Common use of Content and Data Protection Clause in Contracts

Content and Data Protection. a. Content consists of all data, software, and information that Client or its authorised users provides, authorises access to, or inputs to the Cloud Service or information or data Client may provide, make available or grant access to, in connection with IBM providing other Services. Client grants the rights and permissions to IBM, its affiliates, and Subcontractors of either, to use, provide, store, and otherwise process Content solely for the purpose of providing the Cloud Services or other Services. Use of the Cloud Services or other Services will not affect Client's ownership or license rights in Content. b. IBM, its affiliates, and Subcontractors of either may access and use the Content solely for the purpose of providing and managing the applicable Cloud Services or other Services. IBM will treat all Content as confidential by only disclosing to IBM employees and Subcontractors to the extent necessary to provide the Cloud Services or perform other Services. c. Client is responsible for obtaining all necessary rights and permissions to permit processing of Content in the Cloud Services or to provide other Services. Client will make disclosures and obtain consent required by law before Client provides, authorises access to or inputs individuals' information, including personal or other regulated data, for processing in the Cloud Services or use by IBM in providing the other Services. d. If any Content could be subject to governmental regulation or may require security measures beyond those specified by IBM for the Cloud Services or to provide other Services, Client will not provide, allow access to, or input the Content for processing in the Cloud Services or provide or allow access of Content to IBM to provide other Services unless specifically permitted in the applicable TD or unless IBM has first agreed in writing to implement additional security and other measures. Client is responsible for adequate back-up of Content on Client managed systems prior to providing or allowing access of Content to IBM to provide Services. e. IBM Data Security and Privacy Principles (DSP), at Appendix A, apply for generally available standard Cloud Services and other Services as identified in a TD. At IBM's discretion, IBM may change the DSP from time to time and the change will be effective when published or on the specified effective date. The intent of any change will be to improve and clarify existing commitments and maintain alignment to current adopted operational and security standards or applicable laws. The intent is not to degrade the security or functionality. The most up to date version of the DSP can be found at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/support/customer/csol/terms/?ref=Z126-7745-04-10-2020-zz-en. f. The specific security features and functions of a Cloud Service or other Services will be described in the applicable Attachment and TD. Client is responsible for selecting, ordering, enabling, or using available data protection features appropriate to support Client's use of Cloud Services. Client is responsible for assessing the suitability of the Cloud Services for the Content and Client's intended use or the use of Content with the Services IBM will provide. Client acknowledges that the use of Cloud Services and other Services meet Client's requirements and processing instructions required to comply with applicable laws. g. IBM's Data Processing Addendum (DPA) is detailed in Appendix B. The DPA and applicable DPA Exhibit(s) apply to IBM’s processing of personal data on behalf of the Client. Each IBM Product has a DPA Exhibit that specifies how IBM will process the Client's data. The applicable DPA Exhibit is included by reference in the TD. h. For Cloud Services with self-managed features, Client can remove Content at any time. Otherwise, IBM will return or remove Content from IBM computing resources upon the expiration or cancellation of the Cloud Service, other Services, or earlier upon Client's request. IBM may charge for certain activities performed at Client's request (such as delivering Content in a specific format). IBM does not archive Content; however, some Content may remain in backup files until expiration of such files as governed by IBM's backup retention practices.

Content and Data Protection. a. Content consists of all data, software, and information that Client or its authorised authorized users provides, authorises authorizes access to, or inputs to the Cloud Service or information or data Client may provide, make available or grant access to, in connection with IBM providing other Services. Client grants the rights and permissions to IBM, its affiliates, and Subcontractors contractors of either, to use, provide, store, and otherwise process Content solely for the purpose of providing the Cloud Services or other Services. Use of the Cloud Services or other Services will not affect Client's ’s ownership or license rights in Content. b. IBM, its affiliates, and Subcontractors contractors of either may access and use the Content solely for the purpose of providing and managing the applicable Cloud Services or other Services. IBM will treat all Content as confidential by only disclosing to IBM employees and Subcontractors contractors to the extent necessary to provide the Cloud Services or perform other Services. c. Client is responsible for obtaining all necessary rights and permissions to permit processing of Content in the Cloud Services or to provide other Services. , Client will make disclosures and obtain consent required by law before Client provides, authorises authorizes access to or inputs individuals' ’ information, including personal or other regulated data, data for processing in the Cloud Services or use by IBM in providing the other Services. d. If any Content could be subject to governmental regulation or may require security measures beyond those specified by IBM for the Cloud Services or to provide other Services, Client will not provide, . allow access toto , or input the Content for processing in the Cloud Services or provide or allow access of Content to IBM to provide other Services unless specifically permitted in the applicable TD or unless IBM has first agreed in writing to implement additional security and other measures. Client is responsible for adequate back-up of Content on Client managed systems prior to providing or allowing access of Content to IBM to provide Services. e. IBM Data Security and Privacy Principles (DSP), at Appendix Ahttp://.▇▇▇.▇▇▇/▇▇▇▇▇/?▇▇=▇▇▇▇-▇▇▇▇ , apply for generally available standard Cloud Services and other Services as identified in a TD. At IBM's ’s discretion, IBM may change the DSP from time to time and the change will be effective when published or on the specified effective date. The intent of any change will be to improve and clarify existing commitments and maintain alignment to current adopted operational and security standards or applicable laws. The intent is not to degrade the security or functionality. The most up to date version of the DSP can be found at ▇▇▇▇▇://▇▇▇.▇▇▇.▇▇▇/support/customer/csol/terms/?ref=Z126-7745-04-10-2020-zz-en. f. The specific security features and functions of a Cloud Service or other Services will be described in the applicable Attachment and TD. Client is responsible for selecting, ordering, enabling, or using available data protection features appropriate to support Client's ’s use of Cloud Services. Client is responsible for assessing the suitability of the Cloud Services for the Content and Client's ’s intended use or the use of Content with the Services IBM will provide. Client acknowledges that the use of Cloud Services and other Services meet Client's requirements and processing instructions required to comply with applicable laws. g. IBM's Data Processing Addendum (DPA) is detailed in Appendix B. The DPA and applicable DPA Exhibit(s) apply to IBM’s processing of personal data on behalf of the Client. Each IBM Product has a DPA Exhibit that specifies how IBM will process the Client's data. The applicable DPA Exhibit is included by reference in the TD. h. For Cloud Services with self-managed features, Client can remove Content at any time. Otherwise, IBM will return or remove Content from IBM computing resources upon the expiration or cancellation of the Cloud Service, other Services, or earlier upon Client's request. IBM may charge for certain activities performed at Client's request (such as delivering Content in a specific format). IBM does not archive Content; however, some Content may remain in backup files until expiration of such files as governed by IBM's backup retention practices.