Common use of Without prejudice to the Clause in Contracts

Without prejudice to the. generality of clause 1.1, Quotient shall, in relation to any Personal Data processed in connection with the performance by Quotient of its obligations under this agreement: (a) process that Personal Data only on the written instructions of the Sponsor unless Quotient is required by the laws of any member of the European Union or by the laws of the European Union applicable to Quotient to process Personal Data (Applicable Laws). Where Quotient is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, Quotient shall promptly notify the Sponsor of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Quotient from so notifying the Sponsor; (b) ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Sponsor, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (c) ensure that all personnel who have access to and/or process Personal Data must keep the Personal Data confidential; and (d) not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Sponsor has been obtained and these conditions are fulfilled: (i) the Sponsor or Quotient has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) Quotient complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data transferred; and (iv) Quotient complies with reasonable instructions notified to it in advance by the Sponsor regarding the processing of the Personal Data; (e) assist the Sponsor, at the Sponsor’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation regarding security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (f) notify the Sponsor without undue delay on learning of a Personal Data breach; (g) at the written direction of the Sponsor, delete or return Personal Data and copies thereof to the Sponsor on termination of the agreement unless required by Applicable Law to store the Personal Data; and (h) maintain complete and accurate records and information to demonstrate its compliance with this clause one (1) and allow for audits by the Sponsor or the Sponsor’s designated auditor.

Without prejudice to the. generality of clause 1.1Clause 5.4, Quotient the Supplier shall, in relation to any Personal Data personal data processed in connection with the performance by Quotient the Supplier of its obligations under this agreement: (a) process that Personal Data personal data only on the documented written instructions of the Sponsor Customer unless Quotient the Supplier is required by the laws of any member of the European Union or by the laws of the European Union applicable to Quotient the Supplier and/or Domestic UK Law (where Domestic UK Law means the UK Data Protection Legislation and any other law that applies in the UK) to process Personal Data personal data (Applicable Laws). Where Quotient the Supplier is relying on laws of a member of the European Union or European Union law Applicable Laws as the basis for processing Personal Datapersonal data, Quotient the Supplier shall promptly notify the Sponsor Customer of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Quotient the Supplier from so notifying the SponsorCustomer; (b) ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the Sponsor, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (c) ensure that all personnel who have access to and/or process Personal Data must keep the Personal Data confidential; and (d) not transfer any Personal Data personal data outside of the European Economic Area and the United Kingdom unless the prior written consent of the Sponsor has been obtained and these following conditions are fulfilled: (i) the Sponsor Customer or Quotient the Supplier has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) Quotient the Supplier complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data personal data that is transferred; and (iv) Quotient the Supplier complies with reasonable instructions notified to it in advance by the Sponsor regarding Customer with respect to the processing of the Personal Datapersonal data; (ec) assist the SponsorCustomer, at the SponsorCustomer’s cost, in responding to any request from a Data Subject data subject and in ensuring compliance with its obligations under the Data Protection Legislation regarding with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (fd) notify the Sponsor Customer without undue delay on learning becoming aware of a Personal Data personal data breach; (ge) at the written direction of the SponsorCustomer, delete or return Personal Data personal data and copies thereof to the Sponsor Customer on termination of the agreement unless required by Applicable Law to store the Personal Datapersonal data; and (hf) maintain complete and accurate records and information to demonstrate its compliance with this clause one (1) Clause 5 and allow for audits by immediately inform the Sponsor or Company if, in the Sponsor’s designated auditoropinion of the VAR, an instruction infringes the Data Protection Legislation.

