehensible metadata to restore the lost or damaged Customer Data from the latest back-up version of such metadata related to Customer Data maintained by the Supplier in accordance with such archiving procedurethe procedure described in its Metadata Maintenance Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 9).
4.3 . o The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/privacy-security-policy or such other website address as may be notified to the Customer from time to time.
4.4 If , as such document may be amended from time to time by the Supplier in its sole discretion. o Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation. o The parties acknowledge that: if the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a is the processor for the purposes of the Data Protection Legislation. Schedule 2 sets out the scope, nature and purpose of processing by the Supplier, the duration of the processing and the types of personal data processor and in any such case:
(a) the Customer acknowledges and agrees that categories of data subject. the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) . o Without prejudice to the generality of clause 4, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: End User License Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 The Supplier 5.2 MY DIGITAL shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy, as such document may be notified to the Customer amended by MY DIGITAL in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against MY DIGITAL shall be for the Supplier MY DIGITAL to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier MY DIGITAL in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier MY DIGITAL shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier MY DIGITAL to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 5.10). The Customer shall ensure that each of its Authorised Users is aware of the Back Up Policy and MY DIGITAL’s obligations with regard to the restoration of Customer Data.
4.3 5.3 The Supplier Privacy Policy is incorporated into this contract by reference and applies to the Subscription Services. The Customer acknowledges and agrees that Customer Data shall be collected and used by MY DIGITAL in accordance with the Privacy Policy and shall ensure that each Authorised User is aware of the Privacy Policy and provides its prior written consent to the Customer which shall confirm that each Contractor User and End Client User has seen and agrees to that party’s personal data being used by MY DIGITAL in accordance with the Privacy Policy. MY DIGITAL shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to timeData.
4.4 If 5.4 Both parties will comply with all applicable requirements of the Supplier Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
5.5 The Customer shall not disclose (and shall not permit any data subject to disclose), any sensitive personal data/special categories of personal data to MY DIGITAL for processing.
5.6 The parties acknowledge that where MY DIGITAL processes any personal data as described in this contract on the Customer’s behalf when performing its obligations under this agreementcontract, and for the purposes of this Contract, the parties record their intention that Customer is the controller and MY DIGITAL is the processor for the purposes of the Data Protection Legislation.
5.7 Without prejudice to the generality of clause 5.4, the Customer shall be will ensure that it has all necessary appropriate consents and notices in place to enable the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that lawful transfer of the personal data may be transferred or stored outside to MY DIGITAL for the EEA or the country where the Customer duration and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under purposes of this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier contract so that the Supplier MY DIGITAL may lawfully use, process and transfer the personal data in accordance with this agreement contract on the Customer's behalf.
5.8 Without prejudice to the generality of clause 5.4, MY DIGITAL shall, in relation to any personal data processed in connection with the performance by MY DIGITAL of its obligations under this contract:
(a) process that personal data only on the documented written instructions of the Customer unless MY DIGITAL is required by the laws of any member of the European Union or by the laws of the European Union applicable to MY DIGITAL and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where MY DIGITAL is relying on Applicable Laws as the basis for processing personal data, MY DIGITAL shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit MY DIGITAL from so notifying theCustomer;
(b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled:
(i) the Customer or MY DIGITAL has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) MY DIGITAL complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
(iv) MY DIGITAL complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a data subject and have given their consent toin ensuring compliance with its obligations under the Data Protection Legislation with respect to security, such usebreach notifications, processing, impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators;
(d) notify the Supplier shall process Customer without undue delay on becoming aware of a personal data breach;
(e) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of this contract unless required by Applicable Law to store the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to timedata; and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Company if, in the opinion of the MY DIGITAL, an instruction infringes the Data Protection Legislation.
5.9 Each party shall take ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
5.10 The Customer consents to MY DIGITAL appointing AWS Europe as a third-party processor of personal data under this contract. MY DIGITAL confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business and which reflect the requirements of the Data Protection Legislation. As between the Customer and MY DIGITAL, MY DIGITAL shall remain fully liable for all acts or omissions of any third- party processor appointed by it pursuant to this clause 5.
5.11 The Customer acknowledges and agrees that internet transmissions are never completely private or secure and that any message or information which is sent or received using the Services may be read or intercepted by others, even if a particular transmission is encrypted.
5.12 The Customer consents (on behalf of itself and each Authorised User) to MY DIGITAL collecting and using technical information about the devices and related software, hardware and peripherals for services that are internet or wireless based to improve its products and to provide any Services to the Customer.
Appears in 1 contract
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for archive Customer Data as may be notified daily between 10:00 pm to the Customer from time to 4:00 am UK time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedure. Supplier.
5.3 The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.
4.4 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Digital Hub Subscription Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier retains primary responsibility for taking at least every twenty four hours and maintaining backups (for seven days) of the Customer Data and shall take regular backups to protect against data loss, corruption or other damage.
5.3 The Supplier shall follow its archiving procedures for Customer Data as set out in its Privacy Policy, as such document may be notified to amended by the Customer Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Privacy Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 The 5.4 On termination of this agreement, the Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security may destroy or otherwise dispose of any of the Customer Data as may be notified in its possession unless the Supplier receives, no later than ten days after the effective date of the termination of this agreement, a written request for the delivery to the Customer from time of the then most recent archive of the Customer Data. The Supplier shall use reasonable commercial endeavours to time.
4.4 If deliver the Supplier processes any personal data on archive to the Customer’s behalf when performing Customer within 30 days of its obligations under this agreementreceipt of such a written request, the parties record their intention provided that the Customer has, at that time, paid all fees and charges outstanding at and resulting from termination (whether or not due at the date of termination). The Customer shall be the data controller and pay all reasonable expenses incurred by the Supplier shall be a data processor and in any such case:returning or disposing of Customer Data.
(a) the 5.5 The Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data hereby grants to the Supplier so that a non-exclusive licence to use the Customer Data for the purposes of internal software improvements, including for the purpose of optimising the Services provided by the Supplier may lawfully use, process by way of comparisons across any and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) all Customer projects. The Supplier undertakes not to release details of the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, projects arising from such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damageimprovements.
Appears in 1 contract
Sources: Saas Agreement
Customer Data. 4.1 5.1 The Parties acknowledge the Customer shall own all right, title and interest in and to all is the owner of the Customer Data and the data controller of the Customer Personal Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 5.2 AH shall follow its archiving procedures for Customer Data as set out in its back- up policy as may be notified to the Customer from time to time, as such document may be amended by AH in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier AH to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier AH in accordance with such the archiving procedureprocedure described in its back-up policy. The Supplier AH shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier AH to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating 5.3 Subject to the privacy terms and security conditions of this Agreement and clause 5.8 below, Customer hereby grants to AH a non-exclusive, limited, royalty-free licence, to use the Customer Data as may be notified necessary to provide the Software and perform the Services under this Agreement.
