Common use of Security and Data Clause in Contracts

Security and Data. 3.1 In this Framework and each Agreement, references to "controller", "data subject", "personal data", "personal data breach", "processor" and "processing" have the meanings set out in the GDPR (and "process" and "processed" shall be construed accordingly). 3.2 Each party will comply with applicable Data Protection Legislation in relation to its respective activities under and in connection with this Framework and each Agreement, including compliance with Article 5 GDPR (data protection principles) and all applicable data security requirements in respect of personal data that each party holds (including Article 32 GDPR). 3.3 Our Privacy Policy explains how we collect and use personal data. 3.4 We are, together, joint controllers with you in respect of our Service Offerings, except to the extent expressly stated otherwise in an Order. We are, for certain purposes, a controller in our own right where we determine the purposes for which we process data, such as the use of our own data assets (which may include cookies, other online identifiers, behavioural data and other personal data collected by us via our provision of the Service Offerings, as more fully explained in our Privacy Policy) to support and/or enhance the delivery of our Service Offerings and/or for the creation of new solutions or services created for the benefit of our clients. 3.5 Article 26 of the GDPR requires that joint controllers must determine, in a transparent manner, their respective responsibilities for compliance with the obligations under GDPR. Our respective responsibilities in this regard are set out below and in our Privacy Policy, except as may be amended by written agreement between us in an Order. 3.6 In respect of personal data that you share with us and/or that we collect when providing our Service Offerings to you: (a) we shall process the personal data only for the agreed purposes identified in our Privacy Policy and each Agreement, and not for any other purpose; (b) we shall promptly notify you and provide such co-operation and information as you may reasonably require if we: (i) receive any written request, notice or complaint from a data subject exercising their rights under GDPR or any correspondence or written communication from the ICO or any other relevant regulator in relation to the processing of the personal data; and/or (ii) become aware of any personal data breach affecting the personal data, in each case in (i) and (ii) to the extent required to enable you to comply with your obligations under Data Protection Legislation; (c) you shall promptly notify us and provide such co-operation and information as we may reasonably require if you: (i) receive any request, notice or complaint from a data subject exercising their rights under GDPR or any correspondence or written communication from the ICO or any other relevant regulator in relation to the processing of the personal data; and/or (ii) become aware of any personal data breach affecting the personal data; in each case in (i) and (ii) to the extent required to enable us to comply with our obligations under Data Protection Legislation; 3.7 You agree: (a) to obtain, and on reasonable request evidence, any and all marketing permissions and other consents that are required to enable us to provide the relevant Service Offerings, including (but not limited to) in respect of cookies that we use and electronic marketing that we send on your behalf, in a manner that is compliant with applicable Data Protection Legislation; (b) to have in place and, on reasonable request evidence, in respect of Digital Properties that you operate through which we collect personal data, appropriate mechanisms, compliant with Data Protection Legislation, for obtaining any and all permissions and other consents that are required for the collection of personal data for the purposes used by us as set out in our Privacy Policy and each Agreement; (c) to ensure, in respect of Digital Properties that you operate through which we collect personal data, that you have a privacy notice that complies with Data Protection Legislation and, in particular, expressly names Ve Global as a party for whom, and by whom, personal data is collected through your Digital Properties, including a clear link to our Privacy Policy (to help end users understand who we are and what we do); and (d) in respect of any marketing communications that are served to data subjects in respect of our Service Offerings (including Digital Assistant and Email Remarketing solutions) to include in the marketing communication clear and visible language that makes clear Ve’s involvement, including a clear link to our Privacy Policy (to help end users understand who we are and what we do). 3.8 Notwithstanding anything else in this Agreement, Ve and its group companies may use, exploit and disclose, in aggregated and/or anonymised form, data (that is not, or is no longer, personal data within the meaning of Data Protection Legislation) resulting from or generated through the provision of our Service Offerings.

