Common use of Personal Data Protection and Privacy Clause in Contracts

Personal Data Protection and Privacy. A. The parties agree that (i) both ADARA and Customer are Data Controllers in respect of all Personal Data processed in relation to Services. Both parties shall comply with all Data Protection Laws that apply to it in respect of the performance of its obligations under this Agreement. The parties agree that they are not joint controllers of any data. B. Customer shall be responsible for obtaining consent and providing transparency notices to each data subject, and/or ensuring its clients (as appropriate) obtain consent and provide transparency notices to each data subject, in compliance with, and where required by, applicable Data Protection Laws, for (i) the processing of Personal Data by or on behalf of ADARA, (ii) the serving of cookies and (iii) the accessing of information from end user browsers and devices by ADARA, as set out in this Agreement and ADARA’s Privacy Promise from time to time available at the following link: ▇▇▇▇▇://▇▇▇▇▇.▇▇▇/privacy-promise/. C. The parties shall cooperate reasonably with each other in the fulfillment of their respective obligations in respect of Data Subject requests for third party notification, erasure or other requests under Data Protection Laws. D. A party shall promptly notify the other party if it receives notice of any claim or complaint in connection with Data Protection Laws by any data subject in relation to Personal Data in respect of which Customer and ADARA, or the Customers’ client and ADARA, are both Data Controllers. E. Taking into account the nature of and risks associated with the type of Personal Data collected or used in connection with ADARA’s services, each party shall have in place appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of Personal Data by or on behalf of the parties including where appropriate data protection by default and/or by design measures, and all other such measures as may be agreed between the parties. F. In relation to Personal Data, the parties will provide reasonable assistance and cooperate with each other to ensure each party’s compliance with Data Protection Laws. Subject to obligations of confidentiality and Customer policies on the disclosure of information, where a party has a concern that there has been non-compliance of the other party with this Section 2, the parties agree to exchange information to ascertain the cause of such non-compliance, and take reasonable steps to remediate such non-compliance. G. In relation to Personal Data, ADARA agrees to notify Customer of a Personal Data Breach without undue delay after becoming aware (but in no event later than 48 hours after becoming aware of the Personal Data Breach); and ADARA shall provide Customer within the same deadline with such details as Customer reasonably requires regarding the nature of the Personal Data Breach, any related investigations, the likely consequences, any measures taken by ADARA to address the Personal Data Breach, and provide Customer with regular updates on these matters. ADARA will co-operate reasonably with Customer including in respect of any proposed notification to a Supervisory Authority. H. Data retention: ADARA and Customer shall not retain or process the Personal Data longer than is necessary to carry out the purpose of the processing.

Personal Data Protection and Privacy. A. The parties agree that (i) both ADARA and Customer are Data Controllers in respect of all Personal Data processed in relation to Services. Both parties shall comply with all Data Protection Laws that apply to it in respect of the performance of its obligations under this Agreement. The parties agree that they are not joint controllers of any data. B. Customer shall be responsible for obtaining consent and providing transparency notices to each data subject, and/or ensuring its clients (as appropriate) obtain consent and provide transparency notices to each data subject, in compliance with, and where required by, applicable Data Protection Laws, for (i) the processing of Personal Data by or on behalf of ADARA, (ii) the serving of cookies and (iii) the accessing of information from end user browsers and devices by ADARA, as set out in this Agreement and ADARA’s 's Privacy Promise from time to time available at the following link: ▇▇▇▇▇://▇▇▇▇▇.▇▇▇/privacy-promise/. C. The parties shall cooperate reasonably with each other in the fulfillment of their respective obligations in respect of Data Subject requests for third party notification, erasure or other requests under Data Protection Laws. D. A party shall promptly notify the other party if it receives notice of any claim or complaint in connection with Data Protection Laws by any data subject in relation to Personal Data in respect of which Customer and ADARA, or the Customers’ ' client and ADARA, are both Data Controllers. E. Taking into account the nature of and risks associated with the type of Personal Data collected or used in connection with ADARA’s 's services, each party shall have in place appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of Personal Data by or on behalf of the parties including where appropriate data protection by default and/or by design measures, and all other such measures as may be agreed between the parties. F. In relation to Personal Data, the parties will provide reasonable assistance and cooperate with each other to ensure each party’s 's compliance with Data Protection Laws. Subject to obligations of confidentiality and Customer policies on the disclosure of information, where a party has a concern that there has been non-compliance of the other party with this Section 2, the parties agree to exchange information to ascertain the cause of such non-compliance, and take reasonable steps to remediate such non-compliance. G. In relation to Personal Data, ADARA ▇▇▇▇▇ agrees to notify Customer of a Personal Data Breach without undue delay after becoming aware (but in no event later than 48 hours after becoming aware of the Personal Data Breach); and ADARA shall provide Customer within the same deadline with such details as Customer reasonably requires regarding the nature of the Personal Data Breach, any related investigations, the likely consequences, any measures taken by ADARA to address the Personal Data Breach, and provide Customer with regular updates on these matters. ADARA will co-operate reasonably with Customer including in respect of any proposed notification to a Supervisory Authority. H. Data retention: ADARA and Customer shall not retain or process the Personal Data longer than is necessary to carry out the purpose of the processing.