Common use of Data and Information Security Clause in Contracts

Data and Information Security. 9.1. By providing and/or submitting any individual's Personal Data to Taskize, the Client for itself and on behalf of each Obliged Group Entity confirms that appropriate consent and authority has been received from such individuals to the collection, use, storage, disclosure and other processing of such Personal Data: 9.1.1. in accordance with the Policies; and 9.1.2. as envisaged by the Services and the Documentation which, for the avoidance of doubt, envisages the transfer of information (including Personal Data) contained in Bubbles to third parties who may or may not be located in countries outside of the European Economic Area (the “EEA”). 9.2. The Client, for itself and on behalf of each Obliged Group Entity, acknowledges its and their understanding that: 9.2.1. any information (including Personal Data) provided by it, or by an Obliged Person, may be comprised in a directory which may be used by other users of the Service in order to contact an individual; 9.2.2. any information (including Personal Data) provided by it, or by an Obliged Person, in a Bubble may be read, collected, used and retained by third parties who access the Bubble and/or receive a record of the Bubble; 9.2.3. Taskize cannot control the privacy, security or retention of information (including Personal Data) that the Client or any Obliged Person chooses to share with third parties through a Bubble; and 9.2.4. a record of each Bubble (including information regarding the Active Users in the Bubble, which may constitute Personal Data, and a record of the Bubble) will be: 9.2.4.1. processed by Taskize in accordance with the Documentation and the Taskize Data Privacy Policy; and 9.2.4.2. in accordance with paragraph 20.3.7, made available and/or provided to to third parties. 9.3. The Client, for itself and on behalf of each Obliged Group Entity, confirms in the event that an Authorised User or an Active User revokes its consent to the sharing of Personal Data for the purposes of the Subscribed Services, the Client or Obliged Group Entity (as applicable) shall remove, or procure the removal of that Authorised User or Active User, and of all Relevant Information relating to that individual, from the Services immediately and shall ensure that such person’s access to, and ability to access, the Subscribed Services is immediately terminated. 9.4. The Client, for itself and on behalf of each Obliged Group Entity, is regarded as the Data Controller for the purpose of this Agreement and agrees to comply with its obligations under the applicable DP Law as Data Controller. 9.5. The Client, for itself and on behalf of each Obliged Group Entity, confirms its understanding that Taskize may collect information for its own purposes through the Website and/or in connection with the Services and, in those circumstances, Taskize shall be regarded as Data Controller. 9.6. Where acting as Data Processor pursuant to this Agreement, Taskize shall and shall procure that its suppliers shall: 9.6.1. comply with its obligations under the applicable DP Law; 9.6.2. process Personal Data only to the extent to give effect to the arrangements envisaged by this Agreement; and 9.6.3. maintain reasonable administrative, technical and physical security measures designed to keep the Personal Data confidential and protect such personal data from unauthorized access, destruction, use, modification or disclosure. 9.7. The Client, for itself and on behalf of each Obliged Group Entity, agrees that: 9.7.1. it will maintain reasonable administrative, technical and physical security measures designed to keep Personal Data and any other data received through the Services (including records of any Bubbles received by it) that is not owned by it as confidential; and 9.7.2. that it shall protect all such data from unauthorized access, destruction, use, modification or disclosure. 9.8. The Client will identify to Taskize a contact point within its organisation or, as applicable, within an Obliged Group Entity authorised to respond to enquiries concerning Processing of the Personal Data, and will cooperate with and assist Taskize in complying with its obligations under this Agreement and applicable DP Law. 9.9. The Client is responsible for ensuring that each Active User shall keep confidential and secure a password allowing such user access to the Subscribed Services and otherwise comply with the IT Security Policy. 9.10. Taskize shall meet and maintain the system and application security, related industry certifications, external audits and other controls as documented in the Taskize IT Security Policy and Taskize Data Privacy Policy.