5.4 To the extent applicable to the Services provided by AH to Customer from time to time.
4.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreementAgreement, AH will having regard to the state of technological development and the cost of implementing any measures, implement and maintain commercially reasonable security measures designed to meet the following objectives (collectively, the parties record their intention that "AH Security Program"):
5.4.1 ensure the security and confidentiality of Customer shall be Data in the data controller custody and under the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreementcontrol of AH;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data 5.4.2 protect against any anticipated threats or hazards to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalfsecurity or integrity of such Customer Data;
(c) the 5.4.3 protect against unauthorised access to or use of such Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislationData;
(d) the Supplier shall process the personal data only 5.4.4 encrypt Customer Data as specified in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to timeclause 5.5 below; and
5.4.5 save as provided in clause 5.8 below, ensure that AH’s return or disposal of such Customer Data is performed in a manner consistent with AH’s obligations under clauses 5.4.1 to 5.4.5 above.
5.5 AH will encrypt Customer Data in AH’s possession or under its control when transmitted, using any then current industry standard encryption technology. Where applicable, Customer is solely responsible for safeguarding all encryption keys applicable to Customer Data. Customer may not provide any such keys to AH without AH’s express, prior written consent in each instance.
5.6 AH will notify Customer of unauthorised access to, or use or disclosure of Customer Data within AH’s custody and control within ten (e10) Business Days of AH’s confirmation of the same; each party shall take appropriate technical will reasonably cooperate with the other with respect to the investigation and organisational measures against resolution of such unauthorised access, use or unlawful processing disclosure. Upon confirmation of any vulnerability or breach of AH’s security affecting Customer Data in AH’s custody and control, AH will modify its processes and security program as necessary to mitigate the effects of the personal vulnerability or breach upon such Customer Data. Customer will notify AH of any security compromise affecting its Authorised Users' authentication credentials used to access the Software and any Customer systems or networks that interoperate with or transmit data or its accidental loss, destruction or damageto AH within two (2) Business Days of confirmation of the same.
Appears in 1 contract
Sources: Software as a Service Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 The Supplier 5.2 MY DIGITAL shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy, as such document may be notified to the Customer amended by MY DIGITAL in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against MY DIGITAL shall be for the Supplier MY DIGITAL to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such ofsuch Customer Data maintained by the Supplier MY DIGITAL in accordance with such archiving procedurethe archivingprocedure described in its Back-Up Policy. The Supplier MY DIGITAL shall not be responsible for any lossanyloss, destruction, alteration or disclosure of Customer Data caused by any third party (except party(except those third parties sub-contracted by the Supplier MY DIGITAL to perform services related to Customer Data maintenance and back-upup forwhich it shall remain fully liable under clause 5.10). The Customer shall ensure that each of its Authorised Users is aware of the Back Up Policy and MY DIGITAL’s obligations withregard to the restoration of Customer Data.
4.3 5.3 The Supplier Privacy Policy is incorporated into this contract by reference and applies to the Subscription Services. The Customer acknowledges and agrees that Customer Data shall be collected and used by MY DIGITAL in accordance with the Privacy Policy and shall ensure that each Authorised User is aware of the Privacy Policy and provides its prior written consent to the Customer which shall confirm that each Contractor User and End Client User hasseen and agrees to that party’s personal data being used by MY DIGITAL in accordance with the Privacy Policy. MY DIGITAL shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to timeData.
4.4 If 5.4 Both parties will comply with all applicable requirements of the Supplier Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
5.5 The Customer shall not disclose (and shall not permit any data subject to disclose), any sensitive personal data/special categories of personal data to MY DIGITAL for processing.
5.6 The parties acknowledge that where MY DIGITAL processes any personal data as described in this contract on the Customer’s behalf when performing its obligations under this agreementcontract, and for the purposes of this Contract, the parties record their intention that Customer is the controller and MY DIGITAL is the processor for the purposes of the Data Protection Legislation.
5.7 Without prejudice to the generality of clause 5.4, the Customer shall be will ensure that it has all necessary appropriate consents and notices in place to enable the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that lawful transfer of the personal data may be transferred or stored outside to MY DIGITAL for the EEA or the country where the Customer duration and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under purposes of this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier contract so that the Supplier MY DIGITAL may lawfully use, process and transfer the personal data in accordance with accordancewith this agreement contract on the Customer's behalf.
5.8 Without prejudice to the generality of clause 5.4, MY DIGITAL shall, in relation to anypersonal data processed in connection with the performance by MY DIGITAL of its obligations under this contract:
(a) process that personal data only on the documented written instructions of the Customer unless MY DIGITAL is required by the laws of any member of the European Union or by the laws of the European Union applicable to MY DIGITAL and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where MY DIGITAL is relyingon Applicable Laws as the basis for processing personal data, MY DIGITAL shall promptly notify the Customer ofthis before performing the processingrequired by the Applicable Laws unless those Applicable Laws prohibit MYDIGITAL from so notifying the Customer;
(b) not transfer any personal data outside of the European Economic Area andthe United Kingdom unless the following conditions are fulfilled:
(i) the Customer or MY DIGITAL has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) MY DIGITAL complies with its obligations under the Data Protection Legislation by providingan adequate level of protection to any personal data that is transferred; and
(iv) MY DIGITAL complies withreasonable instructions notified to it in advance by the Customer withrespect to the processing of the personal data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a data subject and have given their consent toin ensuringcompliance with its obligations under the Data Protection Legislation with respect to security, such use, processing, breach notifications,impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators;
(d) notify the Supplier shall process Customer without undue delay on becoming aware of a personaldata breach;
(e) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of this contract unless required by Applicable Law to store the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to timedata; and
(ef) each maintain complete and accuraterecords and information to demonstrate its compliance with this clause 5 and immediately inform the Company if, in the opinion of the MY DIGITAL, an instruction infringes the Data Protection Legislation.
5.9 Each party shall take ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the other party, to protect against unauthorisedor unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personaldata, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
5.10 The Customer consents to MY DIGITAL appointing AWS Europe as a third-party processor of personal data under this contract. MY DIGITAL confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business and which reflectthe requirements of the Data Protection Legislation. As between the Customer and MY DIGITAL, MY DIGITAL shall remain fully liable for all acts or omissions of any third- party processor appointed by it pursuant to this clause 5.
5.11 The Customer acknowledges and agrees that internet transmissions are never completely private or secure and that any message or information which is sent or received using the Services may be read or intercepted by others, even if a particular transmission is encrypted.
5.12 The Customer consents (on behalf of itself and each Authorised User) to MY DIGITAL collecting and using technical informationabout the devices and related software, hardware and peripherals for services that are internet or wireless based to improve its products and to provide any Services to the Customer.
Appears in 1 contract
Sources: Service Agreement
Customer Data. 4.1 6.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 6.2 iplicit shall follow its archiving procedures for Customer Data as set out in its Backup Policy (▇▇▇.▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇) or such other website address as may be notified to the Customer from time to time, as such document may be amended by iplicit in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier iplicit to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up backup of such Customer Data maintained by the Supplier iplicit in accordance with such the archiving procedureprocedure described in its Backup Policy. The Supplier iplicit shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up)party.