Security and Data. 3.1 In this Framework and each Agreement, references to "controller", "data subject", "personal data", "personal data breach", "processor" and "processing" have the meanings set out in the GDPR (and "process" and "processed" shall be construed accordingly). 3.2 Each party will comply with applicable Data Protection Legislation in relation to its respective activities under and in connection with this Framework and each Agreement, including compliance with Article 5 GDPR (data protection principles) and all applicable data security requirements in respect of personal data that each party holds (including Article 32 GDPR). 3.3 Our Privacy Policy explains how we collect and use personal data. 3.4 We Where we are, together, joint controllers with you in respect of our Service Offerings, except to the extent expressly stated otherwise in an Order. data sharing agreement set out at Schedule 1 below will apply. 3.5 We are, for certain purposes, a controller in our own right where we determine the purposes for which we process data, such as the use of our own data assets (which may include cookies, other online identifiers, behavioural data and other personal data collected by us via our provision of the Service Offerings, as more fully explained in our Privacy Policy) to support and/or enhance the delivery of our Service Offerings and/or for the creation of new solutions or services created for the benefit of our clients. 3.5 Article 26 . Where we are a Controller in our own right of the GDPR requires data that joint controllers must determinewe collect, in a transparent manner, their respective responsibilities for compliance with the obligations under GDPR. Our respective responsibilities in this regard are data sharing agreement set out at Schedule 1 below and in our Privacy Policy, except as may be amended by written agreement between us in an Orderwill apply. 3.6 In respect Where we are a Processor, the data processing agreement set out in Schedule 2 below will apply. The aforementioned data processing agreement shall only apply to the extent that we are a Processor of personal the data that you share with us and/or that we collect when providing our Service Offerings to you: (a) we shall process the personal data only for the agreed purposes identified Service Offering in question. For details of where we are a Processor, please see our Privacy Policy and each Agreement, and not guidance here. 3.7 You agree that you are responsible for any other purpose; (b) we shall promptly notify you and provide such co-operation and information as you may reasonably require if we: obtaining consent from the Data Subject for: (i) receive any written request, notice cookies or complaint similar technologies that we deposit and use to collect data from a data subject exercising their rights under GDPR or any correspondence or written communication from the ICO or any other relevant regulator in relation to the processing of the personal dataYour Website(s); and/or (ii) become aware of any personal data breach affecting the personal data, in each case in (i) and (ii) to the extent required to enable any consents necessary for marketing and advertising including without limitation unsolicited direct marketing. As such, you to comply with your obligations under Data Protection Legislation; (c) you shall promptly notify us and provide such co-operation and information as we may reasonably require if you: (i) receive any request, notice or complaint from a data subject exercising their rights under GDPR or any correspondence or written communication from the ICO or any other relevant regulator in relation to the processing of the personal data; and/or (ii) become aware of any personal data breach affecting the personal data; in each case in (i) and (ii) to the extent required to enable us to comply with our obligations under Data Protection Legislation; 3.7 You agreeundertake to: (a) to obtain, and on reasonable request evidence, any and all marketing permissions and other consents that are required to enable us to provide the relevant Service Offerings, including (but not limited to) in respect of cookies that we use and electronic marketing that we send on your behalf, in a manner that is compliant with applicable Data Protection Legislation; (b) to have in place and, on reasonable request evidence, in respect of Digital Properties that you operate through which we collect personal data, appropriate mechanisms, compliant with Data Protection Legislation, for obtaining any and all permissions and other consents that are required for the collection of personal data for the purposes used by us as set out in our Privacy Policy and each Agreement; (c) to ensure, in respect of Digital Properties that you operate through which we collect personal data, that you have a privacy notice that complies with Data Protection Legislation and, in particular, expressly names Ve Global as a party for whom, and by whom, personal data is collected through your Digital Properties, including a clear link to our Privacy Policy (to help end users understand who we are and what we do); and (d) in respect of any marketing communications that are served to data subjects in respect of our Service Offerings (including Digital Assistant and Email Remarketing solutions) to include in the marketing communication clear and visible language that makes clear Ve’s involvement, including a clear link to our Privacy Policy (to help end users understand who we are and what we do). 3.8 Notwithstanding anything else in this Agreement, Ve and its group companies may use, exploit and disclose, in aggregated and/or anonymised form, data (that is not, or is no longer, personal data within the meaning of Data Protection Legislation) resulting from or generated through the provision of our Service Offerings.

