Common use of PROCESSING OBLIGATIONS Clause in Contracts

PROCESSING OBLIGATIONS. Where Retrium processes Customer Personal Data under or in connection with the Agreement, Retrium shall: i. Unless otherwise required by applicable law, only process such Customer Personal Data as may be necessary to perform its obligations under the Agreement, and only in accordance with Customer’s instructions. ii. Put in place appropriate technical and organizational security measures to protect against unauthorized or unlawful processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data (“Personal Data Breach”). iii. Provide reasonable co-operation to Customer in the event of an inquiry by a supervisory authority relating to Retrium’s processing of Customer Personal Data. iv. Keep Customer Personal Data confidential and ensure that Retrium staff who have access to Customer Personal Data are subject to appropriate confidentiality obligations. v. Notify Customer without undue delay after becoming aware of any Personal Data Breach involving Customer Personal Data. vi. Taking into account the nature of the processing, provide reasonable cooperation and assistance to Customer as Customer may reasonably require to allow Customer to comply with its obligations under Articles 32 - 36 of the GDPR, as applicable, including in relation to data security, data breach notification, data protection impact assessments, prior consultation with supervisory authorities, the fulfilment of data subjects’ rights, and any enquiry, notice or investigation by a supervisory authority. vii. Save as may be required or permitted by applicable law, delete or return all Customer Personal Data on termination of the Agreement at the written direction of Customer. viii. Inform Customer immediately if, in its opinion, the Customer’s processing instructions infringe Data Protection Laws.

PROCESSING OBLIGATIONS. Where Retrium processes Customer Personal Data under or in connection with the Agreement, Retrium shall: i. I. Unless otherwise required by applicable law, only process such Customer Personal Data as may be necessary to perform its obligations under the Agreement, and only in accordance with Customer’s instructions. iiII. Put in place appropriate technical and organizational security measures to protect against unauthorized or unlawful processing of Customer Personal Data and against accidental loss or destruction of, or damage to, Customer Personal Data (“Personal Data Breach”). iiiIII. Provide reasonable co-operation to Customer in the event of an inquiry by a supervisory authority relating to Retrium’s processing of Customer Personal Data. ivIV. Keep Customer Personal Data confidential and ensure that Retrium staff who have access to Customer Personal Data are subject to appropriate confidentiality obligations. v. V. Notify Customer without undue delay after becoming aware of any Personal Data Breach involving Customer Personal Data. viVI. Taking into account the nature of the processing, provide reasonable cooperation and assistance to Customer as Customer may reasonably require to allow Customer to comply with its obligations under Articles 32 - 36 of the GDPR, as applicable, including in relation to data security, data breach notification, data protection impact assessments, prior consultation with supervisory authorities, the fulfilment fullfilment of data subjects’ rights, and any enquiry, notice or investigation by a supervisory authority. viiVII. Save as may be required or permitted by applicable law, delete or return all Customer Personal Data on termination of the Agreement at the written direction of Customer. viiiVIII. Inform Customer immediately if, in its opinion, the Customer’s processing instructions infringe Data Protection Laws.