4.3 The Supplier 6.3 iplicit shall, in providing the Services, comply with its Data Protection Privacy and UK GDPR Policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇▇▇▇▇▇▇.▇▇▇/▇▇▇▇▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by iplicit in its sole discretion.
4.4 6.4 If the Supplier iplicit processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier iplicit shall be a data processor and in any such case:
(a) : Unless agreed otherwise in writing by the Customer, the Customer acknowledges and agrees that the personal data may not be transferred or stored outside the EEA UK (or Ireland if Customer specifically requests in the country where the Customer and the Authorised Users are located Order Form in order to meet EU requirements) in order to carry out the Services and the Supplieriplicit’s other obligations under this agreement;
(b) ; the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier iplicit so that the Supplier iplicit may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) ; the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier ; iplicit shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) and each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. iplicit may sub-contract and/or outsource any of its processing of personal data under this agreement to any other person or entity (“sub- processor”) provided that it informs the Customer immediately upon the Customer’s request for an updated list of sub-processors or, in any event, if requested in advance of the next Renewal Period following the appointment of one or more additional sub-processors, less those in place at signing of this Agreement. The Customer shall not unreasonably object to any new sub-processor (or any change to any sub-processor). If a sub- processor is appointed, iplicit shall enter into a written sub-processing agreement with such sub- processor and shall ensure that the sub-processor shall accept data protection obligations that are substantially the same as those undertaken by iplicit under this agreement. iplicit shall remain liable to the Customer for any acts and omissions of the sub-processor; iplicit shall give the Customer such assistance as it reasonably requests, and iplicit is reasonably able to provide, aimed at ensuring compliance with the Customer’s own personal data protection obligations under applicable law, including (where applicable) responding to data subject requests, security, personal data breach notifications, impact assessments, supervisory authority consultation obligations. Where requests from Customer to iplicit require significant resource time to meet Customer’s requirements, iplicit will be entitled to charge for the time to meet Customer’s requests; rates to be agreed prior to undertaking the work; iplicit shall ensure that persons authorised to process personal data on behalf of the customer have committed themselves to confidentiality or are under an appropriate obligation of confidentiality relating to the personal data; and iplicit shall, subject to any relevant and applicable confidentiality obligation, and solely at the expense of the Customer, covering any third party costs and resource costs incurred by iplicit to facilitate this request, provide the Customer with access to any Customer personal data and Customer information relating to the performance of the Services and assist with such audits, including inspections, where iplicit is contractually able to facilitate such audits and inspections, reasonably requested by (or on behalf of) the Customer to undertake the verification that iplicit complies with its obligations in relation to Customer personal data. This request may only be made once in any 12 month period.
Appears in 1 contract
Sources: Software as a Service Agreement
Customer Data. 4.1 9.1. The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 9.2. The Customer warrants that it owns all rights in the Customer Data and that the Supplier’s use and processing of the Customer Data in accordance with the Agreement will not infringe third party rights. The Customer hereby grants the Supplier the non-exclusive worldwide right and licence to process, copy, store, transmit display, print, view and otherwise use the Customer Data to the extent required for the provision of the Services. The Supplier shall will not process any Customer Data for its own purposes without the prior written consent of the Customer.
9.3. The Supplier shall, in providing the Services, comply with its Security Policy and follow its archiving procedures for Customer Data as set out in its Security Policy, as such document may be notified to amended by the Customer Supplier from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up backup of such Customer Data maintained by the Supplier in accordance with such archiving procedureits Security Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 . The Supplier shall, in providing the Services, comply with Customer acknowledges and accepts that more regular backups of Customer Data may be achieved by: (i) making its Data Protection Policy relating to the privacy and security own backups of the Customer Data as may at any time, or (ii) requesting enhanced data backup services from the Supplier, details of which are available upon request. The Supplier’s liability in relation to any data loss or corruption will be notified limited to the Customer that resulting from time its failure to time.
4.4 If the Supplier processes comply with any personal contractual commitments given regarding data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller backup and the Supplier shall does not otherwise accept responsibility for data loss or damage of any kind.
9.4. The Customer accepts the Services on the basis of the standards set out in the Security Policy and accepts that the Supplier will have no liability owing to any loss, damage or corruption to Customer Data provided the standards in the Security Policy have been complied with. The Customer accepts the security standards set out in the Security Policy as an acceptable commercial standard in light of all the circumstances, including the level of charges applied by the Supplier.
9.5. The Customer accepts that electronic communications involve transmission over the Internet, and over other networks, which are outside the Supplier’s control. The Customer accepts the risk associated with electronic communications and the possibility that they may be a data processor and in any such case:
(a) the Customer acknowledges accessed by unauthorised parties and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer Supplier is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully usenot responsible for any related delay, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction loss or damage.
Appears in 1 contract
Sources: Master Service Agreement
Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 6.1 The Supplier shall follow its archiving procedures for Customer Data as set out in its [Back-Up Policy] available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/support/home or such other website address as may be notified to the Customer from time to time], as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its [Back-Up Policy]. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 6.2 The Supplier shall, in providing the Services, comply with its Data Protection Policy [Privacy and Security Policy] relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/support/home or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 6.3 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreementFramework Agreement, the parties Parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the 6.3.1 The Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreementFramework Agreement;
(b) the 6.3.2 The Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Framework Agreement on the Customer's ’s behalf;
(c) 6.3.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) 6.3.4 the Supplier shall process the personal data only in accordance with the terms of this agreement Framework Agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) 6.3.5 each party Party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Master Services Agreement
Customer Data. 4.1 5.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to timeData. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours endeavors to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at the website assigned to the Customer by the Supplier, or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country state where the Customer and the Authorised Authorized Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational organizational measures against unauthorised unAuthorized or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Customer Data. 4.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to timeData. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours endeavors to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at the website assigned to the Customer by the Supplier, or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country state where the Customer and the Authorised Authorized Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational organizational measures against unauthorised unAuthorized or unlawful processing of the personal data or its accidental loss, destruction or damage.
Appears in 1 contract
Sources: Software License & Service Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedure. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.2 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to Customer’s information security, confidentiality and data protection policies, UKHSA operate in line with the privacy and security of the Customer Data Government Functional Standard for Security 007 or such other website address as may be notified to by the Customer from time to time, as such document may be amended from time to time by the Customer in its sole discretion.
4.4 If 5.3 Both parties will comply with all applicable requirements of the Supplier processes Data Protection Legislation. This Clause 5 is in addition to, and does not relieve, remove or replace, a party’s obligations or rights under the Data Protection Legislation. In this Clause 5, Applicable Laws means the UK Data Protection Legislation and any personal data on other relevant law that applies in the Customer’s behalf when performing its obligations under this agreement, the UK..
