Common use of Customer Data Clause in Contracts

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality , reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided Data as set out in its Back- Up Policy; such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to Customer Data maintained by the relevant third party supplier’s Security Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties subcontracted by the Supplier to perform services related to Customer Data maintenance and back-party up). 5.3 The Supplier shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that privacy and security of the Customer Data; such document may be amended from time to time by the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyin its sole discretion. 5.5 5.4 If the Supplier processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's ’s other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 6.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 6.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against the Supplier shall have sole responsibility be for the security, Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the Supplier within in accordance with the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security archiving procedure described in its Back-Up Policy. The Supplier currently utilises shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by the Fresh Desk application. For a copy Supplier to perform services related to Customer Data maintenance and back-up for which it shall remain fully liable under clause 6.9). 6.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Fresh Desk Security Policy see Customer Data available at ▇▇▇.▇▇://▇▇▇▇▇▇▇▇▇.▇▇.▇/security. The ▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Softwarein its sole discretion. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net 6.4 Both parties will follow all applicable requirements of the costs of recovery) equal to such loss from Data Protection Legislation. This clause 6 is in addition to, and does not relieve, remove or replace, a party's obligations under the relevant third partyData Protection Legislation. 5.5 If 6.5 The parties acknowledge that: (a) if the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be is the data controller and the Supplier shall be a is the data processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 Legislation (where Data Controller and Data Processor have the meanings as defined in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;Data Protection Legislation). (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms this agreement. If personal data is transferred or stored outside the UK, appropriate safeguards in accordance with UK GDPR, such as Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), will be implemented to ensure compliance with UK data protection laws. 6.6 Without prejudice to the generality of clause 6.1, the Customer will ensure that it has all necessary appropriate consents and Conditions notices in place to enable lawful transfer of Usethe Personal Data to the Supplier for the duration and purposes of this agreement so that the Supplier may lawfully use, process and transfer the Personal Data in accordance with this agreement on the Customer's behalf. 6.7 Without prejudice to the generality of clause 6.1, the Supplier shall, in relation to any Personal Data processed in connection with the performance by the Supplier of its obligations under this agreement: (a) Process that Personal Data only on the written instructions of the Customer, unless the Supplier is required by the laws of the United Kingdom, the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, or any applicable international laws to process Personal Data (Applicable Laws). In instances where the Supplier's data processing activities are subject to the laws of a member of the European Union due to cross-border operations or data transfers, and where such laws necessitate processing actions divergent from the Customer's instructions, the Supplier shall promptly notify the Customer of this requirement before commencing the processing required by the Applicable Laws, unless prohibited by those laws from providing such notification; (b) Not transfer any Personal Data outside of the United Kingdom or to any country not deemed to have adequate data protection laws by the UK Information Commissioner's Office (ICO), unless the following conditions are fulfilled: (i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer such as Standard Contractual Clauses (SCCs) specifically adapted for the data transfer requirements under the UK GDPR, or any future UK adequacy decisions. When transferring personal data outside the UK, the Supplier will ensure the use of Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO), or ensure that the destination country has been deemed to provide an adequate level of protection for personal data by the UK government; (ii) the data subject has enforceable rights and effective legal remedies in accordance with the UK GDPR and the Data Protection Act 2018; (iii) the Supplier ensures compliance with the UK Data Protection Legislation by providing an adequate level of protection to any Personal Data transferred, including adhering to any additional requirements set forth by the UK Information Commissioner's Office (ICO); and (iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the Personal Data; (c) assist the Customer, at the Customer's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer shall ensure that ICO within 72 hours of becoming aware of a data breach. Where the relevant third parties have been informed ofbreach is likely to result in a high risk to the rights and freedoms of natural persons, and have given their consent to, such use, processing and transfer as required by all applicable notify the affected data protection legislationsubjects without undue delay.; (e) at the Supplier shall process written direction of the personal data only in accordance with these Terms Customer, delete or return Personal Data and Conditions of Use and any lawful instructions reasonably given by copies thereof to the Customer from time on termination of the agreement unless required by Applicable Law to time;store the Personal Data; and (f) each maintain complete and accurate records and information to demonstrate its compliance with this clause 6. 6.8 Each party shall take ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the personal data harm that might result from the unauthorised or its unlawful processing or accidental loss, destruction or damage; anddamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymisation and encr ypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). (g) 6.9 The Supplier will ensure that any sub-contractors appointed to process personal data on behalf of the Customer are subject to written agreements that require them to process such data only on documented instructions from the Customer and in full compliance with the requirements of the UK GDPR, particularly Article 28. The Supplier confirms that it has entered or (as the case may be) will enter with the third- party processor into a written agreement substantially on that third party's standard terms of business. As between the Customer and the Supplier, the Supplier shall make remain fully liable for all acts or omissions of any third-party processor appointed by it pursuant to this clause 6. Full details of all third parties providing such services to the Supplier and maintain all necessary registration applications within all appropriate categories who are processing Personal data under this agreement are available upon request. 6.10 The Supplier will update its Privacy Policy to reflect any changes in sub-processors or the addition of new sub-processors. It is the responsibility of the Customer to regularly review the Privacy Policy to stay informed of such changes. 6.11 The Customer acknowledges and agrees that the Supplier relies on third-party services for the hosting and processing of Customer Data pursuant to this agreement. Specifically, Amazon Web Services (AWS) is utilised as the primary infrastructure provider due to its robust data security measures and adherence to data protection legislation relevant to our operations. For comprehensive details regarding the use of AWS, including the location of data centres and the specific security and compliance measures in place, refer to Schedule 2 of this agreement. This schedule outlines how data storage and processing activities through AWS are conducted in strict conformity with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, ensuring the highest standards of data protection and security are maintained. 6.12 The Supplier will ensure that any use of Customer Data in aggregated and anonymised form is done in a manner that fully ensures such data cannot be re-identified, adhering to the standards of anonymisation defined under the DPA as are required UK GDPR. 6.13 The supplier will assist the customer in relation ensuring compliance with the data subject rights under the Data Protection Legislation, including but not limited to rights of access, correction, deletion, and data portability. 