Common use of DATA PROTECTION AND DATA PROCESSING Clause in Contracts

DATA PROTECTION AND DATA PROCESSING. 6.1 The Company and the Client acknowledge that for the purposes of the Data Protection ▇▇▇ ▇▇▇▇ and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be the data controller and the Company shall be the data processor. 6.2 Subject to Clause 6.6, each party shall process Personal Data supplied to it by the other party in connection with the Services, only in so far as it is necessary to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes and shall not sell or distribute such Personal Data to any other party. 6.3 Each party shall take reasonable steps to ensure the reliability of all of their respective employees who have access to the Personal Data. 6.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party warrants to the other, having regard to the state of technological development and the cost of implementing any measures, that it shall: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client agrees to indemnify and keep indemnified and defend at its own expense the Company against all costs, claims, damages or expenses incurred by the Company or for which the Company may become liable due to any failure by the Client or its employees or agents to comply with any of its obligations under this Clause 6.

DATA PROTECTION AND DATA PROCESSING. 6.1 The Company and the Client acknowledge that for the purposes of the Data Protection ▇▇▇ ▇▇▇▇ Act 1998 and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be the data controller and the Company shall be the data processor. 6.2 Subject to Clause 6.6, each party shall process Personal Data supplied to it by the other party in connection with the Services, only in so far as it is necessary to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes and shall not sell or distribute such Personal Data to any other party. 6.3 Each party shall take reasonable steps to ensure the reliability of all of their respective employees who have access to the Personal Data. 6.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party warrants to the other, having regard to the state of technological development and the cost of implementing any measures, that it shall: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client agrees to indemnify and keep indemnified indemnified and defend at its own expense the Company against all costs, claims, damages or expenses incurred by the Company or for which the Company may become liable due to any failure by the Client or its employees or agents to comply with any of its obligations under this Clause 6.

DATA PROTECTION AND DATA PROCESSING. 6.1 The Company and the Client acknowledge that for the purposes of the Data Protection ▇▇▇ ▇▇▇▇ and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be the data controller and the Company shall be the data processor. 6.2 Subject to Clause 6.6, each party shall process Personal Data supplied to it by the other party in connection with the Services, only in so far as it is necessary to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes and shall not sell or distribute such Personal Data to any other party. 6.3 Each party shall take reasonable steps to ensure the reliability of all of their respective employees who have access to the Personal Data. 6.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party warrants to the other, having regard to the state of technological development and the cost of implementing any measures, that it shall: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client agrees to indemnify and keep indemnified indemnified and defend at its own expense the Company against all costs, claims, damages or expenses incurred by the Company or for which the Company may become liable due to any failure by the Client or its employees or agents to comply with any of its obligations under this Clause 6.

DATA PROTECTION AND DATA PROCESSING. 6.1 10.1 The Company Customer and the Client Supplier acknowledge that for the purposes of General Data Protection Regulation (GDPR), the Customer is the Data Protection ▇▇▇ ▇▇▇▇ Controller and the GDPR, that Supplier is the Client and the Company shall be considered separate data controllers Data Processor in relation to the provision respect of the Services, save and except that in the case of lead generation services, the Client shall be the data controller and the Company shall be the data processorany Personal Data. 6.2 Subject to Clause 6.6, each party 10.2 The Supplier shall process the Personal Data supplied to it by the other party only in connection accordance with the Services, only in so far as it is necessary Customer’s instructions from time to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes time and shall not sell or distribute such process the Personal Data to for any purposes other partythan those expressly authorised by the Customer. 6.3 Each party 10.3 The Supplier shall take reasonable steps to ensure the reliability of all of their respective its employees who have access to the Personal Data. 6.4 10.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party 10.5 The Supplier warrants to the otherthat, having regard to the state of technological development and the cost costs of implementing any measures, that it shallwill: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and. (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client 10.6 Each party agrees to indemnify and keep indemnified indemnified and defend at its own expense the Company other party against all costs, claims, damages or expenses incurred by the Company other party or for which the Company other party may become liable due to any failure by the Client first party or its employees or agents to comply with any of its obligations under this Clause 610. 10.7 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer’s instructions. 10.8 The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor’s contract: (a) is on terms which are substantially the same as those set out in the Contract; and (b) terminates automatically on termination of the Contract for any reason.

