Common use of Customer Data Clause in Contracts

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy; such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.

Customer Data. 5.1 10.1 The Customer shall own all rightsright, title and interest in and to all of the data inputted by the Customer, Authorised Users, or IO Data on the Customer’s behalf for the purpose of using the Services or facilitating the Customer’s use of the Services (the “Customer Data Data”) and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy; such document may be amended by the Supplier in its sole discretion from time to time. 10.2 In the event of any loss or damage to Customer Data, the Customer’s 's sole and exclusive remedy shall be for the Supplier IO Data to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier IO Data in accordance with the its archiving procedure described in its Back-Up Policyfrom time to time. The Supplier IO Data shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted sub-contracted by the Supplier IO Data to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier 10.3 IO Data shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; Data available at ▇▇▇▇▇▇.▇▇.▇▇ or such other website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier IO Data in its sole discretion. 5.4 10.4 The Customer agrees that IO Data may process its personal data and that of its Authorised Users to enable it to provide the Services to the Customer. 10.5 If the Supplier IO Data processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier IO Data shall be a data processor and in any such case: (a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s IO Data's other obligations under this agreementAgreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier IO Data so that the Supplier IO Data may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer’s 's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier IO Data shall process the personal data only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.

Customer Data. 5.1 10.1 The Contractor shall not delete or remove any proprietary notices contained within or relating to Customer Data. 10.2 The Contractor shall own all rightsnot store, title copy, disclose, or use Customer Data except as necessary for the performance by the Contractor of its obligations under the Contract or as otherwise expressly authorised in writing by the Customer. 10.3 To the extent that Customer Data is held and/or processed by the Contractor, the Contractor shall supply that Customer Data to the Customer as may be requested by the Customer and interest in and to all the format specified by the Customer. 10.4 The Contractor shall take responsibility for preserving the integrity of the Customer Data and shall have sole responsibility for take all necessary steps to prevent the legality, reliability, integrity, accuracy and quality corruption or loss of the Customer Data. 5.2 The Supplier shall follow its archiving procedures for 10.5 To the extent that Customer Data as set out in its Back- Up Policy; such document may be amended is held and/or processed by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer DataContractor, the Customer’s sole and exclusive remedy Contractor shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged perform secure back-ups of all Customer Data from the latest and shall ensure that up-to-date back-up of such Customer Data maintained by the Supplier ups are stored off-site in accordance with the archiving procedure described in its Back-Up PolicyCustomer’s instructions. The Supplier Contractor shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted by the Supplier to perform services related to Customer Data maintenance and ensure that such back-up)ups are available to the Customer at all times upon request and are delivered to the Customer at agreed intervals. 5.3 10.6 The Supplier shall, in providing Contractor shall ensure that any system on which the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Contractor holds Customer Data; such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier processes any personal data on , including back-up data, is a secure system that complies with the Customer’s behalf when performing its obligations under this agreementcurrent Security Policy. If any Customer Data is corrupted, lost or sufficiently degraded as a result of the Contractor's Default so as to be unusable, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such casemay: (a) require the Contractor (at the Contractor's expense) to restore or procure the restoration of the Customer acknowledges and agrees that Data to the personal data may be transferred or stored outside the EEA or the country where extent required by the Customer and in accordance with the Authorised Users are located in order to carry out the Services Customer’s requirements and the Supplier’s other obligations under this agreement;Contractor shall do so as soon as practicable but not later than any agreed timescale; and/or (b) itself restore or procure the restoration of the Customer Data, and shall ensure that be reimbursed by the Contractor any reasonable expenses incurred in doing so to the extent required by the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement and Customer’s requirements. 10.7 If at any lawful instructions reasonably given by time the Contractor suspects or has reason to believe that Customer Data has or may become corrupted, lost or sufficiently degraded in any way for any reason, then the Contractor shall notify the Customer from time to time; and (e) each party shall take appropriate technical immediately and organisational measures against unauthorised or unlawful processing inform the Customer of the personal data or its accidental loss, destruction or damageremedial action the Contractor proposes to take.