6.14 The customer shall have the right to conduct an audit of the supplier's data processing activities related to this agreement once per year to ensure compliance with Data Protection Legislation and the terms of this agreement. Such audit shall be conducted at the customers expense, with reasonable prior notice, and shall not unreasonably interfere with the supplier's business operations 6.15 Any revisions to this clause related to data protection will be made in compliance with the latest data protection legislation and best practices, ensuring the protection of data subjects' rights. The Customer will be notified at least 30 days in advance of any personal data processed by the Supplier on such changes, which will only be implemented with the Customer's behalf when performing its consent if they materially alter the data protection obligations under these Terms and Conditions of Usethe parties. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 10.1 The Customer shall own all rightsright, title and interest in and to all of the data inputted by the Customer, Authorised Users, or IO Data on the Customer’s behalf for the purpose of using the Services or facilitating the Customer’s use of the Services (the “Customer Data Data”) and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The 10.2 In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for IO Data to use reasonable commercial endeavours to restore the securitylost or damaged Customer Data from the latest back-up of such Customer Data maintained by IO Data in accordance with its archiving procedure from time to time. IO Data shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties sub-contracted by IO Data to perform services related to Customer Data maintenance and back-up, archiving and recovery of Customer Data). 5.3 If 10.3 IO Data shall, in providing the Services, comply with its Privacy Policy relating to the privacy and security of the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇available at ▇▇▇▇▇▇.▇▇.▇/security. The Supplier accepts no liability for any ▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by IO Data transferred through the customer service icon provided within the Softwarein its sole discretion. 5.4 10.4 The Supplier shall not be responsible for any loss suffered by Customer agrees that IO Data may process its personal data and that of its Authorised Users to enable it to provide the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and Services to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partyCustomer. 5.5 10.5 If the Supplier IO Data processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis Agreement, the parties record their intention that the Customer shall be the data controller and the Supplier IO Data shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierIO Data's other obligations under these Terms and Conditions of Usethis Agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to IO Data so that IO Data may lawfully use, process and transfer the personal data in accordance with this Agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier IO Data shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Security Alliance shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy as such document may be amended by Security Alliance in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for Security Alliance to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, up of such Customer Data maintained by Security Alliance in accordance with the archiving and recovery of Customer Dataprocedure described in its Back-Up Policy. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier Alliance shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub- contracted Security Alliance to perform services related to Customer Data maintenance and back-party up). 5.4 Security Alliance shall, in providing customer service functionality in connection the Services, comply with the Software), except its Data Protection and Information Security Policies relating to the extent that the Supplier is entitled to recover privacy and has so recovered an amount (net security of the costs of recovery) equal Customer Data available by written request to Security Alliance, such loss document may be amended from the relevant third partytime to time by Security Alliance in its sole discretion. 5.5 If the Supplier Security Alliance processes any personal data (as such term is defined in the General Data Protection Regulation (GDPR) on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis Agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Security Alliance shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) 5.5.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's Security Alliance’s other obligations under these Terms and Conditions of Usethis Agreement; (d) 5.5.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to Security Alliance so that Security Alliance may lawfully use, process and transfer the personal data in accordance with this Agreement on the Customer's behalf; 5.5.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their specific informed consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (e) the Supplier 5.5.4 Security Alliance shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Agreement and any lawful instructions reasonably given by the Customer from time to time;; and (f) 5.5.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Customer shall have sole responsibility acknowledges and agrees to create, assign and maintain the Unique Identifier assigned to their Customer Data across all types of Data Sources for the security, back-up, archiving and recovery duration of Customer Data.this agreement 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Activ8 Intelligence shall follow its archiving procedures for Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security as set out in its Backup Policy see (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/security/en_US/saas-terms-and-conditions)) or such other website address as may be notified to the Customer, as such a document may be amended by Activ8 Intelligence in its sole discretion from time to time. The Supplier accepts no liability In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for any Activ8 Intelligence to use reasonable commercial endeavours to restore the lost or damaged Customer Data transferred through from the customer service icon provided within latest backup of such Customer Data maintained by Activ8 Intelligence in accordance with the Software. 5.4 The Supplier archiving procedure described in its Backup Policy. Activ8 Intelligence shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party party. 5.4 Activ8 Intelligence shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that the Supplier is entitled to recover privacy and has so recovered an amount (net security of the costs of recoveryCustomer Data (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en_US/saas- terms-and-conditions) equal and the Activ8 Intelligence Data Protection Agreement attached to these terms, or such loss other website address as may be notified to the Customer from the relevant third partytime to time, as such documents may be amended from time to time by Activ8 Intelligence in its sole discretion. 5.5 If the Supplier Activ8 Intelligence processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Activ8 Intelligence shall be a data processor and in any such case: (a) Unless agreed otherwise in writing by the Company, the Customer undertakes to comply with all acknowledges and agrees that the requirements of the Data Protection Act 1998 in connection with any personal data processed by may not be transferred or stored outside the Supplier on EEA in order to carry out the Customer's behalf when performing its Services and Activ8 Intelligence’s other obligations under these Terms and Conditions of Use this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Activ8 Intelligence so that the Supplier Activ8 Intelligence may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's ’s behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier Activ8 Intelligence shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The f) Activ8 Intelligence may collect, use, and disclose data derived from Customer’s use of the Service for industry analysis, benchmarking, analytics, marketing, and other business purposes in support of the provision of the Service. Any such data will be in aggregate form only and will not contain Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or identifiable data unless agreed in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Usewriting.