DATA PROTECTION AND DATA PROCESSING. 6.1 The Company Customer and the Client Supplier acknowledge that for the purposes of the Data Protection ▇▇▇ ▇▇▇▇ Act 1998, the Customer is the Data Controller and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be Supplier is the data controller and the Company shall be the data processorprocessor in respect of any Personal Data. 6.2 Subject to Clause 6.6, each party The Supplier shall process the Personal Data supplied to it by the other party only in connection accordance with the Services, only in so far as it is necessary Customer’s instructions from time to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes time and shall not sell or distribute such process the Personal Data to for any purposes other partythan those expressly authorised by the Customer. 6.3 Each party The Supplier shall take reasonable steps to ensure the reliability of all of their respective its employees who have access to the Personal Data. 6.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party The Supplier warrants to the otherthat, having regard to the state of technological development and the cost costs of implementing any measures, that it shallwill: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data The Customer acknowledges that the Client provides Supplier is reliant on the Customer for direction as to the Company shall extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be held liable for any claim brought by a Data Subject arising from any action or omission by the Company on a database. The Client agrees Supplier, to the extent that such action or omission resulted directly from the Company may use and share such Personal Data within its corporate group insofar as is permitted by lawCustomer’s instructions. 6.7 The Client agrees Supplier may authorise a third party (subcontractor) to indemnify and keep indemnified and defend at its own expense process the Company against all costs, claims, damages or expenses incurred by Personal Data provided that the Company or subcontractor’s contract: (a) is on terms which are substantially the same as those set out in the Contract; and (b) terminates automatically on termination of the Contract for which the Company may become liable due to any failure by the Client or its employees or agents to comply with any of its obligations under this Clause 6reason.

DATA PROTECTION AND DATA PROCESSING. 6.1 11.1 The Company Client and the Client Supplier acknowledge that for the purposes of the General Data Protection ▇▇▇ ▇▇▇▇ and the Regulation (GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services), the Client shall be is the data controller Data Controller, and the Company shall be Supplier is the data processorData Processor in respect of any Personal Data. 6.2 Subject to Clause 6.6, each party 11.2 The Supplier shall process the Personal Data supplied to it by the other party only in connection accordance with the Services, only in so far as it is necessary Client’s instructions from time to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes time and shall not sell or distribute such process the Personal Data to for any purposes other partythan those expressly authorised by the Client. 6.3 Each party 11.3 The Supplier shall take reasonable steps to ensure the reliability of all of their respective its employees who have access to the Personal Data. 6.4 11.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards standards, and other similar instruments. 6.5 Each party 11.5 The Supplier warrants to the otherthat, having regard to the state of technological development and the cost costs of implementing any measures, that it shallwill: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction destruction, or damage; and (ii) the nature of the data to be protected; and. (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client 11.6 Each party agrees to indemnify and keep indemnified indemnified and defend at its own expense the Company other party against all costs, claims, damages damages, or expenses incurred by the Company other party or for which the Company other party may become liable due to any failure by the Client first party or its employees or agents to comply with any of its obligations under this Clause 611. 11.7 The Client acknowledges that the Supplier is reliant on the Client for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Client’s instructions.