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier Security Alliance shall follow its archiving procedures for Customer Data as set out in its Back- Back-Up Policy; Policy as such document may be amended by the Supplier Security Alliance in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s 's sole and exclusive remedy shall be for the Supplier Security Alliance to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Security Alliance in accordance with the archiving procedure described in its Back-Up Policy. The Supplier . 5.3 Security Alliance shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted by the Supplier sub- contracted Security Alliance to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier 5.4 Security Alliance shall, in providing the Services, comply with its Privacy Data Protection and Information Security Policy Policies relating to the privacy and security of the Customer Data; Data available by written request to Security Alliance, such document may be amended from time to time by the Supplier Security Alliance in its sole discretion. 5.4 5.5 If the Supplier Security Alliance processes any personal data (as such term is defined in the General Data Protection Regulation (GDPR) on the Customer’s 's behalf when performing its obligations under this agreementAgreement, the parties record their intention that the Customer shall be the data controller and the Supplier Security Alliance shall be a data processor and in any such case: (a) 5.5.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierSecurity Alliance’s other obligations under this agreementAgreement; (b) 5.5.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Security Alliance so that the Supplier Security Alliance may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer’s 's behalf; (c) 5.5.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their specific informed consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier 5.5.4 Security Alliance shall process the personal data only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) 5.5.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.

Customer Data. 5.1 6.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier 6.2 Where the Customer stores the Customer Data on its own systems, the Customer shall follow its archiving own back-up procedures for such Customer Data and Protean shall have no responsibility for any loss, destruction, alteration or disclosure of Customer Data that is held on the Customer’s own systems. 6.3 Where Protean is hosting the Customer Data, Protean shall follow its back-up procedures for Customer Data (details of which are available on request from Protean) or such other website address as set out in its Back- Up Policy; may be notified to the Customer from time to time, as such document procedures may be amended by the Supplier Protean in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier Protean to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Protean in accordance with the archiving back-up procedure described in its Back-Up Policyabove. The Supplier Protean shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted sub-contracted by the Supplier Protean to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier 6.4 Protean shall, in providing supplying the Services, Software to the Customer comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; Data available on request to the Customer and on such website address as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier Protean in its sole discretion. 5.4 6.5 If the Supplier Protean processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Protean shall be a data processor and in any such case: (a) 6.5.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services Cloud Service and the Supplier▇▇▇▇▇▇▇’s other obligations under this agreement; (b) 6.5.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Protean so that the Supplier Protean may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; (c) 6.5.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier 6.5.4 Protean shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) 6.5.5 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. 6.6 Without prejudice to clause 4.2, the Customer acknowledges and agrees that: 6.6.1 Protean is reliant upon third party providers in order to supply the Cloud Service; and 6.6.2 Protean shall have no liability to the Customer for any loss (including any loss arising from the loss or misuse of Customer Data) to the Customer which is caused by an act or omission of such third party providers. 6.7 The Customer acknowledges and agrees that when using the Software: 6.7.1 it is able to integrate with third party software (such as accounting software) in order to submit and exchange Customer Data; and 6.7.2 it shall indemnify Protean for any claim against Protean by such third party software suppliers arising from the Customer’s submission and exchange of Customer Data pursuant to clause 6.7.1. 6.8 The Customer hereby gives consent to Protean to allow Protean to collate and use its Customer Data for Protean’s own marketing and other commercial purposes, provided that such Customer Data is anonymised by Protean prior to its use, and such use is subject to Protean’s obligations of confidentiality under clause 11.

