Common use of PROCESSING OBLIGATIONS Clause in Contracts

PROCESSING OBLIGATIONS. ProFinda shall: (i) Process the Personal Data on behalf of Customer and only in accordance with Customer's written instructions as established in this Agreement. The parties agree that this Agreement constitutes Customer's complete and final instructions to ProFinda in relation to Processing of Personal Data. Any Processing of Personal Data which goes beyond the scope of this Agreement will require prior written agreement between the Parties as to the scope of the instructions given by Customer to ProFinda, including agreement on the additional fees Customer will pay to ProFinda for carrying out such further Processing. ProFinda shall notify Customer immediately if in ProFinda's opinion any of Customer's instructions breach applicable data protection laws; (ii) where it is obliged to process the Personal Data for any other purpose by the Data Protection Legislation, inform Customer of this requirement prior to processing the Personal Data unless such law prohibits this on important grounds of public interest; (iii) take appropriate, commercially reasonable and proportionate technical and organizational measures to guard against the unauthorised or unlawful Processing of Personal Data and against the accidental loss or destruction of, or damage to, the Personal Data, and, where reasonably required by Customer, provide a general written description of the technical and organizational measures it employs for securing the Personal Data; (iv) ensure that only personnel who are bound by obligations to respect the confidentiality of the Personal Data have access to the same; (v) to the extent permitted by Applicable Laws, promptly refer to Customer any requests, notices, complaints or other notifications relating to the Personal Data from Data Subjects, supervisory authorities, or other third parties, for Customer to resolve. The Parties agree that Customer will have primary responsibility for dealing with and responding to any such requests, notices, complaints or other notifications; (vi) at Customer's reasonable request provide Customer with reasonable assistance (taking into account the nature of the Processing and the information available to ProFinda) as required by Customer to meet its obligations under the Data Protection Legislation (to the extent applicable to Customer) in so far as they relate to the Personal Data and the Services;

PROCESSING OBLIGATIONS. ProFinda shall: 3.1 The Customer is disclosing Personal Data to the Supplier pursuant to an Agreement for the specific Services and purposes set forth in the Agreement. Except as otherwise expressly provided in the Agreement (i) Process the Personal Data subject to Processing concerns the Customer’s customers, personnel, vendors and suppliers as provided in connection with the Services, and (ii) the nature of the Processing shall consist of receipt, collection, storage, analysis and reporting of the Personal Data as necessary to perform the Services. The Supplier will Process Personal Data pursuant to the Agreement (including the terms of this DPA) only (a) on behalf of Customer and only the Customer, (b) in accordance with the Customer's written ’s documented instructions including the instructions documented in the Agreement, and (c) as established in this Agreementnecessary to perform the Services and deliver the Content and otherwise comply with Applicable Law, including Applicable Data Protection Laws (“Processing Activities”). The parties agree Supplier certifies that this Agreement constitutes Customer's complete and final instructions to ProFinda in relation to Processing of Personal Data. Any Processing of Personal Data which goes beyond the scope of this Agreement it will require prior written agreement between the Parties as to the scope of the instructions given by Customer to ProFindanot retain, including agreement on the additional fees Customer will pay to ProFinda for carrying out such further Processing. ProFinda shall notify Customer immediately if in ProFinda's opinion any of Customer's instructions breach applicable data protection laws; (ii) where it is obliged to process the use, disclose or otherwise Process Personal Data for any other purpose, including any commercial purpose by the restricted under Applicable Data Protection LegislationLaws. The parties have determined that, inform for the purposes of Applicable Data Protection Laws, (a) the Supplier shall act as processor and the Customer shall be the controller in respect of this requirement prior to processing the Personal Data and Processing Activities; and (b) the Supplier shall Process the Personal Data as a service provider on behalf of the Customer in respect of the Processing Activities. Without prejudice to the generality of the foregoing, the Customer will ensure that it has all necessary appropriate consents and notices in place to enable lawful transfer of the Customer Personal Data to the Supplier and lawful collection of the same by the Supplier for the duration and purposes of this Agreement. 3.2 The Supplier shall not retain, use, or disclose the Personal Data it receives under an Agreement outside of the direct business relationship between the Supplier and the Customer unless such law prohibits this expressly permitted by Applicable Data Protection Laws. The Supplier certifies that it will (a) comply with Applicable Data Protection Laws; and (b) promptly inform the Customer in writing if the Supplier makes a determination that it can no longer meet its obligations under Applicable Data Protection Laws. 3.3 Except as explicitly specified in an Agreement as part of the Services, the Supplier shall not Sell or Share a Consumer’s Personal Data it receives from or on important grounds behalf of public interest; (iii) the Customer without the Customer’s express permission, and will refrain from taking any action that would cause any transfers of Personal Data to or from the Customer to qualify as Selling or Sharing personal information as those terms are defined under the CCPA or other Data Protection Law. 3.4 The Supplier will not combine the Personal Data with information received from or on behalf of another person or entity, or with the Personal Data that the Supplier collects from its own interactions with Consumers, except as expressly permitted in the Agreement. The Supplier certifies that it will only use de-identified Personal Data in de-identified form and will not attempt to re-identify de-identified data and will take appropriate, commercially reasonable and proportionate technical and organizational measures to guard against ensure that other persons cannot associate any de-identified data with an individual. 3.5 Without limiting any obligations under the unauthorised or unlawful Agreement with respect to the handling and use of the Customer’s Confidential Information, the Supplier shall require that all persons who have access to Personal Data are informed of its confidential nature and agree to protect Personal Data on terms substantially similar to those contained in an Agreement and this DPA, and in the case of personnel that are not employees of the Supplier such agreement shall be in writing. The Supplier certifies that the Supplier, and each individual Processing Personal Data on its behalf, is subject to a duty of confidentiality with respect to the Processing of Personal Data as required under Applicable Data Protection Laws. 3.6 The Supplier shall promptly notify the Customer and against the accidental loss or destruction ofrespond without unreasonable delay to all inquiries regarding any request, complaint, audit, or damage to, the Personal Data, and, where reasonably required by Customer, provide a general written description of the technical and organizational measures it employs for securing the Personal Data; (iv) ensure that only personnel who are bound by obligations to respect the confidentiality of the Personal Data have access to the same; (v) to the extent permitted by Applicable Laws, promptly refer to Customer any requests, notices, complaints or other notifications communication relating to the Supplier’s Processing of Personal Data or to the Customer’s obligations under Applicable Data Protection Laws (including from Data Subjectsdata protection authorities and/or regulatory authorities) provided, supervisory authoritieshowever, that the Supplier shall (except as prohibited under Applicable Law) obtain specific written consent and instructions from the Customer prior to responding to such request, complaint, or other third parties, for Customer to resolve. The Parties agree that Customer will have primary responsibility for dealing with and responding to any such requests, notices, complaints or other notifications; (vi) at Customer's reasonable request provide Customer with reasonable assistance (taking into account the nature of the Processing and the information available to ProFinda) as required by Customer to meet its obligations under the Data Protection Legislation (to the extent applicable to Customer) in so far as they relate to the Personal Data and the Services;communication.