5.4 The parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such caseacknowledge that:
(a) The parties acknowledge that for the purposes of the Data Protection Legislation, the Customer acknowledges is the Controller, and agrees that the Provider is the Processor. Schedule 3 sets out the scope, nature and purpose of processing by the Provider, the duration of the processing and the types of Personal Data and categories of Data Subject. (b) the personal data may not be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;Agreement.
(b) 5.5 Without prejudice to the generality of clause 5.3, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data to the Supplier for the duration and purposes of this Agreement so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer's ’s behalf.
5.6 Without prejudice to the generality of clause 5.3, the Supplier shall, in relation to any personal data processed in connection with the performance by the Supplier of its obligations under this Agreement:
(a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by Applicable Laws to otherwise process that personal data. Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
(b) not transfer any personal data outside of the European Economic Area unless it has obtained the Customer’s prior written consent to do so and the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer’s cost, in responding to any request from a data subject and have given their consent toin ensuring compliance with its obligations under the Data Protection Legislation with respect to security, such usebreach notifications, processing, impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators;
(d) notify the Customer without undue delay and in any event within twenty-four (24) hours on becoming aware of a personal data breach;
(e) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of the Agreement in accordance with clause 14.5 unless the Supplier shall process is required by Applicable Law to store the personal data only in accordance with (and for these purposes the terms of this agreement and any lawful instructions reasonably given by the Customer from time term “delete” shall mean to timeput such data beyond use); and
(ef) each party maintain complete and accurate records and information to demonstrate its compliance with this Clause 5 and immediately inform the Company if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation.
5.7 The Supplier shall take ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
5.8 The Customer does not consent to the Supplier appointing any third party processor of personal data under this Agreement.
5.9 The parties may, on written agreement between the parties, revise this Clause 5 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this Agreement).
Appears in 1 contract
Sources: Software as a Service (Saas) Subscription Agreement
Customer Data. 4.1 5.1 The Customer Customer’s Group shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 5.2 SDS shall follow its archiving procedures for not archive Customer Data as may without prior written notification. Customer Data will be notified to backed up every night and the Customer from time will have the right to timeget data restored upon request. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier SDS to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedureSDS. The Supplier SDS shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier SDS to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier 5.3 SDS shall, in providing the Services, comply with its Data Protection Policy privacy and security policy relating to the privacy and security of the Customer Data available at ▇▇▇.▇-▇-▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by SDS in its sole discretion.
4.4 5.4 If the Supplier SDS processes any personal data on the Customer’s Group’s behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier SDS shall be a data processor and in any such case:
(a) 5.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierSDS’s other obligations under this agreementAgreement, where this is the case SDS will only use service providers which adhere to Standard Contract Clauses (SCCs, also referred to as Model Contract Clauses) to ensure any such data transfers are provided with at least the same level of statutory protection as GDPR;
(b) 5.4.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier SDS so that the Supplier SDS may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer's ’s behalf;
(c) 5.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) 5.4.4 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
5.5 The Customer agrees that Customer Data may be processed by SDS as SDS deems necessary for its Business Interests. To the extent that any of the Customer Data comprise any personal data as defined under any applicable data protection legislation, SDS confirms that, prior to carrying out any necessary processing for its Business Interest, the relevant Customer Data will be anonymised to the extent that no natural person is identifiable or will become identifiable by the use of additional information.
Appears in 1 contract
Sources: Saas Cloud License Agreement
Customer Data. 4.1 11.1 Customer Data shall at all times remain the property of the Customer or its licensors.
11.2 Notwithstanding clause 11.1, the Customer agrees that Disruptive will have the right to generate Aggregate/Anonymous Data and that Aggregate/Anonymous Data is Disruptive property, which Disruptive may use for any business purpose during or after the Term of this Agreement (including without limitation to develop and improve Disruptive’s products and services). Disruptive will only disclose Aggregate/Anonymous Data externally in a de-identified (anonymous) form that does not identify the Customer or Authorised Users, and that is stripped of all persistent identifiers (such as device identifiers, IP addresses, and cookie IDs). The Customer is not responsible for Disruptive’s use of Aggregate/Anonymous Data.
11.3 Except to the extent Disruptive has direct obligations under Data Protection Legislation, the Customer acknowledges that Disruptive has no control over any Customer Data hosted as part of the provision of the Services. The Customer shall own all rightensure (and is exclusively responsible for) the accuracy, title quality, integrity, and interest in and to all legality of the Customer Data and that its use (including use in connection with the Services) complies with this Agreement and all applicable laws.
11.4 If Disruptive becomes aware of any allegation that any Customer Data may not comply with any other part of this Agreement Disruptive shall have sole responsibility for the legality, reliability, integrity, accuracy and quality right to permanently delete or otherwise remove or suspend access to any Customer Data which is suspected of being in breach of any part of the Agreement and/or disclose Customer DataData to law enforcement authorities (in each case without the need to consult the Customer). Where reasonably practicable and lawful Disruptive shall notify the Customer before taking such action.
4.2 The Supplier shall follow its archiving procedures for Customer Data 11.5 Except as may be notified to the Customer from time to time. In the event of any loss or damage to Customer Dataotherwise expressly agreed in this Agreement, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedure. The Supplier Disruptive shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier obliged to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating to the privacy and security of provide the Customer Data as may be notified to with any assistance extracting, transferring, or recovering any data whether during the Customer from time to time.
4.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under Term of this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Agreement or following expiry or termination of this Agreement. The Customer acknowledges and agrees that it is responsible for maintaining safe backups and copies of any Customer Data, including as necessary to ensure the personal data may be transferred continuation of the Customer’s business. The Customer shall, without limitation, ensure that it backs up (or stored outside procures the EEA back up of) all Customer Data regularly (in accordance with its Authorised Users’ needs) and extracts it from the Services prior to the termination or expiry of this Agreement or the country where cessation or suspension of the Services.
11.6 Disruptive routinely undertakes regular backups of the Services (which may include Customer Data) for its own business continuity purposes. The Customer acknowledges that such steps do not in any way make Disruptive responsible for ensuring the Customer and Data does not become inaccessible, damaged, or corrupted. To the Authorised Users are located maximum extent permitted by applicable law, Disruptive shall not be responsible (under any legal theory, including in order to carry out negligence) for any loss of availability of, or corruption or damage to, any Customer Data.
11.7 The Customer hereby instructs that Disruptive shall, within sixty (60) days of the earlier of the end of the provision of the Services and (or any part) relating to the Supplier’s other obligations under this agreement;
(b) processing of the Customer shall ensure that the Data, securely dispose of such Customer is entitled to transfer the relevant personal data Data processed in relation to the Supplier so Services (or any part) which have ended (and all existing copies of it) except to the extent that the Supplier may lawfully useany applicable law requires Disruptive to store such Customer Data. Disruptive shall have no liability (howsoever arising, process and transfer the personal data including in negligence) for any deletion or destruction of any such Customer Data undertaken in accordance with this agreement Agreement.