Customer Data. 5.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legalitylegality , reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier Customer shall follow its have sole responsibility for the security, back-up, archiving procedures for and recovery of Customer Data as set out in its Back- Up Policy; such document may be amended Data. 5.3 If the Customer utilises the customer service icon provided by the Supplier in its sole discretion from time to time. In within the event of Software the Customer acknowledges that any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from uploaded via such service will be subject to the latest back-up relevant third party supplier’s Security Policy. The Supplier currently utilises the Fresh Desk application. For a copy of such the Fresh Desk Security Policy see ▇▇▇▇▇://▇▇▇▇▇▇▇▇▇.▇▇▇/security. The Supplier accepts no liability for any Customer Data maintained by transferred through the Supplier in accordance with customer service icon provided within the archiving procedure described in its Back-Up Policy. Software. 5.4 The Supplier shall not be responsible for any loss, loss suffered by the Customer as a result of or arising from the destruction, alteration alteration, or disclosure of any Customer Data caused by any third party (including any third-party providing customer service functionality in connection with the Software), except those third parties subcontracted by and to the extent that the Supplier is entitled to perform services related recover and has so recovered an amount (net of the costs of recovery) equal to Customer Data maintenance and back-up)such loss from the relevant third party. 5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; such document may be amended from time to time by the Supplier in its sole discretion. 5.4 5.5 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementthese Terms and Conditions of Use, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer undertakes to comply with all the requirements of the Data Protection Act 1998 in connection with any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use ; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully process the personal data in accordance with these Terms and Conditions of Use on the Customer's behalf; (c) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementthese Terms and Conditions of Use; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; (cd) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, processing and transfer as required by all applicable data protection legislation; (de) the Supplier shall process the personal data only in accordance with the terms these Terms and Conditions of this agreement Use and any lawful instructions reasonably given by the Customer from time to time; and; (ef) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage; and (g) the Customer shall make and maintain all necessary registration applications within all appropriate categories under the DPA as are required in relation to any personal data processed by the Supplier on the Customer's behalf when performing its obligations under these Terms and Conditions of Use. 5.6 The Customer shall indemnify and keep indemnified the Supplier against all actions, proceedings , costs, claims, demands , liabilities , losses and expenses whatsoever arising out of or in connection with the Supplier 's processing of personal data on the Customer's behalf when performing its obligations under these Terms and Conditions of Use, save to the extent that the same is caused by or arises from the Supplier’s (or its directors, employees or sub-contractors’) negligence or breach of its obligations under these Terms and Conditions of Use.

Customer Data. 5.1 7.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier 7.2 IMU shall follow its archiving procedures for Customer Data as set out in its Back- Back-Up Policy; , as such document may be amended by the Supplier IMU in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier IMU to use reasonable commercial endeavours efforts to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier IMU in accordance with the archiving procedure described in its Back-Up Policy. The Supplier IMU shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted sub-contracted by the Supplier IMU to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier 7.3 IMU shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; Policy, as such document docu- ment may be amended from time to time by the Supplier IMU in its sole discretion. 5.4 7.4 If the Supplier IMU processes any personal data on the Customer’s behalf when performing its obligations under this agreementContract, the parties record their intention that the Customer shall be the data controller control- ler and the Supplier IMU shall be a data processor and in any such case: (a) 7.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA United States or the country where the Customer and the Authorised Authorized Users are located in order to carry out the Services and the SupplierIMU’s other obligations under this agreementContract; (b) 7.4.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal person- al data to the Supplier IMU so that the Supplier IMU may lawfully use, process and transfer the personal data in accordance with this agreement Contract on the Customer’s behalf; (c) 7.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable applica- ble data protection legislation; (d) the Supplier 7.4.4 IMU shall process the personal data only in accordance with the terms of this agreement Contract and any lawful instructions reasonably given by the Customer from time to time; and (e) 7.4.5 each party shall take appropriate technical and organisational organizational measures against unauthorised unau- thorized or unlawful processing of the personal data or its accidental loss, destruction or damage.