DATA PROTECTION AND DATA PROCESSING. 6.1 12.1 The Company Customer and the Client Supplier acknowledge that for the purposes of the Data Protection ▇▇▇ ▇▇▇▇ Act 2018, the Customer is the Data Controller and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be Supplier is the data controller and the Company shall be the data processorprocessor in respect of any Personal Data. 6.2 Subject to Clause 6.6, each party 12.2 The Supplier shall process the Personal Data supplied to it by the other party only in connection accordance with the Services, only in so far as it is necessary Customer's instructions from time to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes time and shall not sell or distribute such process the Personal Data to for any purposes other partythan those expressly authorised by the Customer. 6.3 Each party 12.3 The Supplier shall take reasonable steps to ensure the reliability of all of their respective its employees who have access to the Personal Data. 6.4 12.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party 12.5 The Supplier warrants to the otherthat, having regard to the state of technological development and the cost of implementing any measures, that it shallwill: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client 12.6 Each party agrees to indemnify and keep indemnified indemnified and defend at its own expense the Company other party against all costs, claims, damages or expenses incurred by the Company other party or for which the Company other party may become liable due to any failure by the Client first party or its employees or agents to comply with any of its obligations under this Clause 6clause. 12.7 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer's instructions. 12.8 The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor's contract: (a) is on terms which are substantially the same as those set out in this agreement; and (b) terminates automatically on termination of this agreement for any reason.

DATA PROTECTION AND DATA PROCESSING. 6.1 10.1 The Company Client and the Client Supplier acknowledge that for the purposes of the General Data Protection ▇▇▇ ▇▇▇▇ and the Regulation (GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services), the Client shall be is the data controller Data Controller, and the Company shall be Supplier is the data processorData Processor in respect of any Personal Data. 6.2 Subject to Clause 6.6, each party 10.2 The Supplier shall process the Personal Data supplied to it by the other party only in connection accordance with the Services, only in so far as it is necessary Client’s instructions from time to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes time and shall not sell or distribute such process the Personal Data to for any purposes other partythan those expressly authorised by the Client. 6.3 Each party 10.3 The Supplier shall take reasonable steps to ensure the reliability of all of their respective its employees who have access to the Personal Data. 6.4 10.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards standards, and other similar instruments. 6.5 Each party 10.5 The Supplier warrants to the otherthat, having regard to the state of technological development and the cost costs of implementing any measures, that it shallwill: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction destruction, or damage; and (ii) the nature of the data to be protected; and. (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client 10.6 Each party agrees to indemnify and keep indemnified indemnified and defend at its own expense the Company other party against all costs, claims, damages damages, or expenses incurred by the Company other party or for which the Company other party may become liable due to any failure by the Client first party or its employees or agents to comply with any of its obligations under this Clause 610. 10.7 The Client acknowledges that the Supplier is reliant on the Client for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Client’s instructions.

DATA PROTECTION AND DATA PROCESSING. 6.1 The Company and the Client acknowledge that for the purposes of the Data Protection ▇▇▇ ▇▇▇▇ Act 1998 and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be the data controller and the Company shall be the data processor. 6.2 Subject to Clause 6.6, each party shall process Personal Data supplied to it by the other party in connection with the Services, only in so far as it is necessary to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes and shall not sell or distribute such Personal Data to any other party. 6.3 Each party shall take reasonable steps to ensure the reliability of all of their respective employees who have access to the Personal Data. 6.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party warrants to the other, having regard to the state of technological development and the cost of implementing any measures, that it shall: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client agrees to indemnify and keep indemnified and defend at its own expense the Company against all costs, claims, damages or expenses incurred by the Company or for which the Company may become liable due to any failure by the Client or its employees or agents to comply with any of its obligations under this Clause 6.