11.8 Disruptive shall cooperate with any investigation relating to information security which is carried out by or on the Customer's behalf;behalf of a Regulator with competent jurisdiction.
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each 11.9 Each party shall take appropriate technical and organisational measures against unauthorised advise the other within six working hours of an information security breach or unlawful processing of potential security breach which may affect the personal data or its accidental loss, destruction or damageServices.
Appears in 1 contract
Sources: Licensing Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. For the avoidance of doubt, the Company shall have no right or interest in the Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. 5.2 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier Company to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedureCompany. The Supplier Company shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by party.
5.3 The Company shall use commercially reasonable endeavours to maintain the Supplier to perform services related to confidentiality of the Customer’s Data and shall not disclose or use this without the Customer’s express consent.
5.4 To the extent the Customer Data maintenance and back-up)contains personal data or the parties are otherwise required to hold or process personal data in performance of the Agreement, the parties shall comply with the GDPR Addendum annexed to these Conditions.
4.3 The Supplier shall5.5 Upon termination of the Agreement for whatever reason, in providing the Services, comply with its Data Protection Policy relating Customer shall be entitled to the privacy and security an export of the Customer Data as may be notified to then held by the Customer from time to timeCompany.
4.4 If the Supplier processes 5.6 The Company specifically undertakes that (subject to clause 5.7) it shall not share any personal data on the Customer’s behalf when performing its obligations under this agreementCustomer Data with third parties including with other taxi operators, the parties record their intention aggregators or with any other business that the has a common shareholder of The Company. As is expressly stated in clause 10.5, all Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where Data is Confidential Information of the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, will be treated as such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms provisions of clause 10 and will not be used or disclosed to third parties or used other than in providing the Services under this agreement and any lawful instructions reasonably given by Agreement.
5.7 Where the Customer from time has agreed to time; and
(e) each party shall take appropriate technical join the Company’s iGo network of operators, limited ride, passenger, driver and organisational measures against unauthorised or unlawful processing journey information will be made available to other network members to enable the Customer to send and receive bookings on that network. Participation in the iGo network is at the option of the personal data or its accidental lossCustomer and will be subject to a separate agreement. For the avoidance of doubt, destruction or damagethe Customer is under no obligation to join the iGo Network and will in no way be penalised if it does not. Also, iGo gives the Customer the ability to choose (and exclude) certain sources of bookings, limiting the network members to which any Customer Data will be made available.
Appears in 1 contract
Sources: Cloud Subscription Agreement
Customer Data. 4.1 3.1 The Customer Supplier shall own all right, title and interest in and to all of promptly notify the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality in writing of any actual or suspected loss or damage to the Customer Data.
4.2 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up backup of such Customer Data maintained by the Supplier in accordance with such archiving procedureData. The Supplier shall not be responsible for any loss, destruction, alteration or unauthorised access to or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 The Supplier shall, in providing the Services, 3.2 Each party undertakes that it shall comply with its Data Protection Policy relating to the privacy DPA and security of all applicable changes in law, including any subsequent legislation that may amend and/or supersede the Customer Data as may be notified to the Customer from time to time.
4.4 If the Supplier processes any personal data on the Customer’s behalf DPA, when performing its obligations under this agreement, the . The parties record their intention acknowledge that the European General Data Protection Regulation (GDPR) shall apply during the term of this agreement. The parties agree that they shall enter into such variation of this agreement and execute such additional documentation and make any required changes to the Services as is reasonably required to reflect their obligations under the GDPR and in order for the Supplier to provide the Services in a manner that would allow the Customer to be compliant with the GDPR, based on the Customer’s obligations as a Data Controller and the Supplier’s obligations as a Data Processor or each party’s obligations as a Data Controller, as applicable.
3.3 The Customer shall be the data controller Data Controller, and the parties acknowledge that the Supplier shall will be a acting as Data Processor in respect of all data processor and processing activities in any such caserelation to Customer Personal Data that the Supplier carries out under this agreement.
3.4 The Supplier undertakes to the Customer that:
(a) it shall process the Customer acknowledges Personal Data, including updating, correcting and agrees that deleting such Customer Personal Data, only in accordance with this agreement and the personal data may be transferred or stored outside the EEA or the country where written instructions of the Customer and to the Authorised Users are located extent, and in order such a manner, as is reasonably necessary to carry out supply the Services and the Supplier’s other obligations under in accordance with this agreementagreement or as is required by any applicable law;
(b) in respect of Customer Personal Data which is in the possession or under the control of the Supplier, it shall implement appropriate technical and organisational measures to protect this Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully usePersonal Data against unauthorised or unlawful processing and accidental loss, process and transfer the personal data in accordance with this agreement on the Customer's behalfdestruction, damage, alteration or disclosure;
(c) the Customer it shall not (and shall ensure that its Representatives do not) publish, disclose or divulge any Customer Personal Data to any third party, nor allow any third party to process Customer Personal Data on the relevant third parties have been informed ofSupplier's behalf, and have given their without the prior written consent to, such use, processing, and transfer as required by all applicable data protection legislationof the Customer;
(d) it shall not transfer Customer Personal Data outside the European Economic Area without the prior written consent of the Customer;
(e) it shall take reasonable steps to ensure the reliability of any employee, agent or sub-contractor who has access to Customer Data, and ensure all employees, agents and sub-contractors undergo training on data protection and information security;
(f) it shall use reasonable endeavours to assist the Customer at the Customer's cost with any subject access request that the Customer receives relating to Customer Personal Data processed by the Supplier shall process the personal data only in accordance with the terms of under this agreement and any lawful instructions reasonably given by the Customer from time to timeagreement; and
(eg) each party it shall take appropriate technical and organisational measures against unauthorised or unlawful processing of use reasonable endeavours to assist the personal data or its accidental loss, destruction or damageCustomer in responding to regulatory requirements.
Appears in 1 contract
Sources: Cwcare Services Agreement
Customer Data. 4.1 6.1 The Customer shall own all rightrights, title and interest in and to all of the Customer Profile Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Profile Data.
4.2 6.2 The Supplier Service Provider shall follow its archiving procedures for Customer Data (Customer Profile Data and Customer Submitted Data) performing daily-automated back-ups of the entire member data as may be notified to the Customer from time to timedescribed in Schedule 3 below. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier Service Provider to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such archiving procedureService Provider. The Supplier Service Provider shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier Service Provider to perform services related to Customer Data maintenance and back-up).