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier Boomerang shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy; Boomerang’s Policy as such document may be amended by the Supplier Boomerang in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and 's exclusive remedy shall be for the Supplier Boomerang to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Boomerang in accordance with the archiving procedure described in its Back-Up PolicyBoomerang’s Policies. The Supplier Boomerang shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except to the extent that those third parties subcontracted have been sub-contracted by the Supplier Boomerang to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier Boomerang shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If the Supplier Boomerang processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementAgreement, the parties hereby record their intention and agreement that the Customer shall be the data controller and the Supplier Boomerang shall be a data processor. The obligations of the data controller and the data processor and are set out in Schedule 1. In any such case: (a) 5.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside within the EEA or the country where the Customer and and/or the Authorised Users and/or recipients are located in order to carry out the Services and the Supplier’s Boomerang's other obligations under this agreementAgreement; (b) 5.4.2 the Customer shall ensure at all times that the Customer is entitled to process and transfer the relevant information and personal data to the Supplier so Boomerang and that the Supplier may Boomerang can lawfully use, process and transfer the relevant information and personal data in accordance with order to provide the Services and/or in relation to this agreement on the Customer’s behalfAgreement; (c) 5.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their irrevocable and explicit consent to, to such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by . In particular, the Customer from agrees that Messages must only be delivered to recipients and third parties who have given their prior explicit consent to the quantity, frequency and type of Messages to be delivered via the Services. Customer shall have informed recipients and/or third parties beforehand and on an ongoing basis about their right at any time to timeopt-out of receiving Messages and will comply at all times with such instructions from recipients and/or third parties; and (e) 5.4.4 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damagedamage and the Customer will at all times keep the information and personal data which it uses in relation to the Services up to date and not keep it for any longer than is necessary under applicable data protection legislation.

Customer Data. 5.1 4.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 4.2 The Supplier shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy; back- up policy available on request in writing as such document may be amended by the Supplier in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s 's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Backback-Up Policyup policy. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). 5.3 4.3 The Supplier shall, in providing the Services: (a) comply with all Data Protection Laws in connection with the processing of Customer Data, the Services and the exercise and performance of its respective rights and obligations under this Contract, including maintaining all relevant regulatory registrations and notifications as required under Data Protection Laws; and (b) comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; such document data protection policy as may be amended updated from time to time by the Supplier in its sole discretionSupplier. 5.4 4.4 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreementContract, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreementContract; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Contract on the Customer’s 's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement Contract and any lawful instructions reasonably given by the Customer from time to time; and (e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data that is not personal data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the all such Customer Data. 5.2 The Supplier MY DIGITAL shall follow its archiving procedures for Customer Data as set out in its Back- Back-Up Policy; , as such document may be amended by the Supplier MY DIGITAL in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s 's sole and exclusive remedy against MY DIGITAL shall be for the Supplier MY DIGITAL to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such ofsuch Customer Data maintained by the Supplier MY DIGITAL in accordance with the archiving procedure archivingprocedure described in its Back-Up Policy. The Supplier MY DIGITAL shall not be responsible for any lossanyloss, destruction, alteration or disclosure of Customer Data caused by any third party (except party(except those third parties subcontracted sub-contracted by the Supplier MY DIGITAL to perform services related to Customer Data maintenance and back-upup forwhich it shall remain fully liable under clause 5.10). The Customer shall ensure that each of its Authorised Users is aware of the Back Up Policy and MY DIGITAL’s obligations withregard to the restoration of Customer Data. 5.3 The Supplier Privacy Policy is incorporated into this contract by reference and applies to the Subscription Services. The Customer acknowledges and agrees that Customer Data shall be collected and used by MY DIGITAL in accordance with the Privacy Policy and shall ensure that each Authorised User is aware of the Privacy Policy and provides its prior written consent to the Customer which shall confirm that each Contractor User and End Client User hasseen and agrees to that party’s personal data being used by MY DIGITAL in accordance with the Privacy Policy. MY DIGITAL shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; such document may be amended from time to time by the Supplier in its sole discretion. 