Common use of Client Personal Data Clause in Contracts

Client Personal Data. If FIS Processes or otherwise has access to any Personal Data of Client as a result of this Agreement, the following provisions shall apply with respect to the Processing of that Personal Data on Client’s behalf: (a) FIS shall Process the Personal Data only in accordance with any lawful and reasonable instructions given by Client from time to time as documented in and in accordance with the terms of this Agreement; (b) FIS shall ensure that all persons it authorizes to access the Personal Data are bound by appropriate obligations of confidentiality with respect to that Personal Data; (c) taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing of the relevant Personal Data, Client and FIS shall each implement appropriate technical and organizational measures to ensure a level of security for the Personal Data in accordance with applicable data protection law; (d) each party shall take reasonable steps to ensure that any person acting under its authority who has access to Personal Data does not Process the Personal Data except on instructions from that party; (e) FIS shall cooperate with Client as reasonably required to assist Client with its compliance with its legal obligations under applicable data protection laws, and Client shall reimburse FIS for any time spent by FIS personnel as part of any such cooperation at FIS’ then standard professional services rate, together with any out-of-pocket costs reasonably incurred; (f) to the extent required by applicable law, FIS shall give notice to Client of any Personal Data breach relating to the Personal Data of Client; (g) Client shall ensure that it is entitled to transfer the relevant Personal Data to FIS so that FIS may lawfully Process the Personal Data in accordance with this Agreement on Client’s behalf, which may include FIS Processing the relevant Personal Data outside the country where Client and the Authorized Users are located in order for FIS to provide the Solution and perform its other obligations under this Agreement; (h) FIS may engage its Authorized Recipients as Processors under this Agreement and FIS shall: (i) impose upon such Processors the equivalent data protection obligations as set out in this Section 5.4; and (ii) be responsible for the misuse or impermissible distribution of the Personal Data by its Authorized Recipients under this Agreement to the same extent as if those actions were taken by FIS. FIS shall inform Client of any intended changes concerning the addition or replacement of Processors engaged by FIS, including by making such information available to Client on its web page; and (i) if FIS will Process or otherwise have access to any Personal Data of Client related to data subjects residing in the European Economic Area, United Kingdom or Switzerland, the following additional provisions shall apply with respect to the Processing of Personal Data on Client’s behalf: (i) Client shall be the Controller and FIS shall be a Processor; (ii) Client must ensure that the Order specifies all types of Personal Data to be Processed including the categories of natural persons to which such Personal Data relates; (iii) upon Client’s written request, FIS shall (at Client’s option) delete or return all Personal Data Processed on behalf of Client to Client after the end of the provision of services relating to the Processing of that Personal Data, subject to FIS retaining any copies required by applicable law; and (iv) to the extent required for compliance with applicable data protection law, upon Client’s written request (but not more than once in any twelve (12) month period, unless otherwise required under applicable data protection law), FIS shall make available to Client all information reasonably necessary to demonstrate FIS’ compliance with the obligations set out in this Section 5.4. Solely for such purpose, FIS may allow a reputable third-party auditor chosen by FIS to perform audits on Client’s behalf and Client hereby authorizes FIS to issue such mandate to the third-party auditor. Reasonable advance notice of at least sixty (60) days is required for a Client request under this Section, unless applicable data protection law requires an earlier audit. FIS and Client will use current certifications or other audit reports to minimize repetitive audits, and will each bear their own expenses of audit.

Client Personal Data. If FIS Processes or otherwise has access to any Personal Data of Client as a result of this Agreement, the following provisions shall apply with respect to the Processing of that Personal Data on Client’s behalf: (a) : FIS shall Process the Personal Data only in accordance with any lawful and reasonable instructions given by Client from time to time as documented in and in accordance with the terms of this Agreement; (b) ; FIS shall ensure that all persons it authorizes to access the Personal Data are bound by appropriate obligations of confidentiality with respect to that Personal Data; (c) ; taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing of the relevant Personal Data, Client and FIS shall each implement appropriate technical and organizational measures to ensure a level of security for the Personal Data in accordance with applicable data protection law; (d) ; each party shall take reasonable steps to ensure that any person acting under its authority who has access to Personal Data does not Process the Personal Data except on instructions from that party; (e) ; FIS shall cooperate with Client as reasonably required to assist Client with its compliance with its legal obligations under applicable data protection laws, and Client shall reimburse FIS for any time spent by FIS personnel as part of any such cooperation at FIS’ then standard professional services rate, together with any out-of-pocket costs reasonably incurred; (f) to the extent required by applicable law, FIS shall give notice to Client of any Personal Data breach relating to the Personal Data of Client; (g) ; Client shall ensure that it is entitled to transfer the relevant Personal Data to FIS so that FIS may lawfully Process the Personal Data in accordance with this Agreement on Client’s behalf, which may include FIS Processing the relevant Personal Data outside the country where Client and the Authorized Users are located in order for FIS to provide the Solution and perform its other obligations under this Agreement; (h) ; FIS may engage its Authorized Recipients as Processors under this Agreement and FIS shall: (i) impose upon such Processors the equivalent data protection obligations as set out in this Section 5.4; and (ii) be responsible for the misuse or impermissible distribution of the Personal Data by its Authorized Recipients under this Agreement to the same extent as if those actions were taken by FIS. FIS shall inform Client of any intended changes concerning the addition or replacement of Processors engaged by FIS, including by making such information available to Client on its web page; and (i) and if FIS will Process or otherwise have access to any Personal Data of Client related to data subjects residing in the European Economic Area, United Kingdom or Switzerland, the following additional provisions shall apply with respect to the Processing of Personal Data on Client’s behalf: (i) : Client shall be the Controller and FIS shall be a Processor; (ii) ; Client must ensure that the Order specifies all types of Personal Data to be Processed including the categories of natural persons to which such Personal Data relates; (iii) ; upon Client’s written request, FIS shall (at Client’s option) delete or return all Personal Data Processed on behalf of Client to Client after the end of the provision of services relating to the Processing of that Personal Data, subject to FIS retaining any copies required by applicable law; and (iv) to the extent required for compliance with applicable data protection law, and upon Client’s written request (but not more than once in any twelve (12) month period, unless otherwise required under applicable data protection law), FIS shall make available to Client all information reasonably necessary to demonstrate FIS’ compliance with the obligations set out in this Section 5.4. Solely for For such purpose, FIS may allow a reputable third-party auditor chosen by FIS to perform audits on Client’s behalf and Client hereby authorizes FIS to issue such mandate to the third-party auditor. Reasonable advance notice of at least sixty (60) days is required for a Client request under this Section, unless applicable data protection law requires an earlier audit. FIS and Client will use current certifications or other audit reports to minimize repetitive audits, and will each bear their own expenses of audit. FIS Solution Details. The FIS Solution Details are trade secrets and proprietary property of FIS or its licensors, having great commercial value to FIS or its licensors. Title to all FIS Solution Details and all related intellectual property and other ownership rights shall be and remain exclusively with FIS or its licensors, even with respect to such items that were created by FIS specifically for or on behalf of Client. FIS and its Affiliates may freely use Feedback without attribution or the need for FIS, its Affiliates or any third party to pay Client or any third party any royalties or other fees of any kind. This Agreement is not an agreement of sale, and no intellectual property or other ownership rights to any FIS Solution Details are transferred to Client by virtue of this Agreement. All copies of FIS Solution Details in Client's possession shall be deemed to be on loan to Client during the term of this Agreement.