4.3 6.3 The Supplier Service Provider shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data as may be notified to the Customer from time to time.required by all applicable General Data Protection Regulation (Regulation EU 2016/679 “GDPR”);
4.4 6.4 If the Supplier Service Provider processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Service Provider shall be a data processor (as agreed and defined in the Data Protection Agreement signed between the two parties and included as Annex 1 to this main contract) and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Service Provider so that the Supplier Service Provider may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(cb) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(c) the Service Provider agrees that the personal data may not be transferred or stored outside the client’s chosen data storage region in order to carry out the Services and the Service Provider’s other obligations under this agreement;
(d) the Supplier Service Provider shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
(f) Regardless of the agreement documents’ application hierarchy, Appendix 1 (Data Protection Agreement annex) will always be primarily applied in matters concerning data protection.
6.5 The Service Provider undertakes that the Services will be performed in accordance with the Documentation and with reasonable skill and care.
6.6 The undertaking at clause 6.5 shall not apply to the extent of any non-conformance which is caused by use of the Services contrary to the Service Provider's instructions, or modification or alteration of the Services by any party other than the Service Provider or the Service Provider's duly authorised contractors or agents. If the Services do not conform with the foregoing undertaking, Service Provider will, at its expense, use all reasonable commercial endeavours to correct any such non-conformance promptly, or provide the Customer with an alternative means of accomplishing the desired performance. Such correction or substitution constitutes the Customer's sole and exclusive remedy for any breach of the undertaking set out in clause 6.5. Notwithstanding the foregoing, the Service Provider:
(a) does not warrant that the Customer's use of the Services will be uninterrupted or error- free; nor that the Services, Documentation and/or the information obtained by the Customer through the Services will meet the Customer's requirements; and
(b) is not responsible for any delays, delivery failures, or any other loss or damage resulting from the transfer of data over communications networks and facilities, including the internet, and the Customer acknowledges that the Services and Documentation may be subject to limitations, delays and other problems inherent in the use of such communications facilities.
6.7 This agreement shall not prevent the Service Provider from entering into similar agreements with third parties, or from independently developing, using, selling or licensing documentation, products and/or services which are similar to those provided under this agreement.
6.8 The Service Provider warrants that it has and will maintain all necessary licences, consents, and permissions necessary for the performance of its obligations under this agreement.
Appears in 1 contract
Sources: Services Agreement
Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 6.1 The Supplier shall follow its archiving and security procedures for Customer Data Data, including those set out in clause 7 (Security) and as may be notified described in Schedule 2.
6.2 The Supplier shall promptly notify the Customer in writing of any actual or suspected loss or damage to the Customer from time to timeData. In the event of any loss or damage to Customer Data, the Customer's ’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up backup of such Customer Data maintained by the Supplier in accordance with such archiving procedureData. The Supplier shall not be responsible for any loss, destruction, alteration or unauthorised access to or disclosure of Customer Data caused by any third party (except those third parties sub-sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-back- up).
4.3 The Supplier shall, in providing the Services, 6.3 Each party undertakes that it shall comply with its Data Protection Policy relating to the privacy DPA and security of all applicable changes in law, including any subsequent legislation that may amend and/or supersede the Customer Data as may be notified to the Customer from time to time.
4.4 If the Supplier processes any personal data on the Customer’s behalf DPA, when performing its obligations under this agreement, the . The parties record their intention acknowledge that the European General Data Protection Regulation (GDPR) shall apply during the term of this agreement. The parties agree that they shall enter into such variation of this agreement and execute such additional documentation and make any required changes to the Services as is reasonably required to reflect their obligations under the GDPR and in order for the Supplier to provide the Services in a manner that would allow the Customer to be compliant with the GDPR, based on the Customer’s obligations as a Data Controller and the Supplier’s obligations as a Data Processor or each party’s obligations as a Data Controller, as applicable.
6.4 The Customer shall be the data controller Data Controller, and the parties acknowledge that the Supplier shall will be a acting as Data Processor in respect of all data processor and processing activities in any such caserelation to Customer Personal Data that the Supplier carries out under this agreement.
6.5 The Supplier undertakes to the Customer that:
(a) it shall process the Customer acknowledges Personal Data, including updating, correcting and agrees that deleting such Customer Personal Data, only in accordance with this agreement and the personal data may be transferred or stored outside the EEA or the country where written instructions of the Customer and to the Authorised Users are located extent, and in order such a manner, as is reasonably necessary to carry out supply the Services in accordance with this agreement or as is required by any applicable law;
(b) in respect of Customer Personal Data which is in the possession or under the control of the Supplier, it shall implement appropriate technical and organisational measures to protect this Customer Personal Data against unauthorised or unlawful processing and accidental loss, destruction, damage, alteration or disclosure;
(c) it shall not publish, disclose or divulge any Customer Personal Data to any third party, nor allow any third party to process Customer Personal Data on the Supplier’s other obligations behalf, without the prior written consent of the Customer;
(d) it shall not transfer Customer Personal Data outside the European Economic Area without the prior written consent of the Customer;
(e) it shall take reasonable steps to ensure the reliability of any employee, agent or sub- contractor who has access to Customer Data, and ensure all employees, agents and sub- contractors undergo training on data protection and information security;
(f) it shall use reasonable endeavours to assist the Customer at the Customer’s cost with any subject access request that the Customer receives relating to Customer Personal Data processed by the Supplier under this agreement;
(bg) it shall use reasonable endeavours to assist the Customer shall ensure that the Customer is entitled in responding to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damageregulatory requirements.
Appears in 1 contract
Sources: Master Services Agreement
Customer Data. 4.1 3.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 The Supplier 3.2 Orpheus shall follow its archiving procedures for Customer Data and the Analytical Data as set out in its Back-Up Policy available at ▇▇▇▇▇://▇▇▇▇▇▇▇-▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended by ▇▇▇▇▇▇▇ in its sole discretion from time to time. In the event of any loss or damage to Customer Data or Analytical Data, the Customer's sole and exclusive remedy shall be for the Supplier Orpheus to use reasonable commercial endeavours to restore the lost or damaged Customer Data or Analytical Data from the latest back-up of such Customer Data or Analytical Data maintained by the Supplier Orpheus in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier Orpheus shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-sub- contracted by the Supplier Orpheus to perform services related to Customer Data maintenance and back-back- up).
4.3 The Supplier 3.3 Orpheus shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇-▇▇▇▇▇.▇▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by ▇▇▇▇▇▇▇ in its sole discretion.
4.4 3.4 If the Supplier Orpheus processes any personal data Personal Data on the Customer’s 's behalf when performing its obligations under this agreement▇▇▇▇, the parties record their intention that the Customer shall be the data controller and the Supplier Orpheus shall be a data processor and processor.
3.5 Orpheus shall comply with all Data Protection Laws (which apply to it in any such case:
(aits capacity as a data processor) in connection with the Customer acknowledges and agrees that processing of Personal Data in respect of the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out delivery of the Services and the Supplier’s other exercise and performance of its rights and obligations under this agreement;Agreement.
(b) the 3.6 The Customer shall ensure that comply with all Data Protection Laws (which apply to it in its capacity as a data controller) in connection with the Customer is entitled processing of Personal Data in respect of the exercise and performance of its rights and obligations under this Agreement, and to transfer enable Orpheus to deliver the relevant personal data to the Supplier so that the Supplier may lawfully use, process Services.