5.4 If Both parties will comply with all applicable requirements of the Supplier Data Protection Legislation. This clause 5 is in addition to, and does not relieve, remove or replace, a party's obligations or rights under the Data Protection Legislation. 5.5 The Customer shall not disclose (and shall not permit any data subject to disclose), any sensitive personal data/special categories of personal data to MY DIGITAL for processing. 5.6 The parties acknowledge that where MY DIGITAL processes any personal data as described in this contract on the Customer’s behalf when performing its obligations under this agreementcontract, and for the purposes of this Contract, the parties record their intention that Customer is the controller and MY DIGITAL is the processor for the purposes of the Data Protection Legislation. 5.7 Without prejudice to the generality of clause 5.4, the Customer shall be will ensure that it has all necessary appropriate consents and notices in place to enable the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer acknowledges and agrees that lawful transfer of the personal data may be transferred or stored outside to MY DIGITAL for the EEA or the country where the Customer duration and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under purposes of this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier contract so that the Supplier MY DIGITAL may lawfully use, process and transfer the personal data in accordance with accordancewith this agreement contract on the Customer’s 's behalf. 5.8 Without prejudice to the generality of clause 5.4, MY DIGITAL shall, in relation to anypersonal data processed in connection with the performance by MY DIGITAL of its obligations under this contract: (a) process that personal data only on the documented written instructions of the Customer unless MY DIGITAL is required by the laws of any member of the European Union or by the laws of the European Union applicable to MY DIGITAL and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process personal data (Applicable Laws). Where MY DIGITAL is relyingon Applicable Laws as the basis for processing personal data, MY DIGITAL shall promptly notify the Customer ofthis before performing the processingrequired by the Applicable Laws unless those Applicable Laws prohibit MYDIGITAL from so notifying the Customer; (b) not transfer any personal data outside of the European Economic Area andthe United Kingdom unless the following conditions are fulfilled: (i) the Customer or MY DIGITAL has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) MY DIGITAL complies with its obligations under the Data Protection Legislation by providingan adequate level of protection to any personal data that is transferred; and (iv) MY DIGITAL complies withreasonable instructions notified to it in advance by the Customer withrespect to the processing of the personal data; (c) assist the Customer shall ensure that Customer, at the relevant third parties have been informed ofCustomer's cost, in responding to any request from a data subject and have given their consent toin ensuringcompliance with its obligations under the Data Protection Legislation with respect to security, such use, processing, breach notifications,impact assessments and transfer as required by all applicable data protection legislationconsultations with supervisory authorities or regulators; (d) notify the Supplier shall process Customer without undue delay on becoming aware of a personaldata breach; (e) at the written direction of the Customer, delete or return personal data and copies thereof to the Customer on termination of this contract unless required by Applicable Law to store the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to timedata; and (ef) each maintain complete and accuraterecords and information to demonstrate its compliance with this clause 5 and immediately inform the Company if, in the opinion of the MY DIGITAL, an instruction infringes the Data Protection Legislation. 5.9 Each party shall take ensure that it has in place appropriate technical and organisational measures measures, reviewed and approved by the other party, to protect against unauthorisedor unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data, appropriate to the harm that might result from the unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damagedamage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting personaldata, ensuring confidentiality, integrity, availability and resilience of its systems and services, ensuring that availability of and access to personal data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it). 5.10 The Customer consents to MY DIGITAL appointing AWS Europe as a third-party processor of personal data under this contract. MY DIGITAL confirms that it has entered or (as the case may be) will enter with the third-party processor into a written agreement substantially on that third party's standard terms of business and which reflectthe requirements of the Data Protection Legislation. As between the Customer and MY DIGITAL, MY DIGITAL shall remain fully liable for all acts or omissions of any third- party processor appointed by it pursuant to this clause 5. 5.11 The Customer acknowledges and agrees that internet transmissions are never completely private or secure and that any message or information which is sent or received using the Services may be read or intercepted by others, even if a particular transmission is encrypted. 5.12 The Customer consents (on behalf of itself and each Authorised User) to MY DIGITAL collecting and using technical informationabout the devices and related software, hardware and peripherals for services that are internet or wireless based to improve its products and to provide any Services to the Customer.