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Boomerang shall follow its archiving procedures for Customer Data as set out in Boomerang’s Policy as such document may be amended by Boomerang in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's exclusive remedy shall have sole responsibility be for Boomerang to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, archiving and recovery up of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any such Customer Data uploaded via such service will be subject to maintained by Boomerang in accordance with the relevant third party supplierarchiving procedure described in Boomerang’s Security PolicyPolicies. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier Boomerang shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that those third parties have been sub-contracted by Boomerang to perform services related to Customer Data maintenance and back-up). 5.3 Boomerang shall, in providing the Supplier is entitled Services, comply with its Policy relating to recover the privacy and has so recovered an amount (net security of the costs of recovery) equal to such loss from the relevant third partyCustomer Data. 5.5 5.4 If the Supplier Boomerang processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis Agreement, the parties hereby record their intention and agreement that the Customer shall be the data controller and the Supplier Boomerang shall be a data processor. The obligations of the data controller and the data processor and are set out in Schedule 1. In any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) 5.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside within the EEA or the country where the Customer and and/or the Authorised Users and/or recipients are located in order to carry out the Services and the SupplierBoomerang's other obligations under these Terms and Conditions of Usethis Agreement; (d) 5.4.2 the Customer shall ensure at all times that the Customer is entitled to process and transfer the relevant information and personal data to Boomerang and that Boomerang can lawfully use, process and transfer the relevant information and personal data in order to provide the Services and/or in relation to this Agreement; 5.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their irrevocable and explicit consent to, to such use, processing processing, and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by . In particular, the Customer from agrees that Messages must only be delivered to recipients and third parties who have given their prior explicit consent to the quantity, frequency and type of Messages to be delivered via the Services. Customer shall have informed recipients and/or third parties beforehand and on an ongoing basis about their right at any time to time;opt-out of receiving Messages and will comply at all times with such instructions from recipients and/or third parties; and (f) 5.4.4 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) damage and the Customer shall make will at all times keep the information and maintain all necessary registration applications within all appropriate categories under the DPA as are required personal data which it uses in relation to the Services up to date and not keep it for any personal longer than is necessary under applicable data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Useprotection legislation. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 4.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all Customer Data. 5.2 4.2 The Customer acknowledges and agrees that the Customer Data shall have be transferred to and stored by the PaaS Supplier. 4.3 The archiving procedures for Customer Data shall be notified to the Customer by the Supplier. In the event of any loss or damage to Customer Data, the Customer's sole responsibility and exclusive remedy against the Supplier shall be for the security, Supplier to use reasonable commercial endeavours to require the PaaS Supplier to restore the lost or damaged Customer Data from the latest back-up, archiving and recovery up of such Customer Data. 5.3 If the Customer utilises the customer service icon provided Data maintained by the PaaS Supplier within in accordance with the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplierPaaS Supplier’s Security Policythen current archiving procedure. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 4.4 The Supplier shall, in providing the Services, comply with its privacy and IT and communications system policies relating to the privacy and security of the Customer Data as such policies may be amended from time to time by the Supplier in its sole discretion. 4.5 If the Supplier and/or the PaaS Supplier processes any personal data on the Customer's behalf when performing its the Supplier’s obligations under these Terms and Conditions of Usethis agreement (including the processing set out in Schedule 6), the parties record their intention that the Customer shall be the data controller and the Supplier and/or PaaS Supplier as appropriate shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA United Kingdom or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier and/or PaaS Supplier as appropriate for the duration and purposes of this agreement so that the Supplier and/or PaaS Supplier as appropriate may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; and (c) the Customer shall ensure that all relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable Data Protection Legislation. 4.6 The Supplier shall, in relation to any personal data processed by it on the Customer’s behalf when performing its obligations under this agreement: (a) process that personal data only on the documented written instructions of the Customer unless the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where the Supplier is relying on Applicable Laws as the basis for processing personal data, the Supplier shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit the Supplier from so notifying the Customer; (b) not transfer any personal data outside of the United Kingdom unless the following conditions are fulfilled: (i) the Customer or the Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection legislationto any personal data that is transferred; and (iv) the Supplier complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) at the Supplier shall process written direction of the Customer take all reasonable steps to delete or return personal data to the Customer on termination of the agreement unless required by Applicable Law to store the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time;data; and (f) each maintain complete and accurate records and information to demonstrate its compliance with this clause 4 and immediately inform the Customer if an instruction infringes the Data Protection Legislation. 4.7 Each party shall take ensure that it has in place appropriate technical and organisational measures to protect against unauthorised or unlawful processing of the personal data and against accidental loss or its destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage; and damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (g) the Customer shall make those measures may include, where appropriate, pseudonymising and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to any personal data processed can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 4.8 The Customer consents to the Supplier on appointing the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the PaaS Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing as a third-party processor of personal data under this agreement. The Supplier confirms that it has entered into a written agreement on that third party's standard terms of business which reflect the Customerrequirements of the Data Protection Legislation. 4.9 Either party may, at any time on not less than 30 days' notice, revise this clause 4 by replacing it with any applicable controller to processor standard clauses or similar terms forming part of an applicable certification scheme (which shall apply when replaced by attachment to this agreement). 4.10 Both parties will comply with all applicable requirements of the Data Protection Legislation and acknowledge that this obligation is in addition to, and does not relieve, remove or replace, a party's behalf when performing its obligations or rights under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of UseData Protection Legislation.