Security and Data. 3.1 In this Framework and each Agreement, references to "controller", "data subject", "personal data", "personal data breach", "processor" and "processing" have the meanings set out in the GDPR (and "process" and "processed" shall be construed accordingly). 3.2 Each party will comply with applicable Data Protection Legislation in relation to its respective activities under and in connection with this Framework and each Agreement, including compliance with Article 5 GDPR (data protection principles) and all applicable data security requirements in respect of personal data that each party holds (including Article 32 GDPR). 3.3 Our Privacy Policy explains how we collect and use personal data. 3.4 We are, together, joint controllers with you in respect of any personal data shared between you and us in connection with our Service Offerings, except to the extent expressly stated otherwise in an Order. We are, for certain purposes, a controller in our own right where we determine the purposes for which we process data, such as the use of our own data assets (which may include cookies, other online identifiers, behavioural data and other personal data collected by us via our provision of the Service Offerings, as more fully explained in our Privacy Policy) to support and/or enhance the delivery of our Service Offerings and/or for the creation of new solutions or services created for the benefit of our clients. 3.5 Article 26 of the GDPR requires that joint controllers must determine, in a transparent manner, their respective responsibilities for compliance with the obligations under GDPR. Our respective responsibilities in this regard are set out below and in our Privacy Policy, except as may be amended by written agreement between us in an Order. 3.6 In respect of personal data that you share with us and/or that we collect when providing our Service Offerings to you: (a) we shall process the personal data only for the agreed purposes identified in our Privacy Policy and each Agreement, and not for any other purpose; (b) we shall promptly notify you and provide such co-operation and information as you may reasonably require if we: (i) receive any written request, notice or complaint from a data subject exercising their rights under GDPR or any correspondence or written communication from the ICO Office of the Data Protection Commissioner or any other relevant regulator in relation to the processing of the personal data; and/or (ii) become aware of any personal data breach affecting the personal data, in each case in (i) and (ii) to the extent required to enable you to comply with your obligations under Data Protection Legislation; (c) you shall promptly notify us and provide such co-operation and information as we may reasonably require if you: (i) receive any request, notice or complaint from a data subject exercising their rights under GDPR or any correspondence or written communication from the ICO or any other relevant regulator in relation to the processing of the personal data; and/or (ii) become aware of any personal data breach affecting the personal data; in each case in (i) and (ii) to the extent required to enable us to comply with our obligations under Data Protection Legislation; 3.7 You agree: (a) to obtain, and on reasonable request evidence, any and all marketing permissions and other consents that are required under Data Protection Legislation to enable us to provide the relevant Service Offerings, including (but not limited to) in respect of cookies that we use and electronic marketing that we send on your behalf, in a manner that is compliant with applicable Data Protection Legislation; (b) to have in place and, on reasonable request evidence, in respect of Digital Properties that you operate through which we collect personal data, appropriate mechanisms, compliant with Data Protection Legislation, for obtaining any and all permissions and other consents that are required for the collection of personal data for the purposes used by us as set out in our Privacy Policy and each Agreement; (c) to ensure, in respect of Digital Properties that you operate through which we collect personal data, that you have a privacy notice that complies with Data Protection Legislation and, in particular, expressly names Ve Global as a party for whom, and by whom, personal data is collected through your Digital Properties, including a clear link to our Privacy Policy (to help end users understand who we are and what we do); and (d) in respect of any marketing communications that are served to data subjects in respect of our Service Offerings (including Digital Assistant and Email Remarketing solutions) to include in the marketing communication clear and visible language that makes clear Ve’s involvement, including a clear link to our Privacy Policy (to help end users understand who we are and what we do). 3.8 Notwithstanding anything else in this Agreement, Ve and its group companies may use, exploit and disclose, in aggregated and/or anonymised form, data (that is not, or is no longer, personal data within the meaning of Data Protection Legislation) resulting from or generated through the provision of our Service Offerings.