Customer Data. 5.1 7.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier 7.2 IMU shall follow its archiving procedures for Customer Data as set out in its Back- Back-Up Policy; , as such document may be amended by the Supplier IMU in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier IMU to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier IMU in accordance with the archiving procedure described in its Back-Up Policy. The Supplier IMU shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted sub-contracted by the Supplier IMU to perform services related to Customer Data maintenance and back-up). 5.3 The Supplier 7.3 IMU shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; Policy, as such document docu- ment may be amended from time to time by the Supplier IMU in its sole discretion. 5.4 7.4 If the Supplier IMU processes any personal data on the Customer’s behalf when performing its obligations under this agreementContract, the parties record their intention that the Customer shall be the data controller control- ler and the Supplier IMU shall be a data processor and in any such case: (a) 7.4.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA United Kingdom or the country where the Customer and the Authorised Autho- rised Users are located in order to carry out the Services and the SupplierIMU’s other obligations under this agreementContract; (b) 7.4.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal person- al data to the Supplier IMU so that the Supplier IMU may lawfully use, process and transfer the personal data in accordance with this agreement Contract on the Customer’s behalf; (c) 7.4.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable applica- ble data protection legislation; (d) the Supplier 7.4.4 IMU shall process the personal data only in accordance with the terms of this agreement Contract and any lawful instructions reasonably given by the Customer from time to time; and (e) 7.4.5 each party shall take appropriate technical and organisational measures against unauthorised unau- thorised or unlawful processing of the personal data or its accidental loss, destruction or damage.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier Customer acknowledges and agrees to create, assign and maintain the Unique Identifier assigned to their Customer Data across all types of Data Sources for the duration of this agreement 5.3 Activ8 Intelligence shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy; Backup Policy (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en_US/saas-terms-and-conditions)) or such other website address as may be notified to the Customer, as such a document may be amended by the Supplier Activ8 Intelligence in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier Activ8 Intelligence to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up backup of such Customer Data maintained by the Supplier Activ8 Intelligence in accordance with the archiving procedure described in its Back-Up Backup Policy. The Supplier Activ8 Intelligence shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted by the Supplier to perform services related to Customer Data maintenance and back-up)party. 5.3 The Supplier 5.4 Activ8 Intelligence shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; Data (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en_US/saas- terms-and-conditions) and the Activ8 Intelligence Data Protection Agreement attached to these terms, or such document other website address as may be notified to the Customer from time to time, as such documents may be amended from time to time by the Supplier Activ8 Intelligence in its sole discretion. 5.4 5.5 If the Supplier Activ8 Intelligence processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Activ8 Intelligence shall be a data processor and in any such case: (a) Unless agreed otherwise in writing by the Company, the Customer acknowledges and agrees that the personal data may not be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierActiv8 Intelligence’s other obligations under this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Activ8 Intelligence so that the Supplier Activ8 Intelligence may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier Activ8 Intelligence shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. f) Activ8 Intelligence may collect, use, and disclose data derived from Customer’s use of the Service for industry analysis, benchmarking, analytics, marketing, and other business purposes in support of the provision of the Service. Any such data will be in aggregate form only and will not contain Customer identifiable data unless agreed in writing.