3.7 Instructions and transfer the personal data in accordance with this agreement details of processing - Insofar as Orpheus processes Personal Data on behalf of the Customer's behalf;:
3.7.1 unless required to do otherwise by applicable laws, Orpheus shall (c) the Customer and shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(deach person acting under its authority shall) the Supplier shall process the personal data Personal Data only on and in accordance with the terms of Customer’s documented instructions as set out in this agreement clause 3 and any lawful instructions reasonably given by the Customer Schedule 2 (Data Processing Details), and as updated from time to timetime by the written agreement of the parties (Processing Instructions); and
3.7.2 if any applicable laws require it to process Personal Data other than in accordance with the Processing Instructions, Orpheus shall notify the Customer of any such requirement before processing the Personal Data (eunless any of the applicable laws prohibit such information on important grounds of public interest).
3.8 Technical and organisational measures - Orpheus shall implement and maintain, at its cost and expense (taking into account those factors which it is entitled to take into account pursuant to the Data Protection Laws) each party shall take appropriate technical and organisational measures against unauthorised in relation to the processing of Personal Data by ▇▇▇▇▇▇▇:
3.8.1 so as to ensure a level of security in respect of the Personal Data processed by it is appropriate to the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed; and
3.8.2 without prejudice to clause 3.11, insofar as is possible, to assist the Customer in the fulfilment of the Customer’s obligations to respond to Data Subject Requests relating to Personal Data.
3.9 Using staff and other processors - Orpheus shall not engage another Data Processor for carrying out any processing activities in respect of the Personal Data without the Customer’s prior written consent. The Customer consents to the processing of Personal Data by the personal data Authorised Reseller in accordance with the Data Processing Instructions.
3.10 Orpheus shall ensure that all Orpheus personnel processing Personal Data:
3.10.1 are subject to obligations of confidentiality which apply, generally or specifically, to the Personal Data; and
3.10.2 are reliable and have received appropriate training on compliance with the Data Protection Laws.
3.11 Assistance with Customer’s Compliance with Data Subject Rights - Orpheus shall:
3.11.1 record and then refer all Data Subject Requests it receives to the Customer, without undue delay;
3.11.2 provide such assistance to the Customer as the Customer reasonably requests in relation to a Data Subject Request; and
3.11.3 not respond to any Data Subject Request or Complaint without the Customer’s prior written approval.
3.12 Without prejudice to clause 3.11 Orpheus shall, at its accidental losscost and expense, destruction or damageprovide such assistance to the Customer as the Customer reasonably requires (taking into account the nature of processing and
3.12.1 security of processing;
3.12.2 Data Protection Impact Assessments (as such term is defined in the Data Protection Laws);
3.12.3 prior consultation with a Supervisory Authority regarding high risk processing.
Appears in 1 contract
Sources: End User License Agreement (Eula)
Customer Data. 4.1
5.1. The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 5.2. The Supplier shall follow its archiving procedures for maintenance of metadata related to Customer Data as set out in its Privacy and Security Policy available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/privacy- security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer with available Customer comprehensible metadata to restore the lost or damaged Customer Data from the latest back-up version of such metadata related to Customer Data maintained by the Supplier in accordance with such archiving procedurethe procedure described in its Metadata Maintenance Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 5.9).
4.3 5.3. The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If 5.4. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
5.5. The parties acknowledge that:
(a) if the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case:for the purposes of the Data Protection Legislation.
(ab) Schedule 2 sets out the Customer acknowledges scope, nature and agrees that purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.
(c) the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;.
(b) 5.6. Without prejudice to the generality of clause 5.4, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf.
5.7. Without prejudice to the generality of clause 5.4, the Supplier shall, in relation to any personal data processed in connection with the performance by the Supplier of its obligations under this agreement:
(a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
(b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a data subject and have given their consent toin ensuring compliance with its obligations under the Data Protection Legislation with respect to security, such usebreach notifications, processing, impact assessments and transfer as required by all applicable data protection legislation;consultations with supervisory authorities or regulators;
(d) notify the Supplier shall process Customer without undue delay on becoming aware of a personal data breach;
(e) at the written direction of the Customer, delete or return personal data it can reasonably identify and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data only in accordance with (and for these purposes the terms of this agreement and any lawful instructions reasonably given by the Customer from time term "delete" shall mean to timeput such data beyond use); and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation.
5.8. Each party shall take ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with
(i) Amazon Web Services EMEA SARL or any other member of the Amazon Web Services Group; and (ii) any other third party processor the Supplier considers appropriate to the provision of the Services; as a third-party processor of personal data under this agreement. The Supplier confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business including terms related to the requirements of the Data Protection Legislation. As between the Customer and the Supplier, the Supplier shall use commercially reasonable efforts to enforce the terms of any third-party processor.
Appears in 1 contract
Sources: Software License Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy, as such document may be notified to amended by the Customer Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Back-Up Policy. The Supplier customer shall not be hold the supplier responsible for any loss, destruction, alteration or disclosure of Customer Data if caused by any third party (except those under the subcontract of the customer. Likewise, the supplier is responsible for any loss, destruction, alteration or disclosure cause by any third parties sub-contracted by party under the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 subcontract of the supplier. The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data Data, as such document may be notified to the Customer amended from time to timetime by the Supplier in its sole discretion.
4.4 If 5.3 The parties acknowledge that, for the Supplier processes any personal data on the Customer’s behalf when performing its obligations under purposes of this agreementAgreement, the parties record their intention that the Customer shall be is the data controller and the Supplier shall be a is the data processor (each within the meaning of the DPA). The parties shall give each other all reasonable assistance as appropriate or necessary to enable each other to comply with their data protection duties under this Agreement and the DPA. Where the Supplier is Processing Personal Data on behalf of the Customer under or in any such caseconnection with this Agreement, the Supplier shall:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order only Process such Personal Data as is necessary to carry out the Services and the Supplier’s other perform its obligations under this agreementAgreement and only in accordance with any instructions given by the Customer under this Agreement;
(b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data put in accordance with this agreement on the Customer's behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) each party shall take place appropriate technical and organisational measures against any unauthorised or unlawful processing of Personal Data and against the personal accidental loss or destruction of or damage to such Personal Data having regard to the specific requirements of this clause 5.4, the state of technical development and the level of harm that may be suffered by a data subject (as defined by the DPA) whose Personal Data is affected by unauthorised Processing or by its loss, damage or destruction;
(c) keep the Personal Data confidential and not disclose it to any third party without the prior written consent of the Customer;
(d) take reasonable steps to ensure the reliability of any of the Supplier’s personnel who will have access to Personal Data and ensure that such personnel are aware of and comply with the terms of this clause 5;
(e) report all incidents of data loss or breach of confidence to the Customer immediately and in accordance with industry best practice and cooperate with the Customer’s compliance and information security employees to support assessment, root cause analysis and identify any corrective action required; supporting the implementation of any required corrective action as agreed between the parties;
(f) not cause or allow Personal Data to be transferred outside the European Economic Area without the prior written consent of the Customer;
(g) where Personal Data is processed by a sub-contractor of the Supplier in connection with this Agreement, procure that such sub-contractor shall comply with the relevant obligations set out in this clause 5 as if such sub-contractor were the Supplier;
(h) permit the Customer (or a representative) to inspect and audit the Supplier’s facilities, equipment, documents and electronic data relating to the Supplier’s data processing activities. Where the Suppliers facilities relating to the Customers data processing activities reside within a third party cloud solution (for example Azure or Amazon Web Services) then the Supplier agrees to the Customer auditing the procedures, documents and any interfaces that show how the data is being processed and the agreements with said third party.