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 The MY DIGITAL shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy, as such document may be amended by MY DIGITAL in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against MY DIGITAL shall have sole responsibility be for MY DIGITAL to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, archiving and recovery up of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any such Customer Data uploaded via such service will be subject to maintained by MY DIGITAL in accordance with the relevant third party supplier’s Security archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier MY DIGITAL shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality contracted by MY DIGITAL to perform services related to Customer Data maintenance and back-up for which it shall remain fully liable under clause 5.10). The Customer shall ensure that each of its Authorised Users is aware of the Back Up Policy and MY DIGITAL’s obligations with regard to the restoration of Customer Data. 5.3 The Privacy Policy is incorporated into this contract by reference and applies to the Subscription Services. The Customer acknowledges and agrees that Customer Data shall be collected and used by MY DIGITAL in connection accordance with the Software), except Privacy Policy and shall ensure that each Authorised User is aware of the Privacy Policy and provides its prior written consent to the extent Customer which shall confirm that each Contractor User and End Client User has seen and agrees to that party’s personal data being used by MY DIGITAL in accordance with the Supplier is entitled Privacy Policy. MY DIGITAL shall, in providing the Services, comply with its Privacy Policy relating to recover the privacy and has so recovered an amount (net security of the costs Customer Data. 5.4 Both parties will comply with all applicable requirements of recovery) equal to such loss from the relevant third Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation. 5.5 If the Supplier The Customer shall not disclose (and shall not permit any data subject to disclose), any sensitive personal data/special categories of personal data to MY DIGITAL for processing. 5.6 The parties acknowledge that where MY DIGITAL processes any personal data as described in this contract on the Customer's ’s behalf when performing its obligations under these Terms this contract, and Conditions for the purposes of Usethis Contract, the parties record their intention that Customer is the Customer shall be the data controller and MY DIGITAL is the Supplier shall be a data processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 in connection with any personal data processed by Legislation. 5.7 Without prejudice to the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions generality of Use ; (b) clause 5.4, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable the Customer is entitled to lawful transfer of the relevant personal data to MY DIGITAL for the Supplier duration and purposes of this contract so that the Supplier MY DIGITAL may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this contract on the Customer's behalf;. (c) 5.8 Without prejudice to the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions generality of Use; (d) the Customer shall ensure that the relevant third parties have been informed ofclause 5.4, and have given their consent toMY DIGITAL shall, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier performance by MY DIGITAL of its obligations under this contract: (a) process that personal data only on the documented written instructions of the Customer unless MY DIGITAL is required by the laws of any member of the European Union or by the laws of the European Union applicable to MY DIGITAL and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where MY DIGITAL is relying on Applicable Laws as the basis for processing personal data, MY DIGITAL shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit MY DIGITAL from so notifying theCustomer; (b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled: (i) the Customer or MY DIGITAL has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) MY DIGITAL complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and (iv) MY DIGITAL complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of this contract unless required by Applicable Law to store the personal data; and (f) maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Company if, in the opinion of the MY DIGITAL, an instruction infringes the Data Protection Legislation. 5.9 Each party shall ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 5.10 The Customer consents to MY DIGITAL appointing AWS Europe as a third-party processor of personal data under this contract. MY DIGITAL confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business and which reflect the requirements of the Data Protection Legislation. As between the Customer and MY DIGITAL, MY DIGITAL shall remain fully liable for all acts or omissions of any third- party processor appointed by it pursuant to this clause 5. 5.11 The Customer acknowledges and agrees that internet transmissions are never completely private or secure and that any message or information which is sent or received using the Services may be read or intercepted by others, even if a particular transmission is encrypted. 5.12 The Customer consents (on behalf of itself and each Authorised User) to MY DIGITAL collecting and using technical information about the devices and related software, hardware and peripherals for services that are internet or wireless based to improve its products and to provide any Services to the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The 13.1 Except for Pattern Data that is owned by REDi, the Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 13.2 The Customer hereby grants REDi a worldwide, royalty-free, and non-exclusive license during the term of its subscription to access Customer Data in order to provide the Services, including storing, hosting and management of such content (“Content License”) 13.3 Unless otherwise agreed to under a Contract, REDi shall have follow its archiving procedures for Customer Data as set out in its Back-Up Policy, which policy shall be made available on receipt of Customer’s written request. In the event of any loss or damage to Customer Data, the Customer's sole responsibility and exclusive remedy shall be for REDi to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, archiving and recovery up of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any such Customer Data uploaded via such service will be subject to maintained by REDi in accordance with the relevant third party supplier’s Security archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier REDi shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with the Softwarecontracted by REDi to perform services related to Customer Data maintenance and back-up), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If 13.4 The Customer understands that REDi, in performing the Supplier processes any personal data on required technical steps to provide the Customer's behalf when performing its obligations under these Terms and Conditions of UseServices, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case:may (a) the transmit or distribute Customer undertakes to comply with all the requirements of the Data Protection Act 1998 over various public or private networks and in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ;various media; and (b) make such changes to Customer Data as are necessary to conform and adapt that Customer Data to the technical requirements of connecting networks, devices, Services or media; 13.5 Where the use of the Customer shall ensure that Data involves the Customer is entitled Processing of any Personal Information, the Parties agree to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data execute all Processing in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer Data Processing Legislation. REDi’s processing shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only take place in accordance with these Terms and Conditions its Privacy Policy. 13.6 Where any Processing needs to be executed by a Third Party Service Provider on behalf of Use and any lawful instructions reasonably given the Customer or as instructed by the Customer, such Processing shall only take place subsequent to i) receipt by ▇▇▇▇ of a written consent from Customer from time to timeallow sharing of Customer Data to said Third Party Service Provider and ii) the signing of the REDi Data Processing Agreement by the Third Party Service Provider; (f) each party shall take appropriate technical 13.7 The accuracy and organisational measures against unauthorised or unlawful processing maintenance of the personal Customer Data (Customer and/or Authorised User data or its accidental loss, destruction or damage; and (gEnd User data) in the Services is the responsibility of the Customer shall make and/or Authorised – or End Users. REDi will however provide (where reasonably possible) advice and maintain assistance wherever possible, within the limits of this Main Agreement, to improve the accuracy of the information at all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Usetime. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer 6.1 You shall own all rightsright, title and interest in and to all of the your Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 The 6.2 Millpledge will maintain commercially appropriate technical and organisational measures to ensure a level of security appropriate to the risk to protect Patient Records. In the event of any loss or damage to your Customer Data and/or Patient Records, your sole and exclusive remedy against Millpledge shall have sole responsibility be for Millpledge to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data and/or Patient Records from the latest back-up, archiving and recovery of Customer Dataup maintained by Millpledge (or its hosting provider). 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier 6.3 Millpledge shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any your Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If 6.4 Millpledge strongly encourages you to take appropriate measures to secure, store and backup your important information and Customer Data (including Patient Records). 6.5 Millpledge shall, in providing the Supplier processes any personal data on Service, follow its standard privacy and security procedures to protect the Customer's behalf when performing its obligations under these Terms privacy and Conditions security of Useyour Customer Data, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any as such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data procedures may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer amended from time to time;time by Millpledge in its sole discretion. 6.6 Millpledge has no duty (funless applicable laws or regulations provide otherwise) each party shall take appropriate technical to pre- screen, control, monitor or edit your Customer Data. 6.7 You agree that Millpledge may access and organisational measures against unauthorised use your Customer Data for the purposes of providing support to you or unlawful processing your Authorised Users when requested, for security purposes, to develop and improve the Service as part of internal data processes, as permitted by applicable law and these Terms of Service and/or for the purposes of collecting and aggregating data as described in clause 6.8. 6.8 Millpledge may monitor use of the personal Service by all of its customers and use the information gathered in an aggregate and anonymous manner. You agree that Millpledge may use and publish such information, provided that such information does not identify you. For clarity, any data provided to other customers or its accidental lossthird parties will only be in an aggregated and anonymous manner. Millpledge uses Customer Data in an anonymised manner for reporting purposes, destruction or damage; and (g) including providing aggregated data to corporate groups of their member veterinary practices, and for machine learning that supports certain product features and/or functionality within the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of UseService. 5.6 The Customer 6.9 This clause 6 shall indemnify and keep indemnified survive termination or expiry of the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of UseSubscription Term.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 MY DIGITAL shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy, as such document may be amended by MY DIGITAL in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against MY DIGITAL shall be for MY DIGITAL to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up ofsuch Customer Data maintained by MY DIGITAL in accordance with the archivingprocedure described in its Back-Up Policy. MY DIGITAL shall not be responsible for anyloss, destruction, alteration or disclosure of Customer Data caused by any third party(except those third parties sub-contracted by MY DIGITAL to perform services related to Customer Data maintenance and back-up forwhich it shall remain fully liable under clause 5.10). The Customer shall have sole responsibility for ensure that each of its Authorised Users is aware of the security, back-up, archiving Back Up Policy and recovery MY DIGITAL’s obligations withregard to the restoration of Customer Data. 5.3 If The Privacy Policy is incorporated into this contract by reference and applies to the Subscription Services. The Customer acknowledges and agrees that Customer Data shall be collected and used by MY DIGITAL in accordance with the Privacy Policy and shall ensure that each Authorised User is aware of the Privacy Policy and provides its prior written consent to the Customer utilises which shall confirm that each Contractor User and End Client User hasseen and agrees to that party’s personal data being used by MY DIGITAL in accordance with the customer service icon provided by Privacy Policy. MY DIGITAL shall, in providing the Supplier within Services, comply with its Privacy Policy relating to the Software privacy and security of the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the SoftwareData. 5.4 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection Both parties will comply with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net all applicable requirements of the costs of recovery) equal to such loss from Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the relevant third partyData Protection Legislation. 5.5 If the Supplier The Customer shall not disclose (and shall not permit any data subject to disclose), any sensitive personal data/special categories of personal data to MY DIGITAL for processing. 5.6 The parties acknowledge that where MY DIGITAL processes any personal data as described in this contract on the Customer's ’s behalf when performing its obligations under these Terms this contract, and Conditions for the purposes of Usethis Contract, the parties record their intention that Customer is the controller and MY DIGITAL is the processor for the purposes of the Data Protection Legislation. 5.7 Without prejudice to the generality of clause 5.4, the Customer shall be will ensure that it has all necessary appropriate consents and notices in place to enable the lawful transfer of the personal data controller to MY DIGITAL for the duration and purposes of this contract so that MY DIGITAL may lawfully use, process and transfer the Supplier shall be a personal data processor and in any such caseaccordancewith this contract on the Customer's behalf. 5.8 Without prejudice to the generality of clause 5.4, MY DIGITAL shall, in relation to anypersonal data processed in connection with the performance by MY DIGITAL of its obligations under this contract: (a) process that personal data only on the documented written instructions of the Customer undertakes unless MY DIGITAL is required by the laws of any member of the European Union or by the laws of the European Union applicable to comply MY DIGITAL and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where MY DIGITAL is relyingon Applicable Laws as the basis for processing personal data, MY DIGITAL shall promptly notify the Customer ofthis before performing the processingrequired by the Applicable Laws unless those Applicable Laws prohibit MYDIGITAL from so notifying the Customer; (b) not transfer any personal data outside of the European Economic Area andthe United Kingdom unless the following conditions are fulfilled: (i) the Customer or MY DIGITAL has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) MY DIGITAL complies with all its obligations under the Data Protection Legislation by providingan adequate level of protection to any personal data that is transferred; and (iv) MY DIGITAL complies withreasonable instructions notified to it in advance by the Customer withrespect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuringcompliance with its obligations under the Data Protection Legislation with respect to security, breach notifications,impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personaldata breach; (e) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of this contract unless required by Applicable Law to store the personal data; and (f) maintain complete and accuraterecords and information to demonstrate its compliance with this clause 5 and immediately inform the Company if, in the opinion of the MY DIGITAL, an instruction infringes the Data Protection Legislation. 5.9 Each party shall ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorisedor unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personaldata, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 5.10 The Customer consents to MY DIGITAL appointing AWS Europe as a third-party processor of personal data under this contract. MY DIGITAL confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business and which reflectthe requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) Legislation. As between the Customer and MY DIGITAL, MY DIGITAL shall ensure that the Customer is entitled remain fully liable for all acts or omissions of any third- party processor appointed by it pursuant to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf;this clause 5. (c) the 5.11 The Customer acknowledges and agrees that internet transmissions are never completely private or secure and that any message or information which is sent or received using the personal data Services may be transferred read or stored outside intercepted by others, even if a particular transmission is encrypted. 