DATA PROTECTION AND DATA PROCESSING. 6.1 The Company 15.1 Each party collects and processes personal data concerning the Client acknowledge that other party’s employees for the purposes purpose of contract and relationship management in its capacity as a controller and in relation to such personal data that party will comply with the all of its obligations under the Data Protection ▇▇▇ ▇▇▇▇ and Legislation. 15.2 If the GDPRSupplier processes any personal data on the Customer’s behalf when performing its obligations under this agreement, the parties record their intention that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client Customer shall be the data controller and the Company Supplier shall be the a data processor. 6.2 Subject to Clause 6.6, each party shall process Personal Data supplied to it by the other party processor and in connection with the Services, only in so far as it is necessary to process any such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes and shall not sell or distribute such Personal Data to any other party. 6.3 Each party shall take reasonable steps to ensure the reliability of all of their respective employees who have access to the Personal Data. 6.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party warrants to the other, having regard to the state of technological development and the cost of implementing any measures, that it case shall: (a) take 15.2.1 process personal data only on the written instructions of the Customer and the Customer agrees that this agreement shall constitute the Customer’s written instructions. If the Supplier is required by any Applicable Laws to process personal data it shall, to the extent legally permitted, notify the Customer before doing so; 15.2.2 have in place appropriate technical measures and organisational measures to protect against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: to (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and damage and (ii) the nature of the data to be protected; and 15.2.3 not engage another processor without prior specific or general written authorisation of the Customer and without ensuring that the same data protection obligations as set out in this agreement are imposed on that other processor and the Supplier shall remain fully liable to the Customer for performance of the other processor’s obligations to the extent the other processor fails to fulfil their data protection obligations. 15.2.4 ensure that personnel who have access to or process personal data are under contractual or statutory obligations to keep the personal data confidential; 15.2.5 at the Customer’s cost, assist the Customer to respond to any request from a data subject; 15.2.6 notify the Customer without undue delay of a personal data breach (bwhich has the meaning given to it in the Data Protection Legislation) take and, at the Customer’s cost, provide reasonable steps assistance to ensure the Customer complying with its obligations pursuant to Articles 32 to 36 of GDPR; 15.2.7 at the written direction of the Customer, delete or return personal data to the Customer on termination of this agreement unless the Customer is required by law to store the personal data; and 15.2.8 make available to the Customer all information reasonably necessary to demonstrate compliance with those measures. 6.6 Any Personal Data this clause, and, at the Client provides to the Company shall be held Customer’s cost, allow for audits conducted by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client agrees to indemnify and keep indemnified and defend at its own expense the Company against all costs, claims, damages or expenses incurred by the Company or for which the Company may become liable due to any failure by the Client Customer or its employees or agents to comply with any of its obligations under this Clause 6designated auditor.

DATA PROTECTION AND DATA PROCESSING. 6.1 13.1 The Company Customer and the Client Supplier acknowledge that for the purposes of the Data Protection ▇▇▇ ▇▇▇▇ Act 1998, the Customer is the Data Controller and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be Supplier is the data controller and the Company shall be the data processorprocessor in respect of any Personal Data. 6.2 Subject to Clause 6.6, each party 13.2 The Supplier shall process the Personal Data supplied to it by the other party only in connection accordance with the Services, only in so far as it is necessary Customer's instructions from time to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes time and shall not sell or distribute such process the Personal Data to for any purposes other partythan those expressly authorised by the Customer. 6.3 Each party 13.3 The Supplier shall take reasonable steps to ensure the reliability of all of their respective its employees who have access to the Personal Data. 6.4 13.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party 13.5 The Supplier warrants to the otherthat, having regard to the state of technological development and the cost of implementing any measures, that it shallwill: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client 13.6 Each party agrees to indemnify and keep indemnified indemnified and defend at its own expense the Company other party against all costs, claims, damages or expenses incurred by the Company other party or for which the Company other party may become liable due to any failure by the Client first party or its employees or agents to comply with any of its obligations under this Clause 6clause. 13.7 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer's instructions. 13.8 The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor's contract: (a) is on terms which are substantially the same as those set out in this agreement; and (b) terminates automatically on termination of this agreement for any reason.