Without prejudice to the. generality of clause 1.12.1, Quotient Trace shall, in relation to any Client Personal Data processed in connection with the performance by Quotient Trace of its obligations under this agreement: (a) process that Client Personal Data only on the written instructions of the Sponsor Customer unless Quotient Trace is required by the laws of any member of the European Union or by the laws of the European Union applicable to Quotient Trace to process any Client Personal Data (Applicable Laws). Where Quotient Trace is relying on laws of a member of the European Union or European Union law as the basis for processing Client Personal Data, Quotient Trace shall promptly notify the Sponsor Client of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Quotient Trace from so notifying the SponsorClient; (b) ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the SponsorClient, to protect against unauthorised or unlawful processing of Client Personal Data and against accidental loss or destruction of, or damage to, Client Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Client Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services services, ensuring that availability of and access to Client Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (c) ensure that all personnel who have access to and/or process Client Personal Data must are obliged to keep the Client Personal Data confidential; and (d) not transfer any Client Personal Data outside of the European Economic Area unless the prior written consent of the Sponsor Client has been obtained and these the following conditions are fulfilled: (i) the Sponsor Client or Quotient Trace has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) Quotient Trace complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Client Personal Data that is transferred; and (iv) Quotient Trace complies with reasonable instructions notified to it in advance by the Sponsor regarding Client with respect to the processing of the Client Personal Data; (e) assist the SponsorClient, at the SponsorClient’s cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation regarding with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (f) notify the Sponsor without Clientwithout undue delay on learning becoming aware of a Client Personal Data breach; (g) at the written direction of the SponsorClient, delete or return Client Personal Data and copies thereof to the Sponsor Client on termination of the agreement unless required by Applicable Law to store the Client Personal Data; and (h) maintain complete and accurate records and information to demonstrate its compliance with this clause one (1) and allow for audits by the Sponsor Client or the SponsorClient’s designated auditor.

Without prejudice to the. generality of clause 1.113.1.1, Quotient we shall, in relation to any Personal Data processed in connection with the performance by Quotient us of its our obligations under this agreementAgreement: (a) process that Personal Data only on the your written instructions of the Sponsor unless Quotient is we are required by the laws of any member of the European Union or by the laws of the European Union applicable to Quotient us to process Personal Data (“Applicable Laws”). Where Quotient is we are relying on laws of a member of the European Union or European Union law as the basis for processing Personal Data, Quotient we shall promptly notify the Sponsor you of this before performing the processing required by the Applicable Laws unless those Applicable Laws prohibit Quotient us from so notifying the Sponsoryou; (b) ensure that it has we have in place appropriate technical and organisational measures, reviewed and approved by the Sponsoryou, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (c) ensure that all personnel who have access to and/or process Personal Data must are obliged to keep the Personal Data confidential; and (d) not transfer any Personal Data outside of the European Economic Area unless the your prior written consent of the Sponsor has been obtained and these the following conditions are fulfilled: (i) the Sponsor or Quotient has either of us have provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) Quotient complies we comply with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) Quotient complies we comply with reasonable instructions notified to it us in advance by the Sponsor regarding you with respect to the processing of the Personal Data; (e) assist the Sponsoryou, at the Sponsor’s your cost, in responding to any request from a Data Subject data subject and in ensuring compliance with its obligations under the Data Protection Legislation regarding with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (f) notify the Sponsor you without undue delay on learning becoming aware of a Personal Data breach; (g) at the your written direction of the Sponsordirection, delete or return Personal Data and copies thereof to the Sponsor you on termination of the agreement this Agreement unless required by Applicable Law to store the Personal Data; and (h) maintain complete and accurate records and information to demonstrate its compliance with this clause one (1) and allow for audits by the Sponsor or the Sponsor’s designated auditor13.1.