Customer Data. 5.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The Supplier Customer acknowledges and agrees to create, assign and maintain the Unique Identifier assigned to their Customer Data across all types of Data Sources for the duration of this agreement. 5.3 Activ8 Intelligence shall follow its archiving procedures for Customer Data as set out in its Back- Up Policy; Backup Policy (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en_US/saas-terms-and-conditions) or such other website address as may be notified to the Customer, as such a document may be amended by the Supplier Activ8 Intelligence in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s sole and exclusive remedy shall be for the Supplier Activ8 Intelligence to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up backup of such Customer Data maintained by the Supplier Activ8 Intelligence in accordance with the archiving procedure described in its Back-Up Backup Policy. The Supplier Activ8 Intelligence shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted by the Supplier to perform services related to Customer Data maintenance and back-up)party. 5.3 The Supplier 5.4 Activ8 Intelligence shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; Data (available at ▇▇▇▇▇://▇▇▇▇▇▇.▇▇▇▇▇▇▇▇▇.▇▇▇/en_US/saas- terms-and-conditions) and the Activ8 Intelligence Data Protection Agreement attached to these terms, or such document other website address as may be notified to the Customer from time to time, as such documents may be amended from time to time by the Supplier Activ8 Intelligence in its sole discretion. 5.4 5.5 If the Supplier Activ8 Intelligence processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Activ8 Intelligence shall be a data processor and in any such case: (a) unless agreed otherwise in writing by the Company, the Customer acknowledges and agrees that the personal data may not be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierActiv8 Intelligence’s other obligations under this agreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Activ8 Intelligence so that the Supplier Activ8 Intelligence may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier Activ8 Intelligence shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. f) Activ8 Intelligence may collect, use, and disclose data derived from Customer’s use of the Service for industry analysis, benchmarking, analytics, marketing, and other business purposes in support of the provision of the Service. Any such data will be in aggregate form only and will not contain Customer identifiable data unless agreed in writing.

Customer Data. 5.1 8.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The 8.2 Where a Customer has ordered Recording Services from the Supplier, the Supplier shall follow its the recording and archiving procedures for Customer Data as set out in its Back- Up Policy; such document may be amended by the Supplier in its sole discretion from time to timeOrder Form (where applicable). In the event of any loss or damage to Customer Data, the Customer’s 's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-back- up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policythe Order Form. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted sub-contracted by the Supplier to perform services related to Customer Data maintenance and back-up). For the avoidance of doubt, where the Order Form provides that the Customer is responsible for backing-up Customer Data, the Supplier shall not be responsible for any loss or damage suffered by the Customer resulting from the Customer’s failure to back-up/archive or failure to ensure sufficient frequency or length of retention of such back-ups/archives. 5.3 8.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy relating Services use reasonable endeavours to the privacy and security of keep the Customer Data; such document may be amended from time to time by the Supplier Data confidential in its sole discretionaccordance with Clause 11. 5.4 8.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreementAgreement, the parties Parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer Supplier acknowledges and agrees that the personal data may not be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreement;EEA (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer’s 's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) each party Party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. 8.5 The Customer shall pay all reasonable expenses incurred by the Supplier where the Customer requests the Supplier’s assistance in complying with the Customer’s statutory obligations in relation to any Customer Data being held by the Supplier which is outside the scope of the Services.

Customer Data. 5.1 8.1 The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 The 8.2 Where a Customer has ordered recording services from the Supplier the subsequent file produced will become Customer Data and the Supplier shall follow its the recording and archiving procedures for Customer Data as set out in its Back- Up Policy; such document may be amended by the Supplier in its sole discretion from time to timeOrder Form (where applicable). In the event of any loss or damage to Customer Data, the Customer’s 's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up Policythe Order Form. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted sub- contracted by the Supplier to perform services related to Customer Data maintenance and back-up). For the avoidance of doubt, where the Order Form provides that the Customer is responsible for backing-up Customer Data, the Supplier shall not be responsible for any loss or damage suffered by the Customer resulting from the Customer’s failure to back-up/archive or failure to ensure sufficient frequency or length of retention of such back-ups/archives. 5.3 8.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy relating Services use reasonable endeavours to the privacy and security of keep the Customer Data; such document may be amended from time to time by the Supplier Data confidential in its sole discretionaccordance with Clause 11. 5.4 8.4 If the Supplier processes any personal data on the Customer’s behalf when performing its obligations under this agreementAgreement, the parties Parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s other obligations under this agreementAgreement; (b) the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement Agreement on the Customer’s 's behalf; (c) the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement Agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) each party Party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage. 8.5 The Customer shall pay all reasonable expenses incurred by the Supplier where the Customer requests the Supplier’s assistance in complying with the Customer’s statutory obligations in relation to any Customer Data being held by the Supplier which is outside the scope of the Services.