DATA PROTECTION AND DATA PROCESSING. 6.1 13.1 The Company Customer and the Client Supplier acknowledge that for the purposes of the Data Protection ▇▇▇ ▇▇▇▇ Act 2018, the Customer is the Data Controller and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be Supplier is the data controller and the Company shall be the data processorprocessor in respect of any Personal Data. 6.2 Subject to Clause 6.6, each party 13.2 The Supplier shall process the Personal Data supplied to it by the other party only in connection accordance with the Services, only in so far as it is necessary Customer's instructions from time to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes time and shall not sell or distribute such process the Personal Data to for any purposes other partythan those expressly authorised by the Customer. 6.3 Each party 13.3 The Supplier shall take reasonable steps to ensure the reliability of all of their respective its employees who have access to the Personal Data. 6.4 13.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party 13.5 The Supplier warrants to the otherthat, having regard to the state of technological development and the cost of implementing any measures, that it shallwill: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client 13.6 Each party agrees to indemnify and keep indemnified indemnified and defend at its own expense the Company other party against all costs, claims, damages or expenses incurred by the Company other party or for which the Company other party may become liable due to any failure by the Client first party or its employees or agents to comply with any of its obligations under this Clause 6clause. 13.7 The Customer acknowledges that the Supplier is reliant on the Customer for direction as to the extent to which the Supplier is entitled to use and process the Personal Data. Consequently, the Supplier will not be liable for any claim brought by a Data Subject arising from any action or omission by the Supplier, to the extent that such action or omission resulted directly from the Customer's instructions. 13.8 The Supplier may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor's contract: (a) is on terms which are substantially the same as those set out in this agreement; and (b) terminates automatically on termination of this agreement for any reason.

DATA PROTECTION AND DATA PROCESSING. 6.1 The Company and the Client 7.1 Both parties acknowledge that for the purposes of the Data Protection ▇▇▇ ▇▇▇▇ Act legislation, You are the Data Controller and the GDPR, that the Client and the Company shall be considered separate data controllers in relation to the provision of the Services, save and except that in the case of lead generation services, the Client shall be We are the data controller and the Company shall be the data processorprocessor in respect of any Personal Data provided by You. 6.2 Subject to Clause 6.6, each party 7.2 We shall process the Personal Data supplied to it by the other party in connection with the Services, only in so far as it is necessary accordance with Your instructions from time to process such Personal Data in connection with the provision of the Services, unless the parties agree otherwise in writing. The Client shall only process Personal Data obtained during the course of an Exhibition for its own purposes time and shall not sell or distribute such process the Personal Data to for any purposes other partythan those expressly authorised by You. 6.3 Each party 7.3 We shall take reasonable steps to ensure the reliability of all of their respective Our employees who have access to the Personal Data. 6.4 7.4 Each party warrants to the to the other that it will process the Personal Data in compliance with all applicable laws, enactments, regulations, orders, standards and other similar instruments. 6.5 Each party warrants to the other7.5 We warrant that, having regard to the state of technological development and the cost costs of implementing any measures, that it shallWe will: (a) take appropriate technical measures and organisational measures against the unauthorised or unlawful processing of Personal Data and against the accidental loss or destruction of, or damage to, Personal Data to ensure a level of security appropriate to: (i) the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage; and (ii) the nature of the data to be protected; and (b) take reasonable steps to ensure compliance with those measures. 6.6 Any Personal Data the Client provides to the Company shall be held by the Company on a database. The Client agrees that the Company may use and share such Personal Data within its corporate group insofar as is permitted by law. 6.7 The Client 7.6 Each party agrees to indemnify and keep indemnified indemnified and defend at its own expense the Company other party against all costs, claims, damages or expenses incurred by the Company other party or for which the Company other party may become liable due to any failure by the Client first party or its employees or agents to comply with any of its obligations under this Clause 6clause 7. 7.7 You acknowledge that We are reliant on You for direction as to the extent to which We are entitled to use and process the Personal Data. Consequently, We will not be liable for any claim brought by a Data Subject arising from any action or omission by Us, to the extent that such action or omission resulted directly from Your instructions. 7.8 We may authorise a third party (subcontractor) to process the Personal Data provided that the subcontractor’s contract: (a) is on terms which are substantially the same as those set out in this agreement; and (b) terminates automatically on termination of this agreement for any reason.