Common use of Data and Data Security Clause in Contracts

Data and Data Security. 7.1 NCR Voyix has implemented reasonable and appropriate security policies and procedures designed to protect the security of Company Data and Customer Data in NCR Voyix’s possession, and to prevent the unauthorized access, use, storage, and disposal of such data. Such policies and procedures include: (a) maintaining an appropriate level of physical security controls over its data center including, but not limited to, appropriate alarm systems, fire suppression, and access controls (including off-hour controls); (b) periodically testing its systems for security breach vulnerabilities; and (c) using commercially reasonable efforts to protect its systems from unauthorized access, including the use of firewalls and, where appropriate, data encryption technologies. Company Data and Customer Data may be subject to regulations and examination by auditors and regulatory agencies. NCR Voyix will use reasonable efforts to prevent the disclosure of Company Data and Customer Data to third parties and its employees who do not have a need to know, but may disclose it to the extent compelled by process of law, provided that Company is given notice (unless providing such notice is prohibited by law). Notwithstanding the foregoing, Company acknowledges that NCR Voyix cannot guarantee that unauthorized third parties will never be able to defeat these measures or use Company Data and Customer Data for improper purposes. 7.2 Company Data and Customer Data will remain Company’s property. Company is responsible for the content of Company Data and Customer Data and for its compliance with any Privacy Laws, regulations (including without limitation Payment Card Industry standards), or other legal duties applicable to its possession, transmission, processing, or use of Company Data and Customer Data, including providing appropriate notifications and communications to, and managing any complaints from, Data Subjects. NCR Voyix will take steps designed to ensure that the Company Data and Customer Data it collects is used for its intended purpose. 7.3 Company grants NCR Voyix a perpetual, non-exclusive, irrevocable, sub-licensable, transferrable license to use Company Data and Customer Data: (a) to provide the NCR Voyix Product and the Platform as well as related products, software, materials and services under this Agreement or another agreement between Company and NCR Voyix; (b) for product and service enhancements, as well as research and development purposes; and (c) after it has been aggregated, for analytics, commercial and benchmarking purposes. 7.4 Company will obtain Customer’s written consent for NCR Voyix to transfer Customer Data to the Company consistent with the terms of this Agreement. If Company provides any Customer Data to NCR Voyix, Company will obtain the right for NCR Voyix to use such Customer Data for purposes consistent with this Agreement. During and after the Term, each party may use and retain Customer Data obtained through the Platform or otherwise pursuant to this Agreement in accordance with any agreement between such party and the Customer that made such Customer Data available. Company will not use Customer Data for any purpose that competes with NCR Voyix products (including, NCR Voyix Product) or services. 7.5 Company acknowledges that NCR Voyix does not control the transfer of data over telecommunications facilities and that the Internet is inherently insecure and provides opportunity for unauthorized access by third parties. Company is responsible for maintaining the security of Company’s systems, servers, communications links, and data, and for providing secure access to those systems and data, including Personal Information. Company will: (a) not disclose Personal Information to NCR Voyix other than that which is reasonably required for NCR Voyix to carry out this Agreement, and then only during the time period reasonably required; (b) have in place appropriate privacy and security safeguards designed to prevent the unauthorized use and disclosure of Personal Information; (c) guard against misuse of any password provided by NCR Voyix, and change it upon NCR Voyix’s direction; (d) not transmit any data, including Company Data and Customer Data, to NCR Voyix for processing for a purpose that does not comply with applicable law or regulations; and (e) provide reasonable cooperation to facilitate the parties’ compliance with applicable law and regulation. To the extent they may affect NCR Voyix’s use or disclosure of Personal Information, Company will notify NCR Voyix in writing of any limitations or restrictions on the permitted use or disclosure of Personal Information; or any changes in, or revocation of, permission by a Data Subject to use or disclose Personal Information.