Customer Data. 5.1 a. The Customer shall own all rights, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 b. Backups are scheduled to take place between 8.00pm and 6.00am GMT to keep traffic during UK peak hours to a minimum. The Supplier shall follow its archiving procedures for Customer Data backup solution in place and operated by Cardium Outsourcing, backs up all Exchange data, SharePoint data and data associated with custom applications. The data is overwritten on a 7-day cycle unless additional retention time is taken as set out in its Back- Up Policy; part of the contract. as such document may be amended by the Supplier Owner in its sole discretion from time to time. In the event of any loss or damage to Customer Data, the Customer’s 's sole and exclusive remedy shall be for the Supplier Owner to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier Owner in accordance with the archiving procedure described in its BackCardium Outsourcing’s back-Up Policyup policy. The Supplier Owner shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted sub-contracted by the Supplier Owner to perform services related to Customer Data maintenance and back-up). 5.3 c. The Supplier Owner shall, in providing the Services, comply with its Privacy Data Protection Policy available at ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇.▇▇/Data_Protection_Policy.PDF and its Security Policy available at ▇▇▇▇://▇▇▇.▇▇▇▇.▇▇.▇▇/data_security_policy.pdf relating to the privacy and security of the Customer Data; Data or such other website addresses as may be notified to the Customer from time to time, as such document may be amended from time to time by the Supplier Owner in its sole discretion. 5.4 d. If the Supplier Owner processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier Owner shall be a data processor and in any such case: (a) i. the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the SupplierOwner’s other obligations under this agreement; (b) ii. the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier Owner so that the Supplier Owner may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s 's behalf; (c) iii. the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) iv. the Supplier Owner shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) and each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.

Customer Data. 5.1 10.1 The Customer shall own all rightsright, title and interest in and to all of the Customer Data and shall have sole responsibility for the legality, reliability, integrity, accuracy and quality of the Customer Data. 5.2 10.2 The Supplier shall follow its use reasonable industry accepted archiving procedures for the storage and back up of Customer Data as set out in Data, and shall use its Back- Up Policy; such document may be amended by reasonable commercial endeavours to secure the Supplier in its sole discretion from time to timeprivacy and security of the Customer Data. In the event of any loss or damage to Customer Data, the Customer’s 's sole and exclusive remedy shall be for the Supplier to use reasonable commercial endeavours to restore the lost or damaged Customer Data from the latest back-up of such Customer Data maintained by the Supplier in accordance with the archiving procedure described in its Back-Up PolicySupplier. The Supplier shall not be responsible for any loss, destruction, alteration or disclosure of Customer Data caused by any third party (except those third parties subcontracted by the Supplier to perform services related to Customer Data maintenance and back-up)party. 5.3 The Supplier shall, in providing the Services, comply with its Privacy and Security Policy relating to the privacy and security of the Customer Data; such document may be amended from time to time by the Supplier in its sole discretion. 5.4 10.3 If the Supplier processes any personal data on the Customer’s 's behalf when performing its obligations under this agreement, the parties record their intention that the Customer shall be the data controller and the Supplier shall be a data processor and in any such case: (a) 10.3.1 the Customer acknowledges and agrees that the personal data may be transferred or stored outside the EEA or the country where the Customer and the Authorised Users are located in order to carry out the Services and the Supplier’s 's other obligations under this agreement; (b) 10.3.2 the Customer shall ensure that the Customer is entitled to transfer the relevant personal data to the Supplier so that the Supplier may lawfully use, process and transfer the personal data in accordance with this agreement on the Customer’s 's behalf; (c) 10.3.3 the Customer shall ensure that the relevant third parties have been informed of, and have given their consent to, such use, processing, and transfer as required by all applicable data protection legislation; (d) the Supplier shall process the personal data only in accordance with the terms of this agreement and any lawful instructions reasonably given by the Customer from time to time; and (e) 10.4 each party shall take appropriate technical and organisational measures against unauthorised or unlawful processing of the personal data or its accidental loss, destruction or damage.