5.12 The Customer consents (on behalf of itself and each Authorised User) to MY DIGITAL collecting and using technical informationabout the EEA devices and related software, hardware and peripherals for services that are internet or the country where the Customer wireless based to improve its products and the Authorised Users are located in order to carry out the provide any Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 The MY DIGITAL shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy, as such document may be amended by MY DIGITAL in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy against MY DIGITAL shall have sole responsibility be for MY DIGITAL to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, archiving and recovery up of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any such Customer Data uploaded via such service will be subject to maintained by MY DIGITAL in accordance with the relevant third party supplier’s Security archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier MY DIGITAL shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality contracted by MY DIGITAL to perform services related to Customer Data maintenance and back-up for which it shall remain fully liable under clause 5.10). The Customer shall ensure that each of its Authorised Users is aware of the Back Up Policy and MY DIGITAL’s obligations with regard to the restoration of Customer Data. 5.3 The Privacy Policy is incorporated into this contract by reference and applies to the Subscription Services. The Customer acknowledges and agrees that Customer Data shall be collected and used by MY DIGITAL in connection accordance with the Software), except Privacy Policy and shall ensure that each Authorised User is aware of the Privacy Policy and provides its prior written consent to the extent Customer which shall confirm that each Contractor User and End Client User has seen and agrees to that party’s personal data being used by MY DIGITAL in accordance with the Supplier is entitled Privacy Policy. MY DIGITAL shall, in providing the Services, comply with its Privacy Policy relating to recover the privacy and has so recovered an amount (net security of the costs Customer Data. 5.4 Both parties will comply with all applicable requirements of recovery) equal to such loss from the relevant third Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation. 5.5 If the Supplier The Customer shall not disclose (and shall not permit any data subject to disclose), any sensitive personal data/special categories of personal data to MY DIGITAL for processing. 5.6 The parties acknowledge that where MY DIGITAL processes any personal data as described in this contract on the Customer's ’s behalf when performing its obligations under these Terms this contract, and Conditions for the purposes of Usethis Contract, the parties record their intention that Customer is the Customer shall be the data controller and MY DIGITAL is the Supplier shall be a data processor and in any such case: (a) for the Customer undertakes to comply with all the requirements purposes of the Data Protection Act 1998 in connection with any personal data processed by Legislation. 5.7 Without prejudice to the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions generality of Use ; (b) clause 5.4, the Customer shall will ensure that it has all necessary appropriate consents and notices in place to enable the Customer is entitled to lawful transfer of the relevant personal data to MY DIGITAL for the Supplier duration and purposes of this contract so that the Supplier MY DIGITAL may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this contract on the Customer's behalf;. (c) 5.8 Without prejudice to the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions generality of Use; (d) the Customer shall ensure that the relevant third parties have been informed ofclause 5.4, and have given their consent toMY DIGITAL shall, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier performance by MY DIGITAL of its obligations under this contract: (a) process that personal data only on the documented written instructions of the Customer unless MY DIGITAL is required by the laws of any member of the European Union or by the laws of the European Union applicable to MY DIGITAL and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where MY DIGITAL is relying on Applicable Laws as the basis for processing personal data, MY DIGITAL shall promptly notify the Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit MY DIGITAL from so notifying the Customer; (b) not transfer any personal data outside of the European Economic Area and the United Kingdom unless the following conditions are fulfilled: (i) the Customer or MY DIGITAL has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) MY DIGITAL complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any personal data that is transferred; and (iv) MY DIGITAL complies with reasonable instructions notified to it in advance by the Customer with respect to the processing of the personal data; (c) assist the Customer, at the Customer's cost, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (d) notify the Customer without undue delay on becoming aware of a personal data breach; (e) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of this contract unless required by Applicable Law to store the personal data; and (f) maintain complete and accurate records and information to demonstrate its compliance with this clause 5 and immediately inform the Company if, in the opinion of the MY DIGITAL, an instruction infringes the Data Protection Legislation. 5.9 Each party shall ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personal data, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 5.10 The Customer consents to MY DIGITAL appointing AWS Europe as a third-party processor of personal data under this contract. MY DIGITAL confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business and which reflect the requirements of the Data Protection Legislation. As between the Customer and MY DIGITAL, MY DIGITAL shall remain fully liable for all acts or omissions of any third- party processor appointed by it pursuant to this clause 5. 5.11 The Customer acknowledges and agrees that internet transmissions are never completely private or secure and that any message or information which is sent or received using the Services may be read or intercepted by others, even if a particular transmission is encrypted. 5.12 The Customer consents (on behalf of itself and each Authorised User) to MY DIGITAL collecting and using technical information about the devices and related software, hardware and peripherals for services that are internet or wireless based to improve its products and to provide any Services to the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 7.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The 7.2 IMU shall follow its archiving procedures for Customer Data as set out in its Back-Up Policy, as such document may be amended by IMU in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall have sole responsibility be for IMU to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, archiving and recovery up of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any such Customer Data uploaded via such service will be subject to maintained by IMU in accordance with the relevant third party supplier’s Security archiving procedure described in its Back-Up Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier IMU shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with the Softwarecontracted by IMU to perform services related to Customer Data maintenance and back-up), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 7.3 IMU shall, in providing the Services, comply with its Privacy and Security Policy, as such docu- ment may be amended from time to time by IMU in its sole discretion. 7.4 If the Supplier IMU processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis Contract, the parties record their intention that the Customer shall be the data controller control- ler and the Supplier IMU shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) 7.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA United Kingdom or the country where the Customer and the Authorised Autho- rised Users are located in order to carry out the Services and the Supplier's IMU’s other obligations under these Terms and Conditions of Usethis Contract; (d) 7.4.2 the Customer shall ensure that the Customer is entitled to transfer the relevant person- al data to IMU so that IMU may lawfully use, process and transfer the personal data in accordance with this Contract on the Customer’s behalf; 7.