Security and Data. 3.1 In this Framework and each Agreement, references to "controller", "data subject", "personal data", "personal data breach", "processor" and "processing" have the meanings set out in the GDPR (and "process" and "processed" shall be construed accordingly). 3.2 Each party will comply with applicable Data Protection Legislation in relation to its respective activities under and in connection with this Framework and each Agreement, including compliance with Article 5 GDPR (data protection principles) and all applicable data security requirements in respect of personal data that each party holds (including Article 32 GDPR). 3.3 Our Privacy Policy explains how we collect and use personal data. 3.4 We are, together, joint controllers with you in respect of our Service Offerings, except to the extent expressly stated otherwise in an Order. We are, for certain purposes, a controller in our own right where we determine the purposes for which we process data, such as the use of our own data assets (which may include cookies, other online identifiers, behavioural behavioral data and other personal data collected by us via our provision of the Service Offerings, as more fully explained in our Privacy Policy) to support and/or enhance the delivery of our Service Offerings and/or for the creation of new solutions or services created for the benefit of our clients. 3.5 Article 26 of the GDPR requires that joint controllers must determine, in a transparent manner, their respective responsibilities for compliance with the obligations under GDPR. Our respective responsibilities in this regard are set out below and in our Privacy Policy, except as may be amended by written agreement between us in an Order. 3.6 In respect of personal data that you share with us and/or that we collect when providing our Service Offerings to you: (a) we shall process the personal data only for the agreed purposes identified in our Privacy Policy and each Agreement, and not for any other purpose; (b) we shall promptly notify you and provide such co-operation and information as you may reasonably require if we: (i) receive any written request, notice or complaint from a data subject exercising their rights under GDPR or any correspondence or written communication from the ICO or any other relevant regulator in relation to the processing of the personal data; and/or (ii) become aware of any personal data breach affecting the personal data, in each case in (i) and (ii) to the extent required to enable you to comply with your obligations under Data Protection Legislation; (c) you shall promptly notify us and provide such co-operation and information as we may reasonably require if you: (i) receive any request, notice or complaint from a data subject exercising their rights under GDPR or any correspondence or written communication from the ICO or any other relevant regulator in relation to the processing of the personal data; and/or (ii) become aware of any personal data breach affecting the personal data; in each case in (i) and (ii) to the extent required to enable us to comply with our obligations under Data Protection Legislation; 3.7 You agree: (a) to obtain, and on reasonable request evidence, any and all marketing permissions and other consents that are required to enable us to provide the relevant Service Offerings, including (but not limited to) in respect of cookies that we use and electronic marketing that we send on your behalf, in a manner that is compliant with applicable Data Protection Legislation; (b) to have in place and, on reasonable request evidence, in respect of Digital Properties that you operate through which we collect personal data, appropriate mechanisms, compliant with Data Protection Legislation, for obtaining any and all permissions and other consents that are required for the collection of personal data for the purposes used by us as set out in our Privacy Policy and each Agreement; (c) to ensure, in respect of Digital Properties that you operate through which we collect personal data, that you have a privacy notice that complies with Data Protection Legislation and, in particular, expressly names Ve Global as a party for whom, and by whom, personal data is collected through your Digital Properties, including a clear link to our Privacy Policy (to help end users understand who we are and what we do); and (d) in respect of any marketing communications that are served to data subjects in respect of our Service Offerings (including Digital Assistant and Email Remarketing solutions) to include in the marketing communication clear and visible language that makes clear Ve’s involvement, including a clear link to our Privacy Policy (to help end users understand who we are and what we do). 3.8 Notwithstanding anything else in this Agreement, Ve and its group companies may use, exploit and disclose, in aggregated and/or anonymised anonymized form, data (that is not, or is no longer, personal data within the meaning of Data Protection Legislation) resulting from or generated through the provision of our Service Offerings.