Data and Information Security. 9.1. By providing and/or submitting any individual's Personal Data to Taskize, the Client for itself and on behalf of each Obliged Group Entity confirms that appropriate consent and authority has been received from such individuals to the collection, use, storage, disclosure and other processing of such Personal Data: 9.1.1. in accordance with the Policies; and 9.1.2. as envisaged by the Services and the Documentation which, for the avoidance of doubt, envisages the transfer of information (including Personal Data) contained in Bubbles to third parties who may or may not be located in countries outside of the European Economic Area (the “EEA”). 9.2. The Client, for itself and on behalf of each Obliged Group Entity, acknowledges its and their understanding that: 9.2.1. any information (including Personal Data) provided by it, or by an Obliged Person, may be comprised in a directory which may be used by other users of the Service in order to contact an individual; 9.2.2. any information (including Personal Data) provided by it, or by an Obliged Person, in a Bubble may be read, collected, used and retained by third parties who access the Bubble and/or receive a record of the Bubble; 9.2.3. Taskize cannot control the privacy, security or retention of information (including Personal Data) that the Client or any Obliged Person chooses to share with third parties through a Bubble; and 9.2.4. a record of each Bubble (including information regarding the Active Users in the Bubble, which may constitute Personal Data, and a record of the Bubble) will be: 9.2.4.1. processed by Taskize in accordance with the Documentation and the Taskize Data Privacy Policy; and 9.2.4.2. in accordance with paragraph 20.3.7, made available and/or provided to to third parties. 9.3. The Client, for itself and on behalf of each Obliged Group Entity, confirms in the event that an Authorised User or an Active User revokes its consent to the sharing of Personal Data for the purposes of the Subscribed Services, the Client or Obliged Group Entity (as applicable) shall remove, or procure the removal of that Authorised User or Active User, and of all Relevant Information relating to that individual, from the Services immediately and shall ensure that such person’s access to, and ability to access, the Subscribed Services is immediately terminated. 9.4. The Client, for itself and on behalf of each Obliged Group Entity, is regarded as the Data Controller for the purpose of this Agreement and agrees to comply with its obligations under the applicable DP Law as Data Controller. 9.5. The Client, for itself and on behalf of each Obliged Group Entity, confirms its understanding that Taskize may collect information for its own purposes through the Website and/or in connection with the Services and, in those circumstances, Taskize shall be regarded as Data Controller. 9.6. Where acting as Data Processor pursuant to this Agreement, Taskize shall and shall procure that its suppliers shall: 9.6.1. comply with its obligations under the applicable DP Law; 9.6.2. process Personal Data only to the extent to give effect to the arrangements envisaged by this Agreement; and 9.6.3. maintain reasonable administrative, technical and physical security measures designed to keep the Personal Data confidential and protect such personal data from unauthorized access, destruction, use, modification or disclosure. 9.7. The Client, for itself and on behalf of each Obliged Group Entity, agrees that: 9.7.1. it will maintain reasonable administrative, technical and physical security measures designed to keep Personal Data and any other data received through the Services (including records of any Bubbles received by it) that is not owned by it as confidential; and 9.7.2. that it shall protect all such data from unauthorized access, destruction, use, modification or disclosure, (accepting and acknowledging that this paragraph 9.7.2 may be enforced by any past or present third party client or third party obliged group entity on whose behalf an obliged person participated in that Bubble). 9.8. The Client will identify to Taskize a contact point within its organisation or, as applicable, within an Obliged Group Entity authorised to respond to enquiries concerning Processing of the Personal Data, and will cooperate with and assist Taskize in complying with its obligations under this Agreement and applicable DP Law. 9.9. The Client is responsible for ensuring that each Active User shall keep confidential and secure a password allowing such user access to the Subscribed Services and otherwise comply with the IT Security Policy. 9.10. Taskize shall meet and maintain the system and application security, related industry certifications, external audits and other controls as documented in the Taskize IT Security Policy and Taskize Data Privacy Policy.