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable applica- ble data protection legislation; (e) the Supplier 7.4.4 IMU shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Contract and any lawful instructions reasonably given by the Customer from time to time;; and (f) 7.4.5 each party shall take appropriate technical and organisational measures against unauthorised unau- thorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 4.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 4.2 The Supplier shall follow its archiving procedures for Customer shall have sole responsibility for the security, back-up, archiving and recovery of Customer Data. 5.3 If the Customer utilises the customer service icon provided Data as set out in its back- up policy available on request in writing as such document may be amended by the Supplier within in its sole discretion from time to time. In the Software event of any loss or damage to Customer Data, the Customer acknowledges that any Customer's sole and exclusive remedy shall be for the Supplier to use reasonable endeavours to restore the lost or damaged Customer Data uploaded via from the latest back-up of such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through maintained by the customer service icon provided within Supplier in accordance with the Software. 5.4 archiving procedure described in its back-up policy. The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 4.3 The Supplier shall, in providing customer service functionality the Services: (a) comply with all Data Protection Laws in connection with the Software)processing of Customer Data, except the Services and the exercise and performance of its respective rights and obligations under this Contract, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and (b) comply with its privacy and data protection policy as may be updated from time to time by the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third partySupplier. 5.5 4.4 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethis Contract, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Usethis Contract; (db) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this Contract on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier shall process the personal data only in accordance with these Terms and Conditions the terms of Use this Contract and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 6.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The 6.2 Smartway2 Ltd shall follow its archiving procedures for Customer Data as may be notified to the Customer from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for Smartway2 Ltd to use reasonable commercial endeavours to restore the securitylost or damaged Customer Data from the latest back-up of such Customer Data maintained by Smartway2 Ltd. For the avoidance of doubt, back-up, archiving up procedures do not form part of the Services and recovery of Customer Data. 5.3 If are offered to the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policywith no warranty or guarantee of their date, accuracy or integrity. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier Smartway2 Ltd shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 If 6.3 The Customer grants to the Supplier a non-exclusive, non-transferable licence to access and view the Customer Data for the purposes assessing and improving the Services during the Subscription Term. Smartway2 Ltd shall not modify the Customer Data and shall, in providing the Services, comply with commercially prudent practices relating to the privacy and security of the Customer Data. 6.4 If Smartway2 Ltd processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Smartway2 Ltd shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's Smartway2 Ltd’s other obligations under these Terms and Conditions of Usethis agreement; (db) the Customer shall ensure it is entitled to transfer the relevant personal data to Smartway2 Ltd so that Smartway2 Ltd may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation;; and (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (fd) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality , reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data as described in the Service Level Agreement or the Supplier’s Hosting Policy (as applicable). The Supplier may, without obligation to the Customer, make such additional backup or archiving arrangements as it sees fit. 5.3 In the event of any loss or damage to Customer Data during the Licence Term, the Supplier shall have sole responsibility for be under no obligation to retrieve the securityCustomer’s Data from any back-up taken by or on behalf of the Supplier. 5.4 The Supplier shall not be required to maintain, back-up, archiving and recovery protect or retrieve any Customer Data after the expiry of Customer Datathe Licence Term. 5.3 5.5 If the Customer utilises the customer service icon provided by the Supplier within the Software Software, the Customer acknowledges that any Customer Data uploaded via such service will be subject to the relevant third third-party supplier’s Security Policysecurity policy. The Supplier currently utilises the a Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 5.6 The Supplier shall not be responsible for any loss suffered by the Customer as a result of or arising from the destruction, alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except and to the extent that the Supplier is entitled to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party. 5.5 5.7 If the Supplier processes any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 ▇▇▇ ▇▇▇▇ in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use Use; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 5.8 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Customer shall have sole responsibility acknowledges and agrees to create, assign and maintain the Unique Identifier assigned to their Customer Data across all types of Data Sources for the security, back-up, archiving and recovery duration of Customer Datathis agreement. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any Activ8 Intelligence shall follow its archiving procedures for Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security as set out in its Backup Policy see (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/security/en_US/saas-terms-and-conditions) or such other website address as may be notified to the Customer, as such a document may be amended by Activ8 Intelligence in its sole discretion from time to time. The Supplier accepts no liability In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for any Activ8 Intelligence to use reasonable commercial endeavours to restore the lost or damaged Customer Data transferred through from the customer service icon provided within latest backup of such Customer Data maintained by Activ8 Intelligence in accordance with the Software. 5.4 The Supplier archiving procedure described in its Backup Policy. Activ8 Intelligence shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any third-party party. 5.4 Activ8 Intelligence shall, in providing customer service functionality in connection the Services, comply with the Software), except its Privacy and Security Policy relating to the extent that the Supplier is entitled to recover privacy and has so recovered an amount (net security of the costs of recoveryCustomer Data (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en_US/saas- terms-and-conditions) equal and the Activ8 Intelligence Data Protection Agreement attached to these terms, or such loss other website address as may be notified to the Customer from the relevant third partytime to time, as such documents may be amended from time to time by Activ8 Intelligence in its sole discretion. 5.5 If the Supplier Activ8 Intelligence processes any personal data on the Customer's ’s behalf when performing its obligations under these Terms and Conditions of Usethis agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Activ8 Intelligence shall be a data processor and in any such case: (a) unless agreed otherwise in writing by the Company, the Customer undertakes to comply with all acknowledges and agrees that the requirements of the Data Protection Act 1998 in connection with any personal data processed by may not be transferred or stored outside the Supplier on EEA in order to carry out the Customer's behalf when performing its Services and Activ8 Intelligence’s other obligations under these Terms and Conditions of Use this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Activ8 Intelligence so that the Supplier Activ8 Intelligence may lawfully use, process and transfer the personal data in accordance with these Terms and Conditions of Use this agreement on the Customer's ’s behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation; (ed) the Supplier Activ8 Intelligence shall process the personal data only in accordance with these Terms and Conditions the terms of Use this agreement and any lawful instructions reasonably given by the Customer from time to time;; and (fe) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The f) Activ8 Intelligence may collect, use, and disclose data derived from Customer’s use of the Service for industry analysis, benchmarking, analytics, marketing, and other business purposes in support of the provision of the Service. Any such data will be in aggregate form only and will not contain Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or identifiable data unless agreed in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Usewriting.