Without prejudice to the. generality of clause 1.116.2, Quotient Veritas shall, in relation to any Personal Data processed in connection with the performance by Quotient of its obligations under this agreementthe Contract: (a) process Process that Personal Data only on behalf of and in accordance with the documented written instructions of the Sponsor Client, unless Quotient Veritas is required by the laws of any member of the European Union or by the laws of the European Union applicable Applicable Laws to Quotient to process otherwise Process that Personal Data (Applicable Laws)Data. Where Quotient Veritas is relying on laws of a member of the European Union or European Union law Applicable Laws as the basis for processing Processing Personal Data, Quotient Veritas shall promptly notify the Sponsor Client of this before performing the processing Processing required by the Applicable Laws unless those Applicable Laws prohibit Quotient Veritas from so notifying the SponsorClient; (b) ensure that it has in place appropriate technical Appropriate Technical and organisational measures, reviewed and approved by the Sponsor, Organisational Measures to protect against unauthorised or unlawful processing Processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing Processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (c) ensure that all personnel who have access to and/or process Process Personal Data must are obliged to keep the Personal Data confidential; and; (d) not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Sponsor has been obtained and these conditions are fulfilled: (i) the Sponsor or Quotient has provided appropriate safeguards in relation to the transfer; (ii) the data subject has enforceable rights and effective legal remedies; (iii) Quotient complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data transferred; and (iv) Quotient complies with reasonable instructions notified to it in advance by the Sponsor regarding the processing of the Personal Data; (e) assist the SponsorClient, at the Sponsor’s Client's cost, in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation regarding Laws with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (fe) notify the Sponsor Client without undue delay on learning becoming aware of a Personal Data breachBreach; (gf) at the written direction of the SponsorClient, delete or return Personal Data and copies thereof to the Sponsor Client on termination of the agreement Contract unless required by Applicable Applica(ibi)le Law to store the Personal Data; and (hg) maintain complete and accurate records and information to demonstrate its compliance with this (tihii)is clause one (1) 16 and allow for audits by the Sponsor Client or the Sponsor’s Client's designated auditorauditor and promptly inform the Client if, in the opinion of Veritas, an instruction infringes the Data Protection Laws.

Without prejudice to the. generality of clause 1.111.2, Quotient shall, in relation to any the Service Provider must ensure that all Personal Data processed by or on behalf of the Service Provider in connection with the performance by Quotient course of its obligations under this agreement:delivering the Services is processed in (a) process that Personal Data only on the written instructions of the Sponsor Council, unless Quotient the Service Provider is required by the laws of any member of the European Union or by the laws of the European Union applicable to Quotient to process Personal Data (Applicable Laws)) applicable to the Service Provider to otherwise process the Personal Data. Where Quotient the Service Provider is relying on laws of a member of the European Union or European Union law as the basis for processing Personal Dataso required, Quotient it shall promptly notify the Sponsor of this Council before performing processing the processing required Personal Data, unless prohibited by the Applicable Laws unless those Applicable Laws prohibit Quotient from so notifying the SponsorLaw; (b) ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the SponsorCouncil, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, appropriate to the harm that might result from the unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the data to be protected, having regard to the state of technological development and the cost of implementing any measures (those measures may include, where appropriate, pseudonymising and encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services services, ensuring that availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures adopted by it); (c) ensure that all personnel who have access to and/or process Personal Data must keep the Personal Data confidential; and (d) not transfer any Personal Data outside of the European Economic Area unless the prior written consent of the Sponsor Council has been obtained and these the following conditions are fulfilled: (i) the Sponsor Council or Quotient the Service Provider has provided appropriate safeguards in relation to the transfer; (ii) the data subject Data Subject has enforceable rights and effective legal remedies; (iii) Quotient the Service Provider complies with its obligations under the Data Protection Legislation by providing an adequate level of protection to any Personal Data that is transferred; and (iv) Quotient the Service Provider complies with the reasonable instructions notified to it in advance by the Sponsor regarding Council with respect to the processing of the Personal Data; (d) notify the Council as soon as reasonably practicable if it receives: (i) a request from a Data Subject to have access to that individual’s Personal Data; (ii) a Right of Access, Rectification or Erasure Request; (iii) receives any other request, complaint or communication relating to either Party's obligations under the Data Protection Legislation (including any communication from the Information Commissioner); (e) at the Service Provider’s expense, assist the Sponsor, at the Sponsor’s cost, Council in responding to any request from a Data Subject and in ensuring compliance with its the Council's obligations under the Data Protection Legislation regarding with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators; (f) notify the Sponsor without undue delay on learning of a Personal Data breach; (g) at the written direction of the SponsorCouncil, delete or return Personal Data and copies thereof to the Sponsor individual on termination or expiry of the agreement this Agreement unless required by the Applicable Law Laws to store the Personal Data; and; (hg) maintain complete and accurate records and information to demonstrate its compliance with this clause one (1) 11.2 and allow for audits by the Sponsor or the Sponsor’s designated auditor.Council