(i) at the end of this Agreement, howsoever arising, delete and/or destroy all Personal Data in accordance with clause 13.3(c) and provide confirmation of such deletion/destruction to the Customer;
(j) indemnify and keep the Customer indemnified against any loss, damages, costs, expenses (including without limitation legal costs and expenses), claims or proceedings whatsoever or howsoever to the extent arising from the Supplier’s (or its accidental losssub-contractor’s) unlawful or unauthorised disclosure of, processing, destruction or damageand/or damage to Personal Data in connection with this Agreement.
Appears in 1 contract
Sources: Software Service Agreement
Customer Data. 4.1 5.1 The Customer shall own all right, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data.
4.2 5.2 The Supplier retains primary responsibility for taking and maintaining backups of the Customer Data and shall take regular backups to protect against data loss, corruption or other damage.
5.3 The Supplier shall follow its archiving procedures for Customer Data as set out in its Privacy Policy, as such document may be notified to amended by the Customer Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in its Privacy Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 5.4 The Supplier shall, in providing the Services, comply with its Data Protection Privacy Policy relating to the privacy and security of the Customer Data available at the Website or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 5.5 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) 5.5.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;
(b) 5.5.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf;
(c) 5.5.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(e) 5.5.4 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
5.6 The Customer hereby grants to the Supplier a non-exclusive licence to use the Customer Data for the purposes of internal software improvements, including for the purpose of optimising the Services provided by the Supplier by way of comparisons across any and all Customer projects. The Supplier undertakes not to release details of the Customer projects arising from such improvements.
Appears in 1 contract
Customer Data. 4.1 The Customer shall own all right, title and interest in and to all of the Customer Data and Authorised users shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer their Data.
4.2 The supplier and customer shall fulfil its obligations of GDPR compliance as a ‘controllers’ and ‘processors’ of data which includes ( but not limited to) • Data protection impact assessments • Data protection officers • The right to be informed • The right to erasure • The right to rectification • The right to restrict processing
4.3 The Supplier shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to timedescribed in Schedule 4. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with such the archiving procedureprocedure described in Schedule 4. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up).
4.3 4.4 The Supplier shall, in providing the Services, comply with its Data Protection Policy relating will need to the privacy and security of the Customer Data as may be notified to the Customer from time to time.
4.4 If the Supplier processes any process Authorised users personal data on the Customer’s their behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:
(a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;
(b) the Customer users shall ensure that the Customer is they are entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's ’s behalf;
(c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation;
(db) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and
(ec) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.
4.5 The Supplier will ensure that all Health Companion Ltd Staff are aware of their responsibilities to fully comply with the provisions of the Data Protection Act (2018), including related Caldicott Guardian principles and the Computer Misuse Act and GDPR compliance. The Supplier may, at times, be required to access patient identifiable data in order to investigate and resolve system errors or data quality issues. It is the responsibility of the Supplier to ensure that its staff can: • fully justify the purpose of access, • do not access patient identifiable information unless it is absolutely necessary • access or use the minimum necessary patient identifiable information. Details of the Supplier’s Information Governance Policy can be obtained from the Operations Director at Health Companion Ltd. The Customers Security Principles should be provided to the Supplier at the Project Initiation meeting. The Supplier will be responsible for ensuring these are followed. The Customer will confirm whether explicit permissions will be required to access any patient identifiable information in order to carry out appropriate changes or investigations. The supplier will ensure that its processes enable the patient to actually consent to their data being extracted from clinical systems to populate their patient portal.
Appears in 1 contract
Sources: Service Agreement
Customer Data. 4.1 5.1. The Customer shall own all right, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data.
4.2 5.2. The Supplier shall follow its archiving procedures for maintenance of metadata related to Customer Data as set out in its Metadata Maintenance Policy available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/metadata-maintenance-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall be for the Supplier to use reasonable commercial endeavours to provide the Customer with available Customer comprehensible metadata to restore the lost or damaged Customer Data from the latest back-up version of such metadata related to Customer Data maintained by the Supplier in accordance with such archiving procedurethe procedure described in its Metadata Maintenance Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-upup for which it shall remain fully liable under clause 5.9).
4.3 5.3. The Supplier shall, in providing the Services, comply with its Data Protection Privacy and Security Policy relating to the privacy and security of the Customer Data available at ▇▇▇▇▇://▇▇▇▇▇▇▇▇.▇▇/privacy-security-policy or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier in its sole discretion.
4.4 If 5.4. Both parties will comply with all applicable requirements of the Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation.
5.5. The parties acknowledge that:
(a) if the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that Customer is the Customer shall be the data controller and the Supplier shall be a data is the processor and in any such case:for the purposes of the Data Protection Legislation.
(ab) Schedule 2 sets out the Customer acknowledges scope, nature and agrees that purpose of processing by the Supplier, the duration of the processing and the types of personal data and categories of data subject.
(c) the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement;.
(b) 5.6. Without prejudice to the generality of clause 5.4, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer is entitled to transfer the relevant personal data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf.
5.7. Without prejudice to the generality of clause 5.4, the Supplier shall, in relation to any personal data processed in connection with the performance by the Supplier of its obligations under this agreement:
(a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer;
(b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled:
(i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer;
(ii) the data subject has enforceable rights and effective legal remedies;
(iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and
(iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data;
(c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a data subject and have given their consent toin ensuring compliance with its obligations under the Data Protection Legislation with respect to security, such usebreach notifications, processing, impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators;
(d) notify the Supplier shall process Customer without undue delay on becoming aware of a personal data breach;
(e) at the written direction of the Customer, delete or return personal data it can reasonably identify and copies thereof to the Customer on termination of the agreement unless required by Applicable Law to store the personal data only in accordance with (and for these purposes the terms of this agreement and any lawful instructions reasonably given by the Customer from time term "delete" shall mean to timeput such data beyond use); and
(ef) each maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Customer if, in the opinion of the Supplier, an instruction infringes the Data Protection Legislation.
5.8. Each party shall take ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it).
5.9. The Customer consents to the Supplier appointing or otherwise hosting its Software with
Appears in 1 contract
Sources: Software License Agreement