Customer Data. 5.1 The Parties acknowledge the Customer shall own all rights, title and interest in and to all is the owner of the Customer Data and the data controller of the Customer Personal Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The AH shall follow its archiving procedures for Customer Data as set out in its back- up policy as may be notified to the Customer from time to time, as such document may be amended by AH in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer's sole and exclusive remedy shall have sole responsibility be for AH to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, archiving and recovery up of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any such Customer Data uploaded via such service will be subject to maintained by AH in accordance with the relevant third party supplier’s Security Policyarchiving procedure described in its back-up policy. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier AH shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party providing customer service functionality in connection with the Softwarecontracted by AH to perform services related to Customer Data maintenance and back-up), except and . 5.3 Subject to the terms and conditions of this Agreement and clause 5.8 below, Customer hereby grants to AH a non-exclusive, limited, royalty-free licence, to use the Customer Data as necessary to provide the Software and perform the Services under this Agreement. 5.4 To the extent applicable to the Services provided by AH to Customer under this Agreement, AH will having regard to the state of technological development and the cost of implementing any measures, implement and maintain commercially reasonable security measures designed to meet the following objectives (collectively, the "AH Security Program"): 5.4.1 ensure the security and confidentiality of Customer Data in the custody and under the control of AH; 5.4.2 protect against any anticipated threats or hazards to the security or integrity of such Customer Data; 5.4.3 protect against unauthorised access to or use of such Customer Data; 5.4.4 encrypt Customer Data as specified in clause 5.5 below; and 5.4.5 save as provided in clause 5.8 below, ensure that the Supplier AH’s return or disposal of such Customer Data is entitled performed in a manner consistent with AH’s obligations under clauses 5.4.1 to recover and has so recovered an amount (net of the costs of recovery) equal to such loss from the relevant third party5.4.5 above. 5.5 If the Supplier processes AH will encrypt Customer Data in AH’s possession or under its control when transmitted, using any personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Usethen current industry standard encryption technology. Where applicable, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in is solely responsible for safeguarding all encryption keys applicable to Customer Data. Customer may not provide any such case: (a) the Customer undertakes keys to comply with all the requirements of the Data Protection Act 1998 AH without AH’s express, prior written consent in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's other obligations under these Terms and Conditions of Use; (d) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing and transfer as required by all applicable data protection legislation; (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Useinstance. 5.6 The AH will notify Customer shall indemnify of unauthorised access to, or use or disclosure of Customer Data within AH’s custody and keep indemnified control within ten (10) Business Days of AH’s confirmation of the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection same; each party will reasonably cooperate with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save other with respect to the extent that the same is caused by investigation and resolution of such unauthorised access, use or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence disclosure. Upon confirmation of any vulnerability or breach of AH’s security affecting Customer Data in AH’s custody and control, AH will modify its obligations under these Terms processes and Conditions security program as necessary to mitigate the effects of Usethe vulnerability or breach upon such Customer Data. Customer will notify AH of any security compromise affecting its Authorised Users' authentication credentials used to access the Software and any Customer systems or networks that interoperate with or transmit data to AH within two (2) Business Days of confirmation of the same.

Customer Data. 5.1 The Customer Customer’s Group shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The SDS shall not archive Customer Data without prior written notification. Customer Data will be backed up every night and the Customer will have the right to get data restored upon request. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall have sole responsibility be for SDS to use reasonable commercial endeavours to restore the security, lost or damaged Customer Data from the latest back-up, archiving and recovery up of Customer Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier within the Software the Customer acknowledges that any such Customer Data uploaded via such service will be subject to the relevant third party supplier’s Security Policymaintained by SDS. The Supplier currently utilises the Fresh Desk application. For a copy of the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data transferred through the customer service icon provided within the Software. 5.4 The Supplier SDS shall not be responsible for any loss suffered by the Customer as a result of or arising from the loss, destruction, alteration, alteration or disclosure of any Customer Data caused by any third party (including any thirdexcept those third parties sub-party contracted by SDS to perform services related to Customer Data maintenance and back-up). 5.3 SDS shall, in providing customer service functionality in connection the Services, comply with the Software), except its privacy and security policy relating to the extent that the Supplier is entitled to recover privacy and has so recovered an amount (net security of the costs of recovery) equal Customer Data available at ▇▇▇.▇-▇-▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such loss document may be amended from the relevant third partytime to time by SDS in its sole discretion. 5.5 5.4 If the Supplier SDS processes any personal data on the Customer's ’s Group’s behalf when performing its obligations under these Terms and Conditions of Usethis Agreement, the parties record their intention that the Customer shall be the data controller and the Supplier SDS shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) 5.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier's SDS’s other obligations under these Terms and Conditions this Agreement, where this is the case SDS will only use service providers which adhere to Standard Contract Clauses (SCCs, also referred to as Model Contract Clauses) to ensure any such data transfers are provided with at least the same level of Usestatutory protection as GDPR; (d) 5.4.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to SDS so that SDS may lawfully use, process and transfer the personal data in accordance with this Agreement on the Customer’s behalf; 5.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing processing, and transfer as required by all applicable data protection legislation;; and (e) the Supplier shall process the personal data only in accordance with these Terms and Conditions of Use and any lawful instructions reasonably given by the Customer from time to time; (f) 5.4.4 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and. (g) 5.5 The Customer agrees that Customer Data may be processed by SDS as SDS deems necessary for its Business Interests. To the extent that any of the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to Data comprise any personal data processed by as defined under any applicable data protection legislation, SDS confirms that, prior to carrying out any necessary processing for its Business Interest, the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The relevant Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save Data will be anonymised to the extent that no natural person is identifiable or will become identifiable by the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach use of its obligations under these Terms and Conditions of Useadditional information.